eventDriven replication :Use Google Directory changes to trigger updates based on the events, and reduce frequency of 'full sync' based execution.

[ChrisPates]

To reduce the frequency of need less execution and avoid provisioning delays between Google Directory and AWS IAM Identity Center. Implement an event drive architecture between the two platforms.

Rough outline:

1. **Google Directory Change Monitoring: **
   Use Google Cloud Endpoints (GCE) to listen for events related to changes in your Google Directory.
   Configure GCE to notify an AWS API Gateway when a change occurs.
2. AWS API Gateway:
   Create an API Gateway endpoint in AWS that will receive notifications from GCE.
   Configure the API Gateway to trigger a Lambda function when a notification is received.
3. AWS Lambda Function:
   Trigger the API Gateway.

It may be desirable to retain a schedule trigger but at much lower frequency, e.g. daily in case event driven calls fail.

[Mavyre]

I though of a another approach using rule expression from EventBridge. Having a second rule, from an Event Pattern, such as:

{
  "source": ["aws.sso-directory"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["sso-directory.amazonaws.com"],
    "eventName": ["CreateUser"]
  }
}

I didn't test it yet, but it could work. Thus, the main limitation would be that modifying a user groups wouldn't trigger it.

Also, users can get instantly deleted by ssosync when added to the Google Directory without having enough time to add them to a group. An SQS Delay/Deduplication could be added in between the EventBridge and the Lambda.

[ChrisPates]

Clearly there are two parts to this:
Google side
Admin console- Push Notifications

AWS Side
AWS Compute Blog | Sending and receiving webhooks on AWS: Innovate with event notifications - Receiving webhooks. This can definitely be simplified as the payloads for the above events a small.