Merge pull request #1 from Flaconi/OPS-6301-scp-module

OPS-6301: Terraform Module for SCP
Flaconi · Oct 30, 2024 · 4a8efde · 4a8efde
2 parents f7a9bca + 3c081ca
commit 4a8efde
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# terraform-module-template
+# Terraform Module for Service Control Policies
 Template for Terraform modules
 
 <!-- Uncomment and replace with your module name
@@ -18,7 +18,9 @@ For requirements regarding module structure: [style-guide-terraform.md](https://
 <!-- TFDOCS_PROVIDER_START -->
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 
 <!-- TFDOCS_PROVIDER_END -->
 
@@ -34,7 +36,22 @@ No providers.
 <!-- TFDOCS_INPUTS_START -->
 ## Required Inputs
 
-No required inputs.
+The following input variables are required:
+
+### <a name="input_policies"></a> [policies](#input\_policies)
+
+Description: List of policies with their details
+
+Type:
+
+```hcl
+list(object({
+    name        = string
+    file        = string
+    target_ids  = list(string)
+    description = string
+  }))
+```
 
 ## Optional Inputs
 
@@ -45,7 +62,10 @@ No optional inputs.
 <!-- TFDOCS_OUTPUTS_START -->
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_policy_arns"></a> [policy\_arns](#output\_policy\_arns) | Map of policy ARNs. |
+| <a name="output_policy_ids"></a> [policy\_ids](#output\_policy\_ids) | Map of policy IDs. |
 
 <!-- TFDOCS_OUTPUTS_END -->
 

diff --git a/main.tf b/main.tf
@@ -0,0 +1,17 @@
+# Create an AWS Organization policy for each policy template
+resource "aws_organizations_policy" "scp" {
+  for_each = { for policy in var.policies : policy.name => policy }
+
+  name        = each.key
+  description = each.value.description
+  content     = templatefile(lookup(each.value, "file"), {})
+}
+
+resource "aws_organizations_policy_attachment" "attach_scp" {
+  for_each = {
+    for policy in aws_organizations_policy.scp :
+    policy.name => policy
+  }
+  policy_id = each.value.id
+  target_id = flatten([for p in var.policies : p.target_ids if p.name == each.key])[0]
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,9 @@
+output "policy_arns" {
+  value       = { for k, v in aws_organizations_policy.scp : k => v.arn }
+  description = "Map of policy ARNs."
+}
+
+output "policy_ids" {
+  value       = { for k, v in aws_organizations_policy.scp : k => v.id }
+  description = "Map of policy IDs."
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,9 @@
+variable "policies" {
+  description = "List of policies with their details"
+  type = list(object({
+    name        = string
+    file        = string
+    target_ids  = list(string)
+    description = string
+  }))
+}