Skip to content

Commit 45298e9

Browse files
feat: saml config
1 parent 253fea4 commit 45298e9

File tree

3 files changed

+58
-0
lines changed

3 files changed

+58
-0
lines changed

modules/collection/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121

2222
| Name | Type |
2323
|------|------|
24+
| [aws_opensearchserverless_security_config.saml](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_security_config) | resource |
2425
| [aws_opensearchserverless_vpc_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_vpc_endpoint) | resource |
2526

2627
## Inputs
@@ -43,6 +44,11 @@
4344
| <a name="input_lifecycle_policy_min_index_retention"></a> [lifecycle\_policy\_min\_index\_retention](#input\_lifecycle\_policy\_min\_index\_retention) | The minimum period, in days (d) or hours (h), to retain the document in the index. The lower bound is `24h` and the upper bound is `3650d` | `string` | `null` | no |
4445
| <a name="input_lifecycle_policy_no_min_index_retention"></a> [lifecycle\_policy\_no\_min\_index\_retention](#input\_lifecycle\_policy\_no\_min\_index\_retention) | If true, OpenSearch Serverless retains documents indefinitely | `bool` | `null` | no |
4546
| <a name="input_name"></a> [name](#input\_name) | Name of the OpenSearch Serverless collection. | `string` | n/a | yes |
47+
| <a name="input_saml_enabled"></a> [saml\_enabled](#input\_saml\_enabled) | Whether SAML authentication is enabled | `bool` | `false` | no |
48+
| <a name="input_saml_group_attribute"></a> [saml\_group\_attribute](#input\_saml\_group\_attribute) | Group attribute for this SAML integration | `string` | `""` | no |
49+
| <a name="input_saml_metadata_content"></a> [saml\_metadata\_content](#input\_saml\_metadata\_content) | The metadata of the SAML application in xml format. | `string` | `""` | no |
50+
| <a name="input_saml_session_timeout"></a> [saml\_session\_timeout](#input\_saml\_session\_timeout) | Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. | `number` | `60` | no |
51+
| <a name="input_saml_user_attribute"></a> [saml\_user\_attribute](#input\_saml\_user\_attribute) | User attribute for this SAML integration | `string` | `""` | no |
4652
| <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | Security group IDs attached to the VPC endpoint. Needed only if `create_vpc_endpoint` is true | `list(string)` | `[]` | no |
4753
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Subnet IDs in which the VPC endpoint is created. Needed only if `create_vpc_endpoint` is true | `list(string)` | `[]` | no |
4854
| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resources | `map(string)` | `{}` | no |

modules/collection/main.tf

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,3 +24,22 @@ module "aoss" {
2424

2525
tags = var.tags
2626
}
27+
28+
resource "aws_opensearchserverless_security_config" "saml" {
29+
count = var.saml_enabled ? 1 : 0
30+
31+
name = "${var.name}-saml"
32+
type = "saml"
33+
description = "SAML config for ${var.name}"
34+
35+
saml_options {
36+
metadata = var.saml_metadata_content
37+
group_attribute = var.saml_group_attribute
38+
user_attribute = var.saml_user_attribute
39+
session_timeout = var.saml_session_timeout
40+
}
41+
42+
depends_on = [
43+
module.aoss,
44+
]
45+
}

modules/collection/variables.tf

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,3 +117,36 @@ variable "lifecycle_policy_no_min_index_retention" {
117117
type = bool
118118
default = null
119119
}
120+
121+
########
122+
# SAML
123+
########
124+
variable "saml_enabled" {
125+
description = "Whether SAML authentication is enabled"
126+
type = bool
127+
default = false
128+
}
129+
130+
variable "saml_metadata_content" {
131+
description = "The metadata of the SAML application in xml format."
132+
type = string
133+
default = ""
134+
}
135+
136+
variable "saml_session_timeout" {
137+
description = "Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
138+
type = number
139+
default = 60
140+
}
141+
142+
variable "saml_group_attribute" {
143+
description = "Group attribute for this SAML integration"
144+
type = string
145+
default = ""
146+
}
147+
148+
variable "saml_user_attribute" {
149+
description = "User attribute for this SAML integration"
150+
type = string
151+
default = ""
152+
}

0 commit comments

Comments
 (0)