Feature request: AWS Organizations support #12337
Comments
|
This requires #12325 to be merged |
|
#12325 is merged now :) |
|
@stack72 wouldn't this be a resource "aws_organization" "org" {
feature_set = "ALL"
}
data "aws_organizational_unit" "devs" {
parent = "${aws_organization.org.root}"
}
data "aws_organizational_unit" "gophers" {
parent = "${aws_organizational_unit.devs.id}"
}
resource "aws_organization_account" "mrg" {
name = "MrGossett"
email = "[email protected]"
}
resource "aws_organizational_unit_attachment" "oua" {
account = "${aws_organization_account.mrg.id}"
parent = "${aws_organizational_unit.gophers.id}"
}And that involves a number of new resources. |
|
Is the vendoring working OK? I must be missing something, yeah? EDIT: I should probably have linked to the vendored ref instead of master: https://github.com/aws/aws-sdk-go/tree/v1.8.10/service/organizations Ping @stack72 EDIT 2: I think I corrected my misunderstanding of how |
|
I'm working on a PR for Anyone have any thoughts on how to best handle this? |
|
Accounts created by AWS Organizations can only be deleted by a manual process. I think deleting the Terraform resource should be a no-op. In case anyone's interested, here's the manual process to delete an account created from AWS Organizations:
|
|
@MrGossett Thanks for the feedback! My delete function currently just returns Do you think that adding a blurb to the documentation page about the lack of delete is good enough? I was considering having the delete function print a warning too. |
|
IMHO, both the blurb and the warning would be useful. The |
|
After a quick read through the LeaveOrganization API docs and related RemoveAccountFromOrganization API docs, those actions basically only work if the account was not created from AWS Organizations. They work if it was a pre-existing account that was invited into the Organization. |
|
Yeah, I did mean |
|
@MrGossett I included the steps you provided to delete a member account for the |
|
Bump. Comments are closed on the PR for AWS Organizations, and that PR was assigned to an empty milestone. I want to make sure this doesn't get forgotten, this is a much needed feature. Any idea of when this'll get fixed and merged? |
|
@AndrewFarley I would bet it's going to be a while because, as you noted, it's been added to an empty milestone that's quite a few versions from the current release. It's also been almost a year since the original PR was filed. Not sure what to tell you to do. You could try merging my branch into a fork of the new repo and build it yourself. You could click all the emojis you see in the issue and the PR and hope that means something. Failing those things, patience might be the only way forward. Good luck! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
AWS Organizations has gone GA and it would be very helpful to manage it with Terraform. Among other things, Organizations provides management of multiple accounts and lets you apply Service Control Policies (similar to IAM policies) to those accounts from outside of their administrative namespace.
https://aws.amazon.com/documentation/organizations/
The text was updated successfully, but these errors were encountered: