xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
aws-sso/sso-users.tf
+64
View File
@@ -0,0 +1,64 @@
data "aws_ssoadmin_instances" "sso1" {}
locals {
csv_data2 = <<-CSV
username,email,lastName,firstName
user1,user1@acme.local,Doe,John
user2,user2@acme.local,Smith,Jane
CSV
users = csvdecode(local.csv_data2)
}
resource "aws_identitystore_user" "sso-user" {
for_each = { for item in local.users : item.username => item }
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
display_name = "${each.value.firstName} ${each.value.lastName}"
user_name = each.value.username
nickname = each.value.username
emails {
primary = true
value = each.value.email
}
name {
family_name = each.value.lastName
given_name = each.value.firstName
}
}
resource "aws_identitystore_group" "sso-group" {
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
display_name = "Viewers"
description = "Users with view permission"
}
resource "aws_identitystore_group_membership" "sso-group-membership" {
for_each = aws_identitystore_user.sso-user
identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
group_id = aws_identitystore_group.sso-group.group_id
member_id = each.value.user_id
}
locals {
csv_data3 = <<-CSV
seq,groupName,permission,accountId
1,Viewers,ViewOnly,865184416664
2,Viewers,ViewOnly,572802010687
CSV
accounts = csvdecode(local.csv_data3)
}
resource "aws_ssoadmin_account_assignment" "pset-assignment" {
for_each = { for item in local.accounts : item.seq => item }
instance_arn = tolist(data.aws_ssoadmin_instances.sso1.arns)[0]
permission_set_arn = module.sso[each.value.permission].pset-arn
principal_id = aws_identitystore_group.sso-group.group_id
principal_type = "GROUP"
target_id = each.value.accountId
target_type = "AWS_ACCOUNT"
}