chore: Update account id assignment using data source

Mufaddal5253110 · Mufaddal5253110 · commit b3058e9c3b77 · 2024-07-29T17:07:36.000+05:30
diff --git a/modules/account_users_and_groups_assignments/data.tf b/modules/account_users_and_groups_assignments/data.tf
@@ -1,3 +1,5 @@
+data "aws_organizations_organization" "o" {}
+
 resource "null_resource" "sso_group_dependency" {
   triggers = {
     dependency_id = join(",", var.identitystore_group_depends_on)
diff --git a/modules/account_users_and_groups_assignments/locals.tf b/modules/account_users_and_groups_assignments/locals.tf
@@ -1,11 +1,16 @@
 
 locals {
+
+  account_map = {
+    for account in data.aws_organizations_organization.o.accounts : account.name => account.id
+  }
+
   target_type = "AWS_ACCOUNT"
   flatten_account_group_permission = flatten([
     for acc_assignment in var.account_assignments : [
       for ps_name in acc_assignment.permission_sets : [
         for pr_name in acc_assignment.principal_names : {
-          acc_id         = acc_assignment.account_id
+          acc_id         = account_map[acc_assignment.account_name]
           principal_name = pr_name
           ps_name        = ps_name
           principal_type = acc_assignment.principal_type
diff --git a/modules/account_users_and_groups_assignments/variables.tf b/modules/account_users_and_groups_assignments/variables.tf
@@ -1,21 +1,21 @@
 variable "account_assignments" {
   description = <<EOF
   A list of objects representing permission assignments for AWS SSO. Each object contains the following attributes:
-  - account_id: The AWS account ID where the permissions will be applied.
+  - account_name: The AWS account where the permissions will be applied.
   - permission_sets: List of permission-set to be assigned to the specified principals.
   - principal_names: An identifier for an object in AWS SSO, such as the names of groups or users .
   - principal_type:The entity type for which the assignment will be created. Valid values: USER, GROUP.
     EOF
   type = list(object({
-    account_id      = string
+    account_name    = string
     permission_sets = list(string)
     principal_names = list(string)
     principal_type  = string
   }))
 
   validation {
-    condition     = alltrue([for a in var.account_assignments : can(regex("^\\d{12}$", a.account_id))])
-    error_message = "Each account_id must be a valid 12-digit number."
+    condition     = alltrue([for a in var.account_assignments : length(a.account_name) > 0])
+    error_message = "Account name cannot be empty"
   }
   validation {
     condition     = alltrue([for a in var.account_assignments : length(a.permission_sets) > 0])

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+data "aws_organizations_organization" "o" {}`
	`2`	`+`
`1`	`3`	`resource "null_resource" "sso_group_dependency" {`
`2`	`4`	`triggers = {`
`3`	`5`	`dependency_id = join(",", var.identitystore_group_depends_on)`