Creates an organizational unit with SCP if required.
Minimal configuration:
module "organizational_unit" {
source = "george-richardson/personal-org/aws//modules/organizational_unit"
version = ">= 1.0.0"
name = "example"
parent_id = module.organization.root_organizational_unit
}| Name | Version |
|---|---|
| terraform | >= 1.2.0 |
| aws | >= 4.9.0 |
| Name | Version |
|---|---|
| aws | 4.22.0 |
| Name | Source | Version |
|---|---|---|
| scp | ../scp | n/a |
| Name | Type |
|---|---|
| aws_organizations_organizational_unit.ou | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_ec2_instance_types | List of EC2 instance types to allow. If not set then all instance types are allowed. | list(string) |
[] |
no |
| allow_rds_instance_types | List of RDS instance types to allow. If not set then all instance types are allowed. | list(string) |
[] |
no |
| allow_regions | List of regions to allow AWS activity within. (Global services are ignored by this list) | list(string) |
[] |
no |
| allow_services | List of services to allow API activity against. All other services will be blocked. Be careful about blocking IAM and other foundational services. When not set all services are allowed. | list(string) |
[] |
no |
| block_root_user | Should the root user have all access blocked? | bool |
false |
no |
| name | Alias for the account. | string |
n/a | yes |
| override_policy_documents | List of JSON SCP policy documents that will be merged with the generated SCP. | list(string) |
[] |
no |
| parent_id | ID of the organizational unit this organizational unity should be a child of. | string |
n/a | yes |
| protected_iam_resources | List of IAM ARNs which will be protected from modification by all users. | list(string) |
[] |
no |
| Name | Description |
|---|---|
| id | ID of the organizational unit. |