| Azure_AD_SSO_Roles |
List of IAM Roles to be created. These roles will be federated wih Azure AD SAML 2.0 Auth |
list(object({
name = string
policy_arns = list(string)
permission_boundary_policy_arn = string
})) |
[] |
no |
| additional_tags |
Tags as Key/Value pair map. These tags are attached all the resources created by module |
map(string) |
{} |
no |
| azure_ad_provisioner_user |
IAM user to create for Azure AD SSO provisioning, If not specified user will be auto generated |
string |
"" |
no |
| enable_kms_key_rotation |
Specifies whether KMS key rotation is enabled |
bool |
true |
no |
| kms_description |
The description of the KMS key as viewed in AWS console |
string |
"SSM Parameter Store KMS master key used for AzureAD user secret" |
no |
| kms_key_deletion_days |
Duration in days after which the key is deleted after destruction of the resource |
number |
10 |
no |
| namespace |
Namespace used as one of the combination for tags prefix. Usually goes to Name tag |
string |
"example" |
no |
| pgp_key_file |
PGP key file path to encrypt the AzureAD user secret_access_key, so that state file will not save them in plain text |
string |
n/a |
yes |
| saml_audience |
SAML Audience, default is https://signin.aws.amazon.com/saml, You should override this, if you have multiple accounts provisioned from SSO provider |
string |
"https://signin.aws.amazon.com/saml" |
no |
| saml_xml_file_path |
An XML document generated by an identity provider that supports SAML 2.0 |
string |
n/a |
yes |
| stage |
Stage used as one of the combination for tags prefix. Usually goes to Name tag and helps identify environment. Default is set to dev |
string |
"dev" |
no |
| use_ssm_store_sso_secrets |
When set to true, SSM parameter store will be used for storing the secrets for AzureAD user instead of secrets manager |
bool |
false |
no |