Skip to content

Commit b1c7424

Browse files
Adding GC Signin test groups (#372)
1 parent 8c11fff commit b1c7424

File tree

3 files changed

+48
-0
lines changed

3 files changed

+48
-0
lines changed

terragrunt/org_account/iam_identity_center/gc_signin_assignments.tf

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,21 @@ locals {
4646
permission_set = data.aws_ssoadmin_permission_set.aws_read_only_access,
4747
}
4848
]
49+
# GCSignin-Test
50+
gc_signin_test_permission_sets = [
51+
{
52+
group = aws_identitystore_group.gc_signin_test_admin,
53+
permission_set = data.aws_ssoadmin_permission_set.aws_administrator_access,
54+
},
55+
{
56+
group = aws_identitystore_group.gc_signin_test_read_only_billing,
57+
permission_set = aws_ssoadmin_permission_set.read_only_billing,
58+
},
59+
{
60+
group = aws_identitystore_group.gc_signin_test_read_only,
61+
permission_set = data.aws_ssoadmin_permission_set.aws_read_only_access,
62+
}
63+
]
4964
}
5065

5166
resource "aws_ssoadmin_account_assignment" "gc_signin_production" {
@@ -86,3 +101,16 @@ resource "aws_ssoadmin_account_assignment" "gc_signin_dev" {
86101
target_id = local.gc_signin_dev_account_id
87102
target_type = "AWS_ACCOUNT"
88103
}
104+
105+
resource "aws_ssoadmin_account_assignment" "gc_signin_test" {
106+
for_each = { for perm in local.gc_signin_test_permission_sets : "${perm.group.display_name}-${perm.permission_set.name}" => perm }
107+
108+
instance_arn = local.sso_instance_arn
109+
permission_set_arn = each.value.permission_set.arn
110+
111+
principal_id = each.value.group.group_id
112+
principal_type = "GROUP"
113+
114+
target_id = local.gc_signin_test_account_id
115+
target_type = "AWS_ACCOUNT"
116+
}

terragrunt/org_account/iam_identity_center/gc_signin_groups.tf

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,4 +54,23 @@ resource "aws_identitystore_group" "gc_signin_dev_read_only_billing" {
5454
display_name = "GCSignIn-Dev-Billing-ReadOnly"
5555
description = "Grants members read-only Billing and Cost Explorer access to the GC Signin Dev account."
5656
identity_store_id = local.sso_identity_store_id
57+
}
58+
59+
#
60+
# Test
61+
#
62+
resource "aws_identitystore_group" "gc_signin_test_admin" {
63+
display_name = "GCSignIn-Test-Admin"
64+
description = "Grants members administrator access to the GC Signin Test account."
65+
identity_store_id = local.sso_identity_store_id
66+
}
67+
resource "aws_identitystore_group" "gc_signin_test_read_only" {
68+
display_name = "GCSignIn-Test-ReadOnly"
69+
description = "Grants members read-only access to the GC Signin Test account."
70+
identity_store_id = local.sso_identity_store_id
71+
}
72+
resource "aws_identitystore_group" "gc_signin_test_read_only_billing" {
73+
display_name = "GCSignIn-Test-Billing-ReadOnly"
74+
description = "Grants members read-only Billing and Cost Explorer access to the GC Signin Test account."
75+
identity_store_id = local.sso_identity_store_id
5776
}

terragrunt/org_account/iam_identity_center/locals.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ locals {
1818
gc_signin_dev_account_id = "329599618423"
1919
gc_signin_production_account_id = "699475931199"
2020
gc_signin_staging_account_id = "565393049229"
21+
gc_signin_test_account_id = "768102297819"
2122

2223
digital_transformation_office_production_account_id = "730335533085"
2324
digital_transformation_office_staging_account_id = "992382783569"

0 commit comments

Comments
 (0)