Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/be-bold/terraform-aws-account-lookup
This Terraform module allows querying AWS accounts and outputs the accounts in various mappings or as a complete list, with the ability to apply a search filter to the account list and group the accounts by existing tags using a sub-module.
https://github.com/be-bold/terraform-aws-account-lookup
aws terraform terraform-module
Last synced: about 1 month ago
JSON representation
This Terraform module allows querying AWS accounts and outputs the accounts in various mappings or as a complete list, with the ability to apply a search filter to the account list and group the accounts by existing tags using a sub-module.
- Host: GitHub
- URL: https://github.com/be-bold/terraform-aws-account-lookup
- Owner: be-bold
- License: mit
- Created: 2023-03-08T11:51:21.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-15T13:34:54.000Z (11 months ago)
- Last Synced: 2024-08-02T00:26:18.447Z (4 months ago)
- Topics: aws, terraform, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/be-bold/account-lookup/aws/latest
- Size: 105 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
- awesome-tf - terraform-aws-account-lookup - This Terraform module allows querying AWS accounts and outputs the accounts in various mappings or as a complete list, with the ability to apply a search filter to the account list and group the accounts by existing tags using a submodule. (Community Modules / Miscellaneous)
README
# terraform-aws-account-lookup
ℹ️ Use this module in combination with the [filter submodule](https://github.com/be-bold/terraform-aws-account-lookup/tree/main/modules/filter) to further narrow down the list of accounts and be able to group them using tags.
## What it does
This module allows you to list AWS accounts of an organization in various forms. Once initialized you can retrieve the following data:
* Organization id
* Account id of your organizations management account
* Name of your organizations management account
* Mapping `id` _to_ `name`
* Mapping `name` _to_ `id`
* Mapping `id` _to_ `tags`
* Mapping `name` _to_ `tags`
* A list of all accounts with all of their properties present (`id`, `arn`, `name`, `email`, `status`, `tags`)## How to use
The role with which you are running terraform on this module requires the following permissions:
```text
"organizations:ListRoots",
"organizations:ListTagsForResource",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
```Either the role on your default provider allows these actions already or you want to add them to that role.
Alternatively you can create a distinct role for this case. We'll have a look at both cases down below.### Using default provider
Call the module using this provider and decide whether to include the management account in the output lists or not (default is `true`):
```hcl
module "lookup" {
source = "be-bold/account-lookup/aws"
version = "#.#.#"
include_management_account = false
}
```**Done**. Now call one of the multiple output options:
````hcl
output "show" {
value = module.lookup.mapping_id_to_name
}
````### Custom role
You need a role which allows the following actions:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"organizations:ListRoots",
"organizations:ListTagsForResource",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
],
"Resource": "*"
}
]
}
```Create a provider which references this role:
```hcl
provider "aws" {
region = "YOUR-REGION-HERE"
alias = "organization_read_role"assume_role {
role_arn = "arn:aws:iam::############:role/organization-read-role"
}
}
```**Done**. Now call the module using this provider and decide whether to include the management account in the output lists or not (default is `true`):
```hcl
module "lookup" {
source = "be-bold/account-lookup/aws"
version = "#.#.#"
providers = {
aws = aws.organization_read_role
}
include_management_account = false
}
```Call one of the multiple output options:
````hcl
output "show" {
value = module.lookup.mapping_id_to_name
}
````## Further filtering
Use the [filter submodule](https://github.com/be-bold/terraform-aws-account-lookup/tree/main/modules/filter) for even more control on your lists.
Have a look at the **examples** as well.