Skip to content

Commit

Permalink
Add example for module per organization units
Browse files Browse the repository at this point in the history
  • Loading branch information
@rakiyoshi
rakiyoshi committed Aug 4, 2021
1 parent d5d47ba commit be3c07d
Show file tree
Hide file tree
Showing 9 changed files with 193 additions and 0 deletions.
54 changes: 54 additions & 0 deletions examples/module-per-organizations-unit/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Account assignment per organization units

Define account assignments per organization units.

## Usage

To run this example you need to execute:

```bash
$ terraform init
$ terraform plan
$ terraform apply
```

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >=3.24.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.24.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_ou1_assignments"></a> [ou1\_assignments](#module\_ou1\_assignments) | ../.. | n/a |
| <a name="module_ou2_assignments"></a> [ou2\_assignments](#module\_ou2\_assignments) | ../.. | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_organizations_organization.organization](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
| [aws_ssoadmin_instances.instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssoadmin_instances) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_assignments_ou1"></a> [assignments\_ou1](#input\_assignments\_ou1) | Account assignments for Organization Unit 1. | `map(map(map(list(string))))` | n/a | yes |
| <a name="input_assignments_ou2"></a> [assignments\_ou2](#input\_assignments\_ou2) | Account assignments for Organization Unit 2. | `map(map(map(list(string))))` | n/a | yes |
| <a name="input_sso_region"></a> [sso\_region](#input\_sso\_region) | Region of your AWS SSO instance. | `string` | n/a | yes |

## Outputs

No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
5 changes: 5 additions & 0 deletions examples/module-per-organizations-unit/backend.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
terraform {
backend "local" {
path = "terraform.tfstate"
}
}
31 changes: 31 additions & 0 deletions examples/module-per-organizations-unit/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
data "aws_ssoadmin_instances" "instances" {}

data "aws_organizations_organization" "organization" {}

locals {
instance_arn = tolist(data.aws_ssoadmin_instances.instances.arns)[0]
identity_store_id = tolist(data.aws_ssoadmin_instances.instances.identity_store_ids)[0]
accounts = data.aws_organizations_organization.organization.accounts
}

module "ou1_assignments" {
source = "../.."

instance_arn = local.instance_arn
identity_store_id = local.identity_store_id

organization_accounts = local.accounts

assignments = var.assignments_ou1
}

module "ou2_assignments" {
source = "../.."

instance_arn = local.instance_arn
identity_store_id = local.identity_store_id

organization_accounts = local.accounts

assignments = var.assignments_ou2
}
41 changes: 41 additions & 0 deletions examples/module-per-organizations-unit/ou1.auto.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
assignments_ou1 = {
"account1" = {
"groups" = {
"SystemAdministrator" = [
"AdministratorAccess",
],
"Engineer" = [
"PowerUserAccess",
],
"Manager" = [
"ReadOnlyAccess",
],
},
"users" = {
"[email protected]" = [
"AdministratorAccess",
],
},
},
"account2" = {
"groups" = {
"SystemAdministrator" = [
"AdministratorAccess",
],
"Engineer" = [
"PowerUserAccess",
],
"Manager" = [
"ReadOnlyAccess",
],
},
"users" = {
"[email protected]" = [
"AdministratorAccess",
],
"[email protected]" = [
"ReadOnlyAccess",
],
},
},
}
35 changes: 35 additions & 0 deletions examples/module-per-organizations-unit/ou2.auto.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
assignments_ou2 = {
"account3" = {
"groups" = {
"SystemAdministrator" = [
"AdministratorAccess",
],
"Manager" = [
"ReadOnlyAccess",
],
},
"users" = {
"[email protected]" = [
"AdministratorAccess",
],
},
},
"account4" = {
"groups" = {
"SystemAdministrator" = [
"AdministratorAccess",
],
},
"users" = {
"[email protected]" = [
"AdministratorAccess",
],
"[email protected]" = [
"ReadOnlyAccess",
],
"[email protected]" = [
"ReadOnlyAccess",
],
},
},
}
Empty file added examples/module-per-organizations-unit/outputs.tf
View file
Empty file.
3 changes: 3 additions & 0 deletions examples/module-per-organizations-unit/providers.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "aws" {
region = var.sso_region
}
14 changes: 14 additions & 0 deletions examples/module-per-organizations-unit/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
variable "sso_region" {
type = string
description = "Region of your AWS SSO instance."
}

variable "assignments_ou1" {
type = map(map(map(list(string))))
description = "Account assignments for Organization Unit 1."
}

variable "assignments_ou2" {
type = map(map(map(list(string))))
description = "Account assignments for Organization Unit 2."
}
10 changes: 10 additions & 0 deletions examples/module-per-organizations-unit/version.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.0.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">=3.24.0"
}
}
}

0 comments on commit be3c07d

Please sign in to comment.