Merge branch 'main' of github.com:aws-samples/aws-cudos-framework-deployment

Author: iakov-gan

README.md

@@ -26,7 +26,7 @@ Cloud Intelligence Dashboards Framework provides AWS customers with [more then 2
 * Advanced Dashboards - Require CID Data Collection and CUR
 * Additional Dashboards - Require various custom datasources or created for very specific use cases.
 
-We recommend starting with deployment of [Foundational Dashboards](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboard-foundational.html). Then deploy [Data Collection](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/data-collection.html) and [Advanced Dashboards](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboards.html#advanced-dashboards). Check for [Additional](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboards.html#additional-dashboards) Dashboards.
+We recommend starting with deployment of [Foundational Dashboards](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboard-foundational.html). Then deploy [Data Collection](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/data-collection.html) and [Advanced Dashboards](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboards.html#advanced-dashboards). Check for [Additional](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/dashboards.html#additional) Dashboards.
 
 
 [![Documentation >](assets/images/documentation.svg)](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/deployment-in-global-regions.html)
@@ -156,4 +156,4 @@ See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more inform
 This library is licensed under the MIT-0 License. See the [LICENSE](LICENSE) file.
 
 ## Notices
-Dashboards and their content: (a) are for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS content, products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.
+Dashboards and their content: (a) are for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS content, products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

dashboards/cudos/CUDOS-v5-definition.yaml

@@ -61269,7 +61269,7 @@ Sheets:
             \ in same AZ</u>\n        </a>\n      </inline>\n      <inline font-size=\"\
             19.2px\">.</inline>\n    </li>\n    <li>\n      <inline font-size=\"19.2px\"\
             >Save up to 30% with\_</inline>\n      <inline background-color=\"PrimaryBackground\"\
-            \ color=\"#61d1d6\" font-size=\"19.2px\">\n        <a href=\"https://aws.amazon.com/about-aws/whats-new/2021/02/introducing-amazon-cloudfront-security-savings-bundle/\"\
+            \ color=\"#61d1d6\" font-size=\"19.2px\">\n        <a href=\"https://aws.amazon.com/cloudfront/faqs/#topic-21\"\
             \ target=\"_blank\">\n          <u>Amazon CloudFront Security Savings\
             \ Bundle</u>\n        </a>\n      </inline>\n      <inline font-size=\"\
             19.2px\">.</inline>\n    </li>\n  </ul>\n  <br/>\n  <br/>\n  <inline font-size=\"\

terraform/cicd-deployment/README.md

@@ -315,6 +315,76 @@ This is the recommended approach for testing and development environments when y
 
 </details>
 
+<details>
+<summary><b>How do I deploy resources manually to specific accounts?</b></summary>
+
+For users who need granular control over deployment or want to deploy resources manually to specific accounts, you can split the Terraform module into individual components:
+
+### Manual Deployment Steps:
+
+1. **Split the main.tf file** into separate files for each stack:
+   ```
+   data-exports-destination.tf  # For Data Collection account
+   data-exports-source.tf       # For Payer account  
+   dashboards.tf               # For Data Collection account
+   ```
+
+2. **Create separate variable files** for each component:
+   ```
+   variables-destination.tf
+   variables-source.tf
+   variables-dashboards.tf
+   ```
+
+3. **Split outputs.tf** into component-specific output files:
+   ```
+   outputs-destination.tf
+   outputs-source.tf
+   outputs-dashboards.tf
+   ```
+
+4. **Configure separate provider configurations** for each account:
+   ```hcl
+   # For Payer account deployment
+   provider "aws" {
+     region = "us-east-1"
+     # Payer account credentials
+   }
+   
+   # For Data Collection account deployment
+   provider "aws" {
+     region = "us-east-1"
+     # Data Collection account credentials
+   }
+   ```
+
+5. **Deploy in sequence**:
+   ```bash
+   # Step 1: Deploy Data Exports Destination (Data Collection account)
+   terraform init
+   terraform apply -target=aws_cloudformation_stack.cid_dataexports_destination
+   
+   # Step 2: Deploy Data Exports Source (Payer account)
+   # Switch to Payer account credentials
+   terraform apply -target=aws_cloudformation_stack.cid_dataexports_source
+   
+   # Step 3: Deploy Dashboards (Data Collection account)
+   # Switch back to Data Collection account credentials
+   terraform apply -target=aws_cloudformation_stack.cloud_intelligence_dashboards
+   ```
+
+### Important Considerations:
+
+- **Dependencies**: Ensure proper dependency order (Destination → Source → Dashboards)
+- **Cross-account references**: You'll need to manually manage cross-account resource references
+- **State management**: Consider using separate state files for each account
+- **Credentials**: Manually switch AWS credentials/profiles between deployments
+- **Complexity**: This approach requires advanced Terraform knowledge and careful coordination
+
+**Note**: Manual deployment is significantly more complex than the automated cross-account approach provided by this module. We recommend using the standard module unless you have specific requirements that necessitate manual control.
+
+</details>
+
 ## Additional Resources
 
 * [AWS Cloud Intelligence Dashboards Documentation](https://docs.aws.amazon.com/guidance/latest/cloud-intelligence-dashboards/)

terraform/cicd-deployment/providers.tf

@@ -10,8 +10,11 @@ provider "aws" {
   alias  = "destination_account"
   region = var.global_values.aws_region
 
-  assume_role {
-    role_arn = local.destination_role_arn
+  dynamic "assume_role" {
+    for_each = local.destination_role_arn != null ? [1] : []
+    content {
+      role_arn = local.destination_role_arn
+    }
   }
 
   default_tags {
@@ -23,7 +26,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = "~> 5.0"
     }
   }
   required_version = ">= 1.0.0"