Better Together: Using Okta & Hashicorp Terraform to Automate Identity & Infrastructure as Code
An in-depth look at the new Okta Terraform provider.
Eric Kufrin
Great blog post!
Prateek Paatni
Is there a way to use terraform okta asa provider to automatically Associate an AWS Account with an OKTA ASA Project so that all servers are automatically enrolled as described here:- (without passing enrollment token ) https://www.scaleft.com/doc….
Ivan Dwyer
Hi Prateek, thanks for the comment. We don’t yet have that API endpoint as part of the Terraform Provider. You can configure the AWS Account to ASA Project mapping via the dashboard, or API. Via API:
POST to /v1/teams/:teamName/projects/:projectName/cloud_accounts
Params:
provider (String) A provider. For now, only accepts aws, case sensitive.
account_id (String) The provider-specific account ID.
Personally, I would do this via dashboard unless you have hundreds of AWS accounts. Either way, once configured, you can skip the enrollment token process once an instance spins up with the agent installed. You lose some flexibility in terms of Project RBAC this way as it is a strict 1:1 mapping between AWS Account and ASA Project.
We’ll be publishing new ASA API Documentation on developer.okta.com shortly - I’ll make a note to reply here again once live. Cheers,
Ivan
Amit Chakraborty
Hi Ivan … Is there a reference guide to use the Okta ASA with AWS Launch Template using terraform? Thanks in advance for your help.