Better Together: Using Okta & Hashicorp Terraform to Automate Identity & Infrastructure as Code

Better Together: Using Okta & Hashicorp Terraform to Automate Identity & Infrastructure as Code

An in-depth look at the new Okta Terraform provider.

Eric Kufrin

Great blog post!

Prateek Paatni

Is there a way to use terraform okta asa provider to automatically Associate an AWS Account with an OKTA ASA Project so that all servers are automatically enrolled as described here:- (without passing enrollment token ) https://www.scaleft.com/doc….

Ivan Dwyer

Hi Prateek, thanks for the comment. We don’t yet have that API endpoint as part of the Terraform Provider. You can configure the AWS Account to ASA Project mapping via the dashboard, or API. Via API:

POST to /v1/teams/:teamName/projects/:projectName/cloud_accounts

Params:
provider (String) A provider. For now, only accepts aws, case sensitive.
account_id (String) The provider-specific account ID.

Personally, I would do this via dashboard unless you have hundreds of AWS accounts. Either way, once configured, you can skip the enrollment token process once an instance spins up with the agent installed. You lose some flexibility in terms of Project RBAC this way as it is a strict 1:1 mapping between AWS Account and ASA Project.

We’ll be publishing new ASA API Documentation on developer.okta.com shortly - I’ll make a note to reply here again once live. Cheers,

Ivan

Amit Chakraborty

Hi Ivan … Is there a reference guide to use the Okta ASA with AWS Launch Template using terraform? Thanks in advance for your help.