{"id":29943292,"url":"https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft","last_synced_at":"2026-02-09T14:35:08.255Z","repository":{"id":65513268,"uuid":"527242700","full_name":"sourcefuse/terraform-aws-arc-control-tower-aft","owner":"sourcefuse","description":"Terraform Module repo for managing the parent AFT configuration responsible for deploying AFT resources into accounts.","archived":false,"fork":false,"pushed_at":"2023-09-28T08:00:18.000Z","size":458,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-08-01T05:55:58.501Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcefuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-08-21T15:12:47.000Z","updated_at":"2024-09-23T14:00:40.000Z","dependencies_parsed_at":"2024-04-25T00:58:39.727Z","dependency_job_id":"bfa64535-ab08-4503-a5d4-b4da5696a9d2","html_url":"https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft","commit_stats":null,"previous_names":["sourcefuse/terraform-aws-arc-control-tower-aft"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/sourcefuse/terraform-aws-arc-control-tower-aft","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-control-tower-aft","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-control-tower-aft/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-control-tower-aft/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-control-tower-aft/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcefuse","download_url":"https://codeload.github.com/sourcefuse/terraform-aws-arc-control-tower-aft/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefuse%2Fterraform-aws-arc-control-tower-aft/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29268996,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-09T13:47:44.167Z","status":"ssl_error","status_checked_at":"2026-02-09T13:47:43.721Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-03T02:14:54.190Z","updated_at":"2026-02-09T14:35:08.249Z","avatar_url":"https://github.com/sourcefuse.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [terraform-aws-arc-control-tower-aft](https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft)\n\n[![Known Vulnerabilities](https://github.com/sourcefuse/terraform-aws-refarch-control-tower-aft/actions/workflows/snyk.yaml/badge.svg)](https://github.com/sourcefuse/terraform-aws-refarch-control-tower-aft/actions/workflows/snyk.yaml)\n## Overview\n\nSourceFuse AWS Reference Architecture (ARC) Terraform module for managing Control Tower Account Factory Terraform. Part of the ARC AWS Landing Zone solution.\n\n![ARC Landing Zone](./static/arc_landing_zone.png)\n\n## Usage\n\nTo see a full example, check out the [main.tf](https://github.com/sourcefuse/terraform-aws-refarch-control-tower-aft/blob/main/example/main.tf) file in the example folder.\n\n```hcl\n################################################################################\n## control tower\n################################################################################\nmodule \"aft\" {\n  source  = \"sourcefuse/arc-control-tower-aft/aws\"\n  version = \"0.3.6\"\n\n  account_ids                        = var.account_ids\n  aft_vpc_cidr                       = var.aft_vpc_cidr\n  control_tower_home_region          = var.control_tower_home_region\n  terraform_backend_secondary_region = var.terraform_backend_secondary_region\n\n  account_customizations_repo              = var.account_customizations_repo\n  account_provisioning_customizations_repo = var.account_provisioning_customizations_repo\n  account_request_repo                     = var.account_request_repo\n  global_customizations_repo               = var.global_customizations_repo\n}\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4.0 |\n\n## Providers\n\nNo providers.\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_aft\"\u003e\u003c/a\u003e [aft](#module\\_aft) | git::https://github.com/aws-ia/terraform-aws-control_tower_account_factory | 1.8.0 |\n\n## Resources\n\nNo resources.\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_account_customizations_repo\"\u003e\u003c/a\u003e [account\\_customizations\\_repo](#input\\_account\\_customizations\\_repo) | Information on the git repo for managing the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. | \u003cpre\u003eobject({\u003cbr\u003e    name   = string\u003cbr\u003e    branch = string\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"branch\": \"main\",\u003cbr\u003e  \"name\": \"sourcefuse/terraform-aws-refarch-aft-account-customizations\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_account_ids\"\u003e\u003c/a\u003e [account\\_ids](#input\\_account\\_ids) | IDs to the accounts used for deploying the respective resources into | \u003cpre\u003eobject({\u003cbr\u003e    aft_management           = string\u003cbr\u003e    audit                    = string\u003cbr\u003e    control_tower_management = string\u003cbr\u003e    log_archive              = string\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_account_provisioning_customizations_repo\"\u003e\u003c/a\u003e [account\\_provisioning\\_customizations\\_repo](#input\\_account\\_provisioning\\_customizations\\_repo) | Information on the git repo for provisioning the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. | \u003cpre\u003eobject({\u003cbr\u003e    name   = string\u003cbr\u003e    branch = string\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"branch\": \"main\",\u003cbr\u003e  \"name\": \"sourcefuse/terraform-aws-refarch-aft-account-provisioning-customizations\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_account_request_repo\"\u003e\u003c/a\u003e [account\\_request\\_repo](#input\\_account\\_request\\_repo) | Information on the git repo for account requests. For non-CodeCommit repos, name should be in the format of org/repo. | \u003cpre\u003eobject({\u003cbr\u003e    name   = string\u003cbr\u003e    branch = string\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"branch\": \"main\",\u003cbr\u003e  \"name\": \"sourcefuse/terraform-aws-refarch-aft-account-request\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_aft_feature_cloudtrail_data_events\"\u003e\u003c/a\u003e [aft\\_feature\\_cloudtrail\\_data\\_events](#input\\_aft\\_feature\\_cloudtrail\\_data\\_events) | Feature flag toggling CloudTrail data events on/off | `bool` | `true` | no |\n| \u003ca name=\"input_aft_feature_delete_default_vpcs_enabled\"\u003e\u003c/a\u003e [aft\\_feature\\_delete\\_default\\_vpcs\\_enabled](#input\\_aft\\_feature\\_delete\\_default\\_vpcs\\_enabled) | Feature flag toggling deletion of default VPCs on/off | `bool` | `true` | no |\n| \u003ca name=\"input_aft_feature_enterprise_support\"\u003e\u003c/a\u003e [aft\\_feature\\_enterprise\\_support](#input\\_aft\\_feature\\_enterprise\\_support) | Feature flag toggling Enterprise Support enrollment on/off | `bool` | `false` | no |\n| \u003ca name=\"input_aft_max_subnets\"\u003e\u003c/a\u003e [aft\\_max\\_subnets](#input\\_aft\\_max\\_subnets) | Maximum number of subnets to create based off the provided VPC CIDR | `string` | `\"4\"` | no |\n| \u003ca name=\"input_aft_metrics_reporting\"\u003e\u003c/a\u003e [aft\\_metrics\\_reporting](#input\\_aft\\_metrics\\_reporting) | Flag toggling reporting of operational metrics | `bool` | `true` | no |\n| \u003ca name=\"input_aft_vpc_cidr\"\u003e\u003c/a\u003e [aft\\_vpc\\_cidr](#input\\_aft\\_vpc\\_cidr) | CIDR Block to allocate to the AFT VPC | `string` | n/a | yes |\n| \u003ca name=\"input_aft_vpc_endpoints\"\u003e\u003c/a\u003e [aft\\_vpc\\_endpoints](#input\\_aft\\_vpc\\_endpoints) | Flag turning VPC endpoints on/off for AFT VPC | `bool` | `true` | no |\n| \u003ca name=\"input_cloudwatch_log_group_retention\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_retention](#input\\_cloudwatch\\_log\\_group\\_retention) | Amount of days to keep CloudWatch Log Groups for Lambda functions. 0 = Never Expire | `string` | `\"0\"` | no |\n| \u003ca name=\"input_control_tower_home_region\"\u003e\u003c/a\u003e [control\\_tower\\_home\\_region](#input\\_control\\_tower\\_home\\_region) | The region from which this module will be executed. This MUST be the same region as Control Tower is deployed. | `string` | n/a | yes |\n| \u003ca name=\"input_github_enterprise_url\"\u003e\u003c/a\u003e [github\\_enterprise\\_url](#input\\_github\\_enterprise\\_url) | GitHub enterprise URL, if GitHub Enterprise is being used | `string` | `\"null\"` | no |\n| \u003ca name=\"input_global_codebuild_timeout\"\u003e\u003c/a\u003e [global\\_codebuild\\_timeout](#input\\_global\\_codebuild\\_timeout) | Codebuild build timeout | `number` | `60` | no |\n| \u003ca name=\"input_global_customizations_repo\"\u003e\u003c/a\u003e [global\\_customizations\\_repo](#input\\_global\\_customizations\\_repo) | Information on the git repo for global customizations. For non-CodeCommit repos, name should be in the format of org/repo. | \u003cpre\u003eobject({\u003cbr\u003e    name   = string\u003cbr\u003e    branch = string\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"branch\": \"main\",\u003cbr\u003e  \"name\": \"sourcefuse/terraform-aws-refarch-aft-global-customizations\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_maximum_concurrent_customizations\"\u003e\u003c/a\u003e [maximum\\_concurrent\\_customizations](#input\\_maximum\\_concurrent\\_customizations) | Maximum number of customizations/pipelines to run at once | `number` | `5` | no |\n| \u003ca name=\"input_terraform_api_endpoint\"\u003e\u003c/a\u003e [terraform\\_api\\_endpoint](#input\\_terraform\\_api\\_endpoint) | API Endpoint for Terraform. Must be in the format of https://xxx.xxx. | `string` | `\"https://app.terraform.io/api/v2/\"` | no |\n| \u003ca name=\"input_terraform_backend_secondary_region\"\u003e\u003c/a\u003e [terraform\\_backend\\_secondary\\_region](#input\\_terraform\\_backend\\_secondary\\_region) | AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to. | `string` | n/a | yes |\n| \u003ca name=\"input_terraform_distribution\"\u003e\u003c/a\u003e [terraform\\_distribution](#input\\_terraform\\_distribution) | Terraform distribution being used for AFT - valid values are oss, tfc, or tfe | `string` | `\"oss\"` | no |\n| \u003ca name=\"input_terraform_org_name\"\u003e\u003c/a\u003e [terraform\\_org\\_name](#input\\_terraform\\_org\\_name) | Organization name for Terraform Cloud or Enterprise | `string` | `\"null\"` | no |\n| \u003ca name=\"input_terraform_token\"\u003e\u003c/a\u003e [terraform\\_token](#input\\_terraform\\_token) | Terraform token for Cloud or Enterprise | `string` | `\"null\"` | no |\n| \u003ca name=\"input_terraform_version\"\u003e\u003c/a\u003e [terraform\\_version](#input\\_terraform\\_version) | Terraform version being used for AFT | `string` | `\"1.3.6\"` | no |\n| \u003ca name=\"input_vcs_provider\"\u003e\u003c/a\u003e [vcs\\_provider](#input\\_vcs\\_provider) | Customer VCS Provider - valid inputs are codecommit, bitbucket, github, or githubenterprise | `string` | `\"github\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_account_customizations_repo_branch\"\u003e\u003c/a\u003e [account\\_customizations\\_repo\\_branch](#output\\_account\\_customizations\\_repo\\_branch) | VCS Account customizations repo branch |\n| \u003ca name=\"output_account_customizations_repo_name\"\u003e\u003c/a\u003e [account\\_customizations\\_repo\\_name](#output\\_account\\_customizations\\_repo\\_name) | VCS Account customizations repo name |\n| \u003ca name=\"output_account_ids\"\u003e\u003c/a\u003e [account\\_ids](#output\\_account\\_ids) | Map of account IDs for each account created. |\n| \u003ca name=\"output_account_provisioning_customizations_repo_branch\"\u003e\u003c/a\u003e [account\\_provisioning\\_customizations\\_repo\\_branch](#output\\_account\\_provisioning\\_customizations\\_repo\\_branch) | VCS Account provisioning customizations repo branch |\n| \u003ca name=\"output_account_provisioning_customizations_repo_name\"\u003e\u003c/a\u003e [account\\_provisioning\\_customizations\\_repo\\_name](#output\\_account\\_provisioning\\_customizations\\_repo\\_name) | VCS Account provisioning customizations repo name |\n| \u003ca name=\"output_account_request_repo_branch\"\u003e\u003c/a\u003e [account\\_request\\_repo\\_branch](#output\\_account\\_request\\_repo\\_branch) | VCS Account request repo branch. |\n| \u003ca name=\"output_account_request_repo_name\"\u003e\u003c/a\u003e [account\\_request\\_repo\\_name](#output\\_account\\_request\\_repo\\_name) | VCS Account request repo name. |\n| \u003ca name=\"output_aft_feature_cloudtrail_data_events\"\u003e\u003c/a\u003e [aft\\_feature\\_cloudtrail\\_data\\_events](#output\\_aft\\_feature\\_cloudtrail\\_data\\_events) | AFT feature \"CloudTrail data events\". |\n| \u003ca name=\"output_aft_feature_delete_default_vpcs_enabled\"\u003e\u003c/a\u003e [aft\\_feature\\_delete\\_default\\_vpcs\\_enabled](#output\\_aft\\_feature\\_delete\\_default\\_vpcs\\_enabled) | AFT feature \"delete default vpcs enabled\". |\n| \u003ca name=\"output_aft_vpc_cidr\"\u003e\u003c/a\u003e [aft\\_vpc\\_cidr](#output\\_aft\\_vpc\\_cidr) | AFT VPC assigned cidr. |\n| \u003ca name=\"output_aft_vpc_private_subnet_cidrs\"\u003e\u003c/a\u003e [aft\\_vpc\\_private\\_subnet\\_cidrs](#output\\_aft\\_vpc\\_private\\_subnet\\_cidrs) | AFT VPC private subnet 01 cidr. |\n| \u003ca name=\"output_aft_vpc_public_subnet_cidrs\"\u003e\u003c/a\u003e [aft\\_vpc\\_public\\_subnet\\_cidrs](#output\\_aft\\_vpc\\_public\\_subnet\\_cidrs) | AFT VPC private subnet 01 cidr. |\n| \u003ca name=\"output_global_customizations_repo_branch\"\u003e\u003c/a\u003e [global\\_customizations\\_repo\\_branch](#output\\_global\\_customizations\\_repo\\_branch) | Global customizations repo branch. |\n| \u003ca name=\"output_global_customizations_repo_name\"\u003e\u003c/a\u003e [global\\_customizations\\_repo\\_name](#output\\_global\\_customizations\\_repo\\_name) | Global customizations repo name. |\n| \u003ca name=\"output_terraform_version\"\u003e\u003c/a\u003e [terraform\\_version](#output\\_terraform\\_version) | Terraform version used for this configuration. |\n| \u003ca name=\"output_tf_backend_secondary_region\"\u003e\u003c/a\u003e [tf\\_backend\\_secondary\\_region](#output\\_tf\\_backend\\_secondary\\_region) | Terraform backend secondary region. |\n| \u003ca name=\"output_vcs_provider\"\u003e\u003c/a\u003e [vcs\\_provider](#output\\_vcs\\_provider) | VCS Provider where the repos are configure for the different accounts. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Versioning  \nThis project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.  \n\nWhen you intend to commit to `main`, you will need to increment this version. Once the project is merged,\nthe pipeline will kick off and tag the latest git commit.  \n\n## Development\n\n### Prerequisites\n\n- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)\n- [terraform-docs](https://github.com/segmentio/terraform-docs)\n- [pre-commit](https://pre-commit.com/#install)\n\n### Configurations\n\n- Configure pre-commit hooks\n  ```sh\n  pre-commit install\n  ```\n\n## Authors\n\nThis project is authored by:\n- SourceFuse ARC Team\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-control-tower-aft","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-control-tower-aft","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefuse%2Fterraform-aws-arc-control-tower-aft/lists"}