From a51c70ab5b51982ff7db2e509f4d2e39f9aede8c Mon Sep 17 00:00:00 2001
From: Pat Heard <patrick.heard@cds-snc.ca>
Date: Wed, 10 Apr 2024 12:32:57 +0000
Subject: [PATCH] fix: permission array group reference

---
 .../iam_identity_center/platform_articles.tf  | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/terragrunt/org_account/iam_identity_center/platform_articles.tf b/terragrunt/org_account/iam_identity_center/platform_articles.tf
index 3cc330f3..85113d2d 100644
--- a/terragrunt/org_account/iam_identity_center/platform_articles.tf
+++ b/terragrunt/org_account/iam_identity_center/platform_articles.tf
@@ -44,47 +44,47 @@ locals {
   articles_permission_set_arns = [
     # GCArticles-Production
     {
-      target_id          = "472286471787"
+      group              = aws_identitystore_group.articles_production_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_admin.group_id,
+      target_id          = "472286471787"
     },
     {
-      target_id          = "472286471787"
+      group              = aws_identitystore_group.articles_production_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_read_only.group_id,
+      target_id          = "472286471787"
     },
     # GCArticles-Staging       
     {
-      target_id          = "729164266357"
-      principal_id       = aws_identitystore_group.articles_staging_admin.group_id,
+      group              = aws_identitystore_group.articles_staging_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
+      target_id          = "729164266357"
     },
     {
-      target_id          = "729164266357"
+      group              = aws_identitystore_group.articles_staging_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_staging_read_only.group_id,
+      target_id          = "729164266357"
     },
     # PlatformListManager-Production
     {
-      target_id          = "762579868088"
+      group              = aws_identitystore_group.articles_production_admin,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_administrator_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_admin.group_id,
+      target_id          = "762579868088"
     },
     {
-      target_id          = "762579868088"
+      group              = aws_identitystore_group.articles_production_read_only,
       permission_set_arn = data.aws_ssoadmin_permission_set.aws_read_only_access.arn,
-      principal_id       = aws_identitystore_group.articles_production_read_only.group_id,
+      target_id          = "762579868088"
     },
   ]
 }
 
 resource "aws_ssoadmin_account_assignment" "articles" {
-  for_each = { for perm in local.articles_permission_set_arns : perm.principal_id.name => perm }
+  for_each = { for perm in local.articles_permission_set_arns : perm.group.name => perm }
 
   instance_arn       = local.sso_instance_arn
   permission_set_arn = each.value.permission_set_arn
 
-  principal_id   = each.value.principal_id
+  principal_id   = each.value.group.principal_id
   principal_type = "GROUP"
 
   target_id   = each.value.target_id