-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
76 lines (65 loc) · 2.79 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
resource "aws_organizations_organization" "org" {
aws_service_access_principals = var.aws_service_access_principals
feature_set = var.feature_set
enabled_policy_types = var.enabled_policy_types
}
resource "aws_organizations_account" "account" {
for_each = local.accounts_updated
name = each.key
email = each.value.email
tags = each.value.tags
iam_user_access_to_billing = each.value.iam_user_access_to_billing
parent_id = each.value.parent
}
resource "aws_organizations_policy" "this" {
for_each = var.policies
name = each.key
content = each.value.content
description = each.value.description
type = each.value.type
}
resource "aws_organizations_policy_attachment" "account" {
for_each = { for attachment in local.account_policy_attachments : "${attachment.policy}.${attachment.target}" => attachment }
policy_id = aws_organizations_policy.this[each.value.policy].id
target_id = aws_organizations_account.account[each.value.target].id
}
resource "aws_organizations_policy_attachment" "ou" {
for_each = { for attachment in local.ou_policy_attachments : "${attachment.policy}.${attachment.target}" => attachment }
policy_id = aws_organizations_policy.this[each.value.policy].id
target_id = local.ous[each.value.target]
}
resource "aws_organizations_delegated_administrator" "this" {
for_each = var.delegated_administrators
account_id = aws_organizations_account.account[each.value.account].id
service_principal = "${each.key}.amazonaws.com"
}
resource "aws_organizations_organizational_unit" "first_level_ou" {
for_each = local.first_level_ous
name = each.key
parent_id = each.value.parent
tags = each.value.tags
}
resource "aws_organizations_organizational_unit" "second_level_ou" {
for_each = local.second_level_ous
name = each.key
parent_id = aws_organizations_organizational_unit.first_level_ou[each.value.parent].id
tags = each.value.tags
}
resource "aws_organizations_organizational_unit" "third_level_ou" {
for_each = local.third_level_ous
name = each.key
parent_id = aws_organizations_organizational_unit.second_level_ou[each.value.parent].id
tags = each.value.tags
}
resource "aws_organizations_organizational_unit" "fourth_level_ou" {
for_each = local.fourth_level_ous
name = each.key
parent_id = aws_organizations_organizational_unit.third_level_ou[each.value.parent].id
tags = each.value.tags
}
resource "aws_organizations_organizational_unit" "fifth_level_ou" {
for_each = local.fifth_level_ous
name = each.key
parent_id = aws_organizations_organizational_unit.fourth_level_ou[each.value.parent].id
tags = each.value.tags
}