Skip to content

Commit b07e393

Browse files
Stretch96Stretch96
authored
Merge pull request #21 from chris-qa-org/fix-use-enable-sso-parameter
Fix: Use `enable_sso` parameter
2 parents 1550c5c + 0aad5e9 commit b07e393

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

sso.tf

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
data "aws_ssoadmin_instances" "ssoadmin_instances" {}
22

33
data "aws_identitystore_group" "aws" {
4-
for_each = toset(
4+
for_each = local.enable_sso ? toset(
55
flatten([
66
for account in flatten([
77
for unit_name, unit in local.organization_config["units"] : [
88
for account_name in keys(local.organization_config["units"][unit_name]["accounts"]) : local.organization_config["units"][unit_name]["accounts"][account_name]
99
]
1010
]) : keys(account["group_assignments"])
1111
])
12-
)
12+
) : toset([])
1313

1414
identity_store_id = tolist(data.aws_ssoadmin_instances.ssoadmin_instances.identity_store_ids)[0]
1515

@@ -20,7 +20,7 @@ data "aws_identitystore_group" "aws" {
2020
}
2121

2222
resource "aws_ssoadmin_permission_set" "permission_set" {
23-
for_each = local.sso_permission_sets
23+
for_each = local.enable_sso ? local.sso_permission_sets : {}
2424

2525
instance_arn = tolist(data.aws_ssoadmin_instances.ssoadmin_instances.arns)[0]
2626
name = each.key
@@ -30,7 +30,7 @@ resource "aws_ssoadmin_permission_set" "permission_set" {
3030
}
3131

3232
resource "aws_ssoadmin_managed_policy_attachment" "attachment" {
33-
for_each = {
33+
for_each = local.enable_sso ? {
3434
for attachment in flatten([
3535
for permission_set_name, permission_set in local.sso_permission_sets : {
3636
for managed_policy_name in lookup(permission_set, "managed_policies", []) : "${permission_set_name}_${managed_policy_name}" => {
@@ -39,27 +39,27 @@ resource "aws_ssoadmin_managed_policy_attachment" "attachment" {
3939
}
4040
}
4141
]) : keys(attachment)[0] => attachment[keys(attachment)[0]]
42-
}
42+
} : {}
4343

4444
instance_arn = tolist(data.aws_ssoadmin_instances.ssoadmin_instances.arns)[0]
4545
managed_policy_arn = "arn:aws:iam::aws:policy/${each.value["managed_policy_name"]}"
4646
permission_set_arn = aws_ssoadmin_permission_set.permission_set[each.value["permission_set_name"]].arn
4747
}
4848

4949
resource "aws_ssoadmin_permission_set_inline_policy" "policy" {
50-
for_each = {
50+
for_each = local.enable_sso ? {
5151
for permission_set_name in flatten([
5252
for permission_set_name, permission_set in local.sso_permission_sets : permission_set_name if lookup(local.sso_permission_sets[permission_set_name], "inline_policy", "") != ""
5353
]) : permission_set_name => local.sso_permission_sets[permission_set_name]["inline_policy"]
54-
}
54+
} : {}
5555

5656
inline_policy = each.value
5757
instance_arn = aws_ssoadmin_permission_set.permission_set[each.key].instance_arn
5858
permission_set_arn = aws_ssoadmin_permission_set.permission_set[each.key].arn
5959
}
6060

6161
resource "aws_ssoadmin_account_assignment" "assignment" {
62-
for_each = {
62+
for_each = local.enable_sso ? {
6363
for assignment in flatten([
6464
for unit_name, unit in local.organization_config["units"] : [
6565
for account_name in keys(local.organization_config["units"][unit_name]["accounts"]) : [
@@ -73,7 +73,7 @@ resource "aws_ssoadmin_account_assignment" "assignment" {
7373
]
7474
]
7575
]) : keys(assignment)[0] => assignment[keys(assignment)[0]]
76-
}
76+
} : {}
7777

7878
instance_arn = aws_ssoadmin_permission_set.permission_set[each.value["permission_set"]].instance_arn
7979
permission_set_arn = aws_ssoadmin_permission_set.permission_set[each.value["permission_set"]].arn

0 commit comments

Comments
 (0)