search

org-formation / aws-resource-providers

A community driven repository where you can find AWS Resource Type Providers for different purposes (including org-formation ones).
MIT License
88 stars 21 forks source link

design: regiondefaults, accountdefaults #5

Closed OlafConijn closed 4 years ago

OlafConijn commented 4 years ago

thinking about resource providers in the context of org-formation these resources will be applied to multiple accounts at the same time.

I was thinking of implementing https://github.com/OlafConijn/AwsOrganizationFormation/issues/84 using a resource called RegionDefaults. this can then by applied to any number of account/region combinations. I also thought about collecting similar settings (region scope) in the same resource. Logically there would also be a resource called AccountDefaults with a collection of settings that make sense to include in org-formation.

e.g.

Resources:
  RegionDefaults:
    Type: 'OC::ORG::RegionDefaults'
    OrganizationBinding:
       Regions: 
          - eu-central-1
          - us-east
       Account: '*'
    Properties:
      EnableEbsEncryptionByDefault: true

Question becomes: Would password policy be an account default? or its own resource? IAM Alias will not be a default because it will (certainly) change for each account, but Password Policy is likely to be the same.

Another question: Would service limits have their own resource? or would limits be part of the 'account defaults'?

honestly dont know yet. somehow inclined to have Password Policy be part of an AccountDefaults resource and get service limits a resource of their own.

what do you think? thanks

OlafConijn commented 4 years ago

didnt make sense. closed