Skip to content

nops-io/terraform-aws-nops-commitment-management

BranchesTags

Repository files navigation

terraform-aws-nops-commitment-management

Terraform module for commitment management integration with AWS using the nOps platform

Features

  • Creation of an S3 bucket and CUR report
  • Creation IAM roles with the necessary permissions required by the nOps platform
  • Automatic detection of payer and child accounts for correct creation of only necessary resources

Prerequisites

  • Terraform v1.2+
  • AWS CLI configured with appropriate permissions

Usage

Onboarding Payer account

The below example shows how to add the management (root) AWS account integration:

The CUR report name and bucket name are only required to deploy the module to the Payer account.

  1. Being authenticated on the Payer account of the AWS organization, add the following code:
provider "aws" {
  alias  = "root"
}

module cm_onboarding {
  providers = {
    aws = aws.root
  }
  source             = "nops-io/nops-commitment-management/aws"
  # Make sure the bucket name is unique globally, this is a requisite by AWS
  cur_bucket_name = "my_cur_bucket"
  # CUR report display name
  cur_report_name = "my_cur_report"
}
  1. Initialize Terraform:
terraform init
  1. Plan and apply the Terraform configuration:
terraform plan -out=plan

terraform apply plan

Onboarding child account

Onboarding child accounts is performed using the same module, it already contains the logic to react when its being applied on any account that is not root

provider "aws" {
  alias  = "child"
}

module cm_onboarding {
  providers = {
    aws = aws.child
  }
  source             = "nops-io/nops-commitment-management/aws"
  # No variables are required to deploy this module on child accounts
}

Requirements

Name Version
terraform >= 1.2
aws >= 4.0

Providers

Name Version
aws >= 4.0

Modules

No modules.

Resources

Name Type
aws_cur_report_definition.nops_cur resource
aws_iam_role.nops_share_save_mgt_role resource
aws_iam_role.nops_share_save_payer_role resource
aws_iam_role.nops_share_save_ri_role resource
aws_iam_role_policy.nops_sharesave_mgt_policy resource
aws_iam_role_policy.nops_sharesave_policy resource
aws_iam_role_policy.nops_sharesave_ri_policy resource
aws_iam_role_policy_attachments_exclusive.nops_share_save_mgt_managed_policies resource
aws_iam_role_policy_attachments_exclusive.nops_share_save_payer_managed_policies resource
aws_iam_role_policy_attachments_exclusive.nops_share_save_ri_managed_policies resource
aws_s3_bucket.nops_cur_bucket resource
aws_s3_bucket_policy.nops_cur_bucket_policy resource
aws_s3_bucket_public_access_block.nops_cur_bucket_block_public_access resource
aws_s3_bucket_server_side_encryption_configuration.nops_cur_bucket_encryption resource
aws_caller_identity.current data source
aws_organizations_organization.current data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
cur_bucket_name The S3 bucket name to be used to setup CUR integration. This name has to be unique globally. string "" no
cur_report_name Name of the CUR report. string "" no

Outputs

Name Description
cur_bucket_arn The ARN of the CUR S3 bucket
nops_sharesave_mgt_role_arn The ARN of the Sharesave Management role
nops_sharesave_payer_role_arn The ARN of the Sharesave Payer role
nops_sharesave_ri_role_arn The ARN of the Sharesave RI role

About

Terraform module for commitment management integration with AWS using the nOps platform

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 4

v1.0.3 Latest
Dec 16, 2024
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages