Having issues sync Gsuite email groups to AWS SSO

[rfuelsh]

So I was able to sync all Gsuite users via the "users_groups" but I am not seeing any Google Workspaces groups in AWS SSO Console.

Ideally I just want to sync all GSuite groups with AWS SSO and then deploy an AWS SSO permission set for GSuite group, I am using the following command:

./ssosync -t $SSOSYNC_SCIM_ACCESS_TOKEN -e $SSOSYNC_SCIM_ENDPOINT -u -c -g 'name:Fuel email:all' --sync-method 'groups'

and I am getting this

INFO[0000] Syncing AWS users and groups from Google Workspace SAML Application 
INFO[0000] syncing                                       sync_method=groups
INFO[0000] get google groups                             query="name:Fuel* email:all*"
FATA[0001] googleapi: Error 400: Invalid Input: query, invalid 

what i am doing wrong to sync the GSuite email groups to AWS SSO Groups?

[ankush-yadav25]

So I was able to sync all Gsuite users via the "users_groups" -> Hey, could you please help me achive this ? I'm facing alot of issue like "googleapi: Error 404: Domain not found., notFound " while doing so. your help is much appreciated.

[cornerman]

Same for me. I got it working by adding includeGroup and explicitly mentioning the groups I want to sync. But I would also like to get the behaviour of syncing all groups.

The problematic code seems to be here: https://github.com/awslabs/ssosync/blob/master/internal/sync.go#L179

[ChrisPates]

In the feature branch linked to this issue. in Groups mode, It will become possible to omit the -g parameter or speciify -g "" which will sync all groups and their member users and/or omit the -u parameter or specify -u "" which sync all users. Omitting/specify both will sync your whole directory.

[ChrisPates]

The specific error you are seeing is because the google api doesn't like the query string you provided for the -g parameter. try -g "Name:Fuel*"