initial commit

modules/security_identity_compliance/sso-aws-id-store/README.md

@@ -0,0 +1,3 @@
+# Module sso-aws-id-store
+This module creates aws sso user using aws's builtin identity store, and put the user in a group. 
+The group must be created in advance.

modules/security_identity_compliance/sso-aws-id-store/main.tf

@@ -0,0 +1,33 @@
+data "aws_ssoadmin_instances" "sso1" {}
+
+resource "aws_identitystore_user" "sso-user" {
+  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
+  display_name      = "${var.firstName} ${var.lastName}"
+  user_name         = var.username
+  nickname          = var.username
+  emails {
+    primary = true
+    value   = var.email
+  }
+
+  name {
+    family_name = var.lastName
+    given_name  = var.firstName
+  }
+}
+
+data "aws_identitystore_group" "sso-group" {
+  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
+  alternate_identifier {
+    unique_attribute {
+      attribute_path  = "DisplayName"
+      attribute_value = var.groupName
+    }
+  }
+}
+
+resource "aws_identitystore_group_membership" "sso-group-membership" {
+  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
+  group_id          = data.aws_identitystore_group.sso-group.group_id
+  member_id         = aws_identitystore_user.sso-user.user_id
+}

modules/security_identity_compliance/sso-aws-id-store/variables.tf

@@ -0,0 +1,5 @@
+variable username {}
+variable firstName {}
+variable lastName {}
+variable email {}
+variable groupName {}