terraform-aws-control_tower_account_factory
terraform-aws-control_tower_account_factory copied to clipboard
Published
20 hours ago •
aws-ia
aws-ia
CodeBuild is invoked for every plan
Terraform Version & Prov: 1.7.0
AFT Version: 1.11.1
(Can be found in the AFT Management Account in the SSM Parameter /aft/config/aft/version)
Terraform Version & Provider Versions
Please provide the outputs of terraform version and terraform providers from within your AFT environment
terraform version
Terraform v1.7.0
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.33.0
+ provider registry.terraform.io/hashicorp/external v2.3.2
+ provider registry.terraform.io/hashicorp/local v2.4.1
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.10.0
+ provider registry.terraform.io/scottwinkler/shell v1.7.10
terraform providers
Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/aws] >= 5.30.0
├── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
├── provider[terraform.io/builtin/terraform]
├── module.ous
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.acct_log_archive
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.sso
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.acct_management
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.config_recorder_us_east_1
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.config_recorder_default_region
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.acct_aft_management
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.account_factory_for_terraform
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── provider[registry.terraform.io/hashicorp/local]
│ ├── module.aft_ssm_parameters
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ └── provider[registry.terraform.io/hashicorp/random]
│ ├── module.aft_iam_roles
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
│ ├── module.aft_service_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.audit_exec_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.audit_service_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.ct_management_exec_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.ct_management_service_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.log_archive_exec_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.log_archive_service_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ └── module.aft_exec_role
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.aft_lambda_layer
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── provider[registry.terraform.io/hashicorp/random]
│ └── provider[registry.terraform.io/hashicorp/local]
│ ├── module.packaging
│ └── provider[registry.terraform.io/hashicorp/archive]
│ ├── module.aft_account_provisioning_framework
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.aft_code_repositories
│ ├── provider[registry.terraform.io/hashicorp/local]
│ └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ ├── module.aft_feature_options
│ └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
│ ├── module.aft_backend
│ └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
│ ├── module.aft_customizations
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
│ └── provider[registry.terraform.io/hashicorp/local]
│ └── module.aft_account_request_framework
│ ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
│ └── provider[registry.terraform.io/hashicorp/time]
│ └── module.service_quotas_aft
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.acct_shared
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.subdomain
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.tfr
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── provider[registry.terraform.io/hashicorp/random]
│ ├── module.kms_sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.s3bucket_ui
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_get_presigned_url
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_get_provider_versions
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.hookbuild_modules
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ └── module.lambdacron
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_async_cache
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_get_presigned_provider
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_get_provider
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.s3bucket_modules
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.lambdacron_authoriser
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── provider[registry.terraform.io/hashicorp/archive]
│ ├── module.kms
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.sns
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.kms_s3_cache
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.kms_s3_modules
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.kms_dynamodb
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.s3bucket_cache
│ └── provider[registry.terraform.io/hashicorp/aws]
├── module.controltower_region_deny_core_ous
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ └── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
├── module.acct_audit
│ ├── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.security_hub_central_config
│ ├── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
│ └── provider[registry.terraform.io/hashicorp/aws]
│ ├── module.security_hub_central_config_association
│ ├── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
│ └── provider[registry.terraform.io/hashicorp/aws]
│ └── module.security_hub_central_config_policy_org_default
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ └── provider[registry.terraform.io/scottwinkler/shell] ~> 1.7.10
├── module.acct_network
│ ├── provider[registry.terraform.io/hashicorp/aws]
│ └── module.r53
│ └── provider[registry.terraform.io/hashicorp/aws]
└── module.control_tower
├── provider[registry.terraform.io/hashicorp/aws]
├── provider[registry.terraform.io/scottwinkler/shell]
├── provider[registry.terraform.io/hashicorp/external]
├── module.lambdacron_register_ou
├── provider[registry.terraform.io/hashicorp/archive]
├── provider[registry.terraform.io/hashicorp/aws]
├── module.kms
└── provider[registry.terraform.io/hashicorp/aws]
└── module.sns
└── provider[registry.terraform.io/hashicorp/aws]
├── module.sfn
└── provider[registry.terraform.io/hashicorp/aws]
└── module.kms_control_tower
└── provider[registry.terraform.io/hashicorp/aws]
Providers required by state:
provider[registry.terraform.io/hashicorp/time]
provider[registry.terraform.io/scottwinkler/shell]
provider[terraform.io/builtin/terraform]
provider[registry.terraform.io/hashicorp/aws]
provider[registry.terraform.io/hashicorp/local]
provider[registry.terraform.io/hashicorp/archive]
provider[registry.terraform.io/hashicorp/external]
provider[registry.terraform.io/hashicorp/random]
Bug Description Every time the AFT module is invoked, the CodeBuild job to build the Lambda layer is invoked. This is very frustrating and wasteful, as we don't need to build the layer every single time.
To Reproduce Steps to reproduce the behavior: Plan Terraform with AFT in the configuration.
Expected behavior CodeBuild should only be invoked when the layer will be changed.
Additional context I have forked this repository and applied the required patch: https://github.com/jack-parsons-bjss/terraform-aws-control_tower_account_factory I can see that you are not accepting contributions at this time, so I raised this issue instead - AFT is part of our Landing Zone deployment, while we are rapidly iterating this is very frustrating for us
@jack-parsons-bjss thank you for reaching out. I have created an internal backlog to address this concern.
