From 9002bbed80622c2d4ae9d999cf2e279ce849c3cc Mon Sep 17 00:00:00 2001
From: KF <ee@rackspace>
Date: Wed, 19 Oct 2022 19:56:39 +0800
Subject: [PATCH] FIX: bug fix on iam-user module

---
 .../iam-user/main.tf                          | 35 ++++++++++---------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/modules/security_identity_compliance/iam-user/main.tf b/modules/security_identity_compliance/iam-user/main.tf
index 121a1a0..c0b05b1 100644
--- a/modules/security_identity_compliance/iam-user/main.tf
+++ b/modules/security_identity_compliance/iam-user/main.tf
@@ -9,12 +9,13 @@ resource "aws_iam_access_key" "iam-user-access-key" {
   user  = aws_iam_user.iam-user.name
 }
 
-resource "aws_iam_user_policy" "iam-user-policy" {
-  count = var.create-group ? 0 : 1
-  name   = var.iam-user-policy-name
-  user   = aws_iam_user.iam-user.name
-  policy = var.iam-user-policy
-}
+# need to work on attaching additional user policy
+#resource "aws_iam_user_policy" "iam-user-policy" {
+#  count = var.create-group ? 0 : 1
+#  name   = var.iam-user-policy-name
+#  user   = aws_iam_user.iam-user.name
+#  policy = var.iam-user-policy
+#}
 
 resource "aws_iam_user_policy" iam-user-selfservice-policy {
   name = "SelfServicePermissions"
@@ -84,27 +85,29 @@ resource aws_iam_group iam-group {
 
 resource aws_iam_group_membership new-group-membership {
   count = length(aws_iam_group.iam-group)
-  name = aws_iam_group.iam-group[0].name
+  name = "MembershipToNewGroups"
   group = aws_iam_group.iam-group[0].name
   users = [aws_iam_user.iam-user.name]
 }
 
 resource aws_iam_group_membership existing-group-membership {
-  count = length(var.add-to-groups)
-  name = var.add-to-groups[count.index]
-  group = var.add-to-groups[count.index]
+  for_each = var.add-to-groups
+  name = "MembershipToExistingGroups"
+  group = each.value
   users = [aws_iam_user.iam-user.name]
 }
 
-resource "aws_iam_group_policy" "iam-group-policy" {
-  count = var.create-group ? 1 : 0
-  name   = "SelfServiceAccess"
-  group   = aws_iam_group.iam-group[0].name
-  policy = var.iam-user-policy
-}
+# need to work on attaching additional group policy
+#resource "aws_iam_group_policy" "iam-group-policy" {
+#  count = var.create-group ? 1 : 0
+#  name   = "SelfServiceAccess"
+#  group   = aws_iam_group.iam-group[0].name
+#  policy = var.iam-user-policy
+#}
 
 resource "aws_iam_group_policy_attachment" "iam-group-managed-policies" {
   count = var.create-group ? length(var.managed-policy-arns) : 0
   group       = aws_iam_group.iam-group[0].name
   policy_arn = var.managed-policy-arns[count.index]
 }
+