https://cloudposse.com logo
Join Slack
Powered by
Hi folks, I’m trying to use the `terraform-aws-com...
# terraform
g
Hi folks, I’m trying to use the 
terraform-aws-components
to bootstrap an account on an already available organisation. I went through as a first step to the account module but pretty stuck with understanding how it works and how the yaml found in the README can help with specifying the 
organization_config
etc. Any hints or example will be highly appreciated!
m
@Grubhold check out the docs in https://docs.cloudposse.com/ — That will help you understand your path forward. Specifically: https://docs.cloudposse.com/tutorials/atmos-getting-started/
r
what are you using for inputs? are you getting any error messages?
g
@Matt Gowie Thanks for pointing out, I will go through the documentation to try and understand how it works. @RB the 
default.auto.tfvars
currently has these inputs I did get a successful plan even though the inputs are just generic currently, but as Matt suggested I’ll go through the documentation to understand. Because I’m not sure how I can use this to bootstrap an account on an existing organisation. What will I need to deploy an account to that organisation etc.
message has been deleted
As far as I understand Atmos is working like a wrapper. And the components don’t necessarily need atmos to work unless you want to use the stacks structure. Is that correct?
Because in our organisation’s case its very hard to get such tools accepted 😕
So I’m assuming that if we don’t use Atmos and stacks we need to use the 
.tfvars
file to provide the information needed to create an account under the existing organisation?
Therefore, can I not use the 
service_control_policies_config_paths
to the yaml stacks?
r
you can use the default auto tfvars instead of atmos but you're giving up all the yaml. armos will simply convert the yaml into terraform var inputs for you and then run terraform workspace selection, terraform init/plan/apply
the service control policies config path input for the account component is for yaml that contain service control policies which is very different from the stack yaml configs
g
@RB Thanks for your reply. It makes sense to me but I’m afraid that we won’t be able to use it on Azure Pipelines that we use for CICD because new tasks pretty much doesn’t get approved at all. I’m afraid Atmos would need it. I might be very mistaken about how Atmos works..
Also, I hope you don’t mind I keep getting this error while trying to provision the account
Copy code
│ Error: Error creating organization: AlreadyInOrganizationException: The AWS account is already a member of an organization.
│
│   with aws_organizations_organization.this,
│   on <http://main.tf|main.tf> line 91, in resource "aws_organizations_organization" "this":
│   91: resource "aws_organizations_organization" "this" {
I have the root account credentials. What am I missing here? Can’t I just deploy the account on an already existing org with this component?
r
it looks like you already have an organization created and will have to import the org here
that's unfortunate that a tool like atmos wouldn't be approved because that's the tool that makes our refarch powerful. however, the cool thing about atmos is that it's just a wrapper for terraform. all it does is deliver terraform var inputs from yaml and so you can substitute the yaml by using default auto tfvars directly
g
Yes but I won’t give up on it just yet, I’ll see if we can use it somehow in the pipeline. Otherwise indeed we’d just use tfvars then.
Can you please define “import the org here”? I think that’s where I’m stuck
r
terraform import your organization resource into your current terraform state
g
!! Ok that is a very good progress. So I imported the organization to my state file, then ran 
apply
and it added outputs as well. But then it says that the real infra matches with the current configuration so nothing changes. Why is it not trying to provision the account I have specified?
message has been deleted
@RB Sorry for the ping. I would really appreciate your help with this. I can’t seem to manage to skip organization creation and just create an account under this existing one. I’ve been working on https://github.com/cloudposse/terraform-aws-components/blob/master/modules/account/main.tf to try and skip the organization with no use.
Open in Slack
PreviousNext
Powered by