https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft
Terraform Module repo for managing the parent AFT configuration responsible for deploying AFT resources into accounts.
https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft
Last synced: about 1 month ago
JSON representation
Terraform Module repo for managing the parent AFT configuration responsible for deploying AFT resources into accounts.
- Host: GitHub
- URL: https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft
- Owner: sourcefuse
- License: apache-2.0
- Created: 2022-08-21T15:12:47.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-09-28T08:00:18.000Z (over 2 years ago)
- Last Synced: 2025-08-01T05:55:58.501Z (8 months ago)
- Language: HCL
- Homepage:
- Size: 447 KB
- Stars: 1
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# [terraform-aws-arc-control-tower-aft](https://github.com/sourcefuse/terraform-aws-arc-control-tower-aft)
[](https://github.com/sourcefuse/terraform-aws-refarch-control-tower-aft/actions/workflows/snyk.yaml)
## Overview
SourceFuse AWS Reference Architecture (ARC) Terraform module for managing Control Tower Account Factory Terraform. Part of the ARC AWS Landing Zone solution.
## Usage
To see a full example, check out the [main.tf](https://github.com/sourcefuse/terraform-aws-refarch-control-tower-aft/blob/main/example/main.tf) file in the example folder.
```hcl
################################################################################
## control tower
################################################################################
module "aft" {
source = "sourcefuse/arc-control-tower-aft/aws"
version = "0.3.6"
account_ids = var.account_ids
aft_vpc_cidr = var.aft_vpc_cidr
control_tower_home_region = var.control_tower_home_region
terraform_backend_secondary_region = var.terraform_backend_secondary_region
account_customizations_repo = var.account_customizations_repo
account_provisioning_customizations_repo = var.account_provisioning_customizations_repo
account_request_repo = var.account_request_repo
global_customizations_repo = var.global_customizations_repo
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [aws](#requirement\_aws) | ~> 4.0 |
## Providers
No providers.
## Modules
| Name | Source | Version |
|------|--------|---------|
| [aft](#module\_aft) | git::https://github.com/aws-ia/terraform-aws-control_tower_account_factory | 1.8.0 |
## Resources
No resources.
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [account\_customizations\_repo](#input\_account\_customizations\_repo) | Information on the git repo for managing the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. |
object({
name = string
branch = string
}) | {
"branch": "main",
"name": "sourcefuse/terraform-aws-refarch-aft-account-customizations"
} | no |
| [account\_ids](#input\_account\_ids) | IDs to the accounts used for deploying the respective resources into | object({
aft_management = string
audit = string
control_tower_management = string
log_archive = string
}) | n/a | yes |
| [account\_provisioning\_customizations\_repo](#input\_account\_provisioning\_customizations\_repo) | Information on the git repo for provisioning the account customizations. For non-CodeCommit repos, name should be in the format of org/repo. | object({
name = string
branch = string
}) | {
"branch": "main",
"name": "sourcefuse/terraform-aws-refarch-aft-account-provisioning-customizations"
} | no |
| [account\_request\_repo](#input\_account\_request\_repo) | Information on the git repo for account requests. For non-CodeCommit repos, name should be in the format of org/repo. | object({
name = string
branch = string
}) | {
"branch": "main",
"name": "sourcefuse/terraform-aws-refarch-aft-account-request"
} | no |
| [aft\_feature\_cloudtrail\_data\_events](#input\_aft\_feature\_cloudtrail\_data\_events) | Feature flag toggling CloudTrail data events on/off | `bool` | `true` | no |
| [aft\_feature\_delete\_default\_vpcs\_enabled](#input\_aft\_feature\_delete\_default\_vpcs\_enabled) | Feature flag toggling deletion of default VPCs on/off | `bool` | `true` | no |
| [aft\_feature\_enterprise\_support](#input\_aft\_feature\_enterprise\_support) | Feature flag toggling Enterprise Support enrollment on/off | `bool` | `false` | no |
| [aft\_max\_subnets](#input\_aft\_max\_subnets) | Maximum number of subnets to create based off the provided VPC CIDR | `string` | `"4"` | no |
| [aft\_metrics\_reporting](#input\_aft\_metrics\_reporting) | Flag toggling reporting of operational metrics | `bool` | `true` | no |
| [aft\_vpc\_cidr](#input\_aft\_vpc\_cidr) | CIDR Block to allocate to the AFT VPC | `string` | n/a | yes |
| [aft\_vpc\_endpoints](#input\_aft\_vpc\_endpoints) | Flag turning VPC endpoints on/off for AFT VPC | `bool` | `true` | no |
| [cloudwatch\_log\_group\_retention](#input\_cloudwatch\_log\_group\_retention) | Amount of days to keep CloudWatch Log Groups for Lambda functions. 0 = Never Expire | `string` | `"0"` | no |
| [control\_tower\_home\_region](#input\_control\_tower\_home\_region) | The region from which this module will be executed. This MUST be the same region as Control Tower is deployed. | `string` | n/a | yes |
| [github\_enterprise\_url](#input\_github\_enterprise\_url) | GitHub enterprise URL, if GitHub Enterprise is being used | `string` | `"null"` | no |
| [global\_codebuild\_timeout](#input\_global\_codebuild\_timeout) | Codebuild build timeout | `number` | `60` | no |
| [global\_customizations\_repo](#input\_global\_customizations\_repo) | Information on the git repo for global customizations. For non-CodeCommit repos, name should be in the format of org/repo. | object({
name = string
branch = string
}) | {
"branch": "main",
"name": "sourcefuse/terraform-aws-refarch-aft-global-customizations"
} | no |
| [maximum\_concurrent\_customizations](#input\_maximum\_concurrent\_customizations) | Maximum number of customizations/pipelines to run at once | `number` | `5` | no |
| [terraform\_api\_endpoint](#input\_terraform\_api\_endpoint) | API Endpoint for Terraform. Must be in the format of https://xxx.xxx. | `string` | `"https://app.terraform.io/api/v2/"` | no |
| [terraform\_backend\_secondary\_region](#input\_terraform\_backend\_secondary\_region) | AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to. | `string` | n/a | yes |
| [terraform\_distribution](#input\_terraform\_distribution) | Terraform distribution being used for AFT - valid values are oss, tfc, or tfe | `string` | `"oss"` | no |
| [terraform\_org\_name](#input\_terraform\_org\_name) | Organization name for Terraform Cloud or Enterprise | `string` | `"null"` | no |
| [terraform\_token](#input\_terraform\_token) | Terraform token for Cloud or Enterprise | `string` | `"null"` | no |
| [terraform\_version](#input\_terraform\_version) | Terraform version being used for AFT | `string` | `"1.3.6"` | no |
| [vcs\_provider](#input\_vcs\_provider) | Customer VCS Provider - valid inputs are codecommit, bitbucket, github, or githubenterprise | `string` | `"github"` | no |
## Outputs
| Name | Description |
|------|-------------|
| [account\_customizations\_repo\_branch](#output\_account\_customizations\_repo\_branch) | VCS Account customizations repo branch |
| [account\_customizations\_repo\_name](#output\_account\_customizations\_repo\_name) | VCS Account customizations repo name |
| [account\_ids](#output\_account\_ids) | Map of account IDs for each account created. |
| [account\_provisioning\_customizations\_repo\_branch](#output\_account\_provisioning\_customizations\_repo\_branch) | VCS Account provisioning customizations repo branch |
| [account\_provisioning\_customizations\_repo\_name](#output\_account\_provisioning\_customizations\_repo\_name) | VCS Account provisioning customizations repo name |
| [account\_request\_repo\_branch](#output\_account\_request\_repo\_branch) | VCS Account request repo branch. |
| [account\_request\_repo\_name](#output\_account\_request\_repo\_name) | VCS Account request repo name. |
| [aft\_feature\_cloudtrail\_data\_events](#output\_aft\_feature\_cloudtrail\_data\_events) | AFT feature "CloudTrail data events". |
| [aft\_feature\_delete\_default\_vpcs\_enabled](#output\_aft\_feature\_delete\_default\_vpcs\_enabled) | AFT feature "delete default vpcs enabled". |
| [aft\_vpc\_cidr](#output\_aft\_vpc\_cidr) | AFT VPC assigned cidr. |
| [aft\_vpc\_private\_subnet\_cidrs](#output\_aft\_vpc\_private\_subnet\_cidrs) | AFT VPC private subnet 01 cidr. |
| [aft\_vpc\_public\_subnet\_cidrs](#output\_aft\_vpc\_public\_subnet\_cidrs) | AFT VPC private subnet 01 cidr. |
| [global\_customizations\_repo\_branch](#output\_global\_customizations\_repo\_branch) | Global customizations repo branch. |
| [global\_customizations\_repo\_name](#output\_global\_customizations\_repo\_name) | Global customizations repo name. |
| [terraform\_version](#output\_terraform\_version) | Terraform version used for this configuration. |
| [tf\_backend\_secondary\_region](#output\_tf\_backend\_secondary\_region) | Terraform backend secondary region. |
| [vcs\_provider](#output\_vcs\_provider) | VCS Provider where the repos are configure for the different accounts. |
## Versioning
This project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to `main`, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
## Development
### Prerequisites
- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)
- [terraform-docs](https://github.com/segmentio/terraform-docs)
- [pre-commit](https://pre-commit.com/#install)
### Configurations
- Configure pre-commit hooks
```sh
pre-commit install
```
## Authors
This project is authored by:
- SourceFuse ARC Team