add new method

terraform · Feb 3, 2026 · a827570 · a827570
1 parent ce3340c
commit a827570
Showing 1 changed file with 98 additions and 3 deletions.
diff --git a/docs/how-to/aws-sso/create-sso-group.md b/docs/how-to/aws-sso/create-sso-group.md
@@ -5,14 +5,20 @@ These include:
 
 * sc-audit
 * sc-dba
-* sc-developer
 * sc-operator
 * sc-poweruser (not fully ready for use)
 * sc-readonly
 * sc-tagadmin-t2 (will be renaming this to remove the -t2)
 * sc-tester
 
-## Summary of Steps
+There is a [new method](#summary-of-steps--new-) to handle these permissionsets. It is *much* simpler.
+
+* sc-developer
+* sc-servicecatalog-t1
+* sc-servicecatalog-t2
+* sc-servicecatalog-t3
+
+## Summary of Steps (OLD)
 
 1. starting point is {management-account-repo}/infrastructure/global/sso
 2. add users for the new group into `users.csv`, if not already there
@@ -26,7 +32,7 @@ These include:
 10. plan (plan will fail until users added to `users.csv`)
 11. once all merged, apply in the new group directory
 
-## Example
+### Example
 
 * Step 1
 
@@ -128,6 +134,93 @@ tf-apply
 git branch -d add-group-csvd-iac-poc-sc-developer
 ```
 
+## Summary of Steps (New)
+
+```console
+% sso-create-sc-group.py -h
+usage: sso-create-sc-group.py [-h] -b BUSINESS_LABEL [-a APPLICATION_LABEL] [-g GROUP] [-d DESCRIPTION] [-f] [-v]
+
+Automate file creation from templates.
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -b BUSINESS_LABEL, --business-label BUSINESS_LABEL
+                        Required business label
+  -a APPLICATION_LABEL, --application-label APPLICATION_LABEL
+                        Optional application label
+  -g GROUP, --group GROUP
+                        Group name (defaults to current directory name)
+  -d DESCRIPTION, --description DESCRIPTION
+                        Description for the group
+  -f, --force           Overwrite existing directory if it exists
+  -v, --version         show program's version number and exit
+```
+
+### Setup of files with Script
+
+```script
+sso-create-sc-group.py -b ORG -a APP 
+```
+
+### Example
+
+```console
+% sso-create-sc-group.py -b ditd -a webscraping
+--- sso-create-sc-group.py v1.0.8 ---
+Targeting Group: ditd-webscraping-sc-developer
+
+  [Copied]   locals.tf
+  [Copied]   region.tf
+  [Copied]   tf-run.data
+  [Copied]   tags.tf
+  [Copied]   tags.yml
+  [Copied]   versions.tf
+  [Rendered] GROUP.tf.j2 -> ditd-webscraping-sc-developer.tf
+  [Rendered] GROUP.yml.j2 -> ditd-webscraping-sc-developer.yml
+
+Done. Files located in: ./ditd-webscraping-sc-developer
+```
+
+### Edit YAML file
+
+Next, edit the file {group}.yml. Update the following fields, as appropriate. These will already
+be generated, but the need to be checked.
+
+* description
+  * Verify in proper {org} and {project}
+  * Change case of the {project} (application) if neededd
+  * or, put in description that meets the need, but leave the "SC Developer" at the end
+* account_names
+  * if you have account names to use, remove the []
+  * add the account names (using the *ew* name vs the *gov* name) as list members (space space dash space ACCOUNT_NAME)
+* users
+  * if you have users, remove the []
+  * add the user JBIDS as list members (space space dash space JBID)
+
+Example:
+
+```yaml
+group: csvd-test-sc-developer
+description: "CSVD Test SC Developer"
+all: false
+account_names:
+  - csvd-common-ew
+account_ids: []
+org_ous: []
+users:
+  - badra001
+```
+
+### Git workflow
+
+Continue with the git workflow.
+
+* create branch
+* `tf-run plan`
+* `tf-plan summary`
+* git add, commit, push
+* create PR with summary in body of PR, plan log uploaded
+* once merged, return and `tf-run apply`
 
 # CHANGELOG
 
@@ -137,3 +230,5 @@ git branch -d add-group-csvd-iac-poc-sc-developer
   - update example, reference local README.md
 - 1.0.2 -- 2025-07-22
   - add sc-readonly
+- 1.1.0 -- 2026-02-03
+  - add new method for sc-developer and sc-servicecatalog-t*