AWS SSO with Authentik
Providers
The following providers are needed by this module:
authentik (2024.8.4)
kubectl (2.1.3)
kubernetes (2.34.0)
random (3.6.3)
tls (4.0.6)
Required Inputs
The following input variables are required:
authentik_domain
Description: The domain name of the authentik instance
Type: string
authentik_namespace
Description: The kubernetes namespace where Authentik is deployed
Type: string
aws_acs_url
Description: The ACS url provided by AWS when configuring an external identity provider
Type: string
aws_issuer
Description: The Issuer url provided by AWS when configuring an external identity provider
Type: string
aws_sign_in_url
Description: The sign-in url provided by AWS when configuring an external identity provider
Type: string
media_configmap
Description: The configmap holding the static media that Authentik will use
Type: string
organization_name
Description: The name of your organization
Type: string
Optional Inputs
The following input variables are optional (have default values):
allowed_groups
Description: Only members of these groups can access AWS
Type: set(string)
Default: []
aws_scim_enabled
Description: Whether to enable SCIM with AWS
Type: bool
Default: false
aws_scim_token
Description: The SCIM token provided by AWS
Type: string
Default: ""
aws_scim_url
Description: The SCIM endpoint provided by AWS
Type: string
Default: ""
ui_description
Description: The description to display in the Authentik web dashboard
Type: string
Default: "Amazon Web Services - IAM Identity Center SSO Login"
ui_group
Description: The section in the Authentik web dashboard that this will appear in
Type: string
Default: "Amazon Web Services"
Outputs
The following outputs are exported:
saml_metadata
Description: n/a
Usage
You have to enable AWS SSO in the root account via the web console before applying this module for the first time.
The SAML metadata document from the IdP needs to be uploaded to AWS MANUALLY.
SCIM provisioning must be configured MANUALLY. Group assignments won’t work until this step is completed.
The user portal URL needs to be configured MANUALLY in the aws web console in the SSO settings.