Amazon Quick Bootstrap - Terraform¶
This Terraform module sets up Amazon Quick with IAM Identity Center integration.
Features¶
- Creates or uses existing IAM Identity Center instance
- Sets up Quick Sight account subscription
- Creates admin group in Identity Center
- Configures necessary IAM roles and policies
- Deploys Lambda function for automated setup
Prerequisites¶
- AWS CLI configured with appropriate credentials
- Terraform >= 1.0.0
- Python 3.12 (for Lambda function)
- pip (for installing Lambda dependencies)
Quick Start¶
- Clone and navigate to the module:
cd terraform/quick-suite-bootstrap
- Create your variables file:
cp terraform.tfvars.example terraform.tfvars
- Edit
terraform.tfvarswith your values:
aws_region = "us-east-1"
quick_suite_account_name = "MyQuickSuite"
quick_suite_admin_email = "admin@mycompany.com"
quick_suite_admin_group_name = "QuickSuiteAdmins"
- Initialize Terraform:
terraform init
- Review the plan:
terraform plan
- Apply the configuration:
terraform apply
Variables¶
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
aws_region |
AWS region to deploy resources | string |
"us-east-1" |
No |
identity_center_instance_arn |
ARN of existing IAM Identity Center instance | string |
"" |
No |
quick_suite_account_name |
Name for the Quick account | string |
"QuickSuiteBootstrap" |
No |
quick_suite_admin_email |
Email address for the Quick admin | string |
"admin@example.com" |
No |
quick_suite_admin_group_name |
Name of the admin group in Identity Center | string |
"QUICK_SUITE_ADMIN" |
No |
force_update |
Set to true to force re-run of setup | bool |
false |
No |
tags |
Additional tags to apply to resources | map(string) |
{} |
No |
Outputs¶
| Name | Description |
|---|---|
identity_center_instance_arn |
ARN of the IAM Identity Center instance |
identity_store_id |
ID of the Identity Store |
lambda_function_arn |
ARN of the Quick setup Lambda function |
lambda_function_name |
Name of the Lambda function |
lambda_execution_role_arn |
ARN of the Lambda execution role |
quick_suite_account_name |
Name of the Quick account |
quick_suite_admin_email |
Admin email for Quick |
quick_suite_admin_group_name |
Admin group name in Identity Center |
Architecture¶
Using with Existing Identity Center¶
If you already have an IAM Identity Center instance, provide its ARN:
identity_center_instance_arn = "arn:aws:sso:::instance/ssoins-1234567890abcdef"
Force Re-run Setup¶
To force the Lambda to re-run the setup (e.g., after configuration changes):
terraform apply -var="force_update=true"
Cleanup¶
To destroy all resources:
terraform destroy
Note: This will attempt to delete the Quick Sight subscription and related resources.
Troubleshooting¶
Lambda Build Fails¶
Ensure Python 3.12 and pip are installed:
python3 --version
pip3 --version
Permission Errors¶
The Lambda function requires extensive permissions. Ensure your AWS credentials have sufficient privileges to create IAM roles and policies.
Identity Center Issues¶
If using an existing Identity Center, ensure the ARN is correct and your credentials have access to it.
License¶
This project is licensed under the MIT-0 (MIT No Attribution) license.