control_tower_account_factory

aws-ia/control_tower_account_factory/aws

Terraform Module HCL AWS ✓ Verified

AWS Control Tower Account Factory

Install

module "control_tower_account_factory" {

source = "aws-ia/control_tower_account_factory/aws"

version = "1.18.1"

}

plain text: /constructs/tfmod-aws-ia-control-tower-account-factory-aws/install.txt

⭐ Source on GitHub 📦 Registry page

README

AWS Control Tower Account Factory for Terraform AWS Control Tower Account Factory for Terraform (AFT) follows a GitOps model to automate the processes of account provisioning and account updating in AWS Control Tower. You'll create an account request Terraform file, which provides the necessary input that triggers the AFT workflow for account provisioning. For more information on AFT, see Overview of AWS Control Tower Account Factory for Terraform Getting started This guide is intended for administrators of AWS Control Tower environments who wish to set up Account Factory for Terraform (AFT) in their environment. It describes how to set up an Account Factory for Terraform (AFT) environment with a new, dedicated AFT management account. This guide follows the deployment steps outlined in Dep

Inputs (50)

Name	Type	Description	Default
log_archive_account_id	string	Log Archive Account Id	required
audit_account_id	string	Audit Account Id	required
aft_management_account_id	string	AFT Management Account ID	required
ct_home_region	string	The region from which this module will be executed. This MUST be the same region	required
ct_management_account_id	string	Control Tower Management Account Id	required
terraform_project_name	string	Project name for Terraform Cloud or Enterprise - project must exist before deplo	`"Default Project"`
terraform_api_endpoint	string	API Endpoint for Terraform. Must be in the format of https://xxx.xxx.	`"https://app.terraform.io/api/v2/"`
aft_customer_private_subnets	list(string)	A list of private subnets to deploy AFT resources in, if customer is providing a	`[]`
github_enterprise_url	string	GitHub enterprise URL, if GitHub Enterprise is being used	`"null"`
global_customizations_repo_name	string	Repository name for the global customization files. For non-CodeCommit repos, na	`"aft-global-customizations"`
tags	map(any)	Map of tags to apply to resources deployed by AFT.	`null`
aft_enable_vpc	bool	Flag turning use of VPC on/off for AFT	`true`
aft_customer_vpc_id	string	The VPC ID to deploy AFT resources in, if customer is providing an existing VPC.	`null`
cloudwatch_log_group_enable_cmk_encryption	bool	Flag toggling CloudWatch Log Groups encryption by using the AFT customer managed	`false`
backup_recovery_point_retention	number	Number of days to keep backup recovery points in AFT DynamoDB tables. Default =	`null`
account_request_repo_branch	string	Branch to source account request repo from	`"main"`
account_provisioning_customizations_repo_name	string	Repository name for the account provisioning customizations files. For non-CodeC	`"aft-account-provisioning-customizations`
aft_vpc_private_subnet_02_cidr	string	CIDR Block to allocate to the Private Subnet 02	`"192.168.1.0/24"`
aft_vpc_public_subnet_02_cidr	string	CIDR Block to allocate to the Public Subnet 02	`"192.168.2.128/25"`
aft_feature_cloudtrail_data_events	bool	Feature flag toggling CloudTrail data events on/off	`false`
gitlab_selfmanaged_url	string	GitLab SelfManaged URL, if GitLab SelfManaged is being used	`"null"`
aft_vpc_cidr	string	CIDR Block to allocate to the AFT VPC	`"192.168.0.0/22"`
aft_codebuild_compute_type	string	The CodeBuild compute type that build projects will use.	`"BUILD_GENERAL1_MEDIUM"`
aft_framework_repo_url	string	Git repo URL where the AFT framework should be sourced from	`"https://github.com/aws-ia/terraform-aws`
aft_framework_repo_git_ref	string	Git branch from which the AFT framework should be sourced from	`null`
… and 10 more inputs

Outputs (50)

aft_feature_cloudtrail_data_events

vcs_provider

account_request_repo_branch

account_customizations_repo_branch

terraform_org_name

aft_secondary_backend_bucket_id

aft_backend_secondary_kms_key_id

ct_management_account_id

gitlab_selfmanaged_url

global_customizations_repo_name

account_provisioning_customizations_repo_name

aft_vpc_private_subnet_02_cidr

aft_backend_primary_kms_key_alias_arn

aft_backend_secondary_kms_key_alias_arn

aft_features_step_function_arn

terraform_api_endpoint

aft_vpc_public_subnet_02_cidr

aft_ct_management_exec_role_arn

aft_exec_role_arn

aft_backend_lock_table_name

aft_failure_sns_topic_arn

account_request_repo_name

global_customizations_repo_branch

aft_vpc_public_subnet_01_cidr

aft_kms_key_alias_arn

aft_sns_topic_arn

ct_home_region

cloudwatch_log_group_retention

terraform_version

aft_admin_role_arn

… and 20 more outputs

Topics & Tags

control-tower-service-team-owned repo-does-not-accept-pull-requests

Details

FrameworkTerraform Module

LanguageHCL

Version1.18.1

Cloud AWS

★ Stars770

Forks575

Total downloads118.4k

Inputs50

Outputs50

Examples7

Submodules12

LicenseApache-2.0

Namespaceaws-ia

Updated

Tools

⚖ Compare with another construct → 📋 View data schema