[aws/accounts] do not use ssm module (#70)

* drop ssm module

* Use submodule

Author: osterman

aws/accounts/audit.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "audit" {
-  count                      = "${contains(var.accounts_enabled, "audit") == true ? 1 : 0}"
-  name                       = "audit"
-  email                      = "${format(var.account_email, "audit")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  audit_account_arn                      = "${join("", aws_organizations_account.audit.*.arn)}"
-  audit_account_id                       = "${join("", aws_organizations_account.audit.*.id)}"
-  audit_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.audit.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "audit_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "audit") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/audit/account_id"
-      value       = "${local.audit_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/audit/account_arn"
-      value       = "${local.audit_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/audit/organization_account_access_role"
-      value       = "${local.audit_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "audit" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "audit"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "audit_account_arn" {
-  value = "${local.audit_account_arn}"
+  value = "${module.audit.account_arn}"
 }
 
 output "audit_account_id" {
-  value = "${local.audit_account_id}"
+  value = "${module.audit.account_id}"
 }
 
 output "audit_organization_account_access_role" {
-  value = "${local.audit_organization_account_access_role}"
+  value = "${module.audit.organization_account_access_role}"
 }

aws/accounts/corp.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "corp" {
-  count                      = "${contains(var.accounts_enabled, "corp") == true ? 1 : 0}"
-  name                       = "corp"
-  email                      = "${format(var.account_email, "corp")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  corp_account_arn                      = "${join("", aws_organizations_account.corp.*.arn)}"
-  corp_account_id                       = "${join("", aws_organizations_account.corp.*.id)}"
-  corp_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.corp.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "corp_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "corp") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/corp/account_id"
-      value       = "${local.corp_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/corp/account_arn"
-      value       = "${local.corp_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/corp/organization_account_access_role"
-      value       = "${local.corp_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "corp" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "corp"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "corp_account_arn" {
-  value = "${local.corp_account_arn}"
+  value = "${module.corp.account_arn}"
 }
 
 output "corp_account_id" {
-  value = "${local.corp_account_id}"
+  value = "${module.corp.account_id}"
 }
 
 output "corp_organization_account_access_role" {
-  value = "${local.corp_organization_account_access_role}"
+  value = "${module.corp.organization_account_access_role}"
 }

aws/accounts/data.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "data" {
-  count                      = "${contains(var.accounts_enabled, "data") == true ? 1 : 0}"
-  name                       = "data"
-  email                      = "${format(var.account_email, "data")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  data_account_arn                      = "${join("", aws_organizations_account.data.*.arn)}"
-  data_account_id                       = "${join("", aws_organizations_account.data.*.id)}"
-  data_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.data.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "data_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "data") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/data/account_id"
-      value       = "${local.data_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/data/account_arn"
-      value       = "${local.data_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/data/organization_account_access_role"
-      value       = "${local.data_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "data" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "data"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "data_account_arn" {
-  value = "${local.data_account_arn}"
+  value = "${module.data.account_arn}"
 }
 
 output "data_account_id" {
-  value = "${local.data_account_id}"
+  value = "${module.data.account_id}"
 }
 
 output "data_organization_account_access_role" {
-  value = "${local.data_organization_account_access_role}"
+  value = "${module.data.organization_account_access_role}"
 }

aws/accounts/dev.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "dev" {
-  count                      = "${contains(var.accounts_enabled, "dev") == true ? 1 : 0}"
-  name                       = "dev"
-  email                      = "${format(var.account_email, "dev")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  dev_account_arn                      = "${join("", aws_organizations_account.dev.*.arn)}"
-  dev_account_id                       = "${join("", aws_organizations_account.dev.*.id)}"
-  dev_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.dev.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "dev_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "dev") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/dev/account_id"
-      value       = "${local.dev_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/dev/account_arn"
-      value       = "${local.dev_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/dev/organization_account_access_role"
-      value       = "${local.dev_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "dev" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "dev"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "dev_account_arn" {
-  value = "${local.dev_account_arn}"
+  value = "${module.dev.account_arn}"
 }
 
 output "dev_account_id" {
-  value = "${local.dev_account_id}"
+  value = "${module.dev.account_id}"
 }
 
 output "dev_organization_account_access_role" {
-  value = "${local.dev_organization_account_access_role}"
+  value = "${module.dev.organization_account_access_role}"
 }

aws/accounts/identity.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "identity" {
-  count                      = "${contains(var.accounts_enabled, "identity") == true ? 1 : 0}"
-  name                       = "identity"
-  email                      = "${format(var.account_email, "identity")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  identity_account_arn                      = "${join("", aws_organizations_account.identity.*.arn)}"
-  identity_account_id                       = "${join("", aws_organizations_account.identity.*.id)}"
-  identity_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.identity.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "identity_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "identity") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/identity/account_id"
-      value       = "${local.identity_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/identity/account_arn"
-      value       = "${local.identity_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/identity/organization_account_access_role"
-      value       = "${local.identity_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "identity" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "identity"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "identity_account_arn" {
-  value = "${local.identity_account_arn}"
+  value = "${module.identity.account_arn}"
 }
 
 output "identity_account_id" {
-  value = "${local.identity_account_id}"
+  value = "${module.identity.account_id}"
 }
 
 output "identity_organization_account_access_role" {
-  value = "${local.identity_organization_account_access_role}"
+  value = "${module.identity.organization_account_access_role}"
 }

aws/accounts/prod.tf

@@ -1,54 +1,21 @@
-resource "aws_organizations_account" "prod" {
-  count                      = "${contains(var.accounts_enabled, "prod") == true ? 1 : 0}"
-  name                       = "prod"
-  email                      = "${format(var.account_email, "prod")}"
-  iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
-  role_name                  = "${var.account_role_name}"
-}
-
-locals {
-  prod_account_arn                      = "${join("", aws_organizations_account.prod.*.arn)}"
-  prod_account_id                       = "${join("", aws_organizations_account.prod.*.id)}"
-  prod_organization_account_access_role = "arn:aws:iam::${join("", aws_organizations_account.prod.*.id)}:role/OrganizationAccountAccessRole"
-}
-
-module "prod_parameters" {
-  source  = "git::https://github.com/cloudposse/terraform-aws-ssm-parameter-store?ref=tags/0.1.5"
-  enabled = "${contains(var.accounts_enabled, "prod") == true ? "true" : "false"}"
-
-  parameter_write = [
-    {
-      name        = "/${var.namespace}/prod/account_id"
-      value       = "${local.prod_account_id}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ID"
-    },
-    {
-      name        = "/${var.namespace}/prod/account_arn"
-      value       = "${local.prod_account_arn}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Account ARN"
-    },
-    {
-      name        = "/${var.namespace}/prod/organization_account_access_role"
-      value       = "${local.prod_organization_account_access_role}"
-      type        = "String"
-      overwrite   = "true"
-      description = "AWS Organization Account Access Role"
-    },
-  ]
+module "prod" {
+  source                             = "stage"
+  namespace                          = "${var.namespace}"
+  stage                              = "prod"
+  accounts_enabled                   = "${var.accounts_enabled}"
+  account_email                      = "${var.account_email}"
+  account_iam_user_access_to_billing = "${var.account_iam_user_access_to_billing}"
+  account_role_name                  = "${var.account_role_name}"
 }
 
 output "prod_account_arn" {
-  value = "${local.prod_account_arn}"
+  value = "${module.prod.account_arn}"
 }
 
 output "prod_account_id" {
-  value = "${local.prod_account_id}"
+  value = "${module.prod.account_id}"
 }
 
 output "prod_organization_account_access_role" {
-  value = "${local.prod_organization_account_access_role}"
+  value = "${module.prod.organization_account_access_role}"
 }