hanafya
commented
10 months ago Hey @Chainshark! I have cut a feature request in our backlog to review this feature. Thank you!
Open be-aws-architect opened 11 months ago
hanafya
commented
10 months ago Hey @Chainshark! I have cut a feature request in our backlog to review this feature. Thank you!
robbycuenot
commented
7 months ago @Chainshark I've started using account customizations only for this purpose, as I've found that there is always an edge case where something needs to be excluded and it can be a pain to work around it. I have a customization called "standard" that I apply to every request record, and I can leave it off or fork it for certain accounts, such as the management account or aft-management accounts
be-aws-architect
commented
5 months ago @robbycuenot thanks for the insight, that might be a better idea!
From this I deduce you imported your root into AFT as well?
robbycuenot
commented
5 months ago @be-aws-architect yep, I have every account imported and it's been working well
Describe the outcome you'd like
The global_customizations repository allows deploying the customizations to specific accounts and OUs as described here: https://docs.aws.amazon.com/controltower/latest/userguide/aft-account-customization-options.html#aft-re-invoke-customizations
I have an usecase where I need to deploy certain resources to every account, and to certain OUs only.
Is there any way to utilize the configuration of the Step Function to deploy certain TF files to the OUs specified in it?
Is your feature request related to a problem you are currently experiencing? If so, please describe.
I need to deploy IAM roles to all accounts, and certain resources only to some specific OUs.
Additional context