Amazon OpenSearchServerless security config resource
The following example specifies an OpenSearch Serverless SAML provider with a custom group attribute ALLGroups.
resource "awscc_opensearchserverless_security_config" "config" {
name = "awscc-security-config"
description = "OpenSearch Serverless security policy template"
type = "saml"
saml_options = {
group_attribute = "ALLGroups"
session_timeout = "120"
user_attribute = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
metadata = <<XML
<md:EntityDescriptor entityID="http://www.okta.com/foobar" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>Mfoobar</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
XML
}
}
<md:EntityDescriptor entityID="http://www.okta.com/foobar" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>Mfoobar</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://trial-1234567.okta.com/app/trial-1234567_saml2_1/foobar/sso/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
XML
}
}
description
(String) Security config descriptionname
(String) The friendly name of the security configsaml_options
(Attributes) Describes saml options in form of key value map (see below for nested schema)type
(String) Config type for security configid
(String) Uniquely identifies the resource.security_config_id
(String) The identifier of the security configsaml_options
Required:
metadata
(String) The XML saml provider metadata document that you want to useOptional:
group_attribute
(String) Group attribute for this saml integrationsession_timeout
(Number) Defines the session timeout in minutesuser_attribute
(String) Custom attribute for this saml integrationImport is supported using the following syntax:
$ terraform import awscc_opensearchserverless_security_config.example <resource ID>