xdr-terraform-modules/submodules/iam/okta_saml_roles/locals.tf

locals {

  # Just to shorten up some references
  aws_partition = data.aws_partition.current.partition
  aws_account   = data.aws_caller_identity.current.account_id

  assume_role_policy = (length(var.trusted_arns) > 0) ? data.aws_iam_policy_document.okta_saml_plus_crossaccount_assume_role_policy.json : data.aws_iam_policy_document.okta_saml_assume_role_policy.json

  # Used in assume-role policies coming from SAML
  saml_signin_page = {
    "aws"        = "https://signin.aws.amazon.com/saml"
    "aws-us-gov" = "https://signin.amazonaws-us-gov.com/saml"
  }
}