ACAI ACF Module: terraform-aws-acf-org-delegation

GitHub Repository | Terraform Registry

Solution

Terraform module to manage AWS Organization delegation.

This module is designed to:

• Delegate AWS Services to a target accounts.
• Support multi-regional delegation.

Features

locals {
  primary_aws_region = "eu-central-1"
  default_regions    = ["eu-central-1", "us-east-2"]
  delegations = [
    {
      regions           = ["us-east-1"]
      service_principal = "cloudtrail.amazonaws.com"
      target_account_id = "992382728088" # core_security
    },
    {
      regions           = local.default_regions
      service_principal = "guardduty.amazonaws.com"
      target_account_id = "992382728088" # core_security      
    },
    {
      regions           = local.default_regions
      service_principal = "securityhub.amazonaws.com"
      target_account_id = "992382728088" # core_security
    },
    {
      regions           = [local.primary_aws_region]
      service_principal = "backup.amazonaws.com"
      target_account_id = "992382728088" # core_security
    },
    {
      regions           = [local.primary_aws_region]
      service_principal = "member.org.stacksets.cloudformation.amazonaws.com"
      target_account_id = "992382728088" # core_security
    },
    {
      regions           = [local.primary_aws_region]
      service_principal = "member.org.stacksets.cloudformation.amazonaws.com"
      target_account_id = "590183833356" # core_logging
    }
  ]
}

module "preprocess_data" {
  source  = "app.terraform.io/acai-solutions/org-delegation/aws//modules/preprocess-data"
  version = "~> 1.0"

  primary_aws_region = local.primary_aws_region
  delegations        = local.delegations
}

Provide the above specifications to the ACF Module (multiple module calls for different regions):

module "example_euc1" {
  source  = "app.terraform.io/acai-solutions/org-delegation/aws"
  version = "~> 1.0"

  primary_aws_region = module.preprocess_data.is_primary_region["eu-central-1"]
  delegations        = module.preprocess_data.delegations_by_region["eu-central-1"]
  providers = {
    aws = aws.org_mgmt_euc1
  }
  depends_on = [module.create_provisioner]
}


module "example_use1" {
  source  = "app.terraform.io/acai-solutions/org-delegation/aws"
  version = "~> 1.0"

  primary_aws_region = module.preprocess_data.is_primary_region["us-east-1"]
  delegations        = module.preprocess_data.delegations_by_region["us-east-1"]
  providers = {
    aws = aws.org_mgmt_use1
  }
  depends_on = [
    module.create_provisioner,
    module.example_euc1
  ]
}

module "example_use2" {
  source  = "app.terraform.io/acai-solutions/org-delegation/aws"
  version = "~> 1.0"

  primary_aws_region = module.preprocess_data.is_primary_region["us-east-2"]
  delegations        = module.preprocess_data.delegations_by_region["us-east-2"]
  providers = {
    aws = aws.org_mgmt_use2
  }
  depends_on = [
    module.create_provisioner,
    module.example_euc1
  ]
}