正在为aws编写完整的代码
到目前为止,通过Terraform编码的我拥有所有权限集,并使用scim来拉入组。将权限集分配给帐户中的组(我有超过100个帐户)是手工完成的。我想通过IaC (Terraform)将权限集分配给选定帐户中的组,但我不能为我的生命找到工作代码。
我试过用
aws_sso_permission_set_group_assignment,aws_sso_permission_set_group_attachment,aws_sso_group_permission_set_assignment,aws_sso_group_permission_set_attachment,aws_sso_permission_set_attachment,aws_sso_permission_set_assignment,
这些我发现在一些旧的文档,但他们不工作:(给予The provider hashicorp/aws does not support resource type
有没有人有什么建议可以提供如何补救这个问题或他们如何设法克服这个问题?
下面是试过的代码示例
resource "aws_sso_group_permission_set_attachment" "example" {
group_id = "93sd433ee-cd43e4b-cfww-434e-re33-707a0987eb"
permission_set_id = "arn:aws:sso:::permissionSet/ssoins-63456a11we432d8/ps-1231ded3d42fcrr2"
account_id = "8765322052550"
}
resource "aws_sso_group_permission_set_attachment" "example" {
permission_set_arn = "arn:aws:sso:::permissionSet/ssoins-63456a11we432d8/ps-1231ded3d42fcrr2"
group_name = "93sd433ee-cd43e4b-cfww-434e-re33-707a0987eb"
account_id = "8765322052550"
}
ssoadmin_account_assignment资源是你可能的如果您正在寻找,请浏览资源中所有可用的属性以匹配您的需求。
resource "aws_ssoadmin_account_assignment" "example" {
instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
permission_set_arn = "arn_of_the_permission_set" # replace this with actually permission set arn
principal_id = "group_id" # replace this with groupID
principal_type = "GROUP"
target_id = "012347678910" # replace with account ID
target_type = "AWS_ACCOUNT"
}