Open diegoroccia opened 2 months ago
yannickvr
commented
1 month ago I'm assuming something among the lines of this?
ProductionAccount:
Type: OC::ORG::Account
Properties:
RootEmail: production@myorg.com
AccountName: Production Account
Tags:
budget-alarm-threshold: '2500'
account-owner-email: my@email.com
OptInRegions:
- af-south-2
- ap-east-1
tcondeixa
commented
1 month ago I'm assuming something among the lines of this?
ProductionAccount: Type: OC::ORG::Account Properties: RootEmail: production@myorg.com AccountName: Production Account Tags: budget-alarm-threshold: '2500' account-owner-email: my@email.com OptInRegions: - af-south-2 - ap-east-1
That would be an option to enable extra regions and unblock the use-case. IMO the enabled regions are controlled already as part of the OC::ORG:: Account resource, so It would be better we could specify all the regions to be enabled and not only extra ones. Otherwise this would require another CR to disable regions that will interfere with the current one.
Maybe that was what you suggested but not what is described in the issue, so just want to be sure about this OptInRegions is all regions to enable and to create the entrypoint role, and not only extra regions to opt in.
Subject of the issue
Please excuse if the feature is documented and I could just not finf it.
I am looking into how to enable additional regions on account creation. It has to be on account creation because I am setting AWS SSO in that region, so not having the region enabled makes the pipeline fail because the org-formation is unable to assume the role in the target account
Specifically, I am using ap-east-1
Your environment
Steps to reproduce
Tell us how to reproduce this issue. Please provide ofn projct files if possible, you can use this template as a base. https://plnkr.co/edit/m568SDw2KPufQsUl
Expected behaviour
Tell us what should happen
Actual behaviour
Tell us what happens instead