Skip to content

Latest commit

 

History

History
90 lines (76 loc) · 15.3 KB

File metadata and controls

90 lines (76 loc) · 15.3 KB

account

This module creates following resources.

  • aws_iam_account_alias
  • aws_iam_account_password_policy
  • aws_iam_security_token_service_preferences
  • aws_account_primary_contact (optional)
  • aws_account_alternate_contact (optional)
  • aws_account_region (optional)
  • aws_ce_cost_allocation_tag (optional)
  • aws_s3_account_public_access_block
  • aws_spot_datafeed_subscription (optional)

Requirements

Name Version
terraform >= 1.5
aws >= 5.10
awscc >= 0.75

Providers

Name Version
aws 5.47.0
awscc 0.75.0

Modules

No modules.

Resources

Name Type
aws_account_alternate_contact.billing resource
aws_account_alternate_contact.operation resource
aws_account_alternate_contact.security resource
aws_account_primary_contact.this resource
aws_account_region.this resource
aws_ce_cost_allocation_tag.this resource
aws_iam_account_alias.this resource
aws_iam_account_password_policy.this resource
aws_iam_security_token_service_preferences.this resource
aws_s3_account_public_access_block.this resource
aws_spot_datafeed_subscription.this resource
awscc_supportapp_account_alias.this resource
awscc_supportapp_slack_channel_configuration.this resource
awscc_supportapp_slack_workspace_configuration.this resource
aws_caller_identity.this data source

Inputs

Name Description Type Default Required
name (Required) The name for the AWS account. Used for the account alias. string n/a yes
additional_regions (Optional) A set of regions to enable in the account. set(string) [] no
billing_contact (Optional) The configuration of the billing contact for the AWS Account. billing_contact as defined below.
(Required) name - The name of the billing contact.
(Optional) title - The tile of the billing contact. Defaults to Billing Manager.
(Required) email - The email address of the billing contact.
(Required) phone - The phone number of the billing contact.
object({
name = string
title = optional(string, "Billing Manager")
email = string
phone = string
})
null no
cost (Optional) The configuration of the Cost & Billing for the AWS Account. cost as defined below.
(Optional) cost_allocation_tags - A set of the key for the cost allocation tags.
object({
cost_allocation_tags = optional(set(string), [])
})
{} no
ec2_spot_datafeed_subscription (Optional) The configuration of the Spot Data Feed Subscription. ec2_spot_datafeed_subscription as defined below.
(Optional) enabled - Indicate whether to enable Spot Data Feed Subscription to S3 Bucket. Defaults to false.
(Optional) s3_bucket - The configuration of the S3 bucket where AWS deliver the spot data feed. s3_bucket as defined below.
(Required) name - The name of the S3 bucket where AWS deliver the spot data feed.
(Optional) key_prefix - The path of directory inside S3 bucket to place spot pricing data.
object({
enabled = optional(bool, false)
s3_bucket = optional(object({
name = optional(string, "")
key_prefix = optional(string, "")
}))
})
{} no
operation_contact (Optional) The configuration of the operation contact for the AWS Account. operation_contact as defined below.
(Required) name - The name of the operation contact.
(Optional) title - The tile of the operation contact. Defaults to Operation Manager.
(Required) email - The email address of the operation contact.
(Required) phone - The phone number of the operation contact.
object({
name = string
title = optional(string, "Operation Manager")
email = string
phone = string
})
null no
password_policy (Optional) Password Policy for the AWS account.
object({
minimum_password_length = optional(number, 8)
require_numbers = optional(bool, true)
require_symbols = optional(bool, true)
require_lowercase_characters = optional(bool, true)
require_uppercase_characters = optional(bool, true)
allow_users_to_change_password = optional(bool, true)
hard_expiry = optional(bool, false)
max_password_age = optional(number, 0)
password_reuse_prevention = optional(number, 0)
})
{} no
primary_contact (Optional) The configuration of the primary contact for the AWS Account. primary_contact as defined below.
(Required) name - The full name of the primary contact address.
(Optional) company_name - The name of the company associated with the primary contact information, if any.
(Required) country_code - The ISO-3166 two-letter country code for the primary contact address.
(Optional) state - The state or region of the primary contact address. This field is required in selected countries.
(Required) city - The city of the primary contact address.
(Optional) district - The district or county of the primary contact address, if any.
(Required) address_line_1 - The first line of the primary contact address.
(Optional) address_line_2 - The second line of the primary contact address, if any.
(Optional) address_line_3 - The third line of the primary contact address, if any.
(Required) postal_code - The postal code of the primary contact address.
(Required) phone - The phone number of the primary contact information. The number will be validated and, in some countries, checked for activation.
(Optional) website_url - The URL of the website associated with the primary contact information, if any.
object({
name = string
company_name = optional(string, "")
country_code = string
state = optional(string, "")
city = string
district = optional(string, "")
address_line_1 = string
address_line_2 = optional(string, "")
address_line_3 = optional(string, "")
postal_code = string
phone = string
website_url = optional(string, "")
})
null no
s3_public_access_enabled (Optional) Whether to enable S3 account-level Public Access Block configuration. Block the public access to S3 bucket if the value is false. bool false no
security_contact (Optional) The configuration of the security contact for the AWS Account. security_contact as defined below.
(Required) name - The name of the security contact.
(Optional) title - The tile of the security contact. Defaults to Security Manager.
(Required) email - The email address of the security contact.
(Required) phone - The phone number of the security contact.
object({
name = string
title = optional(string, "Security Manager")
email = string
phone = string
})
null no
sts_global_endpoint_token_version (Optional) The version of the STS global endpoint token. Valid values are v1 and
v2. Defaults to v1.
v1 - Version 1 Tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong).
v2 - Version 2 tokens are valid in all Regions. However, version 2 tokens include more characters and might affect systems where you temporarily store tokens.
string "v1" no
support_app (Optional) The configuration of the Support App for the AWS Account. support_app as defined below.
(Optional) account_alias - An account alias associated with a customer's account.
(Optional) slack_workspaces - A set of team ID for each Slack workspace, which uniquely identifies a workspace.
(Optional) slack_channel_configurations - A list of configurations for each Slack channels. Each block of slack_channel_configurations as defined below.
(Optional) name - The name of the Slack channel configuration.
(Required) workspace - The team ID of the Slack workspace, which uniquely identifies a workspace.
(Required) channel - The ID of the Slack channel.
(Optional) permission - The permission of the default IAM role which created by this module. Valid values are READ_ONLY and FULL_ACCESS. Defaults to FULL_ACCESS.
(Optional) channel_role - The ARN (Amazon Resource Name) of the IAM role associated with the Support App to post messages to the Slack channel. Only required to override default role which created with permission.
(Optional) notification_case_severity - The severity level of the support case that a customer wants to get notified for. Valid values are ALL, HIGH, and NONE. Defaults to ALL.
(Optional) notification_on_add_correspondence_to_case - Whether to notify when a correspondence is added to a case. Defaults to true.
(Optional) notification_on_create_or_reopen_case - Whether to notify when a case is created or reopened. Defaults to true.
(Optional) notification_on_resolve_case - Whether to notify when a case is resolved. Defaults to true.
object({
account_alias = optional(string)
slack_workspaces = optional(set(string), [])
slack_channel_configurations = optional(list(object({
name = optional(string)
workspace = string
channel = string

# permission = optional(string, "FULL_ACCESS")
channel_role = optional(string)

notification_case_severity = optional(string, "ALL")
notification_on_add_correspondence_to_case = optional(bool, true)
notification_on_create_or_reopen_case = optional(bool, true)
notification_on_resolve_case = optional(bool, true)
})), [])
})
{} no

Outputs

Name Description
additional_regions A set of additional regions enabled in the account.
billing_contact The billing contact attached to an AWS Account.
cost The account-level configurations of Cost & Billing Management service.
cost_allocation_tags - A set of the key for the cost allocation tags.
ec2 The account-level configurations of EC2 service.
spot_datafeed_subscription - To help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that describes your Spot instance usage and pricing. This data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed.
id The AWS Account ID.
name Name of the AWS account. The account alias.
operation_contact The operation contact attached to an AWS Account.
password_policy Password Policy for the AWS Account. expire_passwords indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0.
primary_contact The primary contact attached to an AWS Account.
s3 The account-level configurations of S3 service.
public_access_enabled - Whether to enable S3 account-level Public Access Block configuration.
security_contact The security contact attached to an AWS Account.
signin_url The URL to signin for the AWS account.
sts The account-level configurations of STS service.
global_endpoint_token_version - The version of the STS global endpoint token.
support_app The account-level configurations of Support App service.
account_alias - The account alias associated with a customer's account.