Hi @krathow 👋 Can you please point to the AWS CLI, AWS API Reference, or AWS Go SDK documentation that shows how these components can be created? For example, the AWS Go SDK sso package does not implement this type of functionality. I believe this functionality is not publicly available for programmatic creation at the current time, which means that the Terraform AWS Provider cannot implement support for this.

Hi @bflad , you're absolutely right, I'm checking with AWS where they are in means of automation and wil reopen this issue once an appropriate API is available.

I'm not sure this should be closed... it may just not be possible to implement until the underlying libraries are updated but surely that's coming? I'd like to follow this, or another issue to monitor its progress anyway.

@mmerickel : yes, sounds good, I've got a case open with AWS to get notified once the API is available. I'll update this issue once it's available. For the mean time I'll keep this open

@krathow Thanks for looking into this, it's definitely much needed! Did you get any timeline from the AWS side? It's unfortunate they chose to release such an important service without an API.

@christophetd unfortunately I did not get any information yet. I've escalated the topic again but did not get anything back.
I keep on trying to get something...

It looks like account assignment has been made available in the AWS Go SDK, relevant announcement here.

How does this issue relate to #15108 ?

Hi folks 👋 Since #15108 has more concrete details relating to the SSO API released yesterday, I'm going to close this issue in preference of that one. Please 👍 upvote and subscribe there for further updates.

@bflad I noticed this issue has been closed in favor of my issue. The API released yesterday only pertains to managing AWS SSO permission sets and assignments. It does not actually allow enabling AWS SSO or configuring any other AWS SSO settings such as integration with Azure AD. I wonder if this issue should still remain open to track the request for those features, even if there's no API available for them yet.

Great point, @sean-nixon 👍 Since there's nothing concrete about the implementation details of that particular portion of SSO support since it hasn't been released by AWS, there's nothing actionable for this project (and we have a lot of open, actionable items already 😉 ). I'm worried about having multiple SSO issues open and folks being confused what to follow for updates on particular functionality.

For anyone interested in the SSO functionality such as AzureAD, our best recommendation at this time is to contact AWS Support with a feature request asking for programmatic (API) support. That AWS service team can also reach out to the maintainers here through the Amazon Partner Network if they would like to collaborate ahead of any potential launch. Until it is announced publicly, our preference will be to not keep an issue open for functionality that cannot be implemented.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!