forked from bcgov/terraform-aws-sea-organization-info
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
28 lines (22 loc) · 1.14 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.11.0"
}
}
}
data "aws_organizations_organization" "org_root" {}
//all of the OU's within the org
data "aws_organizations_organizational_units" "org_ous" {
parent_id = data.aws_organizations_organization.org_root.roots[0].id
}
locals {
non_master_accounts = data.aws_organizations_organization.org_root.non_master_accounts[*]
core_ou = [for ou in data.aws_organizations_organizational_units.org_ous.children : ou if ou.name == "core"][0]
core_account_names = ["log-archive", "Perimeter", "iam-security", "security", "shared-services", "SharedNetwork", "Operations"]
core_accounts = [for account in local.non_master_accounts : account if contains(local.core_account_names, account.name)]
workload_ou_names = ["Dev", "Test", "Prod", "Sandbox", "UnClass"]
workload_ous = [for ou in data.aws_organizations_organizational_units.org_ous.children : ou if contains(local.workload_ou_names, ou.name)]
workload_accounts = [for account in local.non_master_accounts : account if !contains(local.core_account_names, account.name)]
}