resource "aws_iam_user" "dev2" {
  count = length(var.users)
  name  = var.users[count.index]
  path  = "/system/"
}

resource "aws_iam_user" "app" {
  count = length(var.apps_users)
  name  = var.apps_users[count.index].name
  path  = "/system/"
}

resource "aws_iam_user" "tmp" {
  count = length(var.tmp_users)
  name  = var.tmp_users[count.index].name
  path  = "/system/"
}

resource "aws_iam_user_group_membership" "app_group_membership" {
  count  = length(var.apps_users)
  user   = aws_iam_user.app[count.index].name
  groups = var.apps_users[count.index].groups
}

resource "aws_iam_user_group_membership" "tmp_group_membership" {
  count  = length(var.tmp_users)
  user   = aws_iam_user.tmp[count.index].name
  groups = var.tmp_users[count.index].groups
}

resource "aws_iam_user_login_profile" "bypark_login" {
  count	= length([for user in var.tmp_users : user if user.is_console_user])
  user	= aws_iam_user.dev2[count.index].name
  password_length = 20
}

output "bypark_password" {
  value     = [for profile in aws_iam_user_login_profile.bypark_login : profile.encrypted_password if profile.user == "bypark"]
  sensitive = true
}