Terraform-provision an MLPS 2.0 compliant enterprise platform (ECS, RDS, OSS, Elasticsearch, IDaaS, PAI), then embed GitBook documentation into the resulting portal with IDaaS SSO controlling access to premium or private content sections.
Use this workflow when deploying an MLPS 2.0-compliant enterprise platform that requires centralized identity management and secure, role-based access to premium documentation. It combines Terraform-provisioned infrastructure (ECS, RDS, OSS, Elasticsearch, IDaaS, PAI) with GitBook embedded directly into your portal, where IDaaS SSO dynamically gates private content without redirecting users.
terraform apply using the MLPS 2.0 baseline module. Ensure alicloud_ecs_instance, alicloud_db_instance, and alicloud_elasticsearch_instance are tagged with compliance: mlps2.0.redirect_uri to https://<your-portal-domain>/auth/callback and enable Security > MFA > TOTP.Settings > Integrations > Embed and enable Require Authentication. Copy the embed_id.``javascript import { IDaaS } from '@alicloud/idaas-sdk'; const client = new IDaaS({ client_id: 'YOUR_CLIENT_ID', scope: 'openid profile email', redirect_uri: 'https://<your-portal-domain>/auth/callback' }); client.auth.authorize(); ``
/auth/callback, exchange the authorization code:``javascript const { access_token, id_token } = await client.auth.exchangeCode(code); localStorage.setItem('idaas_token', access_token); ``
``html <iframe src="https://<your-space>.gitbook.io/embed/<embed_id>?auth_token=${access_token}" allow="clipboard-write"></iframe> ``
User Attributes to pass role: premium in the JWT. In GitBook, set Access Control > SSO Mapping to grant premium role access to restricted collections.Terraform orchestrates the foundational layer: ECS hosts the web portal, RDS stores user metadata, OSS serves static assets, and Elasticsearch/OpenSearch powers semantic search. IDaaS acts as the centralized identity provider, issuing OIDC-compliant JWTs. Upon login, the portal forwards the JWT to the GitBook embed. GitBook validates the signature against IDaaS’s JWKS endpoint, extracts role claims, and dynamically renders private/premium documentation sections. PAI runs in the background for ML model training, while RDS/OSS handle structured/unstructured data storage.
Embed and SSO features enabledredirect_uri domainredirect_uri lacks exact trailing slashes or uses http instead of https.postMessage listener to silently renew tokens via client.auth.refreshToken().*.gitbook.io in Access-Control-Allow-Origin to allow token injection.roles to the JWT scope, GitBook defaults to public access. Verify id_token payload contains roles: ["premium"].Q: How do I deploy a compliant enterprise platform with Terraform and embed authenticated GitBook documentation? A: You can achieve this by using Terraform to provision an MLPS 2.0 compliant infrastructure comprising ECS, RDS, OSS, Elasticsearch, IDaaS, and PAI, then embedding GitBook documentation into the resulting portal. IDaaS SSO is configured to authenticate users and control access to premium or private content sections.