terraform-aws-arc-control-tower-aft¶
Overview¶
SourceFuse AWS Reference Architecture (ARC) Terraform module for managing Control Tower Account Factory Terraform. Part of the ARC AWS Landing Zone solution.
Usage¶
To see a full example, check out the main.tf file in the example folder.
Requirements¶
| Name | Version |
|---|---|
| terraform | >= 1.3 |
| aws | ~> 4.0 |
Providers¶
No providers.
Modules¶
| Name | Source | Version |
|---|---|---|
| aft | git::https://github.com/aws-ia/terraform-aws-control_tower_account_factory | 1.8.0 |
Resources¶
No resources.
Inputs¶
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_customizations_repo | Information on the git repo for managing the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. | object({ |
{ |
no |
| account_ids | IDs to the accounts used for deploying the respective resources into | object({ |
n/a | yes |
| account_provisioning_customizations_repo | Information on the git repo for provisioning the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. | object({ |
{ |
no |
| account_request_repo | Information on the git repo for account requests. For non-CodeCommit repos, name should be in the format of org/repo. | object({ |
{ |
no |
| aft_feature_cloudtrail_data_events | Feature flag toggling CloudTrail data events on/off | bool |
true |
no |
| aft_feature_delete_default_vpcs_enabled | Feature flag toggling deletion of default VPCs on/off | bool |
true |
no |
| aft_feature_enterprise_support | Feature flag toggling Enterprise Support enrollment on/off | bool |
false |
no |
| aft_max_subnets | Maximum number of subnets to create based off the provided VPC CIDR | string |
"4" |
no |
| aft_metrics_reporting | Flag toggling reporting of operational metrics | bool |
true |
no |
| aft_vpc_cidr | CIDR Block to allocate to the AFT VPC | string |
n/a | yes |
| aft_vpc_endpoints | Flag turning VPC endpoints on/off for AFT VPC | bool |
true |
no |
| cloudwatch_log_group_retention | Amount of days to keep CloudWatch Log Groups for Lambda functions. 0 = Never Expire | string |
"0" |
no |
| control_tower_home_region | The region from which this module will be executed. This MUST be the same region as Control Tower is deployed. | string |
n/a | yes |
| github_enterprise_url | GitHub enterprise URL, if GitHub Enterprise is being used | string |
"null" |
no |
| global_codebuild_timeout | Codebuild build timeout | number |
60 |
no |
| global_customizations_repo | Information on the git repo for global customizations. For non-CodeCommit repos, name should be in the format of org/repo. | object({ |
{ |
no |
| maximum_concurrent_customizations | Maximum number of customizations/pipelines to run at once | number |
5 |
no |
| terraform_api_endpoint | API Endpoint for Terraform. Must be in the format of https://xxx.xxx. | string |
"https://app.terraform.io/api/v2/" |
no |
| terraform_backend_secondary_region | AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to. | string |
n/a | yes |
| terraform_distribution | Terraform distribution being used for AFT - valid values are oss, tfc, or tfe | string |
"oss" |
no |
| terraform_org_name | Organization name for Terraform Cloud or Enterprise | string |
"null" |
no |
| terraform_token | Terraform token for Cloud or Enterprise | string |
"null" |
no |
| terraform_version | Terraform version being used for AFT | string |
"1.3.6" |
no |
| vcs_provider | Customer VCS Provider - valid inputs are codecommit, bitbucket, github, or githubenterprise | string |
"github" |
no |
Outputs¶
| Name | Description |
|---|---|
| account_customizations_repo_branch | VCS Account customizations repo branch |
| account_customizations_repo_name | VCS Account customizations repo name |
| account_ids | Map of account IDs for each account created. |
| account_provisioning_customizations_repo_branch | VCS Account provisioning customizations repo branch |
| account_provisioning_customizations_repo_name | VCS Account provisioning customizations repo name |
| account_request_repo_branch | VCS Account request repo branch. |
| account_request_repo_name | VCS Account request repo name. |
| aft_feature_cloudtrail_data_events | AFT feature "CloudTrail data events". |
| aft_feature_delete_default_vpcs_enabled | AFT feature "delete default vpcs enabled". |
| aft_vpc_cidr | AFT VPC assigned cidr. |
| aft_vpc_private_subnet_cidrs | AFT VPC private subnet 01 cidr. |
| aft_vpc_public_subnet_cidrs | AFT VPC private subnet 01 cidr. |
| global_customizations_repo_branch | Global customizations repo branch. |
| global_customizations_repo_name | Global customizations repo name. |
| terraform_version | Terraform version used for this configuration. |
| tf_backend_secondary_region | Terraform backend secondary region. |
| vcs_provider | VCS Provider where the repos are configure for the different accounts. |
Versioning¶
This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to main, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
Development¶
Prerequisites¶
Configurations¶
- Configure pre-commit hooks
Authors¶
This project is authored by: - SourceFuse ARC Team