[Feat]: Resolving OU based parameters when not targeting OU

[niklaswesterstrahleknowit]

Describe the feature

When targeting accounts with tags, we would need to be able to give parameters to a set of accounts.

    targets:
      - tags:
           tag1: value
           tag2: value2
        regions: [eu-west-1, eu-north-1]

The accounts are put into separate OU's for examples sake /prod and /dev

Pipeline repository would have files, and these would be matched to the template according to the OU the account belongs to

params/
├── global.yml
├── ou-123-445678.yml or prod.yml
└── ou-123-567890.yml or dev.yml

I mentioned this in issue #294 and Simon asked to open a separate ticket - so here it is.

Use Case

We have a client setup that targets with tags (if you ask why, I can give you a legacy answer before version 3.2.0 came out).

When targeting accounts with tags, giving separate parameters to accounts can only currently be done with account.yml or global.yml

global.yml └───deployment_account_region.yml (e.g. global_eu-west-1.yml) └───ou.yml (e.g. ou-1a2b-3c4d5e.yml) └───ou_region.yml (e.g. ou-1a2b-3c4d5e_eu-west-1.yml) └───account.yml (e.g. dev-account-1.yml) └───account_region.yml (e.g. dev-account-1_eu-west-1.yml)

It would make management of accounts in this setup easier, when one can have one type of account in its own OU (ex. /dev) and parameters would come from ou.yml, instead of having account.yml for each account.

Proposed Solution

Script generating parameters could check the OU the account belongs to and check if OU parameter file exists and use that.

Acknowledgements

• [ ] I may be able to implement this feature request

[sbkok]

Thank you for opening this feature request and adding relevant context to it! Much appreciated.