This Terraform module creates an Auth0 application and associated integrations to enable AWS SSO.
module "sso" {
  source                     = "github.com/ministryofjustice/moj-terraform-aws-sso"
  auth0_tenant_domain        = ""
  auth0_client_id            = ""
  auth0_client_secret        = ""
  auth0_debug                = false
  auth0_github_client_id     = ""
  auth0_github_client_secret = ""
  auth0_github_allowed_orgs  = ["example"]
  auth0_allowed_domains      = "@example.com"
  auth0_aws_sso_acs_url      = "https://${region}.signin.aws.amazon.com/platform/saml/acs/${random_key}"
  auth0_aws_sso_issuer_url   = "https://${region}.signin.aws.amazon.com/platform/saml/${random_key}"
  auth0_azure_entraid_client_id = ""
  auth0_azure_entraid_client_secret = ""
  auth0_azure_entraid_domain = "example.com"
}
| Name | Version | 
|---|---|
| terraform | >= 1.0.0 | 
| auth0 | >= 1.0.0 | 
| aws | >= 5.0.0 | 
| Name | Version | 
|---|---|
| auth0 | >= 1.0.0 | 
| aws | >= 5.0.0 | 
No modules.
| Name | Type | 
|---|---|
| auth0_action.allow_github_organisations | resource | 
| auth0_action.saml_mappings | resource | 
| auth0_client.idp_token | resource | 
| auth0_client.saml | resource | 
| auth0_client_grant.idp_grant | resource | 
| auth0_connection.github_saml_connection | resource | 
| auth0_trigger_actions.flow | resource | 
| auth0_client.idp_token | data source | 
| aws_iam_account_alias.current | data source | 
| Name | Description | Type | Default | Required | 
|---|---|---|---|---|
| auth0_allowed_domains | A list of authorised domains a user must have as part of their GitHub email addresses | string | n/a | yes | 
| auth0_aws_sso_acs_url | AWS SSO: ACS URL | string | n/a | yes | 
| auth0_aws_sso_issuer_url | AWS SSO: Issuer URL | string | n/a | yes | 
| auth0_client_id | Auth0 client ID (from a Machine to Machine application) | string | n/a | yes | 
| auth0_client_secret | Auth0 client secret (from a Machine to Machine application) | string | n/a | yes | 
| auth0_debug | Auth0 debug flag | bool | false | no | 
| auth0_github_allowed_orgs | A list of GitHub organisations a user has to be part of | list(string) | n/a | yes | 
| auth0_github_client_id | Auth0: GitHub client ID | string | n/a | yes | 
| auth0_github_client_secret | Auth0: GitHub client secret | string | n/a | yes | 
| auth0_tenant_domain | Auth0 tenant domain | string | n/a | yes | 
| auth0_azure_entraid_client_id | Client id for the azures application | string | n/a | yes | 
| auth0_azure_entraid_client_secret | Client secret for the azures application | string | n/a | yes | 
| auth0_azure_entraid_domain | Azures application domain name | string | n/a | yes | 
No outputs.