-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathlocals.tf
51 lines (44 loc) · 2.07 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# ------------------------------------------------------------------------------
# Retrieve the effective Account ID, User ID, and ARN in which Terraform is authorized.
# This is used to calculate the session names for assumed roles.
# ------------------------------------------------------------------------------
data "aws_caller_identity" "current" {}
# ------------------------------------------------------------------------------
# Retrieve the information for all accouts in the organization. This is used to lookup
# the Users account ID for use in the assume role policy.
# ------------------------------------------------------------------------------
data "aws_organizations_organization" "cool" {
provider = aws.organizationsreadonly
}
# ------------------------------------------------------------------------------
# Evaluate expressions for use throughout this configuration.
# ------------------------------------------------------------------------------
locals {
# Extract the user name of the current caller for use as assume role session names.
caller_user_name = split("/", data.aws_caller_identity.current.arn)[1]
# Find the DNS account by name
dns_account_id = [
for x in data.aws_organizations_organization.cool.accounts :
x.id if x.name == "DNS"
][0]
# Find the Domain Manager accounts by name
domainmanager_account_ids = [
for x in data.aws_organizations_organization.cool.accounts :
x.id if length(regexall("^Domain Manager \\((?:Staging|Production)\\)$", x.name)) > 0
]
# Find the INL accounts by name
inl_account_ids = [
for x in data.aws_organizations_organization.cool.accounts :
x.id if length(regexall("^inl\\d+ \\((?:Staging|Production)\\)$", x.name)) > 0
]
# Find the PCA accounts by name
pca_account_ids = [
for x in data.aws_organizations_organization.cool.accounts :
x.id if length(regexall("^PCA \\((?:Staging|Production)\\)$", x.name)) > 0
]
# Find the Users account by name.
users_account_id = [
for x in data.aws_organizations_organization.cool.accounts :
x.id if x.name == "Users"
][0]
}