Ed
03/21/2023, 2:11 PMx,y,z
) as an ECS task inside AWS account A
to create different terraform resources in AWS accounts B,C,D
. Can anyone think of a way of restricting certain repos to create resources only in certain AWS accounts, so that x
can only create resources in B
account, y->X
and z->D
Nataly
03/21/2023, 2:13 PMEd
03/21/2023, 2:16 PMNataly
03/21/2023, 2:17 PMEd
03/21/2023, 2:17 PMrole_arn = "arn:aws:iam::xxxx:role/terraform"
Justin S
03/21/2023, 2:21 PMNataly
03/21/2023, 2:21 PMCan you not just configure that in the providerThen end-users have control over which AWS instance they connect to
Justin S
03/21/2023, 2:22 PMprovider "aws" {
region = "us-gov-west-1"
allowed_account_ids = [
"yyyyyy"
]
assume_role {
role_arn = "arn:aws-us-gov:iam::xxxxxxxx:role/terraform_infra"
}
default_tags {
tags = {
Environment = "dev"
DeploymentID = "infra"
Terraform = "true"
}
}
}
Ed
03/21/2023, 2:24 PMJustin S
03/21/2023, 2:24 PMEd
03/21/2023, 2:25 PMJustin S
03/21/2023, 2:25 PMallowed accounts
variable, and then users generate their provider config so its always correct.allowed_account_ids
Chastity Blackwell
03/21/2023, 2:37 PMNataly
03/21/2023, 5:18 PM