diff --git a/group-assignment/README.md b/group-assignment/README.md
new file mode 100644
index 0000000..0433221
--- /dev/null
+++ b/group-assignment/README.md
@@ -0,0 +1,61 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [aws](#requirement\_aws) | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 5.0 |
+| [ldap](#provider\_ldap) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_identitystore_user.users](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_user) | data source |
+| [aws_organizations_organization.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
+| [aws_organizations_organizational_unit_descendant_accounts.accounts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organizational_unit_descendant_accounts) | data source |
+| [aws_organizations_organizational_unit_descendant_accounts.ou](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organizational_unit_descendant_accounts) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [ldap_object.users](https://registry.terraform.io/providers/hashicorp/ldap/latest/docs/data-sources/object) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [description](#input\_description) | Permission set description | `string` | `null` | no |
+| [identity\_store\_id](#input\_identity\_store\_id) | AWS SSO/IDC Instance ID | `string` | n/a | yes |
+| [name](#input\_name) | Permission set name | `string` | n/a | yes |
+| [org\_account\_ids](#input\_org\_account\_ids) | List of AWS Account ID to which to associate with this group | `list(string)` | `[]` | no |
+| [org\_account\_names](#input\_org\_account\_names) | List of AWS Account aliases to which to associate with this group (note it use the commercial side alias for GovCloud) | `list(string)` | `[]` | no |
+| [org\_all](#input\_org\_all) | Flag indicating to associate this group to all ACTIVE accounts in the organization | `bool` | `false` | no |
+| [organizational\_unit\_hierarchy](#input\_organizational\_unit\_hierarchy) | n/a | `map()` | `{}` | no |
+| [organizational\_unit\_ids](#input\_organizational\_unit\_ids) | List of AWS Organizational Unit names to assocate with this group | `list(string)` | `[]` | no |
+| [organizational\_unit\_names](#input\_organizational\_unit\_names) | List of AWS Organizational Unit names to assocate with this group | `list(string)` | `[]` | no |
+| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [permissionset\_arn](#input\_permissionset\_arn) | AWS SSO/IDC Permission set ARN | `string` | n/a | yes |
+| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| [users](#input\_users) | List of Census usernames to assign to the group | `list(string)` | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| [results](#output\_results) | n/a |
diff --git a/group-assignment/accounts.tf b/group-assignment/accounts.tf
new file mode 100644
index 0000000..82c596f
--- /dev/null
+++ b/group-assignment/accounts.tf
@@ -0,0 +1,23 @@
+locals {
+ active_accounts_map = { for account in data.aws_organizations_organizational_unit_descendant_accounts.accounts.accounts : account.name => account if account.status == "ACTIVE" }
+ active_accounts = { for k, v in local.active_accounts_map : k => v.id }
+
+ _id_1 = ! var.org_all && length(var.org_account_names) > 0 ? [for k in var.org_account_names : lookup(local.active_accounts, k, null)] : []
+ _id_2 = ! var.org_all && length(var.org_account_ids) > 0 ? [for k in var.org_account_ids : k if contains(values(local.active_accounts), k)] : []
+
+ organizational_unit_hierarchy = length(var.organizational_unit_hierarchy) > 0 ? { for k, v in var.organizational_unit_hierarchy : k => v.self_id } : {}
+
+ _ou_1 = ! var.org_all && length(var.organizational_unit_names) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k, v in var.organizational_unit_names : lookup(local.organizational_unit_hierarchy, k, null)] : []
+ _ou_2 = ! var.org_all && length(var.organizational_unit_ids) > 0 && length(var.organizational_unit_hierarchy) > 0 ? [for k in var.organizational_unit_ids : k if contains(values(local.organizational_unit_hierarchy, k))] : []
+
+ organizational_units = distinct(compact(concat(local._ou_1, local._ou_2)))
+
+ _id_3 = flatten([for k, v in data.aws_organizations_organizational_unit_descendant_accounts.accounts.ou : [for accounts in v : account.id if account.status == "ACTIVE"]])
+
+ account_ids = distinct(compact(concat(local._id_1, local._id_2, local._id_3)))
+}
+
+data "aws_organizations_organizational_unit_descendant_accounts" "ou" {
+ for_each = toset(local.organizational_units)
+ parent_id = each.key
+}
diff --git a/group-assignment/availabilty_zones.tf b/group-assignment/availabilty_zones.tf
new file mode 120000
index 0000000..00a240c
--- /dev/null
+++ b/group-assignment/availabilty_zones.tf
@@ -0,0 +1 @@
+../common/availabilty_zones.tf
\ No newline at end of file
diff --git a/group-assignment/data.org.tf b/group-assignment/data.org.tf
new file mode 100644
index 0000000..0db3a2b
--- /dev/null
+++ b/group-assignment/data.org.tf
@@ -0,0 +1,14 @@
+data "aws_organizations_organization" "org" {}
+
+data "aws_organizations_organizational_unit_descendant_accounts" "accounts" {
+ parent_id = data.aws_organizations_organization.org.roots[0].id
+}
+
+## data "aws_organizations_organizational_units" "ou" {
+## parent_id = data.aws_organizations_organization.org.roots[0].id
+## }
+##
+## data "aws_organizations_organizational_unit_child_accounts" "accounts" {
+## parent_id = data.aws_organizations_organization.org.roots[0].id
+## }
+##
diff --git a/group-assignment/data.org.txt b/group-assignment/data.org.txt
new file mode 100644
index 0000000..cb2d6ed
--- /dev/null
+++ b/group-assignment/data.org.txt
@@ -0,0 +1,1331 @@
+# starting v1.9.3 action output file logs/output.20230908.1694196303.log stamp 20230908.1694196303 time 1694196303
+# current_directory=/home/b/badra001/terraform/252903981224-ma5-gov/infrastructure/global/sso/permissionsets/inf-operations-t2
+# git_repository=git@github.e.it.census.gov:terraform/252903981224-ma5-gov.git
+# git_current_branch=master
+# terraform_version=Terraform v1.5.6
+# TFCONTROL=/home/b/badra001/terraform/252903981224-ma5-gov/infrastructure/global/sso/permissionsets/inf-operations-t2/.tf-control
+# TF_CLI_CONFIG_FILE=/home/b/badra001/terraform/252903981224-ma5-gov/infrastructure/global/sso/permissionsets/inf-operations-t2/.tf-control.tfrc
+# TFARGS="" TFNOCLOR= TFNOLOG= TFNOPROXY=
+# env TF_VAR_ variables
+# TF_VAR_os_username=badra001
+# TF_VAR_os_environment={"pwd":"/home/b/badra001/terraform/252903981224-ma5-gov/infrastructure/global/sso/permissionsets/inf-operations-t2"}
+
+account_caller_arn = "arn:aws-us-gov:iam::252903981224:user/a-badra001"
+account_caller_arn_partition = "aws-us-gov"
+caller_account_id = "252903981224"
+child_accounts = {
+ "accounts" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224"
+ "email" = "csvd.aws.ma5-ew@census.gov"
+ "id" = "252903981224"
+ "name" = "ma5-ew"
+ "status" = "ACTIVE"
+ },
+ ])
+ "id" = "r-9go7"
+ "parent_id" = "r-9go7"
+}
+descendent_accounts = {
+ "accounts" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224"
+ "email" = "csvd.aws.ma5-ew@census.gov"
+ "id" = "252903981224"
+ "name" = "ma5-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/817869416306"
+ "email" = "csvd.aws+do3-ma4-ew@census.gov"
+ "id" = "817869416306"
+ "name" = "MultiAccount4"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066951804473"
+ "email" = "csvd.aws.ent-ew-sectools-prod@census.gov"
+ "id" = "066951804473"
+ "name" = "ent-ew-sectools-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066921446319"
+ "email" = "csvd.aws.ent-ew-logging-prod@census.gov"
+ "id" = "066921446319"
+ "name" = "ent-ew-logging-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173178443362"
+ "email" = "csvd.aws+csd-vdi-dev-ew@census.gov"
+ "id" = "173178443362"
+ "name" = "csd-vdi-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118840505528"
+ "email" = "csvd.aws+ent-ew-dmz-nonprod-1@census.gov"
+ "id" = "118840505528"
+ "name" = "ent-ew-dmz-nonprod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/107742151971"
+ "email" = "csvd.aws+do1-ew@census.gov"
+ "id" = "107742151971"
+ "name" = "Census ESF"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118811090296"
+ "email" = "csvd.aws+ent-ew-dmz-prod-1@census.gov"
+ "id" = "118811090296"
+ "name" = "ent-ew-dmz-prod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260970024919"
+ "email" = "csvd.aws+boc-remove1-ew@census.gov"
+ "id" = "260970024919"
+ "name" = "boc-remove1-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067017092962"
+ "email" = "csvd.aws+ent-ew-sectools-nonprod@census.gov"
+ "id" = "067017092962"
+ "name" = "ent-ew-sectools-nonprod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252999262699"
+ "email" = "csvd.aws.ma8-ew@census.gov"
+ "id" = "252999262699"
+ "name" = "ma8-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/170146067474"
+ "email" = "csvd.aws+adrm-das-prod2-ew@census.gov"
+ "id" = "170146067474"
+ "name" = "adrm-das-prod2-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412241963457"
+ "email" = "csvd.aws.ma10-ew@census.gov"
+ "id" = "412241963457"
+ "name" = "ma10-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272782267436"
+ "email" = "csvd.aws+ma27-ew@census.gov"
+ "id" = "272782267436"
+ "name" = "ma27-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057768737222"
+ "email" = "csvd.aws+ma41-ew@census.gov"
+ "id" = "057768737222"
+ "name" = "ma41-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247935758470"
+ "email" = "csvd.aws+ma49-ew@census.gov"
+ "id" = "247935758470"
+ "name" = "ma49-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247953254094"
+ "email" = "csvd.aws+ma46-ew@census.gov"
+ "id" = "247953254094"
+ "name" = "ma46-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272733779579"
+ "email" = "csvd.aws+ma25-ew@census.gov"
+ "id" = "272733779579"
+ "name" = "ma25-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247955770347"
+ "email" = "csvd.aws+ma47-ew@census.gov"
+ "id" = "247955770347"
+ "name" = "ma47-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260963978427"
+ "email" = "csvd.aws+adsd-dapps-stage-ew@census.gov"
+ "id" = "260963978427"
+ "name" = "adsd-dapps-stage-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/039254866084"
+ "email" = "csvd.aws+ma33-ew@census.gov"
+ "id" = "039254866084"
+ "name" = "ma33-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260949450014"
+ "email" = "csvd.aws+adsd-dapps-ite-ew@census.gov"
+ "id" = "260949450014"
+ "name" = "adsd-dapps-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173431192601"
+ "email" = "csvd.aws+ma43-ew@census.gov"
+ "id" = "173431192601"
+ "name" = "ma43-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943966700"
+ "email" = "csvd.aws+adsd-dapps-test-ew@census.gov"
+ "id" = "260943966700"
+ "name" = "adsd-dapps-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247901282001"
+ "email" = "csvd.aws+ma48-ew@census.gov"
+ "id" = "247901282001"
+ "name" = "ma48-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331678843633"
+ "email" = "csvd.aws+ditd-gppsys-prod-ew@census.gov"
+ "id" = "331678843633"
+ "name" = "ditd-gppsys-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/142512078480"
+ "email" = "csvd.aws+ma42-ew@census.gov"
+ "id" = "142512078480"
+ "name" = "ma42-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260954754267"
+ "email" = "csvd.aws+adsd-dapps-prod-ew@census.gov"
+ "id" = "260954754267"
+ "name" = "adsd-dapps-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331676329070"
+ "email" = "csvd.aws+ditd-sdpcs-prod-ew@census.gov"
+ "id" = "331676329070"
+ "name" = "ditd-sdpcs-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/334268698915"
+ "email" = "csvd.aws+adsd-dapps-common-ew@census.gov"
+ "id" = "334268698915"
+ "name" = "adsd-dapps-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/145577987146"
+ "email" = "csvd.aws+cedsci-dev-ew@census.gov"
+ "id" = "145577987146"
+ "name" = "cedsci-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/253096981461"
+ "email" = "csvd.aws.ma7-ew@census.gov"
+ "id" = "253096981461"
+ "name" = "ma7-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198877876776"
+ "email" = "csvd.aws+ma23-ew@census.gov"
+ "id" = "198877876776"
+ "name" = "ma23-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194286736249"
+ "email" = "csvd.aws+ma21-ew@census.gov"
+ "id" = "194286736249"
+ "name" = "ma21-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/818199694861"
+ "email" = "csvd.aws+do3-ma3-ew@census.gov"
+ "id" = "818199694861"
+ "name" = "MultiAccount3"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194205879262"
+ "email" = "csvd.aws+ma20-ew@census.gov"
+ "id" = "194205879262"
+ "name" = "ma20-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198886018595"
+ "email" = "csvd.aws+ma24-ew@census.gov"
+ "id" = "198886018595"
+ "name" = "ma24-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194306273774"
+ "email" = "csvd.aws+ma22-ew@census.gov"
+ "id" = "194306273774"
+ "name" = "ma22-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953641438"
+ "email" = "csvd.aws+adsd-chec-test-ew@census.gov"
+ "id" = "260953641438"
+ "name" = "adsd-chec-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953354104"
+ "email" = "csvd.aws+adsd-chec-ite-ew@census.gov"
+ "id" = "260953354104"
+ "name" = "adsd-chec-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943591306"
+ "email" = "csvd.aws+adsd-chec-stage-ew@census.gov"
+ "id" = "260943591306"
+ "name" = "adsd-chec-stage-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260957726152"
+ "email" = "csvd.aws+adsd-chec-dev-ew@census.gov"
+ "id" = "260957726152"
+ "name" = "adsd-chec-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260979703683"
+ "email" = "csvd.aws+adsd-chec-prod-ew@census.gov"
+ "id" = "260979703683"
+ "name" = "adsd-chec-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194167189381"
+ "email" = "csvd.aws+ma18-ew@census.gov"
+ "id" = "194167189381"
+ "name" = "ma18-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412295344020"
+ "email" = "csvd.aws.ma12-ew@census.gov"
+ "id" = "412295344020"
+ "name" = "ma12-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252960665057"
+ "email" = "csvd.aws.ma6-ew@census.gov"
+ "id" = "252960665057"
+ "name" = "ma6-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412271945539"
+ "email" = "csvd.aws.ma11-ew@census.gov"
+ "id" = "412271945539"
+ "name" = "ma11-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187951786409"
+ "email" = "csvd.aws+ma14-ew@census.gov"
+ "id" = "187951786409"
+ "name" = "ma14-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187944776148"
+ "email" = "csvd.aws+ma13-ew@census.gov"
+ "id" = "187944776148"
+ "name" = "ma13-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331530919105"
+ "email" = "csvd.aws+erd-dcdl-dev-ew@census.gov"
+ "id" = "331530919105"
+ "name" = "erd-dcdl-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/258852445129"
+ "email" = "csvd.aws+ma50-ew@census.gov"
+ "id" = "258852445129"
+ "name" = "ma50-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057445207498"
+ "email" = "csvd.aws.ent-ew-network-sa@census.gov"
+ "id" = "057445207498"
+ "name" = "ent-ew-network-sa"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412187151792"
+ "email" = "csvd.aws.ma9-ew@census.gov"
+ "id" = "412187151792"
+ "name" = "ma9-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229684777164"
+ "email" = "csvd.aws+ma45-ew@census.gov"
+ "id" = "229684777164"
+ "name" = "ma45-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229685449397"
+ "email" = "csvd.aws+csvd-dev-ew@census.gov"
+ "id" = "229685449397"
+ "name" = "csvd-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067074201825"
+ "email" = "csvd.aws.ent-ew-shared-prod@census.gov"
+ "id" = "067074201825"
+ "name" = "ent-ew-shared-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/273715889907"
+ "email" = "csvd.aws+ent-ew-dmz-network-prod@census.gov"
+ "id" = "273715889907"
+ "name" = "ent-ew-dmz-network-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/220615867784"
+ "email" = "csvd.aws+csvd-common-ew@census.gov"
+ "id" = "220615867784"
+ "name" = "csvd-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057405694017"
+ "email" = "csvd.aws.ent-ew-network-prod@census.gov"
+ "id" = "057405694017"
+ "name" = "ent-ew-network-prod"
+ "status" = "ACTIVE"
+ },
+ ])
+ "id" = "r-9go7"
+ "parent_id" = "r-9go7"
+}
+org = {
+ "accounts" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260954754267"
+ "email" = "csvd.aws+adsd-dapps-prod-ew@census.gov"
+ "id" = "260954754267"
+ "name" = "adsd-dapps-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229685449397"
+ "email" = "csvd.aws+csvd-dev-ew@census.gov"
+ "id" = "229685449397"
+ "name" = "csvd-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247955770347"
+ "email" = "csvd.aws+ma47-ew@census.gov"
+ "id" = "247955770347"
+ "name" = "ma47-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331530919105"
+ "email" = "csvd.aws+erd-dcdl-dev-ew@census.gov"
+ "id" = "331530919105"
+ "name" = "erd-dcdl-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194306273774"
+ "email" = "csvd.aws+ma22-ew@census.gov"
+ "id" = "194306273774"
+ "name" = "ma22-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260979703683"
+ "email" = "csvd.aws+adsd-chec-prod-ew@census.gov"
+ "id" = "260979703683"
+ "name" = "adsd-chec-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194205879262"
+ "email" = "csvd.aws+ma20-ew@census.gov"
+ "id" = "194205879262"
+ "name" = "ma20-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247901282001"
+ "email" = "csvd.aws+ma48-ew@census.gov"
+ "id" = "247901282001"
+ "name" = "ma48-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247953254094"
+ "email" = "csvd.aws+ma46-ew@census.gov"
+ "id" = "247953254094"
+ "name" = "ma46-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224"
+ "email" = "csvd.aws.ma5-ew@census.gov"
+ "id" = "252903981224"
+ "name" = "ma5-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331676329070"
+ "email" = "csvd.aws+ditd-sdpcs-prod-ew@census.gov"
+ "id" = "331676329070"
+ "name" = "ditd-sdpcs-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229684777164"
+ "email" = "csvd.aws+ma45-ew@census.gov"
+ "id" = "229684777164"
+ "name" = "ma45-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067074201825"
+ "email" = "csvd.aws.ent-ew-shared-prod@census.gov"
+ "id" = "067074201825"
+ "name" = "ent-ew-shared-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252960665057"
+ "email" = "csvd.aws.ma6-ew@census.gov"
+ "id" = "252960665057"
+ "name" = "ma6-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/170146067474"
+ "email" = "csvd.aws+adrm-das-prod2-ew@census.gov"
+ "id" = "170146067474"
+ "name" = "adrm-das-prod2-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/818199694861"
+ "email" = "csvd.aws+do3-ma3-ew@census.gov"
+ "id" = "818199694861"
+ "name" = "MultiAccount3"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118840505528"
+ "email" = "csvd.aws+ent-ew-dmz-nonprod-1@census.gov"
+ "id" = "118840505528"
+ "name" = "ent-ew-dmz-nonprod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067017092962"
+ "email" = "csvd.aws+ent-ew-sectools-nonprod@census.gov"
+ "id" = "067017092962"
+ "name" = "ent-ew-sectools-nonprod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260957726152"
+ "email" = "csvd.aws+adsd-chec-dev-ew@census.gov"
+ "id" = "260957726152"
+ "name" = "adsd-chec-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/334268698915"
+ "email" = "csvd.aws+adsd-dapps-common-ew@census.gov"
+ "id" = "334268698915"
+ "name" = "adsd-dapps-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/142512078480"
+ "email" = "csvd.aws+ma42-ew@census.gov"
+ "id" = "142512078480"
+ "name" = "ma42-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194286736249"
+ "email" = "csvd.aws+ma21-ew@census.gov"
+ "id" = "194286736249"
+ "name" = "ma21-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198886018595"
+ "email" = "csvd.aws+ma24-ew@census.gov"
+ "id" = "198886018595"
+ "name" = "ma24-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331678843633"
+ "email" = "csvd.aws+ditd-gppsys-prod-ew@census.gov"
+ "id" = "331678843633"
+ "name" = "ditd-gppsys-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943591306"
+ "email" = "csvd.aws+adsd-chec-stage-ew@census.gov"
+ "id" = "260943591306"
+ "name" = "adsd-chec-stage-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412295344020"
+ "email" = "csvd.aws.ma12-ew@census.gov"
+ "id" = "412295344020"
+ "name" = "ma12-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/145577987146"
+ "email" = "csvd.aws+cedsci-dev-ew@census.gov"
+ "id" = "145577987146"
+ "name" = "cedsci-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057405694017"
+ "email" = "csvd.aws.ent-ew-network-prod@census.gov"
+ "id" = "057405694017"
+ "name" = "ent-ew-network-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272733779579"
+ "email" = "csvd.aws+ma25-ew@census.gov"
+ "id" = "272733779579"
+ "name" = "ma25-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057445207498"
+ "email" = "csvd.aws.ent-ew-network-sa@census.gov"
+ "id" = "057445207498"
+ "name" = "ent-ew-network-sa"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412271945539"
+ "email" = "csvd.aws.ma11-ew@census.gov"
+ "id" = "412271945539"
+ "name" = "ma11-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943966700"
+ "email" = "csvd.aws+adsd-dapps-test-ew@census.gov"
+ "id" = "260943966700"
+ "name" = "adsd-dapps-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/253096981461"
+ "email" = "csvd.aws.ma7-ew@census.gov"
+ "id" = "253096981461"
+ "name" = "ma7-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247935758470"
+ "email" = "csvd.aws+ma49-ew@census.gov"
+ "id" = "247935758470"
+ "name" = "ma49-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118811090296"
+ "email" = "csvd.aws+ent-ew-dmz-prod-1@census.gov"
+ "id" = "118811090296"
+ "name" = "ent-ew-dmz-prod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187951786409"
+ "email" = "csvd.aws+ma14-ew@census.gov"
+ "id" = "187951786409"
+ "name" = "ma14-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953641438"
+ "email" = "csvd.aws+adsd-chec-test-ew@census.gov"
+ "id" = "260953641438"
+ "name" = "adsd-chec-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173431192601"
+ "email" = "csvd.aws+ma43-ew@census.gov"
+ "id" = "173431192601"
+ "name" = "ma43-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/258852445129"
+ "email" = "csvd.aws+ma50-ew@census.gov"
+ "id" = "258852445129"
+ "name" = "ma50-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/220615867784"
+ "email" = "csvd.aws+csvd-common-ew@census.gov"
+ "id" = "220615867784"
+ "name" = "csvd-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260949450014"
+ "email" = "csvd.aws+adsd-dapps-ite-ew@census.gov"
+ "id" = "260949450014"
+ "name" = "adsd-dapps-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260970024919"
+ "email" = "csvd.aws+boc-remove1-ew@census.gov"
+ "id" = "260970024919"
+ "name" = "boc-remove1-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066921446319"
+ "email" = "csvd.aws.ent-ew-logging-prod@census.gov"
+ "id" = "066921446319"
+ "name" = "ent-ew-logging-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412187151792"
+ "email" = "csvd.aws.ma9-ew@census.gov"
+ "id" = "412187151792"
+ "name" = "ma9-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272782267436"
+ "email" = "csvd.aws+ma27-ew@census.gov"
+ "id" = "272782267436"
+ "name" = "ma27-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/817869416306"
+ "email" = "csvd.aws+do3-ma4-ew@census.gov"
+ "id" = "817869416306"
+ "name" = "MultiAccount4"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057768737222"
+ "email" = "csvd.aws+ma41-ew@census.gov"
+ "id" = "057768737222"
+ "name" = "ma41-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194167189381"
+ "email" = "csvd.aws+ma18-ew@census.gov"
+ "id" = "194167189381"
+ "name" = "ma18-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066951804473"
+ "email" = "csvd.aws.ent-ew-sectools-prod@census.gov"
+ "id" = "066951804473"
+ "name" = "ent-ew-sectools-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173178443362"
+ "email" = "csvd.aws+csd-vdi-dev-ew@census.gov"
+ "id" = "173178443362"
+ "name" = "csd-vdi-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412241963457"
+ "email" = "csvd.aws.ma10-ew@census.gov"
+ "id" = "412241963457"
+ "name" = "ma10-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953354104"
+ "email" = "csvd.aws+adsd-chec-ite-ew@census.gov"
+ "id" = "260953354104"
+ "name" = "adsd-chec-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252999262699"
+ "email" = "csvd.aws.ma8-ew@census.gov"
+ "id" = "252999262699"
+ "name" = "ma8-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/039254866084"
+ "email" = "csvd.aws+ma33-ew@census.gov"
+ "id" = "039254866084"
+ "name" = "ma33-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198877876776"
+ "email" = "csvd.aws+ma23-ew@census.gov"
+ "id" = "198877876776"
+ "name" = "ma23-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/273715889907"
+ "email" = "csvd.aws+ent-ew-dmz-network-prod@census.gov"
+ "id" = "273715889907"
+ "name" = "ent-ew-dmz-network-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/107742151971"
+ "email" = "csvd.aws+do1-ew@census.gov"
+ "id" = "107742151971"
+ "name" = "Census ESF"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187944776148"
+ "email" = "csvd.aws+ma13-ew@census.gov"
+ "id" = "187944776148"
+ "name" = "ma13-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260963978427"
+ "email" = "csvd.aws+adsd-dapps-stage-ew@census.gov"
+ "id" = "260963978427"
+ "name" = "adsd-dapps-stage-ew"
+ "status" = "ACTIVE"
+ },
+ ])
+ "arn" = "arn:aws-us-gov:organizations::252903981224:organization/o-8qizkt65j8"
+ "aws_service_access_principals" = toset([
+ "access-analyzer.amazonaws.com",
+ "aws-artifact-account-sync.amazonaws.com",
+ "cloudtrail.amazonaws.com",
+ "config.amazonaws.com",
+ "fms.amazonaws.com",
+ "guardduty.amazonaws.com",
+ "inspector2.amazonaws.com",
+ "ipam.amazonaws.com",
+ "license-manager.amazonaws.com",
+ "member.org.stacksets.cloudformation.amazonaws.com",
+ "ram.amazonaws.com",
+ "securityhub.amazonaws.com",
+ "servicecatalog.amazonaws.com",
+ "ssm.amazonaws.com",
+ "sso.amazonaws.com",
+ "tagpolicies.tag.amazonaws.com",
+ ])
+ "enabled_policy_types" = toset([
+ "SERVICE_CONTROL_POLICY",
+ "TAG_POLICY",
+ ])
+ "feature_set" = "ALL"
+ "id" = "o-8qizkt65j8"
+ "master_account_arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252903981224"
+ "master_account_email" = "csvd.aws.ma5-ew@census.gov"
+ "master_account_id" = "252903981224"
+ "non_master_accounts" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260954754267"
+ "email" = "csvd.aws+adsd-dapps-prod-ew@census.gov"
+ "id" = "260954754267"
+ "name" = "adsd-dapps-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229685449397"
+ "email" = "csvd.aws+csvd-dev-ew@census.gov"
+ "id" = "229685449397"
+ "name" = "csvd-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247955770347"
+ "email" = "csvd.aws+ma47-ew@census.gov"
+ "id" = "247955770347"
+ "name" = "ma47-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331530919105"
+ "email" = "csvd.aws+erd-dcdl-dev-ew@census.gov"
+ "id" = "331530919105"
+ "name" = "erd-dcdl-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194306273774"
+ "email" = "csvd.aws+ma22-ew@census.gov"
+ "id" = "194306273774"
+ "name" = "ma22-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260979703683"
+ "email" = "csvd.aws+adsd-chec-prod-ew@census.gov"
+ "id" = "260979703683"
+ "name" = "adsd-chec-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194205879262"
+ "email" = "csvd.aws+ma20-ew@census.gov"
+ "id" = "194205879262"
+ "name" = "ma20-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247901282001"
+ "email" = "csvd.aws+ma48-ew@census.gov"
+ "id" = "247901282001"
+ "name" = "ma48-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247953254094"
+ "email" = "csvd.aws+ma46-ew@census.gov"
+ "id" = "247953254094"
+ "name" = "ma46-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331676329070"
+ "email" = "csvd.aws+ditd-sdpcs-prod-ew@census.gov"
+ "id" = "331676329070"
+ "name" = "ditd-sdpcs-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/229684777164"
+ "email" = "csvd.aws+ma45-ew@census.gov"
+ "id" = "229684777164"
+ "name" = "ma45-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067074201825"
+ "email" = "csvd.aws.ent-ew-shared-prod@census.gov"
+ "id" = "067074201825"
+ "name" = "ent-ew-shared-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252960665057"
+ "email" = "csvd.aws.ma6-ew@census.gov"
+ "id" = "252960665057"
+ "name" = "ma6-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/170146067474"
+ "email" = "csvd.aws+adrm-das-prod2-ew@census.gov"
+ "id" = "170146067474"
+ "name" = "adrm-das-prod2-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/818199694861"
+ "email" = "csvd.aws+do3-ma3-ew@census.gov"
+ "id" = "818199694861"
+ "name" = "MultiAccount3"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118840505528"
+ "email" = "csvd.aws+ent-ew-dmz-nonprod-1@census.gov"
+ "id" = "118840505528"
+ "name" = "ent-ew-dmz-nonprod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/067017092962"
+ "email" = "csvd.aws+ent-ew-sectools-nonprod@census.gov"
+ "id" = "067017092962"
+ "name" = "ent-ew-sectools-nonprod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260957726152"
+ "email" = "csvd.aws+adsd-chec-dev-ew@census.gov"
+ "id" = "260957726152"
+ "name" = "adsd-chec-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/334268698915"
+ "email" = "csvd.aws+adsd-dapps-common-ew@census.gov"
+ "id" = "334268698915"
+ "name" = "adsd-dapps-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/142512078480"
+ "email" = "csvd.aws+ma42-ew@census.gov"
+ "id" = "142512078480"
+ "name" = "ma42-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194286736249"
+ "email" = "csvd.aws+ma21-ew@census.gov"
+ "id" = "194286736249"
+ "name" = "ma21-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198886018595"
+ "email" = "csvd.aws+ma24-ew@census.gov"
+ "id" = "198886018595"
+ "name" = "ma24-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/331678843633"
+ "email" = "csvd.aws+ditd-gppsys-prod-ew@census.gov"
+ "id" = "331678843633"
+ "name" = "ditd-gppsys-prod-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943591306"
+ "email" = "csvd.aws+adsd-chec-stage-ew@census.gov"
+ "id" = "260943591306"
+ "name" = "adsd-chec-stage-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412295344020"
+ "email" = "csvd.aws.ma12-ew@census.gov"
+ "id" = "412295344020"
+ "name" = "ma12-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/145577987146"
+ "email" = "csvd.aws+cedsci-dev-ew@census.gov"
+ "id" = "145577987146"
+ "name" = "cedsci-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057405694017"
+ "email" = "csvd.aws.ent-ew-network-prod@census.gov"
+ "id" = "057405694017"
+ "name" = "ent-ew-network-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272733779579"
+ "email" = "csvd.aws+ma25-ew@census.gov"
+ "id" = "272733779579"
+ "name" = "ma25-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057445207498"
+ "email" = "csvd.aws.ent-ew-network-sa@census.gov"
+ "id" = "057445207498"
+ "name" = "ent-ew-network-sa"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412271945539"
+ "email" = "csvd.aws.ma11-ew@census.gov"
+ "id" = "412271945539"
+ "name" = "ma11-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260943966700"
+ "email" = "csvd.aws+adsd-dapps-test-ew@census.gov"
+ "id" = "260943966700"
+ "name" = "adsd-dapps-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/253096981461"
+ "email" = "csvd.aws.ma7-ew@census.gov"
+ "id" = "253096981461"
+ "name" = "ma7-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/247935758470"
+ "email" = "csvd.aws+ma49-ew@census.gov"
+ "id" = "247935758470"
+ "name" = "ma49-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/118811090296"
+ "email" = "csvd.aws+ent-ew-dmz-prod-1@census.gov"
+ "id" = "118811090296"
+ "name" = "ent-ew-dmz-prod-1"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187951786409"
+ "email" = "csvd.aws+ma14-ew@census.gov"
+ "id" = "187951786409"
+ "name" = "ma14-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953641438"
+ "email" = "csvd.aws+adsd-chec-test-ew@census.gov"
+ "id" = "260953641438"
+ "name" = "adsd-chec-test-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173431192601"
+ "email" = "csvd.aws+ma43-ew@census.gov"
+ "id" = "173431192601"
+ "name" = "ma43-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/258852445129"
+ "email" = "csvd.aws+ma50-ew@census.gov"
+ "id" = "258852445129"
+ "name" = "ma50-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/220615867784"
+ "email" = "csvd.aws+csvd-common-ew@census.gov"
+ "id" = "220615867784"
+ "name" = "csvd-common-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260949450014"
+ "email" = "csvd.aws+adsd-dapps-ite-ew@census.gov"
+ "id" = "260949450014"
+ "name" = "adsd-dapps-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260970024919"
+ "email" = "csvd.aws+boc-remove1-ew@census.gov"
+ "id" = "260970024919"
+ "name" = "boc-remove1-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066921446319"
+ "email" = "csvd.aws.ent-ew-logging-prod@census.gov"
+ "id" = "066921446319"
+ "name" = "ent-ew-logging-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412187151792"
+ "email" = "csvd.aws.ma9-ew@census.gov"
+ "id" = "412187151792"
+ "name" = "ma9-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/272782267436"
+ "email" = "csvd.aws+ma27-ew@census.gov"
+ "id" = "272782267436"
+ "name" = "ma27-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/817869416306"
+ "email" = "csvd.aws+do3-ma4-ew@census.gov"
+ "id" = "817869416306"
+ "name" = "MultiAccount4"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/057768737222"
+ "email" = "csvd.aws+ma41-ew@census.gov"
+ "id" = "057768737222"
+ "name" = "ma41-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/194167189381"
+ "email" = "csvd.aws+ma18-ew@census.gov"
+ "id" = "194167189381"
+ "name" = "ma18-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/066951804473"
+ "email" = "csvd.aws.ent-ew-sectools-prod@census.gov"
+ "id" = "066951804473"
+ "name" = "ent-ew-sectools-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/173178443362"
+ "email" = "csvd.aws+csd-vdi-dev-ew@census.gov"
+ "id" = "173178443362"
+ "name" = "csd-vdi-dev-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/412241963457"
+ "email" = "csvd.aws.ma10-ew@census.gov"
+ "id" = "412241963457"
+ "name" = "ma10-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260953354104"
+ "email" = "csvd.aws+adsd-chec-ite-ew@census.gov"
+ "id" = "260953354104"
+ "name" = "adsd-chec-ite-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/252999262699"
+ "email" = "csvd.aws.ma8-ew@census.gov"
+ "id" = "252999262699"
+ "name" = "ma8-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/039254866084"
+ "email" = "csvd.aws+ma33-ew@census.gov"
+ "id" = "039254866084"
+ "name" = "ma33-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/198877876776"
+ "email" = "csvd.aws+ma23-ew@census.gov"
+ "id" = "198877876776"
+ "name" = "ma23-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/273715889907"
+ "email" = "csvd.aws+ent-ew-dmz-network-prod@census.gov"
+ "id" = "273715889907"
+ "name" = "ent-ew-dmz-network-prod"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/107742151971"
+ "email" = "csvd.aws+do1-ew@census.gov"
+ "id" = "107742151971"
+ "name" = "Census ESF"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/187944776148"
+ "email" = "csvd.aws+ma13-ew@census.gov"
+ "id" = "187944776148"
+ "name" = "ma13-ew"
+ "status" = "ACTIVE"
+ },
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:account/o-8qizkt65j8/260963978427"
+ "email" = "csvd.aws+adsd-dapps-stage-ew@census.gov"
+ "id" = "260963978427"
+ "name" = "adsd-dapps-stage-ew"
+ "status" = "ACTIVE"
+ },
+ ])
+ "roots" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:root/o-8qizkt65j8/r-9go7"
+ "id" = "r-9go7"
+ "name" = "Root"
+ "policy_types" = tolist([
+ {
+ "status" = "ENABLED"
+ "type" = "TAG_POLICY"
+ },
+ {
+ "status" = "ENABLED"
+ "type" = "SERVICE_CONTROL_POLICY"
+ },
+ ])
+ },
+ ])
+}
+ous = {
+ "children" = tolist([
+ {
+ "arn" = "arn:aws-us-gov:organizations::252903981224:ou/o-8qizkt65j8/ou-9go7-n56zhbew"
+ "id" = "ou-9go7-n56zhbew"
+ "name" = "Enterprise-GOV"
+ },
+ ])
+ "id" = "r-9go7"
+ "parent_id" = "r-9go7"
+}
+profile = "252903981224-ma5-gov"
+region = "us-gov-east-1"
+vpc_full_name = ""
diff --git a/group-assignment/data.tf b/group-assignment/data.tf
new file mode 120000
index 0000000..995624d
--- /dev/null
+++ b/group-assignment/data.tf
@@ -0,0 +1 @@
+../common/data.tf
\ No newline at end of file
diff --git a/group-assignment/defaults.tf b/group-assignment/defaults.tf
new file mode 120000
index 0000000..a5556ac
--- /dev/null
+++ b/group-assignment/defaults.tf
@@ -0,0 +1 @@
+../common/defaults.tf
\ No newline at end of file
diff --git a/group-assignment/locals.tf b/group-assignment/locals.tf
new file mode 100644
index 0000000..5cba936
--- /dev/null
+++ b/group-assignment/locals.tf
@@ -0,0 +1,12 @@
+locals {
+ account_id = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
+ account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
+ region = data.aws_region.current.name
+ region_short = join("", [for c in split("-", local.region) : substr(c, 0, 1)])
+
+ base_tags = {
+ "boc:tf_module_version" = local._module_version
+ "boc:tf_module_name" = local._module_name
+ "boc:created_by" = "terraform"
+ }
+}
diff --git a/group-assignment/main.tf b/group-assignment/main.tf
new file mode 100644
index 0000000..1ccf752
--- /dev/null
+++ b/group-assignment/main.tf
@@ -0,0 +1,68 @@
+locals {
+ description = coalesce(var.description, var.name)
+}
+
+## resource "aws_identitystore_group" "group" {
+## identity_store_id = var.identity_store_id
+##
+## display_name = var.name
+## description = local.description
+## }
+##
+## resource "aws_identitystore_group_membership" "group" {
+## for_each = { for ug in local.user_groups : ug.label => ug }
+## identity_store_id = tolist(data.aws_ssoadmin_instances.sso.identity_store_ids)[0]
+##
+## group_id = aws_identitystore_group.groups[each.value.group].group_id
+## member_id = try(data.aws_identitystore_user.users[each.value.member].id, null)
+## }
+##
+## resource "aws_ssoadmin_account_assignment" "inf-operations-t2" {
+## for_each = lookup(local.groups, "inf-operations-t2", null) != null && lookup(local.groups["inf-operations-t2"], "enabled", true) ? { for a in local.org_accounts : a.id => a if a.status == "ACTIVE" && (contains(local.groups["inf-operations-t2"].account_ids, a.id) || contains(local.groups["inf-operations-t2"].account_ids, "ALL")) } : {}
+##
+## instance_arn = tolist(data.aws_ssoadmin_instances.sso.arns)[0]
+## # permission_set_arn = aws_ssoadmin_permission_set.pset.arn
+## permission_set_arn = module.inf-operations-t2.permissionset_arn
+##
+## principal_id = lookup(local.groups, "inf-operations-t2", null) != null && lookup(local.groups["inf-operations-t2"], "enabled", true) ? aws_identitystore_group.groups["inf-operations-t2"].group_id : null
+## principal_type = "GROUP"
+##
+## target_id = each.value.id
+## target_type = "AWS_ACCOUNT"
+## }
+##
+## ## @@@
+## ##
+## ##
+## ## groups:
+## ## - inf-operations-t2:
+## ## description: "INF Operations T2"
+## ## display_name: "inf-operations-t2"
+## ## permissionset_name: "inf-operations-t2"
+## ## enabled: true
+## ## members:
+## ## - agbo0001
+## ## - akapo001
+## ## - bell0402
+## ## - clark464
+## ## - donog303
+## ## - harpe341
+## ## - horva001
+## ## - illia300
+## ## - krug0002
+## ## - maure006
+## ## - neal0328
+## ## - pinkn005
+## ## - quatt008
+## ## - raybi001
+## ## - regis004
+## ## - rodri499
+## ## - rolli307
+## ## - smith934
+## ## - tabro001
+## ## - washi378
+## ## - wood0360
+## ## - wycli001
+## ## - zunig011
+## ## account_ids:
+## ## - ALL
diff --git a/group-assignment/main.tf.x b/group-assignment/main.tf.x
new file mode 100644
index 0000000..65ec89e
--- /dev/null
+++ b/group-assignment/main.tf.x
@@ -0,0 +1,138 @@
+locals {
+ description = coalesce(var.description, var.name)
+}
+
+resource "aws_identitystore_group" "group" {
+ identity_store_id = var.identity_store_id
+
+ display_name = var.name
+ description = local.description
+}
+
+data "aws_identitystore_user" "users" {
+ for_each = var.users
+ identity_store_id = var.identity_store_id
+
+ alternate_identifier {
+ unique_attribute {
+ attribute_path = "UserName"
+ attribute_value = each.value.mail
+ }
+ }
+}
+
+resource "aws_identitystore_group_membership" "group" {
+ for_each = { for ug in local.user_groups : ug.label => ug }
+ identity_store_id = tolist(data.aws_ssoadmin_instances.sso.identity_store_ids)[0]
+
+ group_id = aws_identitystore_group.groups[each.value.group].group_id
+ member_id = try(data.aws_identitystore_user.users[each.value.member].id, null)
+}
+
+resource "aws_ssoadmin_account_assignment" "inf-operations-t2" {
+ for_each = lookup(local.groups, "inf-operations-t2", null) != null && lookup(local.groups["inf-operations-t2"], "enabled", true) ? { for a in local.org_accounts : a.id => a if a.status == "ACTIVE" && ( contains(local.groups["inf-operations-t2"].account_ids, a.id) || contains(local.groups["inf-operations-t2"].account_ids,"ALL") )} : {}
+
+ instance_arn = tolist(data.aws_ssoadmin_instances.sso.arns)[0]
+# permission_set_arn = aws_ssoadmin_permission_set.pset.arn
+ permission_set_arn = module.inf-operations-t2.permissionset_arn
+
+ principal_id = lookup(local.groups, "inf-operations-t2", null) != null && lookup(local.groups["inf-operations-t2"], "enabled", true) ? aws_identitystore_group.groups["inf-operations-t2"].group_id : null
+ principal_type = "GROUP"
+
+ target_id = each.value.id
+ target_type = "AWS_ACCOUNT"
+}
+
+@@@
+locals {
+ user_base_dn = "ou=People,o=U.S. Census Bureau,c=US"
+ data = yamldecode(file("groups.yml"))
+ # _users = { for u in local.data["users"] : keys(u)[0] => values(u)[0] }
+ # users = { for k, v in local._users : k => v if lookup(v, "enabled", true) }
+ _groups = { for g in local.data["groups"] : keys(g)[0] => values(g)[0] }
+ groups = { for k, v in local._groups : k => v if lookup(v, "enabled", true) }
+ user_groups = flatten([for g, v in local.groups : [for m in v.members : { label = format("%v:%v", g, m), group = g, member = m }]])
+ users = distinct([for ug in local.user_groups : ug.member])
+ ldap_user_attributes = { for k, v in data.ldap_object.users : k => { for kk, vv in v.attributes_json : kk => jsondecode(vv)[0] } }
+}
+
+resource "aws_identitystore_group" "groups" {
+ # for_each = { for k, v in local.groups : k => v if lookup(v, "enabled", true) }
+ for_each = local.groups
+ identity_store_id = tolist(data.aws_ssoadmin_instances.sso.identity_store_ids)[0]
+
+ description = each.value.description
+ display_name = each.value.display_name
+}
+
+resource "aws_identitystore_group_membership" "membership" {
+ for_each = { for ug in local.user_groups : ug.label => ug }
+ identity_store_id = tolist(data.aws_ssoadmin_instances.sso.identity_store_ids)[0]
+
+ group_id = aws_identitystore_group.groups[each.value.group].group_id
+ member_id = try(data.aws_identitystore_user.users[each.value.member].id, null)
+}
+
+data "ldap_object" "users" {
+ for_each = toset(local.users)
+ provider = ldap.bocas
+
+ base_dn = local.user_base_dn
+ search_values = { cn = each.key }
+ select_attributes = ["cn", "dn", "givenName", "sn", "generationQualifier", "initials", "telephoneNumber", "mail", "departmentNumber", "fullName", "employeeType", "manager"]
+}
+
+data "aws_identitystore_user" "users" {
+ for_each = local.ldap_user_attributes
+ identity_store_id = tolist(data.aws_ssoadmin_instances.sso.identity_store_ids)[0]
+
+ alternate_identifier {
+ unique_attribute {
+ attribute_path = "UserName"
+ attribute_value = each.value.mail
+ }
+ }
+}
+
+# this has to be done after creation of the permissionset
+data "aws_ssoadmin_permission_set" "pset" {
+ for_each = {for k,v in local.groups: k => v if try(v.permissionset_name,null) != null }
+ instance_arn = tolist(data.aws_ssoadmin_instances.sso.arns)[0]
+ name = each.value.permissionset_name
+}
+
+@@@
+
+
+groups:
+ - inf-operations-t2:
+ description: "INF Operations T2"
+ display_name: "inf-operations-t2"
+ permissionset_name: "inf-operations-t2"
+ enabled: true
+ members:
+ - agbo0001
+ - akapo001
+ - bell0402
+ - clark464
+ - donog303
+ - harpe341
+ - horva001
+ - illia300
+ - krug0002
+ - maure006
+ - neal0328
+ - pinkn005
+ - quatt008
+ - raybi001
+ - regis004
+ - rodri499
+ - rolli307
+ - smith934
+ - tabro001
+ - washi378
+ - wood0360
+ - wycli001
+ - zunig011
+ account_ids:
+ - ALL
diff --git a/group-assignment/module_name.tf b/group-assignment/module_name.tf
new file mode 100644
index 0000000..799d8a8
--- /dev/null
+++ b/group-assignment/module_name.tf
@@ -0,0 +1,3 @@
+locals {
+ _module_name = "aws-sso/group-assignment"
+}
diff --git a/group-assignment/outputs.tf b/group-assignment/outputs.tf
new file mode 100644
index 0000000..96efc67
--- /dev/null
+++ b/group-assignment/outputs.tf
@@ -0,0 +1,18 @@
+## output "permissionset_arn" {
+## description = "Permission set ARN"
+## value = aws_ssoadmin_permission_set.pset.arn
+## }
+
+output "results" {
+ value = {
+ org_all = var.org_all
+ org_account_names = var.org_account_names
+ org_account_ids = var.org_account_ids
+ organizational_unit_names = var.organizational_unit_names
+ organizational_unit_ids = var.organizational_unit_ids
+ active_accounts = local.active_accounts
+ organizational_units = local.organizational_units
+
+ account_ids = var.account_ids
+ }
+}
diff --git a/group-assignment/prefixes.tf b/group-assignment/prefixes.tf
new file mode 120000
index 0000000..7e265d5
--- /dev/null
+++ b/group-assignment/prefixes.tf
@@ -0,0 +1 @@
+../common/prefixes.tf
\ No newline at end of file
diff --git a/group-assignment/users.tf b/group-assignment/users.tf
new file mode 100644
index 0000000..8d38c6f
--- /dev/null
+++ b/group-assignment/users.tf
@@ -0,0 +1,25 @@
+locals {
+ user_base_dn = "ou=People,o=U.S. Census Bureau,c=US"
+ ldap_user_attributes = { for k, v in data.ldap_object.users : k => { for kk, vv in v.attributes_json : kk => jsondecode(vv)[0] } }
+}
+
+data "ldap_object" "users" {
+ for_each = toset(var.users)
+ provider = ldap
+
+ base_dn = local.user_base_dn
+ search_values = { cn = each.key }
+ select_attributes = ["cn", "dn", "givenName", "sn", "generationQualifier", "initials", "telephoneNumber", "mail", "departmentNumber", "fullName", "employeeType", "manager"]
+}
+
+data "aws_identitystore_user" "users" {
+ for_each = local.ldap_user_attributes
+ identity_store_id = var.identity_store_id
+
+ alternate_identifier {
+ unique_attribute {
+ attribute_path = "UserName"
+ attribute_value = each.value.mail
+ }
+ }
+}
diff --git a/group-assignment/variables.common.tf b/group-assignment/variables.common.tf
new file mode 120000
index 0000000..7439ed8
--- /dev/null
+++ b/group-assignment/variables.common.tf
@@ -0,0 +1 @@
+../common/variables.common.tf
\ No newline at end of file
diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf
new file mode 100644
index 0000000..6ec041a
--- /dev/null
+++ b/group-assignment/variables.tf
@@ -0,0 +1,76 @@
+variable "name" {
+ description = "Permission set name"
+ type = string
+}
+
+variable "description" {
+ description = "Permission set description"
+ type = string
+ default = null
+}
+
+variable "identity_store_id" {
+ description = "AWS SSO/IDC Instance ID"
+ type = string
+}
+
+variable "permissionset_arn" {
+ description = "AWS SSO/IDC Permission set ARN"
+ type = string
+}
+
+variable "users" {
+ description = "List of Census usernames to assign to the group"
+ type = list(string)
+ default = []
+}
+
+variable "org_all" {
+ description = "Flag indicating to associate this group to all ACTIVE accounts in the organization"
+ type = bool
+ default = false
+}
+
+variable "org_account_names" {
+ description = "List of AWS Account aliases to which to associate with this group (note it use the commercial side alias for GovCloud)"
+ type = list(string)
+ default = []
+}
+
+variable "org_account_ids" {
+ description = "List of AWS Account ID to which to associate with this group"
+ type = list(string)
+ default = []
+}
+
+variable "organizational_unit_names" {
+ description = "List of AWS Organizational Unit names to assocate with this group"
+ type = list(string)
+ default = []
+}
+
+variable "organizational_unit_ids" {
+ description = "List of AWS Organizational Unit names to assocate with this group"
+ type = list(string)
+ default = []
+}
+
+variable "organizational_unit_hierarchy" {
+ descripton = "Map from organization setup with OU => object() to obtain OU IDs"
+ type = map()
+ default = {}
+}
+
+## "Enterprise-GOV:Workloads:SystemAcceptance" = {
+## "fullname" = "Enterprise-GOV:Workloads:SystemAcceptance"
+## "levels" = tolist([
+## "Enterprise-GOV",
+## "Workloads",
+## "SystemAcceptance",
+## ])
+## "name" = "SystemAcceptance"
+## "nlevels" = 3
+## "parent" = "Enterprise-GOV:Workloads"
+## "self_id" = "ou-9go7-zw77fgic"
+## }
+## }
diff --git a/group-assignment/version.tf b/group-assignment/version.tf
new file mode 120000
index 0000000..b83c5b7
--- /dev/null
+++ b/group-assignment/version.tf
@@ -0,0 +1 @@
+../common/version.tf
\ No newline at end of file
diff --git a/group-assignment/versions.tf b/group-assignment/versions.tf
new file mode 100644
index 0000000..979e7e6
--- /dev/null
+++ b/group-assignment/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.0"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.0"
+ }
+ }
+ ldap = {
+ source = "trevex/ldap"
+ version = ">= 0.5.4"
+ # configuration_aliases = [ldap.something]
+ }
+}
diff --git a/permissionset/variables.common.availability_zones.tf b/permissionset/variables.common.availability_zones.tf
deleted file mode 120000
index dca20a3..0000000
--- a/permissionset/variables.common.availability_zones.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/variables.common.availability_zones.tf
\ No newline at end of file