This module creates following resources.
aws_organizations_accountaws_organizations_policy_attachment(optional)aws_organizations_delegated_administrator(optional)aws_fms_admin_account(optional)aws_guardduty_organization_admin_account(optional)aws_securityhub_organization_admin_account(optional)aws_vpc_ipam_organization_admin_account(optional)aws_account_primary_contact(optional)aws_account_alternate_contact(optional)aws_account_region(optional)
| Name | Version |
|---|---|
| terraform | >= 1.6 |
| aws | >= 5.13 |
| Name | Version |
|---|---|
| aws | 5.45.0 |
| Name | Source | Version |
|---|---|---|
| resource_group | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
| Name | Type |
|---|---|
| aws_account_alternate_contact.billing | resource |
| aws_account_alternate_contact.operation | resource |
| aws_account_alternate_contact.security | resource |
| aws_account_primary_contact.this | resource |
| aws_account_region.this | resource |
| aws_auditmanager_organization_admin_account_registration.this | resource |
| aws_detective_organization_admin_account.this | resource |
| aws_fms_admin_account.this | resource |
| aws_guardduty_organization_admin_account.this | resource |
| aws_organizations_account.this | resource |
| aws_organizations_delegated_administrator.this | resource |
| aws_organizations_policy_attachment.this | resource |
| aws_securityhub_organization_admin_account.this | resource |
| aws_vpc_ipam_organization_admin_account.this | resource |
| aws_organizations_organization.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| (Required) The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. | string |
n/a | yes | |
| name | (Required) A friendly name for the member account. | string |
n/a | yes |
| additional_regions | (Optional) A set of regions to enable in the account. | set(string) |
[] |
no |
| billing_contact | (Optional) The configuration of the billing contact for the AWS Account. billing_contact as defined below.(Required) name - The name of the billing contact.(Optional) title - The tile of the billing contact. Defaults to Billing Manager.(Required) email - The email address of the billing contact.(Required) phone - The phone number of the billing contact. |
object({ |
null |
no |
| close_on_delete | (Optional) Whether to close the account on deletion. It will only remove from the organization if true. This is not supported for GovCloud accounts. Defaults to false. |
bool |
false |
no |
| delegated_services | (Optional) A list of service principals of the AWS service for which you want to make the member account a delegated administrator. | set(string) |
[] |
no |
| iam_user_access_to_billing_allowed | (Optional) If true, the new account enables IAM users to access account billing information if they have the required permissions. If false, then only the root user of the new account can access account billing information. Defaults to false. |
bool |
false |
no |
| module_tags_enabled | (Optional) Whether to create AWS Resource Tags for the module informations. | bool |
true |
no |
| operation_contact | (Optional) The configuration of the operation contact for the AWS Account. operation_contact as defined below.(Required) name - The name of the operation contact.(Optional) title - The tile of the operation contact. Defaults to Operation Manager.(Required) email - The email address of the operation contact.(Required) phone - The phone number of the operation contact. |
object({ |
null |
no |
| parent_id | (Optional) Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. | string |
null |
no |
| policies | (Optional) List of IDs of the policies to be attached to the Account. | list(string) |
[] |
no |
| preconfigured_administrator_role_name | (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. Defaults to OrganizationAccountAccessRole. |
string |
"OrganizationAccountAccessRole" |
no |
| primary_contact | (Optional) The configuration of the primary contact for the AWS Account. primary_contact as defined below.(Required) name - The full name of the primary contact address.(Optional) company_name - The name of the company associated with the primary contact information, if any.(Required) country_code - The ISO-3166 two-letter country code for the primary contact address.(Optional) state - The state or region of the primary contact address. This field is required in selected countries.(Required) city - The city of the primary contact address.(Optional) district - The district or county of the primary contact address, if any.(Required) address_line_1 - The first line of the primary contact address.(Optional) address_line_2 - The second line of the primary contact address, if any.(Optional) address_line_3 - The third line of the primary contact address, if any.(Required) postal_code - The postal code of the primary contact address.(Required) phone - The phone number of the primary contact information. The number will be validated and, in some countries, checked for activation.(Optional) website_url - The URL of the website associated with the primary contact information, if any. |
object({ |
null |
no |
| resource_group_description | (Optional) The description of Resource Group. | string |
"Managed by Terraform." |
no |
| resource_group_enabled | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | bool |
true |
no |
| resource_group_name | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. |
string |
"" |
no |
| security_contact | (Optional) The configuration of the security contact for the AWS Account. security_contact as defined below.(Required) name - The name of the security contact.(Optional) title - The tile of the security contact. Defaults to Security Manager.(Required) email - The email address of the security contact.(Required) phone - The phone number of the security contact. |
object({ |
null |
no |
| tags | (Optional) A map of tags to add to all resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| additional_regions | A set of additional regions enabled in the account. |
| arn | The Amazon Resource Name (ARN) of this account. |
| billing_contact | The billing contact attached to an AWS Account. |
| created_at | The datetime which this account joined to the organization. |
| created_by | The method how this account joined to the organization. |
| delegated_services | A list of service principals of the AWS service which the member account is a delegated administrator. |
| The email address of this account. | |
| govcloud_account_id | The ID for a GovCloud account created with the account. |
| iam_user_access_to_billing_allowed | Whether accessing account billing information by IAM User is allowed. |
| id | The ID of this AWS account. |
| name | The name of this account. |
| operation_contact | The operation contact attached to an AWS Account. |
| parent_id | The ID of the parent Organizational Unit. |
| preconfigured_administrator_role_name | The name of an IAM role that allow users in the master account to assume as administrator. |
| primary_contact | The primary contact attached to an AWS Account. |
| security_contact | The security contact attached to an AWS Account. |
| status | The status of the account in the organization. |