module sso {
source = "../../modules/security_identity_compliance/sso-permissionsets"

  for_each = { for item in local.items : item.name => item }

  default-tags            = local.default-tags
  pset-name               = each.value.name
  pset-desc               = each.value.desc
  pset-managed-policy-arn = each.value.mpolicy
  pset-session-duration   = each.value.session

}

locals {
  csv_data = <<-CSV
    name,desc,mpolicy,session
    ViewOnly,View only access,arn:aws:iam::aws:policy/job-function/ViewOnlyAccess,PT4H
    ReadOnly,Read only access,arn:aws:iam::aws:policy/ReadOnlyAccess,PT4H
    FullAccess,Full admin access,arn:aws:iam::aws:policy/AdministratorAccess,PT4H
    NetworkAdmin,Network admin access,arn:aws:iam::aws:policy/job-function/NetworkAdministrator,PT4H
    DatabaseAdmin,Database admin access,arn:aws:iam::aws:policy/job-function/DatabaseAdministrator,PT4H
    BillingAdmin,Billing admin access,arn:aws:iam::aws:policy/job-function/Billing,PT4H
    SecurityAudit,Security admin access,arn:aws:iam::aws:policy/SecurityAudit,PT4H
    PowerUser,Full access excluding IAM,arn:aws:iam::aws:policy/PowerUserAccess,PT4H
  CSV

  items = csvdecode(local.csv_data)
}