search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.76k stars 9.11k forks source link

[Enhancement]: Allow creation of an Microsoft Entra ID joined Directory for AWS Workspaces #39355

Open bebold-jhr opened 1 week ago

bebold-jhr commented 1 week ago

Description

For BYOL it is possible to use AWS IAM Identity Center to set up a Microsfot Entra ID joined Directory. This allows to manage user directly via AWS IAM Identity which is already backed by the user's Entra ID instance.

Affected Resource(s) and/or Data Source(s)

Potential Terraform Configuration

microsoft_entra_config {
 tenant_id = ""
 application_config_secret_arn = ""
}

References

Announcement: https://aws.amazon.com/about-aws/whats-new/2024/08/aws-microsoft-entra-id-intune-amazon-workspaces-personal/ Relevant part in the documentation: https://docs.aws.amazon.com/workspaces/latest/adminguide/launch-workspaces-tutorials.html#launch-entra-id

Based on CLI/Boto3 there is a new property "microsoft-entra-config" which takes the Microsoft Entra ID tenant ID as well as a secret containing the applciation ID and the API token. API boto3 reference: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/workspaces/client/register_workspace_directory.html#WorkSpaces.Client.register_workspace_directory AWS CLI reference: https://docs.aws.amazon.com/cli/latest/reference/workspaces/register-workspace-directory.html

I guess the relevant GO SDK links are these: Register direcotry: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/workspaces#Client.RegisterWorkspaceDirectory Config object MicrosoftEntraConfig: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/workspaces@v1.46.3/types#MicrosoftEntraConfig

Would you like to implement a fix?

No

github-actions[bot] commented 1 week ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue