From de009add86329ea475200f8cb0765d3a48d70fdc Mon Sep 17 00:00:00 2001
From: hacker65536 <s.hacker65536@gmail.com>
Date: Wed, 22 May 2024 12:42:11 +0900
Subject: [PATCH] fix #33

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 461cc6a..3b27709 100644
--- a/main.tf
+++ b/main.tf
@@ -227,7 +227,7 @@ resource "aws_ssoadmin_account_assignment" "account_assignment" {
   instance_arn       = local.ssoadmin_instance_arn
   permission_set_arn = data.aws_ssoadmin_permission_set.existing_permission_sets[each.value.permission_set].arn
 
-  principal_id   = each.value.principal_type == "GROUP" ? data.aws_identitystore_group.identity_store_group[each.value.principal_name].id : data.aws_identitystore_user.identity_store_user[each.value.principal_name].id
+  principal_id   = each.value.principal_type == "GROUP" ? (aws_identitystore_group.sso_groups[each.value.principal_name].group_id != null ? aws_identitystore_group.sso_groups[each.value.principal_name].group_id : data.aws_identitystore_group.identity_store_group[each.value.principal_name].id) : (aws_identitystore_user.sso_users[each.value.principal_name].user_id != null ? aws_identitystore_user.sso_users[each.value.principal_name].user_id : data.aws_identitystore_user.identity_store_user[each.value.principal_name].id)
   principal_type = each.value.principal_type
 
   target_id   = each.value.account_id