generated from terraform-modules/template_aws_submodules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
104 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| # AWS Identity Center Group YAML File | ||
|
|
||
| This describe the format of the YAML file used in setting up AWS Identity Center (IDC, aka, SSO) groups. | ||
| This is used by the [aws-sso//group-assignment](.) submodule. | ||
|
|
||
| ```yaml | ||
| group: NAME | ||
| description: string | ||
| permissionset_name: string | ||
| usage: | ||
| documentation_url: | ||
| all: false | ||
| account_names: [] | ||
| account_ids: [] | ||
| auto_policy_count: null | ||
| org_ous: [] | ||
| user_mapping: {} | ||
| users: [] | ||
| ``` | ||
| ## group | ||
| This is of type _string_. The group field is the name for IDC group display. It should be in lowercase with dashes and follow the format | ||
| similar to the [Base Label Format](https://github.e.it.census.gov/terraform/cloud-information/tree/master/aws/documentation/naming-tagging-standard#base-label-format): | ||
| {business-label]-{application-label}-[{environmenat-label}-]{function}-[t{tier}] | ||
| The environment label is generally stripped from the group, as we want there to be a single group applying to multiple AWS accounts with the same | ||
| set of permissions. | ||
| * TBD | ||
| * environemnt | ||
| * function | ||
| * tier | ||
| * sc- groups | ||
| Examples: | ||
| * adsd-dapps-sc-dba | ||
| * csvd-servicecatalog-admin-t2 | ||
| * tco-iac-cloudflare-dns | ||
| ## description | ||
| This is of type _string_. It is a short description of the group, and should include (properly cased) the same primary | ||
| fields in the group name with additional wording. This goes into the `description` field in the SSO group, and will added to the | ||
| created LDAP group. | ||
|
|
||
| ## permissionset_name | ||
|
|
||
| This is of type _string_. | ||
|
|
||
| ## usage | ||
|
|
||
| This is of type _string_. This is a description of the audience for whom the group is intended. It is expected to be a short sentence, but | ||
| could also be several sentences. You can use a multi-line YAML to enable such a thing. | ||
|
|
||
| Examples | ||
|
|
||
| ```yaml | ||
| usage: "Intended for developer access to common permissions" | ||
| usage: | | ||
| This is for level 3 administrators to the product, and not intended for general purpose end users. | ||
| This grants extra permissions over the level 2 administrators. | ||
| ``` | ||
|
|
||
| ## documentation_url | ||
|
|
||
| This is of type _string_. This is the URL where one can find additional documentation on the specific group. | ||
|
|
||
| ## all | ||
|
|
||
| This is of type _boolean_. | ||
|
|
||
| ## account_names | ||
|
|
||
| This is of type _list of strings_. | ||
|
|
||
| ## account_ids | ||
|
|
||
| This is of type _list of strings_. | ||
|
|
||
| ## auto_policy_count | ||
|
|
||
| null or number | ||
|
|
||
| ## org_ous | ||
|
|
||
| This is of type _list of strings_. | ||
|
|
||
| ## user_mapping | ||
|
|
||
|
|
||
| ## users | ||
|
|
||
| This is of type _list of strings_. | ||
|
|
||
| # CHANGELOG | ||
|
|
||
| * 1.0.0 -- 2025-08-28 | ||
| - initial |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters