control_tower_account_factory
aws-ia/control_tower_account_factory/aws
Terraform Module
HCL
AWS
✓ Verified
AWS Control Tower Account Factory
Install
module "control_tower_account_factory" {
source = "aws-ia/control_tower_account_factory/aws"
version = "1.18.1"
}
README
AWS Control Tower Account Factory for Terraform AWS Control Tower Account Factory for Terraform (AFT) follows a GitOps model to automate the processes of account provisioning and account updating in AWS Control Tower. You'll create an account request Terraform file, which provides the necessary input that triggers the AFT workflow for account provisioning. For more information on AFT, see Overview of AWS Control Tower Account Factory for Terraform Getting started This guide is intended for administrators of AWS Control Tower environments who wish to set up Account Factory for Terraform (AFT) in their environment. It describes how to set up an Account Factory for Terraform (AFT) environment with a new, dedicated AFT management account. This guide follows the deployment steps outlined in Dep
Inputs (50)
| Name | Type | Description | Default |
|---|---|---|---|
| log_archive_account_id | string | Log Archive Account Id | |
| audit_account_id | string | Audit Account Id | |
| aft_management_account_id | string | AFT Management Account ID | |
| ct_home_region | string | The region from which this module will be executed. This MUST be the same region | |
| ct_management_account_id | string | Control Tower Management Account Id | |
| terraform_project_name | string | Project name for Terraform Cloud or Enterprise - project must exist before deplo | "Default Project" |
| terraform_api_endpoint | string | API Endpoint for Terraform. Must be in the format of https://xxx.xxx. | "https://app.terraform.io/api/v2/" |
| aft_customer_private_subnets | list(string) | A list of private subnets to deploy AFT resources in, if customer is providing a | [] |
| github_enterprise_url | string | GitHub enterprise URL, if GitHub Enterprise is being used | "null" |
| global_customizations_repo_name | string | Repository name for the global customization files. For non-CodeCommit repos, na | "aft-global-customizations" |
| tags | map(any) | Map of tags to apply to resources deployed by AFT. | null |
| aft_enable_vpc | bool | Flag turning use of VPC on/off for AFT | true |
| aft_customer_vpc_id | string | The VPC ID to deploy AFT resources in, if customer is providing an existing VPC. | null |
| cloudwatch_log_group_enable_cmk_encryption | bool | Flag toggling CloudWatch Log Groups encryption by using the AFT customer managed | false |
| backup_recovery_point_retention | number | Number of days to keep backup recovery points in AFT DynamoDB tables. Default = | null |
| account_request_repo_branch | string | Branch to source account request repo from | "main" |
| account_provisioning_customizations_repo_name | string | Repository name for the account provisioning customizations files. For non-CodeC | "aft-account-provisioning-customizations |
| aft_vpc_private_subnet_02_cidr | string | CIDR Block to allocate to the Private Subnet 02 | "192.168.1.0/24" |
| aft_vpc_public_subnet_02_cidr | string | CIDR Block to allocate to the Public Subnet 02 | "192.168.2.128/25" |
| aft_feature_cloudtrail_data_events | bool | Feature flag toggling CloudTrail data events on/off | false |
| gitlab_selfmanaged_url | string | GitLab SelfManaged URL, if GitLab SelfManaged is being used | "null" |
| aft_vpc_cidr | string | CIDR Block to allocate to the AFT VPC | "192.168.0.0/22" |
| aft_codebuild_compute_type | string | The CodeBuild compute type that build projects will use. | "BUILD_GENERAL1_MEDIUM" |
| aft_framework_repo_url | string | Git repo URL where the AFT framework should be sourced from | "https://github.com/aws-ia/terraform-aws |
| aft_framework_repo_git_ref | string | Git branch from which the AFT framework should be sourced from | null |
| … and 10 more inputs | |||
Outputs (50)
aft_feature_cloudtrail_data_eventsvcs_provideraccount_request_repo_branchaccount_customizations_repo_branchterraform_org_nameaft_secondary_backend_bucket_idaft_backend_secondary_kms_key_idct_management_account_idgitlab_selfmanaged_urlglobal_customizations_repo_nameaccount_provisioning_customizations_repo_nameaft_vpc_private_subnet_02_cidraft_backend_primary_kms_key_alias_arnaft_backend_secondary_kms_key_alias_arnaft_features_step_function_arnterraform_api_endpointaft_vpc_public_subnet_02_cidraft_ct_management_exec_role_arnaft_exec_role_arnaft_backend_lock_table_nameaft_failure_sns_topic_arnaccount_request_repo_nameglobal_customizations_repo_branchaft_vpc_public_subnet_01_cidraft_kms_key_alias_arnaft_sns_topic_arnct_home_regioncloudwatch_log_group_retentionterraform_versionaft_admin_role_arn… and 20 more outputs
Details
FrameworkTerraform Module
LanguageHCL
Version1.18.1
Cloud AWS
★ Stars770
Forks575
Total downloads118.4k
Inputs50
Outputs50
Examples7
Submodules12
LicenseApache-2.0
Namespaceaws-ia
Updated