Can I add an existing user to a new group with new permissions_sets and new account_assignments on AWS. #47
Comments
|
Hi @leonkatz, can you explain the use-case a bit more? What are you using for as your Identity Provider? IAM Identity Store? |
|
Yes IAM Identity Store, it was all manually managed. Now I'm trying to bring it all into Terraform. I have a bunch of existing users. But will create new groups, new permission sets, and new account assignments. This is so the old ones aren't changed yet. But I need to get existing users into the new groups so that they now have the new permissions. |
leonkatz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sso_groups = {
test : {
group_name = "test"
group_description = "test group"
}
test-leads : {
group_name = "test-leads"
group_description = "test group"
}
test-limited : {
group_name = "test-limited"
group_description = "test group"
}
}
existing_permission_sets = {
AdministratorAccess = {
permission_set_name = "AdministratorAccess"
},
ReadOnlyAccess = {
permission_set_name = "ReadOnlyAccess"
}
existing_sso_users = {
TesterDev : {
user_name = "TesterTesterDev"
group_membership = ["test-limited"]
}
}
sso_users = {
terraform : {
group_membership = ["test", "test-leads"]
user_name = "terraform"
given_name = "Terraform"
family_name = "test"
email = "email@example.com
}
}
account_assignments = {
test = {
principal_name = "test"
principal_type = "GROUP"
principal_idp = "INTERNAL"
permission_sets = ["AdministratorAccess", "ReadOnlyAccess"]
account_ids = [
"111111111111",
]
}
TesterDev = {
principal_name = "TesterDev"
principal_type = "USER"
principal_idp = "EXTERNAL"
permission_sets = ["ReadOnlyAccess"]
account_ids = [
"111111111111",
}
The text was updated successfully, but these errors were encountered: