AWS SSO with Authentik
Providers
The following providers are needed by this module:
-
authentik (2024.2.0)
-
kubernetes (2.27.0)
-
random (3.6.0)
-
tls (4.0.5)
Required Inputs
The following input variables are required:
authentik_domain
Description: The domain name of the authentik instance
Type: string
authentik_namespace
Description: The kubernetes namespace where Authentik is deployed
Type: string
aws_acs_url
Description: The ACS url provided by AWS when configuring an external identity provider
Type: string
aws_issuer
Description: The Issuer url provided by AWS when configuring an external identity provider
Type: string
aws_sign_in_url
Description: The sign-in url provided by AWS when configuring an external identity provider
Type: string
media_configmap
Description: The configmap holding the static media that Authentik will use
Type: string
organization_name
Description: The name of your organization
Type: string
Optional Inputs
The following input variables are optional (have default values):
allowed_groups
Description: Only members of these groups can access AWS
Type: set(string)
Default: []
aws_scim_enabled
Description: Whether to enable SCIM with AWS
Type: bool
Default: false
aws_scim_token
Description: The SCIM token provided by AWS
Type: string
Default: ""
aws_scim_url
Description: The SCIM endpoint provided by AWS
Type: string
Default: ""
ui_description
Description: The description to display in the Authentik web dashboard
Type: string
Default: "Amazon Web Services - IAM Identity Center SSO Login"
ui_group
Description: The section in the Authentik web dashboard that this will appear in
Type: string
Default: "Amazon Web Services"
Outputs
The following outputs are exported:
saml_metadata
Description: n/a
Usage
-
You have to enable AWS SSO in the root account via the web console before applying this module for the first time.
-
The SAML metadata document from the IdP needs to be uploaded to AWS MANUALLY.
-
SCIM provisioning must be configured MANUALLY. Group assignments won't work until this step is completed.
-
The user portal URL needs to be configured MANUALLY in the aws web console in the SSO settings.