Allow deployment of AFT in existing VPC

[oliviergaumond]

Describe the outcome you'd like

Currently the deployment of AFT will create its own VPC into the AFT management account. It would be useful to specify an existing VPC to deploy into, instead of creating a new one by default.

Is your feature request related to a problem you are currently experiencing? If so, please describe.

Unable to deploy AFT into an Organization with SCP preventing the creation of new VPCs.

Additional context

Some landing zones are designed to centralize the management of VPCs in a shared account and share them using Resource Account Manager. Having the ability to specify an existing VPC would allow deployment of AFT in this type of architecture.

[snebhu3]

Thanks for the feature request @oliviergaumond, I've gone ahead and made a backlog to address this with the team.

[pkdcloud]

I would love this feature also, or a feature to customize the AFT VPC further.

• Ability to deploy 1 x NAT Gateways into a single AZ and adjust private to public routing accordingly across Azs.

[brakf]

Dear @snebhu3, has there been any progress on this?

[Veevaete]

Hello @snebhu3

Should I be worried feature requests are without updates for almost a year?

I would like to use AFT for my work, but this is pretty scary to be honest.

[snebhu3]

@Veevaete thank you for reaching out. Unfortunately, we do not have an update on this feature request.

[mbuotidem]

Looks like this might help : https://github.com/aws-ia/terraform-aws-control_tower_account_factory/releases/tag/1.12.0

[sprioriello]

@mbuotidem this new feature just turns on or off VPC that is deployed by AFT looking at the doco. Is there to support to deploy in an existing VPC, like pointing to an VPC Id and Subnets?

[sputmayer]

@mbuotidem I dont think what @sprioriello is asking is same as what is available in 1.12.0. We need this feature too. We have an existing account with an existing VPC where this needs to be deployed so ideally should be available.