🤖 New: Use this module with AI assistants via the ARC IaC MCP Server — search, scaffold, and security-scan ARC modules from natural language. Quick setup ↓
provider"aws"{region=var.region}variable"region"{description="AWS region"type=stringdefault="us-east-1"}module"aws_sso"{source="sourcefuse/arc-iam-identity-center/aws"identity_center_instance_arn="arn:aws:sso:::instance/ssoins-1234567890abcdef" # Permission Sets with clear descriptionspermission_sets={"FullAdmin"={description="FULL ADMIN - Complete AWS access (use with caution)"session_duration="PT2H"aws_managed_policies=["arn:aws:iam::aws:policy/AdministratorAccess"]}"Developer"={description="DEVELOPER - Can create/modify most resources except IAM"session_duration="PT8H"aws_managed_policies=["arn:aws:iam::aws:policy/PowerUserAccess"]}"ReadOnly"={description="READ ONLY - Can view all resources but cannot modify"session_duration="PT12H"aws_managed_policies=["arn:aws:iam::aws:policy/ReadOnlyAccess"]}} # Users with groups and direct assignments in one placeidentity_store_users={"john.manager"={user_name="john.manager"display_name="John Manager"given_name="John"family_name="Manager"email="john.manager@company.com"title="Engineering Manager" # Groups this user belongs togroups=["Managers"] # Direct assignments (optional)direct_assignments=[]}"alice.developer"={user_name="alice.developer"display_name="Alice Developer"given_name="Alice"family_name="Developer"email="alice.developer@company.com"title="Senior Software Engineer" # Groups this user belongs togroups=["SeniorDevelopers"] # Additional direct access beyond group permissionsdirect_assignments=[{permission_set="Developer"account_id="111111111111" # Production accountreason="Senior dev needs prod deployment access"}]}} # Groupsidentity_store_groups={"Managers"={display_name="Managers"description="Engineering and team managers"}"SeniorDevelopers"={display_name="Senior Developers"description="Experienced developers with advanced permissions"}} # Group-based account assignmentsaccount_assignments={"managers-admin-prod"={permission_set_name="FullAdmin"principal_type="GROUP"principal_id="Managers"target_type="AWS_ACCOUNT"target_id="111111111111"}"senior-devs-dev-access"={permission_set_name="Developer"principal_type="GROUP"principal_id="SeniorDevelopers"target_type="AWS_ACCOUNT"target_id="222222222222"}}tags={Environment="multi-account"Project="arc"Owner="platform-team"}}
provider"aws"{region=var.region}variable"region"{description="AWS region"type=stringdefault="us-east-1"}module"aws_sso"{source="sourcefuse/arc-iam-identity-center/aws"identity_center_instance_arn="arn:aws:sso:::instance/ssoins-1234567890abcdef" # Advanced permission sets with all policy typespermission_sets={"DataScientist"={description="Data science and analytics access"session_duration="PT12H" # AWS Managed Policiesaws_managed_policies=["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess","arn:aws:iam::aws:policy/AmazonSageMakerReadOnly"] # Customer Managed Policies (must exist in your account)customer_managed_policies=[{name="DataLakeAccess"path="/data-science/"}] # Inline Policy for specific permissionsinline_policy=jsonencode({Version="2012-10-17"Statement=[{Effect="Allow"Action=["sagemaker:CreateNotebookInstance","sagemaker:StartNotebookInstance"]Resource="*"Condition={StringEquals={"aws:RequestedRegion"=["us-east-1", "us-west-2"]}}}]}) # Permission Boundary for securitypermissions_boundary={customer_managed_policy_reference={name="DataScientistBoundary"path="/boundaries/"}}}} # Rest of configuration...identity_store_groups={"DataScience"={display_name="Data Science Team"description="Data scientists and ML engineers"}}account_assignments={"datascience-prod"={permission_set_name="DataScientist"principal_type="GROUP"principal_id="DataScience"target_type="AWS_ACCOUNT"target_id="111111111111"}}tags={Environment="production"Project="advanced-sso"Owner="data-team"}}
By specifying this , it will bump the version and if you dont specify this in your commit message then by default it will consider patch and will bump that accordingly
The ARC IaC MCP Server is a hosted Model Context Protocol service that lets AI assistants browse, search, scaffold, compare, and security-scan any of the SourceFuse ARC Terraform modules — directly from natural language.
What you can do with it:
Discover — search and filter modules by keyword or AWS resource type.
Understand — get inputs, outputs, and resources for any module without leaving your editor.