| custom_login_url |
URL of custom login page/app. |
string |
null |
no |
| kc_base_url |
Base URL of KeyCloak instance to interact with. |
string |
n/a |
yes |
| kc_iam_auth_client_id |
Client ID of client where KC roles corresponding to AWS roles will be created. |
string |
n/a |
yes |
| kc_realm |
KeyCloak realm where terraform client has been created and where users/groups to be created/manipulated exist. |
string |
n/a |
yes |
| kc_terraform_auth_client_id |
Client ID of client that terraform will authenticate against in order to do its work. |
string |
n/a |
yes |
| kc_terraform_auth_client_secret |
Client secret used by Terraform KeyCloak provider authenticate against KeyCloak. |
string |
n/a |
yes |
| project_accounts |
A map of the project accounts (with structure matching output of aws_organizations_account) for which we will be creating roles and IDP resources, keyed by the name of the envrionment. |
map(any) |
n/a |
yes |
| project_spec |
List of projects/(accounts) that product teams' workloads run within. |
object({
identifier = string
name = string
tags = object({
account_coding = string
# ministry_name = string
admin_contact_email = string
admin_contact_name = string
billing_group = string
additional_contacts = optional(list(object({
name = optional(string, null)
email = optional(string, null)
})))
})
accounts = list(object({
name = string
environment = string
}))
}) |
n/a |
yes |
| tenancy_root_group_name |
n/a |
string |
"Project Team Groups" |
no |
| workload_account_role_config |
A mapping of role names to be created to (existing) policy arns. |
list(object({
aws_role_name = string
aws_policy_arns = list(string)
keycloak_group_name = string
environments = list(string)
})) |
n/a |
yes |