diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory-async/control-tower-account-factory-async.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory-async/control-tower-account-factory-async.md
index 16d10b4821..67b2750ce6 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory-async/control-tower-account-factory-async.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory-async/control-tower-account-factory-async.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Account Factory Async
-View Source
+View Source
-Release Notes
+Release Notes
-This is a OpenTofu/Terraform module that will trigger the creation of a new AWS account by using Control Tower. This module differs from [control-tower-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/control-tower-account-factory) by introducing an [asynchrous pattern](#asynchrous-pattern) to help better handle certain types of drift.
+This is a OpenTofu/Terraform module that will trigger the creation of a new AWS account by using Control Tower. This module differs from [control-tower-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/control-tower-account-factory) by introducing an [asynchrous pattern](#asynchrous-pattern) to help better handle certain types of drift.
Under the hood, this module uses AWS Service Catalog to trigger Control Tower, as Control Tower does not currently expose any APIs to trigger it directly.
@@ -92,7 +92,7 @@ This is usually accompanied by this module returning outputs that look like the
Unfortunately, this is an unrecoverable error from an AWS Provider perspective, as the provider has no insight into the fact that Service Catalog is in a bad state when it fails in this fashion, and retries will not help.
-The easiest way to recover from this error is to make a small update to one of the variables that are passed into this module. For example, if you are integrating with this module via the [../control-tower-multi-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/control-tower-multi-account-factory) module, you could change the value of something in the relevant file in the directory referenced by the `account_requests_folder`, then revert your change.
+The easiest way to recover from this error is to make a small update to one of the variables that are passed into this module. For example, if you are integrating with this module via the [../control-tower-multi-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/control-tower-multi-account-factory) module, you could change the value of something in the relevant file in the directory referenced by the `account_requests_folder`, then revert your change.
e.g.
@@ -125,7 +125,7 @@ This workaround should only be done to correct up to five Service Catalog provis
module "control_tower_account_factory_async" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory-async?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory-async?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -137,16 +137,20 @@ module "control_tower_account_factory_async" {
# The name to use for the new AWS account
account_name =
- # The name of the organizational unit (OU) in which this account should be
- # created. Must be one of the OUs in your Control Tower dashboard.
+ # The name or path of the organizational unit (OU) in which this account
+ # should be created. You can specify either a simple OU name (e.g., 'Prod') or
+ # a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a
+ # path, it will match against the full OU hierarchy. Simple names will match
+ # any OU with that name if it's unique, otherwise use a path to disambiguate.
organizational_unit_name =
# The list of organizational units (OUs) in which to look for the specified
# organizational_unit_name. The module will look for the OU with the specified
- # name in this list.
+ # name or path in this list.
ous =
# The email address of the user who will be granted admin access to this new
@@ -211,7 +215,7 @@ module "control_tower_account_factory_async" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory-async?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory-async?ref=v1.1.0"
}
inputs = {
@@ -226,16 +230,20 @@ inputs = {
# The name to use for the new AWS account
account_name =
- # The name of the organizational unit (OU) in which this account should be
- # created. Must be one of the OUs in your Control Tower dashboard.
+ # The name or path of the organizational unit (OU) in which this account
+ # should be created. You can specify either a simple OU name (e.g., 'Prod') or
+ # a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a
+ # path, it will match against the full OU hierarchy. Simple names will match
+ # any OU with that name if it's unique, otherwise use a path to disambiguate.
organizational_unit_name =
# The list of organizational units (OUs) in which to look for the specified
# organizational_unit_name. The module will look for the OU with the specified
- # name in this list.
+ # name or path in this list.
ous =
# The email address of the user who will be granted admin access to this new
@@ -349,7 +357,7 @@ The name to use for the new AWS account
-The name of the organizational unit (OU) in which this account should be created. Must be one of the OUs in your Control Tower dashboard.
+The name or path of the organizational unit (OU) in which this account should be created. You can specify either a simple OU name (e.g., 'Prod') or a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a path, it will match against the full OU hierarchy. Simple names will match any OU with that name if it's unique, otherwise use a path to disambiguate.
@@ -357,7 +365,7 @@ The name of the organizational unit (OU) in which this account should be created
-The list of organizational units (OUs) in which to look for the specified organizational_unit_name. The module will look for the OU with the specified name in this list.
+The list of organizational units (OUs) in which to look for the specified organizational_unit_name. The module will look for the OU with the specified name or path in this list.
@@ -366,6 +374,7 @@ The list of organizational units (OUs) in which to look for the specified organi
list(object({
id = string
name = string
+ path = optional(string)
}))
```
@@ -544,11 +553,11 @@ The URL of the AWS SSO login page for this account
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory/control-tower-account-factory.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory/control-tower-account-factory.md
index d16b7b8f2e..2a2e4ed1f4 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory/control-tower-account-factory.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-factory/control-tower-account-factory.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Account Factory
-View Source
+View Source
-Release Notes
+Release Notes
This is a Terraform module that will trigger the creation of a new AWS account by using Control Tower.
@@ -89,7 +89,7 @@ This is usually accompanied by this module returning outputs that look like the
Unfortunately, this is an unrecoverable error from an AWS Provider perspective, as the provider has no insight into the fact that Service Catalog is in a bad state when it fails in this fashion, and retries will not help.
-The easiest way to recover from this error is to make a small update to one of the variables that are passed into this module. For example, if you are integrating with this module via the [../control-tower-multi-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/control-tower-multi-account-factory) module, you could change the value of something in the relevant file in the directory referenced by the `account_requests_folder`, then revert your change.
+The easiest way to recover from this error is to make a small update to one of the variables that are passed into this module. For example, if you are integrating with this module via the [../control-tower-multi-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/control-tower-multi-account-factory) module, you could change the value of something in the relevant file in the directory referenced by the `account_requests_folder`, then revert your change.
e.g.
@@ -122,7 +122,7 @@ This workaround should only be done to correct up to five Service Catalog provis
module "control_tower_account_factory" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -134,16 +134,20 @@ module "control_tower_account_factory" {
# The name to use for the new AWS account
account_name =
- # The name of the organizational unit (OU) in which this account should be
- # created. Must be one of the OUs in your Control Tower dashboard.
+ # The name or path of the organizational unit (OU) in which this account
+ # should be created. You can specify either a simple OU name (e.g., 'Prod') or
+ # a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a
+ # path, it will match against the full OU hierarchy. Simple names will match
+ # any OU with that name if it's unique, otherwise use a path to disambiguate.
organizational_unit_name =
# The list of organizational units (OUs) in which to look for the specified
# organizational_unit_name. The module will look for the OU with the specified
- # name in this list.
+ # name or path in this list.
ous =
# The email address of the user who will be granted admin access to this new
@@ -233,7 +237,7 @@ module "control_tower_account_factory" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-factory?ref=v1.1.0"
}
inputs = {
@@ -248,16 +252,20 @@ inputs = {
# The name to use for the new AWS account
account_name =
- # The name of the organizational unit (OU) in which this account should be
- # created. Must be one of the OUs in your Control Tower dashboard.
+ # The name or path of the organizational unit (OU) in which this account
+ # should be created. You can specify either a simple OU name (e.g., 'Prod') or
+ # a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a
+ # path, it will match against the full OU hierarchy. Simple names will match
+ # any OU with that name if it's unique, otherwise use a path to disambiguate.
organizational_unit_name =
# The list of organizational units (OUs) in which to look for the specified
# organizational_unit_name. The module will look for the OU with the specified
- # name in this list.
+ # name or path in this list.
ous =
# The email address of the user who will be granted admin access to this new
@@ -396,7 +404,7 @@ The name to use for the new AWS account
-The name of the organizational unit (OU) in which this account should be created. Must be one of the OUs in your Control Tower dashboard.
+The name or path of the organizational unit (OU) in which this account should be created. You can specify either a simple OU name (e.g., 'Prod') or a path separated by forward slashes (e.g., 'Workloads/Prod'). When using a path, it will match against the full OU hierarchy. Simple names will match any OU with that name if it's unique, otherwise use a path to disambiguate.
@@ -404,7 +412,7 @@ The name of the organizational unit (OU) in which this account should be created
-The list of organizational units (OUs) in which to look for the specified organizational_unit_name. The module will look for the OU with the specified name in this list.
+The list of organizational units (OUs) in which to look for the specified organizational_unit_name. The module will look for the OU with the specified name or path in this list.
@@ -413,6 +421,7 @@ The list of organizational units (OUs) in which to look for the specified organi
list(object({
id = string
name = string
+ path = optional(string)
}))
```
@@ -590,11 +599,11 @@ The URL of the AWS SSO login page for this account
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-tagger/control-tower-account-tagger.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-tagger/control-tower-account-tagger.md
index 2d34837696..79998bb259 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-account-tagger/control-tower-account-tagger.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-account-tagger/control-tower-account-tagger.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Account Tagger
-View Source
+View Source
Release Notes
@@ -62,7 +62,7 @@ This module assume that the account is managed by AWS Control Tower and has two
module "control_tower_account_tagger" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-tagger?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-tagger?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -103,7 +103,7 @@ module "control_tower_account_tagger" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-tagger?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-account-tagger?ref=v1.1.0"
}
inputs = {
@@ -143,11 +143,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-app-account-baseline/control-tower-app-account-baseline.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-app-account-baseline/control-tower-app-account-baseline.md
index f33a0efb68..37d653491b 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-app-account-baseline/control-tower-app-account-baseline.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-app-account-baseline/control-tower-app-account-baseline.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Account Baseline App with Control Tower Integration
-View Source
+View Source
Release Notes
@@ -40,7 +40,7 @@ Once you assume the `AWSControlTowerExecution` role, you should be able to compl
module "control_tower_app_account_baseline" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-app-account-baseline?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-app-account-baseline?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -694,7 +694,7 @@ module "control_tower_app_account_baseline" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-app-account-baseline?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-app-account-baseline?ref=v1.1.0"
}
inputs = {
@@ -2903,11 +2903,11 @@ A map of ARNs of the service linked roles created from
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-controls/control-tower-controls.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-controls/control-tower-controls.md
index cd9a374fd2..5c33b5b2b5 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-controls/control-tower-controls.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-controls/control-tower-controls.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Controls
-View Source
+View Source
Release Notes
@@ -36,7 +36,7 @@ For a full list of preventive, detective and proactive controls, see the [AWS Co
module "control_tower_controls" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-controls?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-controls?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -72,7 +72,7 @@ module "control_tower_controls" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-controls?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-controls?ref=v1.1.0"
}
inputs = {
@@ -107,11 +107,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-execution-role/control-tower-execution-role.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-execution-role/control-tower-execution-role.md
index 1e4bdeeba7..46d07a5752 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-execution-role/control-tower-execution-role.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-execution-role/control-tower-execution-role.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Execution Role
-View Source
+View Source
Release Notes
@@ -36,7 +36,7 @@ https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html
module "control_tower_execution_role" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-execution-role?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-execution-role?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -62,7 +62,7 @@ module "control_tower_execution_role" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-execution-role?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-execution-role?ref=v1.1.0"
}
inputs = {
@@ -119,11 +119,11 @@ The ARN of the Control Tower Execution Role
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-landing-zone/control-tower-landing-zone.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-landing-zone/control-tower-landing-zone.md
index b5bdab25a9..30c3705c79 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-landing-zone/control-tower-landing-zone.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-landing-zone/control-tower-landing-zone.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Landing Zone
-View Source
+View Source
Release Notes
@@ -117,7 +117,7 @@ The goal of the import is to have a plan with no operations to be performed. If
module "control_tower_landing_zone" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-landing-zone?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-landing-zone?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -218,7 +218,7 @@ module "control_tower_landing_zone" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-landing-zone?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-landing-zone?ref=v1.1.0"
}
inputs = {
@@ -544,11 +544,11 @@ The amount of time allowed for the update operation to take before being conside
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory-async/control-tower-multi-account-factory-async.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory-async/control-tower-multi-account-factory-async.md
index 1bd5631fd6..a9139d05f0 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory-async/control-tower-multi-account-factory-async.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory-async/control-tower-multi-account-factory-async.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Multi-Account Factory Async
-View Source
+View Source
Release Notes
-This OpenTofu/Terraform module provisions multiple AWS accounts using AWS Control Tower Account Factory. Under the hood, it leverages the [control-tower-account-factory-async](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/control-tower-account-factory-async) module for account creation. It also includes a separate mechanism to detect and remediate drifted or outdated AWS Service Catalog products asynchronously, outside of OpenTofu/Terraform, using an EventBridge rule, SQS, Lambda, and AWS Step Functions.
+This OpenTofu/Terraform module provisions multiple AWS accounts using AWS Control Tower Account Factory. Under the hood, it leverages the [control-tower-account-factory-async](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/control-tower-account-factory-async) module for account creation. It also includes a separate mechanism to detect and remediate drifted or outdated AWS Service Catalog products asynchronously, outside of OpenTofu/Terraform, using an EventBridge rule, SQS, Lambda, and AWS Step Functions.
## Background and Justification
@@ -74,7 +74,7 @@ To respect this limitation and offer flexibility, this module provides a configu
module "control_tower_multi_account_factory_async" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory-async?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory-async?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -196,7 +196,7 @@ module "control_tower_multi_account_factory_async" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory-async?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory-async?ref=v1.1.0"
}
inputs = {
@@ -522,11 +522,11 @@ The data from all the AWS accounts created.
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory/control-tower-multi-account-factory.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory/control-tower-multi-account-factory.md
index 32dffee442..be1626d867 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory/control-tower-multi-account-factory.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-multi-account-factory/control-tower-multi-account-factory.md
@@ -9,16 +9,16 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Multi-Account Factory
-View Source
+View Source
Release Notes
This is a Terraform module that will trigger the creation of multiple new AWS accounts by using Control Tower. Under
-the hood, this module uses the [control-tower-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/control-tower-account-factory) module.
+the hood, this module uses the [control-tower-account-factory](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/control-tower-account-factory) module.
## Sample Usage
@@ -33,7 +33,7 @@ the hood, this module uses the [control-tower-account-factory](https://github.co
module "control_tower_multi_account_factory" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -131,7 +131,7 @@ module "control_tower_multi_account_factory" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-multi-account-factory?ref=v1.1.0"
}
inputs = {
@@ -334,11 +334,11 @@ The data from all the AWS accounts created.
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-provisioned-product-artifact-updater/control-tower-provisioned-product-artifact-updater.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-provisioned-product-artifact-updater/control-tower-provisioned-product-artifact-updater.md
index 22a79c99e6..c8dda5bd14 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-provisioned-product-artifact-updater/control-tower-provisioned-product-artifact-updater.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-provisioned-product-artifact-updater/control-tower-provisioned-product-artifact-updater.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Control Tower Provisioned Product Artifact Updater
-View Source
+View Source
Release Notes
@@ -77,7 +77,7 @@ When a new Provisioning Artifact is published in AWS Service Catalog, any accoun
module "control_tower_provisioned_product_artifact_updater" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-provisioned-product-artifact-updater?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-provisioned-product-artifact-updater?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -153,7 +153,7 @@ module "control_tower_provisioned_product_artifact_updater" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-provisioned-product-artifact-updater?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-provisioned-product-artifact-updater?ref=v1.1.0"
}
inputs = {
@@ -228,11 +228,11 @@ inputs = {
diff --git a/docs/reference/modules/terraform-aws-control-tower/control-tower-security-account-baseline/control-tower-security-account-baseline.md b/docs/reference/modules/terraform-aws-control-tower/control-tower-security-account-baseline/control-tower-security-account-baseline.md
index 7af25537e7..c86677b8ae 100644
--- a/docs/reference/modules/terraform-aws-control-tower/control-tower-security-account-baseline/control-tower-security-account-baseline.md
+++ b/docs/reference/modules/terraform-aws-control-tower/control-tower-security-account-baseline/control-tower-security-account-baseline.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Account Baseline Security with Control Tower Integration
-View Source
+View Source
Release Notes
@@ -34,7 +34,7 @@ by Control Tower, including setting up Amazon Guard Duty, Macie, IAM users, IAM
module "control_tower_security_account_baseline" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-security-account-baseline?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-security-account-baseline?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -774,7 +774,7 @@ module "control_tower_security_account_baseline" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-security-account-baseline?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-security-account-baseline?ref=v1.1.0"
}
inputs = {
@@ -3473,11 +3473,11 @@ A map of usernames to that user's AWS Web Console password, encrypted with that
diff --git a/docs/reference/modules/terraform-aws-control-tower/organizational-units/organizational-units.md b/docs/reference/modules/terraform-aws-control-tower/organizational-units/organizational-units.md
index 996df53ede..01eec5763b 100644
--- a/docs/reference/modules/terraform-aws-control-tower/organizational-units/organizational-units.md
+++ b/docs/reference/modules/terraform-aws-control-tower/organizational-units/organizational-units.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Organizational Units Data Source
-View Source
+View Source
Release Notes
@@ -44,7 +44,7 @@ The output `ous` returns a list of organizational units, which have the followin
module "organizational_units" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/organizational-units?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/organizational-units?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
@@ -70,7 +70,7 @@ module "organizational_units" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/organizational-units?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/organizational-units?ref=v1.1.0"
}
inputs = {
@@ -123,11 +123,11 @@ If set to true, this module will look for the specified organizational unit (OU)
diff --git a/docs/reference/modules/terraform-aws-control-tower/sso-groups/sso-groups.md b/docs/reference/modules/terraform-aws-control-tower/sso-groups/sso-groups.md
index b1ae552ecb..3f878e3ebf 100644
--- a/docs/reference/modules/terraform-aws-control-tower/sso-groups/sso-groups.md
+++ b/docs/reference/modules/terraform-aws-control-tower/sso-groups/sso-groups.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSO Groups
-View Source
+View Source
Release Notes
@@ -74,7 +74,7 @@ inputs = {
module "sso_groups" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-groups?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-groups?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -114,7 +114,7 @@ module "sso_groups" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-groups?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-groups?ref=v1.1.0"
}
inputs = {
@@ -210,11 +210,11 @@ ARN of the SSO Admin instance where the Permission Set should be provisioned. Th
diff --git a/docs/reference/modules/terraform-aws-control-tower/sso-permission-sets/sso-permission-sets.md b/docs/reference/modules/terraform-aws-control-tower/sso-permission-sets/sso-permission-sets.md
index a11e8b407c..bad7554b2b 100644
--- a/docs/reference/modules/terraform-aws-control-tower/sso-permission-sets/sso-permission-sets.md
+++ b/docs/reference/modules/terraform-aws-control-tower/sso-permission-sets/sso-permission-sets.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# SSO Permission Sets
-View Source
+View Source
Release Notes
@@ -79,7 +79,7 @@ access to the AWS Account with the IAM permissions defined on the Permission Set
Permission sets are normally bound to groups using your IDP.
-For an example of a manual binding see the [sso-groups module](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.0.3/modules/aws-sso/sso-groups).
+For an example of a manual binding see the [sso-groups module](https://github.com/gruntwork-io/terraform-aws-control-tower/tree/v1.1.0/modules/aws-sso/sso-groups).
### What are permission boundaries?
@@ -113,7 +113,7 @@ For more information on permission boundaries, see the [official documentation](
module "sso_permission_sets" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-permission-sets?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-permission-sets?ref=v1.1.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -168,7 +168,7 @@ module "sso_permission_sets" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-permission-sets?ref=v1.0.3"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/aws-sso/sso-permission-sets?ref=v1.1.0"
}
inputs = {
@@ -335,11 +335,11 @@ The name of the permission set that was created.