fix: permission array group reference

cds-snc · Apr 10, 2024 · a51c70a · a51c70a
1 parent 839db7f
commit a51c70a
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/terragrunt/org_account/iam_identity_center/platform_articles.tf b/terragrunt/org_account/iam_identity_center/platform_articles.tf
@@ -44,47 +44,47 @@ locals {
   articles_permission_set_arns = [
     # GCArticles-Production
     {
-      target_id          = "472286471787"
+      group              = aws_identitystore_group.articles_production_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_admin.group_id,
+      target_id          = "472286471787"
     },
     {
-      target_id          = "472286471787"
+      group              = aws_identitystore_group.articles_production_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_read_only.group_id,
+      target_id          = "472286471787"
     },
     # GCArticles-Staging       
     {
-      target_id          = "729164266357"
-      principal_id       = aws_identitystore_group.articles_staging_admin.group_id,
+      group              = aws_identitystore_group.articles_staging_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
+      target_id          = "729164266357"
     },
     {
-      target_id          = "729164266357"
+      group              = aws_identitystore_group.articles_staging_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_staging_read_only.group_id,
+      target_id          = "729164266357"
     },
     # PlatformListManager-Production
     {
-      target_id          = "762579868088"
+      group              = aws_identitystore_group.articles_production_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_admin.group_id,
+      target_id          = "762579868088"
     },
     {
-      target_id          = "762579868088"
+      group              = aws_identitystore_group.articles_production_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_read_only.group_id,
+      target_id          = "762579868088"
     },
   ]
 }
 
 resource "aws_ssoadmin_account_assignment" "articles" {
-  for_each = { for perm in local.articles_permission_set_arns : perm.principal_id.name => perm }
+  for_each = { for perm in local.articles_permission_set_arns : perm.group.name => perm }
 
   instance_arn       = local.sso_instance_arn
   permission_set_arn = each.value.permission_set_arn
 
-  principal_id   = each.value.principal_id
+  principal_id   = each.value.group.principal_id
   principal_type = "GROUP"
 
   target_id   = each.value.target_id