aws_ami_launch_permission: allow it to manage multiple accounts

[jurajseffer]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

aws_ami_launch_permission is not suited for sharing an AMI with multiple accounts. There are at least two problems:

• it takes a single account_id value which forces operator to create complicated values using setproduct and such if they want to share multiple AMIs with multiple accounts using loops
• it's slow and wasteful because each resource does a lookup on its own and having hundreds of resources to share several amis with few dozen accounts doesn't scale. The AWS API lists and modifies all the launch_permission objects within a single API call for an image so managing multiple accounts in one resource is possible

New or Affected Resource(s)

• aws_ami_launch_permission

Potential Terraform Configuration

A new mutually exclusive account_ids attribute could be introduced that allows to pass in a list.

resource "aws_ami_launch_permission" "example" {
  image_id    = "ami-12345678"
  account_ids = ["123456789012"]
}

References