service-control-policies
cloudposse/service-control-policies/aws
Terraform module to provision Service Control Policies (SCP) for AWS Organizations, Organizational Units, and AWS accounts
Terraform module to provision Service Control Policies (SCP) for AWS Organizations, Organizational Units, and AWS accounts. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction Service Control Policies are configured in YAML configuration files. We maintain a comprehensive catalog of SCP configurations and welcome contributions via pull request! The example in this module uses the catalog to provision the SCPs on AWS. The policies in the catalog/*-templates files require parameters supplied via the parameters input to
| Name | Type | Description | Default |
|---|---|---|---|
| service_control_policy_statements | any | List of Service Control Policy statements | |
| target_id | string | The unique identifier (ID) of the organization root, organizational unit, or acc | |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| delimiter | string | Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` | null |
| label_order | list(string) | The order in which the labels (ID elements) appear in the `id`. Defaults to ["na | null |
| service_control_policy_description | string | Description of the combined Service Control Policy | null |
| context | any | Single object for setting entire context at once. See description of individual | {
"additional_tag_map": {},
"attribu |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| tags | map(string) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the t | {} |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| id_length_limit | number | Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. | null |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| stage | string | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu | null |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| environment | string | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'st | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| regex_replace_chars | string | Terraform regular expression (regex) string. Characters matching the regex will | null |
organizations_policy_id — The unique identifier of the policyorganizations_policy_arn — Amazon Resource Name (ARN) of the policyAzure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,