Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set Up Amazon IAM & IAM Identity Center (SSO) via Terraform #72

Open
5 tasks
dominikvrbic opened this issue Feb 10, 2025 · 1 comment
Open
5 tasks

Set Up Amazon IAM & IAM Identity Center (SSO) via Terraform #72

dominikvrbic opened this issue Feb 10, 2025 · 1 comment
Assignees
@petar-INFO
Labels
ci/cd Automating builds, tests, and deployments to ensure smooth integration and delivery. documentation Improvements or additions to documentation enhancement New feature or request
Milestone
Milestone 2: Buil...

Comments

@dominikvrbic
Copy link
Member

Description

Configure AWS IAM and IAM Identity Center (SSO) using Terraform to enable centralized identity and access management. This setup will include:

  • IAM users, groups, and roles.
  • AWS IAM Identity Center (SSO) configuration.
  • Permission sets for role-based access control.

Requirements

  1. Create IAM Users, Groups, and Policies

    • Define IAM groups (e.g., Admin, Developers, ReadOnly).
    • Attach appropriate AWS-managed/custom policies.
    • Enforce MFA for IAM users.

  2. Configure IAM Identity Center (SSO)

    • Enable AWS IAM Identity Center.
    • Create permission sets for different roles.
    • Assign users and groups to permission sets.
    • Integrate with an external identity provider (IdP) if applicable.

  3. Define IAM Roles for AWS Services

    • Create IAM roles with least privilege access.
    • Use IAM policies to restrict actions based on security principles.

  4. Automate with Terraform

    • Implement Terraform modules for IAM, Identity Center, and permission sets.
    • Ensure Terraform state is properly managed (e.g., stored in S3 with DynamoDB for locking).
    • Define environment-specific configurations.

Out of Scope

  • AWS Organizations setup and account structure (covered in a separate ticket).

Acceptance Criteria

  • IAM users, groups, and policies are set up with least privilege.
  • IAM Identity Center (SSO) is enabled and configured.
  • Permission sets are assigned based on user roles.
  • IAM roles for AWS services are created and restricted as needed.
  • Terraform successfully provisions IAM and Identity Center configurations.

Technical Details

Terraform Resources to Implement

  • IAM User, Groups, and Policies:
    • aws_iam_user
    • aws_iam_group
    • aws_iam_policy
    • aws_iam_role
  • IAM Identity Center (SSO):
    • aws_ssoadmin_permission_set
    • aws_identitystore_group
    • aws_identitystore_user
  • Terraform Backend (S3 + DynamoDB for state management):
    • aws_s3_bucket
    • aws_dynamodb_table

References
@dominikvrbic dominikvrbic added ci/cd Automating builds, tests, and deployments to ensure smooth integration and delivery. documentation Improvements or additions to documentation enhancement New feature or request labels Feb 10, 2025
@petar-INFO
Copy link
Contributor

Done through the console, @dominikvrbic

Lets discuss further as to why and further actions

@petar-INFO petar-INFO self-assigned this Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petar-INFO petar-INFO

Labels
ci/cd Automating builds, tests, and deployments to ensure smooth integration and delivery. documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
Milestone 2: Building a Proof of Conc...
Development

No branches or pull requests
2 participants
@dominikvrbic @petar-INFO