search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.81k stars 9.16k forks source link

[New Data Source]: ControlCatalog ListControls & GetControls #39896

Open dcibarra opened 2 hours ago

dcibarra commented 2 hours ago

Description

Hello - I'd like to request Data Sources for Control Catalog. Primarily ListControls and GetControls. This would be beneficial in deploying Control Tower Controls via Terraform. The existing data source aws_controltower_controls only pulls controls already applied; meaning I need to get data about the controls from outside my configuration. Currently I am using boto3 to create a .json file and ingesting this as a local variable that I can filter and iterate over to deploy controls. This is not ideal since it means my .json file might be out of sync if AWS adds new controls.

Requested Resource(s) and/or Data Source(s)

aws_controlcatalog_controls

Potential Terraform Configuration

data "aws_controlcatalog_controls" "controls" {

}

data "aws_organizations_organizations_ou" "example" {

}

resource "aws_organizations_organizational_unit" "example" {
  name = "Example"
    parent_id = data.aws_organizations_organization.example.roots[0].id
}

resource "aws_controltower_control" "dectective_control" {
  for_each = { for control in data.aws_controlcatalog_controls.controls : control.Arn => control if control.Behavior == "DETECTIVE" }
  target_identifier = aws_organizations_organizational_unit.example.arn
    control_identifier = each.value.Arn
}

References

https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListControls.html

Would you like to implement a fix?

No

github-actions[bot] commented 2 hours ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue