AWS Organization Terraform module

---

Description

Terraform module which sets up AWS Organization in the root account.

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.0

Providers

Name	Version
aws	>= 4.0

Modules

No modules.

Resources

Name	Type
aws_organizations_account.accounts	resource
aws_organizations_organization.org	resource
aws_organizations_organizational_unit.ous	resource

Inputs

Name	Description	Type	Default	Required
organization_accounts	Map of organization accounts to create. The map key is the name of the account and the value is an object containing account configuration variables.	any	n/a	yes
organization_aws_service_access_principals	n/a	list	[ "aws-artifact-account-sync.amazonaws.com", "cloudtrail.amazonaws.com", "securityhub.amazonaws.com", "guardduty.amazonaws.com", "config.amazonaws.com", "fms.amazonaws.com", "sso.amazonaws.com" ]	no
organization_enabled_policy_types	List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY	list(string)	[ "SERVICE_CONTROL_POLICY" ]	no
organization_feature_set	Specify ALL or CONSOLIDATED_BILLING	string	"ALL"	no
organization_units	Create flat organization units	list(string)	[ "default" ]	no

Outputs

Name	Description
organization	AWS organization attributes
organization_all_accounts	Map of the organization units attributes where key is account name
organization_all_organizational_units	Map of the organization units attributes where key is ou name
organization_master_account_id	Management account id

Usage

module "organization" {
  source = "git::https://github.com/zeroconfigio/terraform-aws-organization.git"

  organization_accounts = {
    security = {
      email       = "[email protected]",
      parent_name = "sec",
      tags        = {
        "provisioned" = "terraform"
        "account"     = "security"
      }
    },
    stage = {
      email     = "[email protected]",
      parent_id = "dev",
      tags        = {
        "provisioned" = "terraform"
        "account"     = "stage"
      }
    },
    production = {
      email     = "[email protected]",
      parent_id = "prod",
      tags        = {
        "provisioned" = "terraform"
        "account"     = "production"
      }
    },
  }

  organization_units = [
    "security",
    "stage",
    "production"
  ]

  organization_aws_service_access_principals = [
    "cloudtrail.amazonaws.com",
    "securityhub.amazonaws.com",
    "guardduty.amazonaws.com",
    "config.amazonaws.com",
    "fms.amazonaws.com",
    "sso.amazonaws.com"
  ]
}

Contributing

See CONTRIBUTING for full details.

Configuring the Environment

Before you can run hooks, you need to have the pre-commit package manager installed.

Using pip:

pip install pre-commit

In a python project, add the following to your requirements.txt (or requirements-dev.txt):

pre-commit

Using homebrew:

brew install pre-commit

Install the git hook scripts

Run pre-commit install to set up the git hook scripts

$ pre-commit install
pre-commit installed at .git/hooks/pre-commit

now pre-commit will run automatically on git commit!

(optional) Manually run against all the files

it's usually a good idea to run the hooks against all of the files when adding new hooks (usually pre-commit will only run on the changed files during git hooks)

$ pre-commit run -a

License

See LICENSE for full details.

Author

This project is maintained and funded by ZeroConfig.io and igor.js