Skip to content

jasonmcintosh/aws_okta_terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
modules/okta_access
modules/okta_access
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
master_user.tf
master_user.tf
 
 

Repository files navigation

Basic Okta setup for multiple accounts

See http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service#scenarioB for more information, documentation, etc.

  1. First, setup Okta application and download the metdatafile to ../saml-metadata.xml
  2. Setup in ~/.aws/credentials
[master_account]
aws_access_key_id = access_key_here
aws_secret_access_key = api_secret_key
  1. Then for each account you want Okta to allow access to... create a file (or add it to the master_user.tf file)
module "alpha_account" {
  source = "modules/okta_access"
  profile = "alpha_account"
}

and in credentials file

[alpha_account]
aws_access_key_id = alpha_account access key
aws_secret_access_key = alpha_account secret key
  1. Finally run
terraform plan -var master_account_profile=master_account -out terraform.out
terraform apply terraform.out

Note that there are some tweaks that could be made to make this significantly more secure. E.g. the master account could be setup so that it can ONLY assume the Okta IDP roles in the remote accounts. The remote accounts can be setup so that they restrict access to the svc_okta account. Etc. Additionally, I don't get into state management, credential management, access key management, etc.

About

Sets up multiple account identity management via Okta

Topics

terraform saml2 aws-iam terraform-modules okta

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages