terraform.aws-baseline-infra/examples/bea-sso-preview/sso-users.tf

data "aws_ssoadmin_instances" "sso1" {}

locals {
  csv_data2 = <<-CSV
    username,email,lastName,firstName
    user1,user1@acme.local,Doe,John
    user2,user2@acme.local,Smith,Jane
  CSV

  users = csvdecode(local.csv_data2)
}

resource "aws_identitystore_user" "sso-user" {
  for_each = { for item in local.users : item.username => item }
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  display_name      = "${each.value.firstName} ${each.value.lastName}"
  user_name         = each.value.username
  nickname          = each.value.username
  emails {
    primary = true
    value   = each.value.email
  }

  name {
    family_name = each.value.lastName
    given_name  = each.value.firstName
  }
}

resource "aws_identitystore_group" "sso-group" {
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  display_name      = "Viewers"
  description       = "Users with view permission"
}

resource "aws_identitystore_group_membership" "sso-group-membership" {
  for_each = aws_identitystore_user.sso-user
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  group_id          = aws_identitystore_group.sso-group.group_id
  member_id         = each.value.user_id
}

locals {
  csv_data3 = <<-CSV
    seq,groupName,permission,accountId
    1,Viewers,ViewOnly,865184416664
    2,Viewers,ViewOnly,572802010687
  CSV

  accounts = csvdecode(local.csv_data3)
}

resource "aws_ssoadmin_account_assignment" "pset-assignment" {
  for_each = { for item in local.accounts : item.seq => item }

  instance_arn       = tolist(data.aws_ssoadmin_instances.sso1.arns)[0]
  permission_set_arn = module.sso[each.value.permission].pset-arn

  principal_id   = aws_identitystore_group.sso-group.group_id
  principal_type = "GROUP"

  target_id   = each.value.accountId
  target_type = "AWS_ACCOUNT"
}
UPD: clean up 2023-02-28 16:38:16 +08:00			`data "aws_ssoadmin_instances" "sso1" {}`

			`locals {`
			`csv_data2 = <<-CSV`
			`username,email,lastName,firstName`
			`user1,user1@acme.local,Doe,John`
			`user2,user2@acme.local,Smith,Jane`
			`CSV`

			`users = csvdecode(local.csv_data2)`
			`}`

			`resource "aws_identitystore_user" "sso-user" {`
			`for_each = { for item in local.users : item.username => item }`
			`identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]`
			`display_name = "${each.value.firstName} ${each.value.lastName}"`
			`user_name = each.value.username`
			`nickname = each.value.username`
			`emails {`
			`primary = true`
			`value = each.value.email`
			`}`

			`name {`
			`family_name = each.value.lastName`
			`given_name = each.value.firstName`
			`}`
			`}`

			`resource "aws_identitystore_group" "sso-group" {`
			`identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]`
			`display_name = "Viewers"`
			`description = "Users with view permission"`
			`}`

			`resource "aws_identitystore_group_membership" "sso-group-membership" {`
			`for_each = aws_identitystore_user.sso-user`
			`identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]`
			`group_id = aws_identitystore_group.sso-group.group_id`
			`member_id = each.value.user_id`
			`}`

			`locals {`
			`csv_data3 = <<-CSV`
			`seq,groupName,permission,accountId`
			`1,Viewers,ViewOnly,865184416664`
			`2,Viewers,ViewOnly,572802010687`
			`CSV`

			`accounts = csvdecode(local.csv_data3)`
			`}`

			`resource "aws_ssoadmin_account_assignment" "pset-assignment" {`
			`for_each = { for item in local.accounts : item.seq => item }`

			`instance_arn = tolist(data.aws_ssoadmin_instances.sso1.arns)[0]`
			`permission_set_arn = module.sso[each.value.permission].pset-arn`

			`principal_id = aws_identitystore_group.sso-group.group_id`
			`principal_type = "GROUP"`

			`target_id = each.value.accountId`
			`target_type = "AWS_ACCOUNT"`
			`}`