Merge pull request #3 from jarden-digital/feature/oidc-provider

Feature/oidc provider

README.md

@@ -9,6 +9,7 @@ These include
 * [Policy to Role](./policy-to-role/README.md) - Creates an IAM policy and attaches it with an existing Role.
 * [User to Group](./user-to-group/README.md) - Creates an IAM user and adds user to a list of groups.
 * [Managed Role](./managed-role/README.md) - Creates an IAM role and attaches the policy to it.
+* [Identity-Provider](./identity-provider/README.md) - Creates an IAM identidy provider for open id connect provider.
 
 ## ADR's
 
@@ -44,4 +45,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 ```
 
-Copyright © 2019 [Hypr NZ](https://www.hypr.nz/)
+Copyright © 2019 [Hypr NZ](https://www.hypr.nz/)

examples/identity-provider/main.tf

@@ -0,0 +1,20 @@
+module "example" {
+  source = "../../identity-provider"
+
+  providers = {
+    aws = aws
+  }
+
+  identity_provider_url  = "https://accounts.google.com"
+  client_id_list         = ["ExampleClientID"]
+  thumbprint_list        = []
+  tags                   = {"Env": "test"}
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+variable "aws_region" {
+  default = "ap-southeast-2"
+}

identity-provider/README.md

@@ -0,0 +1,36 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_openid_connect_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_client_id_list"></a> [client\_id\_list](#input\_client\_id\_list) | A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client\_id parameter on OAuth requests.) | `list(string)` | n/a | yes |
+| <a name="input_identity_provider_url"></a> [identity\_provider\_url](#input\_identity\_provider\_url) | The URL of the identity provider. | `any` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to add to IAM identity provider Resource. | `map(any)` | `{}` | no |
+| <a name="input_thumbprint_list"></a> [thumbprint\_list](#input\_thumbprint\_list) | A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). | `list(string)` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_provider_arn"></a> [provider\_arn](#output\_provider\_arn) | The ARN assigned by AWS for this provider. |

identity-provider/main.tf

@@ -0,0 +1,6 @@
+resource "aws_iam_openid_connect_provider" "this" {
+  url             = var.identity_provider_url
+  client_id_list  = var.client_id_list
+  thumbprint_list = var.thumbprint_list
+  tags            = var.tags
+}

identity-provider/outputs.tf

@@ -0,0 +1,4 @@
+output "provider_arn" {
+  description = "The ARN assigned by AWS for this provider."
+  value       = aws_iam_openid_connect_provider.this.arn
+}

identity-provider/var.tf

@@ -0,0 +1,19 @@
+variable "identity_provider_url" {
+  description = "The URL of the identity provider."
+}
+
+variable "client_id_list" {
+  description = "A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)"
+  type        = list(string)
+}
+
+variable "thumbprint_list" {
+  description = "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s)."
+  type        = list(string)
+}
+
+variable "tags" {
+  description = "Tags to add to IAM identity provider Resource."
+  type        = map(any)
+  default     = {}
+}

identity-provider/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.12.26"
+
+  required_providers {
+    aws = {
+      source : "hashicorp/aws",
+      required_version : ">= 3.21.0"
+    }
+  }
+}