try and fix group membership

README.md

@@ -11,6 +11,7 @@ A module that will configure an EKS cluster and the required IAM role and permis
 ### Spot Fleet
 A module to configure spot fleets and acceptable spot server types that can be used with the EKS module. A future enhancement will be to also leverage Karpenter to help with autoscaling.
 
+
 ### VPC
 A module that will configure the VPC and subnets (based on the amount of AZs in that region). Also has an option to configure a NAT gateway.
 

modules/iam_identity_users/main.tf

@@ -29,6 +29,6 @@ resource "aws_identitystore_user" "this" {
 resource "aws_identitystore_group_membership" "this" {
   for_each =  var.users
   identity_store_id = tolist(data.aws_ssoadmin_instances.this.identity_store_ids)[0]
-  group_id          = aws_identitystore_group.this[each.value.group].id
-  member_id         = aws_identitystore_user.this[each.key].id
+  group_id          = aws_identitystore_group.this[each.value.groups].id
+  member_id         = aws_identitystore_user.this[each.key].user_id
 }

modules/iam_identity_users/variables.tf

@@ -3,7 +3,8 @@ variable "users" {
   type = map(object({
     first_name = string
     last_name  = string
-    groups     = set(string) # Set of group names the user belongs to
+    # TODO: add support in case a user needs to belong to multiple groups
+    groups     = string
   }))
 }
 

users.tf

@@ -1,17 +1,17 @@
 module "users" {
   source = "./modules/iam_identity_users"
-  groups = ["administrators", "developers", "qa", "networking"]
+  groups = ["administrators", "developers", "networking"]
 
   users = {
     "Zach Rundle" = {
       first_name = "Zach"
       last_name  = "Rundle"
-      groups     = ["administrators"]
+      groups     = "administrators"
     },
     "Maverick Dog" = {
       first_name = "Maverick"
       last_name  = "Dog"
-      groups     = ["developers", "qa"]
+      groups     = "developers"
     },
   }
 }