From 314b887ac8d5ab55503bcff3ad8ef72fe87d2d51 Mon Sep 17 00:00:00 2001 From: Fernando Goncalves Date: Tue, 3 Nov 2020 10:44:11 +0100 Subject: [PATCH] Removes Okta Groups --- README.md | 13 ------------- okta.tf | 17 +---------------- variables.tf | 8 ++++---- 3 files changed, 5 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 239d7e53..8f0c01bc 100644 --- a/README.md +++ b/README.md @@ -9,19 +9,6 @@ This module provisions by default a set of basic AWS Config Rules. In order to a aws_config_rules = ["ACCESS_KEYS_ROTATED", "ALB_WAF_ENABLED"] ``` -## Okta Groups for AWS SSO - -By default, this module will create an Okta Group called `AWSPlatformAdmins` and assign the group to the AWS SSO Okta App. - -To add other groups, a map of key-value pairs (`group_name` and `group_description`) can be passed down to the variable `aws_okta_groups` like in the example below: - -```hcl -aws_okta_groups = { - "AWSAuditors" = "Provides auditing access to AWS accounts" - "AWSDevelopers" = "Provides developer access to AWS accounts" -} -``` - ## Requirements diff --git a/okta.tf b/okta.tf index 88fed06d..3b362e4f 100644 --- a/okta.tf +++ b/okta.tf @@ -1,14 +1,5 @@ -locals { - aws_okta_groups = merge( - var.aws_okta_groups, - { - "AWSPlatformAdmins" = "AWS administrator access to all stacks/accounts" - } - ) -} - resource "okta_app_saml" "aws_sso" { - groups = [for group in okta_group.aws_groups : group.id] + groups = toset(var.aws_okta_group_ids) key_years_valid = 3 label = "Amazon Web Services" preconfigured_app = "amazon_aws_sso" @@ -22,9 +13,3 @@ resource "okta_app_saml" "aws_sso" { ignore_changes = [features, users] } } - -resource "okta_group" "aws_groups" { - for_each = local.aws_okta_groups - name = each.key - description = each.value -} diff --git a/variables.tf b/variables.tf index 7f0f0f74..bf27cef9 100644 --- a/variables.tf +++ b/variables.tf @@ -4,10 +4,10 @@ variable "aws_config_rules" { description = "List of managed AWS Config Rule identifiers that should be deployed across the organization" } -variable "aws_okta_groups" { - type = map - default = {} - description = "Map of Okta Groups that should have access to the AWS organization (format: name => description)" +variable "aws_okta_group_ids" { + type = list + default = [] + description = "List of Okta Group Ids that should have access to the AWS organization" } variable "aws_sso_acs_url" {