Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aws-samples/aws-scps-with-terraform

Deploy Service Control Policies (SCPs) with Terraform
https://github.com/aws-samples/aws-scps-with-terraform

aws aws-organizations scp terraform

Last synced: 2 months ago
JSON representation

Deploy Service Control Policies (SCPs) with Terraform

Host: GitHub
URL: https://github.com/aws-samples/aws-scps-with-terraform
Owner: aws-samples
License: mit-0
Created: 2023-02-15T20:40:06.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-06-20T17:49:58.000Z (7 months ago)
Last Synced: 2024-08-02T21:38:36.324Z (6 months ago)
Topics: aws, aws-organizations, scp, terraform
Language: HCL
Homepage:
Size: 54.7 KB
Stars: 89
Watchers: 2
Forks: 18
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        ## SCPs with Terraform

Deploy [Service Control Policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) with Terraform.

## Prerequisites

- [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html)

## Limitations

- [SCP Service Quotas](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 

## Module Inputs

```hcl

module "scps" {

  source = "github.com/aws-samples/aws-scps-with-terraform"

  ou_list = {

    "r-1xyz"           = ["root", "allow_services"] #root

    "ou-abcd-11223344" = ["sandbox"]                #sandbox ou

    "ou-efgh-22334455" = ["ssm"]                    #workload ou

  }

}

```

`ou_list` is a map of OU IDs and the SCPs attached to them. SCPs are stored as json files in an adjacent [policies](./policies/) directory.

```

.

├── policies

│   ├── allow_services.json

│   ├── root.json

│   ├── sandbox.json

│   └── ssm.json

└── main.tf <---------- module input here

```

Create SCP json files, add them to the policies directory, and then reference them in the `ou_list` input. 

### Optional Inputs

```hcl

module "scps" {

  ... 

  policies_directory_name = "policies"

}

```

This can be used to change the name and location of the directory you store SCPs in. It will default to `policies`. 

## Example SCPs

[aws-samples/service-control-policy-examples](https://github.com/aws-samples/service-control-policy-examples) 

## Related Resources

- [SCPs (AWS Organizations User Guide)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html)

- [Resource: aws_organizations_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy)

- [Resource: aws_organizations_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy_attachment)

## Security

See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.

## License

This library is licensed under the MIT-0 License. See the LICENSE file.