search

aws-ia / terraform-aws-control_tower_account_factory

AWS Control Tower Account Factory
Apache License 2.0
604 stars 386 forks source link

Change audit and log archive account ids #448

Open caspar-ds opened 3 months ago

caspar-ds commented 3 months ago

Describe the outcome you'd like

We'd like to change the audit and log-archive account ids set here, but are unsure of the consequences:

module "aft" {
  source = "github.com/aws-ia/terraform-aws-control_tower_account_factory.git?ref=1.12.0"

  # Account ids
  log_archive_account_id   = var.log_archive_account_id
  audit_account_id         = var.audit_account_id

  # ...
}

Could someone please confirm if this is already supported and if doing so could break anything?

Is your feature request related to a problem you are currently experiencing? If so, please describe.

N/A

Additional context

N/A

wiltangg commented 2 months ago

Hi @caspar-ds , the accounts that are to be set to these variables need to be the Log and Audit accounts created as part of your Control Tower landing zone setup. Please refer to this documentation page: Shared Accounts.

Could you clarify if you performed a landing zone decommission and re-setup to create new log and audit accounts? If not, then this is not supported.

caspar-ds commented 2 months ago

Hi @wiltangg. There was a misconfiguration and these accounts are the wrong way around. We'd like to correct this, but aren't sure of the consequences. Thanks