diff --git a/docs/how-to/aws-sso/create-sso-group.md b/docs/how-to/aws-sso/create-sso-group.md index f6867985..617c6461 100644 --- a/docs/how-to/aws-sso/create-sso-group.md +++ b/docs/how-to/aws-sso/create-sso-group.md @@ -5,14 +5,20 @@ These include: * sc-audit * sc-dba -* sc-developer * sc-operator * sc-poweruser (not fully ready for use) * sc-readonly * sc-tagadmin-t2 (will be renaming this to remove the -t2) * sc-tester -## Summary of Steps +There is a [new method](#summary-of-steps--new-) to handle these permissionsets. It is *much* simpler. + +* sc-developer +* sc-servicecatalog-t1 +* sc-servicecatalog-t2 +* sc-servicecatalog-t3 + +## Summary of Steps (OLD) 1. starting point is {management-account-repo}/infrastructure/global/sso 2. add users for the new group into `users.csv`, if not already there @@ -26,7 +32,7 @@ These include: 10. plan (plan will fail until users added to `users.csv`) 11. once all merged, apply in the new group directory -## Example +### Example * Step 1 @@ -128,6 +134,93 @@ tf-apply git branch -d add-group-csvd-iac-poc-sc-developer ``` +## Summary of Steps (New) + +```console +% sso-create-sc-group.py -h +usage: sso-create-sc-group.py [-h] -b BUSINESS_LABEL [-a APPLICATION_LABEL] [-g GROUP] [-d DESCRIPTION] [-f] [-v] + +Automate file creation from templates. + +optional arguments: + -h, --help show this help message and exit + -b BUSINESS_LABEL, --business-label BUSINESS_LABEL + Required business label + -a APPLICATION_LABEL, --application-label APPLICATION_LABEL + Optional application label + -g GROUP, --group GROUP + Group name (defaults to current directory name) + -d DESCRIPTION, --description DESCRIPTION + Description for the group + -f, --force Overwrite existing directory if it exists + -v, --version show program's version number and exit +``` + +### Setup of files with Script + +```script +sso-create-sc-group.py -b ORG -a APP +``` + +### Example + +```console +% sso-create-sc-group.py -b ditd -a webscraping +--- sso-create-sc-group.py v1.0.8 --- +Targeting Group: ditd-webscraping-sc-developer + + [Copied] locals.tf + [Copied] region.tf + [Copied] tf-run.data + [Copied] tags.tf + [Copied] tags.yml + [Copied] versions.tf + [Rendered] GROUP.tf.j2 -> ditd-webscraping-sc-developer.tf + [Rendered] GROUP.yml.j2 -> ditd-webscraping-sc-developer.yml + +Done. Files located in: ./ditd-webscraping-sc-developer +``` + +### Edit YAML file + +Next, edit the file {group}.yml. Update the following fields, as appropriate. These will already +be generated, but the need to be checked. + +* description + * Verify in proper {org} and {project} + * Change case of the {project} (application) if neededd + * or, put in description that meets the need, but leave the "SC Developer" at the end +* account_names + * if you have account names to use, remove the [] + * add the account names (using the *ew* name vs the *gov* name) as list members (space space dash space ACCOUNT_NAME) +* users + * if you have users, remove the [] + * add the user JBIDS as list members (space space dash space JBID) + +Example: + +```yaml +group: csvd-test-sc-developer +description: "CSVD Test SC Developer" +all: false +account_names: + - csvd-common-ew +account_ids: [] +org_ous: [] +users: + - badra001 +``` + +### Git workflow + +Continue with the git workflow. + +* create branch +* `tf-run plan` +* `tf-plan summary` +* git add, commit, push +* create PR with summary in body of PR, plan log uploaded +* once merged, return and `tf-run apply` # CHANGELOG @@ -137,3 +230,5 @@ git branch -d add-group-csvd-iac-poc-sc-developer - update example, reference local README.md - 1.0.2 -- 2025-07-22 - add sc-readonly +- 1.1.0 -- 2026-02-03 + - add new method for sc-developer and sc-servicecatalog-t*