matt-FFFFFF
commented
2 months ago This is something we will consider for a future release, perhaps this is easier with the new ALZ provider and ptn module. @jaredfholgate
Closed richardf5 closed 2 months ago
matt-FFFFFF
commented
2 months ago This is something we will consider for a future release, perhaps this is easier with the new ALZ provider and ptn module. @jaredfholgate
jaredfholgate
commented
2 months ago I am summarising the ask as wanting to supply a custom lib folder. This is already possible post bootstrapping, you can customise the code in the repo as much as you want. This is the recommended approach for advanced scenarios as we are catering for customers that want to use our out of the box polices at the moment.
You still get the benefit of the CI/CD bootstrapping, you just need to adjust the .tf files.
Per @matt-FFFFFF, it is likely that in the vNext module we'll need a way to point to a custom lib, so that will likely come, but a way off.
Community Note
Description
Need an easy way to exclude / change assignment of custom policies from with the Terraform Accelerator.
I understand the accelerator is downstream from this module, however, I believe that some of the same people are across both?
Is your feature request related to a problem?
Yes. Some policy is not desirable in its current form.
Describe the solution you'd like
The Terraform Accelerator uses this module however it re-downloads each time the pipeline is run and so there's no direct access to the /lib folder.
I don't see a clear way to override policy assignments. As an example, the policy to create Recovery Vaults seems to create multiple vaults in multiple places. Customers don't obviously want that. Ideally, we'd write code to use known Recovery Vaults.
A clear description on overriding policy assignments that doesn't require me to reverse engineer the modules/code :-)
Additional context