awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
525 stars 181 forks source link

Add identityStore:DeleteGroup IAM permission #117

Closed jferris closed 1 year ago

jferris commented 1 year ago

Add identityStore:DeleteGroup IAM permission

This action is performed during the sync: https://github.com/awslabs/ssosync/blob/955e8e23a42340d323e25659c8c03130b5609c80/internal/sync.go#L511

But the template does not give the IAM role permission to delete groups: https://github.com/awslabs/ssosync/blob/b4352b919996c0dfd4fad03c0e7a8000e5fd5f88/template.yaml#L164

Resolves #116.