terraform-aws-control_tower_account_factory icon indicating copy to clipboard operation
terraform-aws-control_tower_account_factory copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

Differentiate customization per account within the one `aft-account-customization` template folder

Open kyrylo-hulak opened this issue 2 years ago • 2 comments

Describe the outcome you'd like

To be able to group AWS accounts under one account_template folder, for instance, by OU. Meantime, differentiate customization per account within the group.

Is your feature request related to a problem you are currently experiencing? If so, please describe.

I would like to avoid having account_template created per each account that wouldn't be possible to fit into the group.

Thank you!

kyrylo-hulak avatar Jan 11 '23 11:01 kyrylo-hulak

Hey Kyrylo, appreciate you reaching out. To make sure I understand the feature request, would you be able to give a specific example that demonstrates a directory structure that you'd like to see supported?

adam-daily avatar Jan 12 '23 19:01 adam-daily

Hi @adam-daily, sure. I was looking for something like below

.
|---**aft-account-customizations**
       |---**OU/group**-customization
             |---api_helpers
             |     |---post-api-helpers.sh
             |     |---pre-api-helpers.sh
             |     |---python
             |           |---requirements.txt
             |---terraform
                   |---aft-providers.jinja
                   |---backend.jinja
                   |---**account A**-customization
                   |     |---main.tf
                   |---**account B**-customization
                   |     |---main.tf
                   |---main.tf

Based on the above tree. I thought next, if we use Account-Template name as a label to leverage in aft-account-request repo. To customize further requested AWS accounts. We can use the top folder name as a group label, for instance, corresponding AWS Organization OU name. Till now it's clear and works well. However, what if I would like to customize within the group some AWS accounts differently from OU provided configuration. Meantime, not duplicating all the tree per account. I would just create corresponding folder under OU structure to keep per account customization. And, using account A-customization name as a label to apply certain customization in aft-account-request. So that, I would have the ability to choose between labels I have to apply. By the way, there is a question whether I am able to apply two labels at a time to account-request for customization.

There wouldn't be a question above if aft-global-customization could be applied to certain group of accounts and not to all accounts provisioned with AFT.

I might be wrong and there is somewhere plain solution for my task. Please advise!

kyrylo-hulak avatar Jan 13 '23 11:01 kyrylo-hulak