From d424f38ea347c145c8ed3bf8640de3a23f36a21a Mon Sep 17 00:00:00 2001 From: cybershady Date: Tue, 20 Aug 2024 23:10:05 -0600 Subject: [PATCH 01/18] test adding groups and memberships --- modules/iam_identity_users/main.tf | 19 +++++++++++++++++++ modules/iam_identity_users/variables.tf | 1 + users.tf | 5 ++++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index fd3282b..479f859 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -1,6 +1,16 @@ +# Fetching SSO Instance data "aws_ssoadmin_instances" "this" {} +# Create SSO Groups +resource "aws_identitystore_group" "this" { + for_each = toset(flatten([for user in values(var.users) : user.groups])) + display_name = each.key + description = format("SSO group for %s", each.key) + identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] +} + +# Create SSO Users resource "aws_identitystore_user" "this" { for_each = var.users @@ -17,4 +27,13 @@ resource "aws_identitystore_user" "this" { emails { value = join("@", [format("%s.%s", lower(each.value.first_name), lower(each.value.last_name)), var.email_domain]) } +} + +# Assign Users to Groups +resource "aws_identitystore_group_membership" "this" { + for_each = { for user_key, user in var.users : user_key => user } + + identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] + group_id = aws_identitystore_group.this[each.value.groups].id + member_id = aws_identitystore_user.this[each.key].id } \ No newline at end of file diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf index 381b811..9bdcd7a 100644 --- a/modules/iam_identity_users/variables.tf +++ b/modules/iam_identity_users/variables.tf @@ -3,6 +3,7 @@ variable "users" { type = map(object({ first_name = string last_name = string + groups = set(string) # Set of group names the user belongs to })) } diff --git a/users.tf b/users.tf index abdff04..2eb56bb 100644 --- a/users.tf +++ b/users.tf @@ -1,13 +1,16 @@ module "users" { source = "./modules/iam_identity_users" + users = { "Zach Rundle" = { first_name = "Zach" last_name = "Rundle" + groups = ["administrators"] }, "Maverick Dog" = { first_name = "Maverick" last_name = "Dog" + groups = ["developers", "qa"] }, } -} \ No newline at end of file +} From 77f5ca43d9f9c85e29de2f3ae50e8e2be2796150 Mon Sep 17 00:00:00 2001 From: cybershady Date: Tue, 20 Aug 2024 23:12:07 -0600 Subject: [PATCH 02/18] fix syntax --- modules/iam_identity_users/main.tf | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 479f859..aea8ffa 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -1,12 +1,9 @@ -# Fetching SSO Instance -data "aws_ssoadmin_instances" "this" {} - # Create SSO Groups resource "aws_identitystore_group" "this" { - for_each = toset(flatten([for user in values(var.users) : user.groups])) + for_each = { for group_name in toset(flatten([for user in values(var.users) : user.groups])) : group_name => group_name } - display_name = each.key - description = format("SSO group for %s", each.key) + display_name = each.value + description = format("SSO group for %s", each.value) identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] } @@ -31,9 +28,9 @@ resource "aws_identitystore_user" "this" { # Assign Users to Groups resource "aws_identitystore_group_membership" "this" { - for_each = { for user_key, user in var.users : user_key => user } + for_each = { for user_key, user in var.users : user_key => { for group_name in user.groups : group_name => aws_identitystore_group.this[group_name].id } } identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = aws_identitystore_group.this[each.value.groups].id + group_id = each.value[group_name] member_id = aws_identitystore_user.this[each.key].id } \ No newline at end of file From 5eb131ea29876489c36eb42f23809f2cdaa45091 Mon Sep 17 00:00:00 2001 From: cybershady Date: Tue, 20 Aug 2024 23:13:30 -0600 Subject: [PATCH 03/18] add back in data block --- modules/iam_identity_users/main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index aea8ffa..55cbca5 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -1,3 +1,6 @@ +# Fetching SSO Instance +data "aws_ssoadmin_instances" "this" {} + # Create SSO Groups resource "aws_identitystore_group" "this" { for_each = { for group_name in toset(flatten([for user in values(var.users) : user.groups])) : group_name => group_name } From 8107edb02c2c2f809187aa11532d80ad4f96680f Mon Sep 17 00:00:00 2001 From: cybershady Date: Tue, 20 Aug 2024 23:15:38 -0600 Subject: [PATCH 04/18] fix syntax --- modules/iam_identity_users/main.tf | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 55cbca5..93dca0d 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -31,9 +31,18 @@ resource "aws_identitystore_user" "this" { # Assign Users to Groups resource "aws_identitystore_group_membership" "this" { - for_each = { for user_key, user in var.users : user_key => { for group_name in user.groups : group_name => aws_identitystore_group.this[group_name].id } } + for_each = { + for user_key, user in var.users : + user_key => { + for group_name in user.groups : + format("%s-%s", user_key, group_name) => { + group_id = aws_identitystore_group.this[group_name].id, + member_id = aws_identitystore_user.this[user_key].id, + } + } + } identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = each.value[group_name] - member_id = aws_identitystore_user.this[each.key].id + group_id = each.value.group_id + member_id = each.value.member_id } \ No newline at end of file From ebbfde15a06b70fc8e5cb2394eead06eacec204a Mon Sep 17 00:00:00 2001 From: cybershady Date: Wed, 21 Aug 2024 21:27:46 -0600 Subject: [PATCH 05/18] add group changes --- modules/iam_identity_users/main.tf | 8 +++++++- modules/iam_identity_users/variables.tf | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 93dca0d..d14b87c 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -3,8 +3,14 @@ data "aws_ssoadmin_instances" "this" {} # Create SSO Groups resource "aws_identitystore_group" "this" { - for_each = { for group_name in toset(flatten([for user in values(var.users) : user.groups])) : group_name => group_name } + identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] + display_name = "MyGroup" + description = "Some group name" +} + +resource "aws_identitystore_group" "this" { + for_each = { for group_name in var.groups : group_name => group_name } display_name = each.value description = format("SSO group for %s", each.value) identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf index 9bdcd7a..1a55994 100644 --- a/modules/iam_identity_users/variables.tf +++ b/modules/iam_identity_users/variables.tf @@ -11,4 +11,10 @@ variable "email_domain" { description = "Domain used for user email accounts" type = string default = "example.com" +} + +variable "groups" { + description = "List of IAM identity center groups to create" + type = set(string) + default = [] } \ No newline at end of file From c754509e8b2441d0a12a21c9d2188f83f8485ee6 Mon Sep 17 00:00:00 2001 From: cybershady Date: Wed, 21 Aug 2024 21:29:26 -0600 Subject: [PATCH 06/18] remove duplicate resource group --- modules/iam_identity_users/main.tf | 7 ------- 1 file changed, 7 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index d14b87c..0408388 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -2,13 +2,6 @@ data "aws_ssoadmin_instances" "this" {} # Create SSO Groups -resource "aws_identitystore_group" "this" { - identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - display_name = "MyGroup" - description = "Some group name" -} - - resource "aws_identitystore_group" "this" { for_each = { for group_name in var.groups : group_name => group_name } display_name = each.value From c8777f650ce3a8a04e062c9a35d4807de6797288 Mon Sep 17 00:00:00 2001 From: cybershady Date: Wed, 21 Aug 2024 21:44:19 -0600 Subject: [PATCH 07/18] test chatgpt code --- modules/iam_identity_users/main.tf | 62 ++++++++++++++++++++++-------- users.tf | 1 + 2 files changed, 46 insertions(+), 17 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 0408388..5abe706 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -1,47 +1,75 @@ # Fetching SSO Instance data "aws_ssoadmin_instances" "this" {} +# Define locals to structure the group and user data +locals { + group_lists = [ + for group_name in var.groups : { + group_name = group_name + description = format("SSO group for %s", group_name) + } + ] + + user_lists = [ + for user_key, user in var.users : { + user_key = user_key + display_name = format("%s %s", user.first_name, user.last_name) + user_name = format("%s%s", substr(lower(user.first_name), 0, 1), lower(user.last_name)) + email = join("@", [format("%s.%s", lower(user.first_name), lower(user.last_name)), var.email_domain]) + groups = user.groups + } + ] + + # Flatten user-group pairs for membership creation + user_group_pairs = flatten([ + for user in local.user_lists : [ + for group_name in user.groups : { + user_key = user.user_key + group_name = group_name + } + ] + ]) +} + # Create SSO Groups resource "aws_identitystore_group" "this" { - for_each = { for group_name in var.groups : group_name => group_name } - display_name = each.value - description = format("SSO group for %s", each.value) + for_each = { for g in local.group_lists : g.group_name => g } + + display_name = each.value.group_name + description = each.value.description identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] } # Create SSO Users resource "aws_identitystore_user" "this" { - for_each = var.users + for_each = { for u in local.user_lists : u.user_key => u } identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - display_name = format("%s %s", each.value.first_name, each.value.last_name) - user_name = format("%s%s", substr(lower(each.value.first_name), 0, 1), lower(each.value.last_name)) + display_name = each.value.display_name + user_name = each.value.user_name name { - given_name = each.value.first_name - family_name = each.value.last_name + given_name = each.value.display_name.split(" ")[0] + family_name = each.value.display_name.split(" ")[1] } emails { - value = join("@", [format("%s.%s", lower(each.value.first_name), lower(each.value.last_name)), var.email_domain]) + value = each.value.email } } # Assign Users to Groups resource "aws_identitystore_group_membership" "this" { for_each = { - for user_key, user in var.users : - user_key => { - for group_name in user.groups : - format("%s-%s", user_key, group_name) => { - group_id = aws_identitystore_group.this[group_name].id, - member_id = aws_identitystore_user.this[user_key].id, - } + for pair in local.user_group_pairs : + format("%s-%s", pair.user_key, pair.group_name) => { + group_id = aws_identitystore_group.this[pair.group_name].id + member_id = aws_identitystore_user.this[pair.user_key].id } } identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] group_id = each.value.group_id member_id = each.value.member_id -} \ No newline at end of file +} diff --git a/users.tf b/users.tf index 2eb56bb..b91ff5d 100644 --- a/users.tf +++ b/users.tf @@ -1,5 +1,6 @@ module "users" { source = "./modules/iam_identity_users" + groups = ["administrators","developers","qa","networking"] users = { "Zach Rundle" = { From 137a26c0c3f7f5707c73491fe04e794131309d2e Mon Sep 17 00:00:00 2001 From: cybershady Date: Wed, 21 Aug 2024 21:50:00 -0600 Subject: [PATCH 08/18] try and fix group assocation --- modules/iam_identity_users/main.tf | 65 +++++-------------------- modules/iam_identity_users/variables.tf | 2 +- users.tf | 4 +- 3 files changed, 15 insertions(+), 56 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 5abe706..418d17d 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -1,75 +1,34 @@ # Fetching SSO Instance data "aws_ssoadmin_instances" "this" {} -# Define locals to structure the group and user data -locals { - group_lists = [ - for group_name in var.groups : { - group_name = group_name - description = format("SSO group for %s", group_name) - } - ] - - user_lists = [ - for user_key, user in var.users : { - user_key = user_key - display_name = format("%s %s", user.first_name, user.last_name) - user_name = format("%s%s", substr(lower(user.first_name), 0, 1), lower(user.last_name)) - email = join("@", [format("%s.%s", lower(user.first_name), lower(user.last_name)), var.email_domain]) - groups = user.groups - } - ] - - # Flatten user-group pairs for membership creation - user_group_pairs = flatten([ - for user in local.user_lists : [ - for group_name in user.groups : { - user_key = user.user_key - group_name = group_name - } - ] - ]) -} - # Create SSO Groups resource "aws_identitystore_group" "this" { - for_each = { for g in local.group_lists : g.group_name => g } - - display_name = each.value.group_name - description = each.value.description + for_each = { for group_name in var.groups : group_name => group_name } + display_name = each.value identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] } # Create SSO Users resource "aws_identitystore_user" "this" { - for_each = { for u in local.user_lists : u.user_key => u } - + for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - - display_name = each.value.display_name - user_name = each.value.user_name + display_name = format("%s %s", each.value.first_name, each.value.last_name) + user_name = format("%s%s", substr(lower(each.value.first_name), 0, 1), lower(each.value.last_name)) name { - given_name = each.value.display_name.split(" ")[0] - family_name = each.value.display_name.split(" ")[1] + given_name = each.value.first_name + family_name = each.value.last_name } emails { - value = each.value.email + value = join("@", [format("%s.%s", lower(each.value.first_name), lower(each.value.last_name)), var.email_domain]) } } # Assign Users to Groups resource "aws_identitystore_group_membership" "this" { - for_each = { - for pair in local.user_group_pairs : - format("%s-%s", pair.user_key, pair.group_name) => { - group_id = aws_identitystore_group.this[pair.group_name].id - member_id = aws_identitystore_user.this[pair.user_key].id - } - } - + for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = each.value.group_id - member_id = each.value.member_id -} + group_id = aws_identitystore_group.this.group_id + member_id = aws_identitystore_user.this.user_id +} \ No newline at end of file diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf index 1a55994..7069c58 100644 --- a/modules/iam_identity_users/variables.tf +++ b/modules/iam_identity_users/variables.tf @@ -3,7 +3,7 @@ variable "users" { type = map(object({ first_name = string last_name = string - groups = set(string) # Set of group names the user belongs to + groups = set(string) # Set of group names the user belongs to })) } diff --git a/users.tf b/users.tf index b91ff5d..9bebeb5 100644 --- a/users.tf +++ b/users.tf @@ -1,7 +1,7 @@ module "users" { source = "./modules/iam_identity_users" - groups = ["administrators","developers","qa","networking"] - + groups = ["administrators", "developers", "qa", "networking"] + users = { "Zach Rundle" = { first_name = "Zach" From cf9decf3e1daffd3a1b3e4b11169777ca8aa9903 Mon Sep 17 00:00:00 2001 From: cybershady Date: Wed, 21 Aug 2024 21:52:59 -0600 Subject: [PATCH 09/18] bad --- modules/iam_identity_users/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 418d17d..c762193 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" { resource "aws_identitystore_group_membership" "this" { for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = aws_identitystore_group.this.group_id - member_id = aws_identitystore_user.this.user_id + group_id = aws_identitystore_group.this[each.value.group].id + member_id = aws_identitystore_user.this[each.key].id } \ No newline at end of file From e04f08b13f653844f02e488f7f72e161779ba5b1 Mon Sep 17 00:00:00 2001 From: cybershady Date: Thu, 22 Aug 2024 21:54:31 -0600 Subject: [PATCH 10/18] add in daily commit --- modules/iam_identity_users/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index c762193..bb59764 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" { resource "aws_identitystore_group_membership" "this" { for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = aws_identitystore_group.this[each.value.group].id - member_id = aws_identitystore_user.this[each.key].id + group_id = aws_identitystore_group.this[each.value.display_name].id + member_id = aws_identitystore_user.this[each.value.display_name].id } \ No newline at end of file From 3d5f6ea9c17131b7b24fe0950f4856145688fea5 Mon Sep 17 00:00:00 2001 From: cybershady Date: Fri, 23 Aug 2024 21:59:30 -0600 Subject: [PATCH 11/18] update readme --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 27dd90b..25bef01 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,17 @@ -# tf-playground -Terraform code for public personal projects +# Description +This is terraform code that will build a playground environment for development environment. + +## Modules +### IAM Identity Center +A module that allows a user to set up SSO and create users, groups, and permission sets. + +### EKS +A module that will configure an EKS cluster and the required IAM role and permissions. + +### Spot Fleet +A module to configure spot fleets and acceptable spot server types that can be used with the EKS module. A future enhancement will be to also leverage Karpenter to help with autoscaling. + +### +VPC +A module that will configure the VPC and subnets (based on the amount of AZs in that region). Also has an option to configure a NAT gateway. + From 45f51993d861ba08b853bda9512d560e5419f1ad Mon Sep 17 00:00:00 2001 From: cybershady Date: Sat, 24 Aug 2024 22:00:09 -0600 Subject: [PATCH 12/18] try and fix group membership --- modules/iam_identity_users/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index c762193..252f4de 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" { resource "aws_identitystore_group_membership" "this" { for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = aws_identitystore_group.this[each.value.group].id + group_id = aws_identitystore_user.this[each.value.groups].id member_id = aws_identitystore_user.this[each.key].id } \ No newline at end of file From 6cedc7ec5bbb869ac6728588633ea8ff7729539d Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 00:46:40 -0600 Subject: [PATCH 13/18] make users belong to one group --- users.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users.tf b/users.tf index 9bebeb5..406c622 100644 --- a/users.tf +++ b/users.tf @@ -1,6 +1,6 @@ module "users" { source = "./modules/iam_identity_users" - groups = ["administrators", "developers", "qa", "networking"] + groups = ["administrators", "developers", "networking"] users = { "Zach Rundle" = { @@ -11,7 +11,7 @@ module "users" { "Maverick Dog" = { first_name = "Maverick" last_name = "Dog" - groups = ["developers", "qa"] + groups = ["developers"] }, } } From 080ff2447e0f827070dbf5b98f4c5656923a87b8 Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 00:49:47 -0600 Subject: [PATCH 14/18] change variable type in users object --- modules/iam_identity_users/variables.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/iam_identity_users/variables.tf b/modules/iam_identity_users/variables.tf index 7069c58..0936e95 100644 --- a/modules/iam_identity_users/variables.tf +++ b/modules/iam_identity_users/variables.tf @@ -3,7 +3,8 @@ variable "users" { type = map(object({ first_name = string last_name = string - groups = set(string) # Set of group names the user belongs to + # TODO: add support in case a user needs to belong to multiple groups + groups = string })) } From efe89219c020731012c79dc52d16f416a01f4e75 Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 00:50:46 -0600 Subject: [PATCH 15/18] remove string brackets --- users.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users.tf b/users.tf index 406c622..d22db6a 100644 --- a/users.tf +++ b/users.tf @@ -6,12 +6,12 @@ module "users" { "Zach Rundle" = { first_name = "Zach" last_name = "Rundle" - groups = ["administrators"] + groups = "administrators" }, "Maverick Dog" = { first_name = "Maverick" last_name = "Dog" - groups = ["developers"] + groups = "developers" }, } } From 6e0ca94b0178c7f75f08d7509a1bb312ffe47315 Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 00:56:06 -0600 Subject: [PATCH 16/18] try and fix group membership --- modules/iam_identity_center/variables.tf | 2 +- modules/iam_identity_users/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/iam_identity_center/variables.tf b/modules/iam_identity_center/variables.tf index 92540ac..518a313 100644 --- a/modules/iam_identity_center/variables.tf +++ b/modules/iam_identity_center/variables.tf @@ -1,5 +1,5 @@ variable "permission_sets" { - type = list(object({ + type = map(object({ name = string description = string relay_state = string diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 252f4de..91dcc04 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" { resource "aws_identitystore_group_membership" "this" { for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] - group_id = aws_identitystore_user.this[each.value.groups].id + group_id = aws_identitystore_group.this[each.value.groups].id member_id = aws_identitystore_user.this[each.key].id } \ No newline at end of file From 3955f8eab3c1b2e4890d73282a5a06e2cb991e37 Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 00:56:48 -0600 Subject: [PATCH 17/18] undo type change --- modules/iam_identity_center/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/iam_identity_center/variables.tf b/modules/iam_identity_center/variables.tf index 518a313..92540ac 100644 --- a/modules/iam_identity_center/variables.tf +++ b/modules/iam_identity_center/variables.tf @@ -1,5 +1,5 @@ variable "permission_sets" { - type = map(object({ + type = list(object({ name = string description = string relay_state = string From 9816f2f3918fc1df59f81ef222307fc02a4b35e9 Mon Sep 17 00:00:00 2001 From: cybershady Date: Sun, 25 Aug 2024 01:02:51 -0600 Subject: [PATCH 18/18] try and fix userid error --- modules/iam_identity_users/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/iam_identity_users/main.tf b/modules/iam_identity_users/main.tf index 91dcc04..4a394be 100644 --- a/modules/iam_identity_users/main.tf +++ b/modules/iam_identity_users/main.tf @@ -30,5 +30,5 @@ resource "aws_identitystore_group_membership" "this" { for_each = var.users identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0] group_id = aws_identitystore_group.this[each.value.groups].id - member_id = aws_identitystore_user.this[each.key].id + member_id = aws_identitystore_user.this[each.key].user_id } \ No newline at end of file