Merge pull request #7 from zachrundle/eks

add in users module
zachrundle · Aug 21, 2024 · 8285246 · 8285246
2 parents 99d896f + 9939f4d
commit 8285246
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -12,4 +12,20 @@ module "eks" {
 
   subnet_ids               = module.network.private_subnet_ids
   control_plane_subnet_ids = module.network.private_subnet_ids
+}
+
+module "permission_sets" {
+  source = "./modules/iam_identity_center"
+
+  permission_sets = [
+    {
+      name                                = "AdministratorAccess",
+      description                         = "Allow full access to the account",
+      relay_state                         = "",
+      session_duration                    = "",
+      tags                                = {},
+      inline_policy                       = "",
+      policy_attachments                  = ["arn:aws:iam::aws:policy/AdministratorAccess"]
+      customer_managed_policy_attachments = []
+  }]
 }
diff --git a/modules/iam_identity_center/variables.tf b/modules/iam_identity_center/variables.tf
@@ -1,7 +1,3 @@
-variable "aws_account" {
-  description = "Account number to create aws resources in. This variable should be defined in the terraform cloud workspace settings"
-}
-
 variable "permission_sets" {
   type = list(object({
     name               = string

diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf
@@ -0,0 +1,20 @@
+data "aws_ssoadmin_instances" "this" {}
+
+
+resource "aws_identitystore_user" "this" {
+  for_each = var.users
+
+  identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0]
+
+  display_name = format("%s %s", each.value.first_name, each.value.last_name)
+  user_name    = format("%s%s", substr(lower(each.value.first_name), 0, 1), lower(each.value.last_name))
+
+  name {
+    given_name  = each.value.first_name
+    family_name = each.value.last_name
+  }
+
+  emails {
+    value = join("@", [format("%s.%s", lower(each.value.first_name), lower(each.value.last_name)), var.email_domain])
+  }
+}
diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf
@@ -0,0 +1,13 @@
+variable "users" {
+  description = "Map of user identifiers to user details including their team."
+  type = map(object({
+    first_name = string
+    last_name  = string
+  }))
+}
+
+variable "email_domain" {
+  description = "Domain used for user email accounts"
+  type        = string
+  default     = "example.com"
+}
diff --git a/users.tf b/users.tf
@@ -0,0 +1,13 @@
+module "users" {
+  source = "./modules/iam_identity_users"
+  users = {
+    "Zach Rundle" = {
+      first_name = "Zach"
+      last_name  = "Rundle"
+    },
+    "Maverick Dog" = {
+      first_name = "Maverick"
+      last_name  = "Dog"
+    },
+  }
+}