NTC Account Lifecycle Templates
Description
NTC Account Lifecycle Templates automate and customize the lifecycle management of AWS accounts, ensuring they are provisioned, maintained, and decommissioned according to best practices. This building block handles tasks such as cleaning up new accounts (e.g. deleting default VPCs) and moving decommissioned accounts into isolation for compliance and security purposes.
By streamlining account lifecycle processes, NTC Account Lifecycle Templates ensure consistency, governance, and operational efficiency across your AWS multi-account environment.
Usage
| Latest Release | 1.2.3 |
|---|
- Account Lifecycle Customization
# --------------------------------------------------------------------------------------------------
# ¦ NTC ACCOUNT LIFECYCLE CUSTOMIZATION TEMPLATES
# --------------------------------------------------------------------------------------------------
module "account_lifecycle_customization_templates" {
source = "github.com/nuvibit-terraform-collection/terraform-aws-ntc-account-lifecycle-templates?ref=X.X.X"
account_lifecycle_customization_templates = [
{
template_name = "enable_opt_in_regions"
organizations_event_trigger = "CreateAccountResult"
organizations_member_role = "OrganizationAccountAccessRole"
opt_in_regions = ["eu-central-2"]
},
{
template_name = "delete_default_vpc"
organizations_event_trigger = "CreateAccountResult"
organizations_member_role = "OrganizationAccountAccessRole"
},
{
template_name = "increase_service_quota"
organizations_event_trigger = "CreateAccountResult"
organizations_member_role = "OrganizationAccountAccessRole"
quota_increases = [
{
# global quotas are in us-east-1
region = "us-east-1"
quota_name = "Managed policies per role"
service_code = "iam"
value = 20
}
]
},
{
template_name = "tag_shared_resources"
organizations_event_trigger = "CreateAccountResult"
organizations_member_role = "OrganizationAccountAccessRole"
shared_resources_regions = ["eu-central-1", "eu-central-2"]
},
{
template_name = "move_to_suspended_ou"
organizations_event_trigger = "CloseAccountResult"
organizations_member_role = "OrganizationAccountAccessRole"
suspended_ou_id = local.ntc_parameters["mgmt-organizations"]["ou_ids"]["/root/suspended"]
},
]
}
Requirements
The following requirements are needed by this module:
-
terraform (>= 1.3.0)
-
aws (>= 4.0)
-
local (>=2.4.0)
Providers
The following providers are used by this module:
-
aws (>= 4.0)
-
local (>=2.4.0)
Modules
No modules.
Resources
The following resources are used by this module:
- aws_partition.current (data source)
- aws_region.default (data source)
- local_file.ntc_check_if_template_exists (data source)
Required Inputs
The following input variables are required:
account_lifecycle_customization_templates
Description: List of templates which should be used to generate Account Lifecycle Customization lambda steps.
Type:
list(object({
template_name = string
organizations_event_trigger = string
organizations_member_role = optional(string, "OrganizationAccountAccessRole")
default_region = optional(string, null)
opt_in_regions = optional(list(string), [])
security_regions = optional(list(string), [])
security_member_of = optional(object({
securityhub = optional(bool, true),
guardduty = optional(bool, true),
inspector = optional(bool, false)
}), {})
suspended_ou_id = optional(string, "")
company_name = optional(string, "")
cc_email_addresses = optional(list(string), [])
quota_increases = optional(list(object({
region = string
quota_code = optional(string, null)
quota_name = optional(string, null)
service_code = string
value = number
})), [])
shared_resources_regions = optional(list(string), [])
}))
Optional Inputs
No optional inputs.
Outputs
The following outputs are exported:
account_lifecycle_customization_steps
Description: Account Lifecycle Customization steps grouped by template name.