I'm working on making a React single-page application (SPA) available through the AWS SSO start page. I'm deploying it using Terraform, but I've hit some roadblocks because I know there are some aspects that Terraform doesn't currently support well. I'm open to other methods like CloudFormation or CLI commands if that's what it takes.
The app is hosted in an S3 bucket and delivered via CloudFront, along with an API Gateway running through the same CloudFront setup. Unfortunately, the documentation is pretty vague on this, and I'd ideally like to implement OIDC (OpenID Connect), but I'm also familiar with SAML and Cognito if necessary.
I've been going around in circles trying to find the right info—I've even tried using AI assistance, but it keeps telling me to grab values from the console that just aren't there. I'm really hoping someone has some insight into how this all works. It feels like it should be straightforward since AWS SSO should function as an IdP (Identity Provider) and just let me "mount" my app inside the start console, but I must be missing something key.
1 Answer
Have you thought about trying it with CloudFormation first? If you get it working there, you can use that setup as a reference to translate it back into Terraform. I get that you prefer Terraform, but sometimes a different approach can clarify things.
CloudFormation isn't really addressing the details I need. My team's been using Terraform for over a decade, and its flexibility across multiple APIs is why I stick with it. I've just had too many headaches with CloudFormation's complexity.