data "aws_ssoadmin_instances" "sso1" {}

resource "aws_identitystore_user" "sso-user" {
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  display_name      = "${var.firstName} ${var.lastName}"
  user_name         = var.username
  nickname          = var.username
  emails {
    primary = true
    value   = var.email
  }

  name {
    family_name = var.lastName
    given_name  = var.firstName
  }
}

data "aws_identitystore_group" "sso-group" {
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  alternate_identifier {
    unique_attribute {
      attribute_path  = "DisplayName"
      attribute_value = var.groupName
    }
  }
}

resource "aws_identitystore_group_membership" "sso-group-membership" {
  identity_store_id = tolist(data.aws_ssoadmin_instances.sso1.identity_store_ids)[0]
  group_id          = data.aws_identitystore_group.sso-group.group_id
  member_id         = aws_identitystore_user.sso-user.user_id
}