Vitor Rosa

I'm not referring to TF workspaces, but to AWS Code Pipeline.

Which VPC are you referring? The default one or the VPC created at the account customisations level?

@jarrettj I would say this feature might be covered by https://github.com/aws-ia/terraform-aws-control_tower_account_factory/issues/153

Ohh by locally you mean from your laptop? It would be a different request then.

@theipster in that case the request here https://github.com/aws-ia/terraform-aws-control_tower_account_factory/issues/153 would prevent it. Still not able to test it from non main branches, but for sure it's much safer.

Could you provide a more explicit example of your goal? When you say access to logged users you mean all your repositories are either private or internal?

Then check if my gist might help https://gist.github.com/v-rosa/aa9c8afd44d66c3a81b9920a1bc90e42 Currently I've changed the SSM parameter store to Secret Manager, but the overall concept it's the same. In my case was to...

I tipically use AWS Secrets Manager for such use case. Provision the SM instance, provide cross account access and refer it in the `aft-providers.jinja` e.g.: ```hcl data "aws_secretsmanager_secret" "harness" {...

> (....) managed in a "central" AWS account, made accessible to other accounts in your AWS organization? Exactly. > as if you were creating this secret for each account, you'd...