From 92cc7eb98204724cbf74928b8925cb6f778354f2 Mon Sep 17 00:00:00 2001 From: Warren Uniewski Date: Thu, 3 Aug 2023 17:19:00 -0700 Subject: [PATCH 1/4] refactor for use in the overlay repo --- .github/workflows/deploy-dev-resources.yaml | 132 ------------------ .github/workflows/destroy-dev-resources.yaml | 131 ----------------- .github/workflows/plan-dev-resources.yaml | 120 ---------------- .github/workflows/terraform-docs.yaml | 20 +++ .github/workflows/terraform-fmt.yaml | 14 ++ .github/workflows/terraform-validate.yaml | 17 +++ terraform/main.tf | 18 +++ .../management-account}/.terraform.lock.hcl | 0 .../management-account}/main.tf | 8 +- .../management-account}/variables.tf | 0 .../operations-account}/.terraform.lock.hcl | 0 .../operations-account}/main.tf | 12 +- .../operations-account}/variables.tf | 2 +- terraform/variables.tf | 11 ++ terraform/versions.tf | 12 ++ 15 files changed, 95 insertions(+), 402 deletions(-) delete mode 100644 .github/workflows/deploy-dev-resources.yaml delete mode 100644 .github/workflows/destroy-dev-resources.yaml delete mode 100644 .github/workflows/plan-dev-resources.yaml create mode 100644 .github/workflows/terraform-docs.yaml create mode 100644 .github/workflows/terraform-fmt.yaml create mode 100644 .github/workflows/terraform-validate.yaml create mode 100644 terraform/main.tf rename {management-account-terraform-resources => terraform/management-account}/.terraform.lock.hcl (100%) rename {management-account-terraform-resources => terraform/management-account}/main.tf (99%) rename {management-account-terraform-resources => terraform/management-account}/variables.tf (100%) rename {operations-account-terraform-resources => terraform/operations-account}/.terraform.lock.hcl (100%) rename {operations-account-terraform-resources => terraform/operations-account}/main.tf (98%) rename {operations-account-terraform-resources => terraform/operations-account}/variables.tf (99%) create mode 100644 terraform/variables.tf create mode 100644 terraform/versions.tf diff --git a/.github/workflows/deploy-dev-resources.yaml b/.github/workflows/deploy-dev-resources.yaml deleted file mode 100644 index 86fccfb..0000000 --- a/.github/workflows/deploy-dev-resources.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -name: "Deploy Dev (LZ0) Resources" - -on: - push: - branches: [dev] - -# permission can be added at job level or workflow level -permissions: - id-token: write - contents: read # This is required for actions/checkout@v2 - -jobs: - DeployMgmtAccountResources: - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_ops_account_id: ${{ secrets.TF_VAR_OPS_ACCOUNT_ID }} - TF_VAR_mgmt_account_phase1_bucket_suffix: ${{ secrets.TF_VAR_MGMT_ACCOUNT_PHASE1_BUCKET_SUFFIX }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.MGMT_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./management-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.MGMT_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/management-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.MGMT_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./management-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./management-account-terraform-resources - terraform validate - # - - name: Terraform Plan - id: plan - run: | - cd ./management-account-terraform-resources - terraform plan - - - name: Terraform Apply - id: apply - run: | - cd ./management-account-terraform-resources - terraform apply -auto-approve - - DeployOpsAccountResources: - needs: [DeployMgmtAccountResources] - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_lz_mgmt_account_id: ${{ secrets.TF_VAR_MGMT_ACCOUNT_ID }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.OPS_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./operations-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.OPS_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/operations-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.OPS_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./operations-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./operations-account-terraform-resources - terraform validate - - - name: Terraform Plan - id: plan - run: | - cd ./operations-account-terraform-resources - terraform plan - - - name: Terraform Apply - id: apply - run: | - cd ./operations-account-terraform-resources - terraform apply -auto-approve diff --git a/.github/workflows/destroy-dev-resources.yaml b/.github/workflows/destroy-dev-resources.yaml deleted file mode 100644 index 48b1b6c..0000000 --- a/.github/workflows/destroy-dev-resources.yaml +++ /dev/null @@ -1,131 +0,0 @@ ---- -name: "Destroy Dev (LZ0) Resources" - -on: - workflow_dispatch: - -# permission can be added at job level or workflow level -permissions: - id-token: write - contents: read # This is required for actions/checkout@v2 - -jobs: - DestroyOpsAccountResources: - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_lz_mgmt_account_id: ${{ secrets.TF_VAR_MGMT_ACCOUNT_ID }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.OPS_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./operations-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.OPS_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/operations-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.OPS_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./operations-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./operations-account-terraform-resources - terraform validate - - - name: Terraform Plan - id: plan - run: | - cd ./operations-account-terraform-resources - terraform plan - # - # - name: Terraform Destroy - # id: destroy - # run: | - # cd ./operations-account-terraform-resources - # terraform destroy -auto-approve - - DestroyMgmtAccountResources: - needs: [DestroyOpsAccountResources] - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_ops_account_id: ${{ secrets.TF_VAR_OPS_ACCOUNT_ID }} - TF_VAR_mgmt_account_phase1_bucket_suffix: ${{ secrets.TF_VAR_MGMT_ACCOUNT_PHASE1_BUCKET_SUFFIX }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.MGMT_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./management-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.MGMT_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/management-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.MGMT_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./management-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./management-account-terraform-resources - terraform validate - # - - name: Terraform Plan - id: plan - run: | - cd ./management-account-terraform-resources - terraform plan - -# - name: Terraform Destroy -# id: destroy -# run: | -# cd ./management-account-terraform-resources -# terraform destroy -auto-approve diff --git a/.github/workflows/plan-dev-resources.yaml b/.github/workflows/plan-dev-resources.yaml deleted file mode 100644 index b1cb45d..0000000 --- a/.github/workflows/plan-dev-resources.yaml +++ /dev/null @@ -1,120 +0,0 @@ ---- -name: "Plan Dev (LZ0) Resources" - -on: - pull_request: - branches: [dev] - -# permission can be added at job level or workflow level -permissions: - id-token: write - contents: read # This is required for actions/checkout@v2 - -jobs: - PlanMgmtAccountResources: - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_ops_account_id: ${{ secrets.TF_VAR_OPS_ACCOUNT_ID }} - TF_VAR_mgmt_account_phase1_bucket_suffix: ${{ secrets.TF_VAR_MGMT_ACCOUNT_PHASE1_BUCKET_SUFFIX }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.MGMT_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./management-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.MGMT_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/management-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.MGMT_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./management-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./management-account-terraform-resources - terraform validate - # - - name: Terraform Plan - id: plan - run: | - cd ./management-account-terraform-resources - terraform plan - - PlanOpsAccountResources: - needs: [PlanMgmtAccountResources] - runs-on: ubuntu-latest - environment: dev - - env: - AWS_REGION: "ca-central-1" - TF_VAR_lz_mgmt_account_id: ${{ secrets.TF_VAR_MGMT_ACCOUNT_ID }} - - steps: - - name: Git clone the repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.OPS_TFRB_ROLE_TO_ASSUME }} - role-session-name: GitHubOidcBillingUtilitySession - aws-region: ${{ env.AWS_REGION }} - - # Ref for Teffaform Versions: https://releases.hashicorp.com/terraform/ - - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.11 - - - name: Terraform Init - id: init - run: | - cd ./operations-account-terraform-resources - terraform init -input=false -force-copy \ - -backend-config="bucket=${{ secrets.OPS_TFRB_S3_BUCKET_NAME }}" \ - -backend-config="key=terraform-octk-aws-sea-billing-reports/operations-account-terraform-resources.tfstate" \ - -backend-config="dynamodb_table=${{ secrets.OPS_TFRB_DYNAMODB_TABLE_NAME }}" \ - -backend-config="region=${{ env.AWS_REGION }}" - - - name: Terraform Fmt - id: fmt - run: | - cd ./operations-account-terraform-resources - terraform fmt - continue-on-error: true - - - name: Terraform Validate - id: validate - run: | - cd ./operations-account-terraform-resources - terraform validate - - - name: Terraform Plan - id: plan - run: | - cd ./operations-account-terraform-resources - terraform plan diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml new file mode 100644 index 0000000..5c854d9 --- /dev/null +++ b/.github/workflows/terraform-docs.yaml @@ -0,0 +1,20 @@ +name: Generate terraform docs +on: + pull_request: + paths: + - "terraform/**" +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.0.0 + with: + working-dir: terraform + output-file: README.md + output-method: inject + git-push: "true" diff --git a/.github/workflows/terraform-fmt.yaml b/.github/workflows/terraform-fmt.yaml new file mode 100644 index 0000000..6e7431f --- /dev/null +++ b/.github/workflows/terraform-fmt.yaml @@ -0,0 +1,14 @@ +name: terraform format check +on: + pull_request: + paths: + - "terraform/**" +jobs: + format: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + + - name: terraform fmt + run: terraform fmt -check -recursive -diff ./terraform diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml new file mode 100644 index 0000000..742367b --- /dev/null +++ b/.github/workflows/terraform-validate.yaml @@ -0,0 +1,17 @@ +name: terraform validate +on: + pull_request: + paths: + - "terraform/**" +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + + - name: terraform init + run: terraform init -input=false -backend=false + + - name: terraform validate + run: terraform validate diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..7c6e687 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,18 @@ +module "management-account" { + source = "./management-account" + ops_account_id = var.ops_account_id + mgmt_account_phase1_bucket_suffix = var.mgmt_account_phase1_bucket_suffix + + providers = { + aws = aws.master-account + } +} + +module "operations-account" { + source = "./operations-account" + lz_mgmt_account_id = var.mgmt_account_id + + providers = { + aws = aws.Operations-account + } +} diff --git a/management-account-terraform-resources/.terraform.lock.hcl b/terraform/management-account/.terraform.lock.hcl similarity index 100% rename from management-account-terraform-resources/.terraform.lock.hcl rename to terraform/management-account/.terraform.lock.hcl diff --git a/management-account-terraform-resources/main.tf b/terraform/management-account/main.tf similarity index 99% rename from management-account-terraform-resources/main.tf rename to terraform/management-account/main.tf index 8c5e30a..64b88b2 100644 --- a/management-account-terraform-resources/main.tf +++ b/terraform/management-account/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 3.70.0" + version = ">= 3.70.0" } archive = { source = "hashicorp/archive" @@ -11,12 +11,6 @@ terraform { } required_version = "~> 1.0" - - backend "s3" {} -} - -provider "aws" { - region = var.aws_region } data "aws_caller_identity" "current" {} diff --git a/management-account-terraform-resources/variables.tf b/terraform/management-account/variables.tf similarity index 100% rename from management-account-terraform-resources/variables.tf rename to terraform/management-account/variables.tf diff --git a/operations-account-terraform-resources/.terraform.lock.hcl b/terraform/operations-account/.terraform.lock.hcl similarity index 100% rename from operations-account-terraform-resources/.terraform.lock.hcl rename to terraform/operations-account/.terraform.lock.hcl diff --git a/operations-account-terraform-resources/main.tf b/terraform/operations-account/main.tf similarity index 98% rename from operations-account-terraform-resources/main.tf rename to terraform/operations-account/main.tf index 1fb0932..02eb850 100644 --- a/operations-account-terraform-resources/main.tf +++ b/terraform/operations-account/main.tf @@ -2,10 +2,6 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - // Moved from 3.48.0 to 3.70 due to runtime_platform bug file - // https://github.com/hashicorp/terraform-provider-aws/issues/22153 - // https://github.com/hashicorp/terraform-provider-aws/blob/v3.70.0/CHANGELOG.md - version = "~> 3.70.0" } archive = { source = "hashicorp/archive" @@ -14,12 +10,6 @@ terraform { } required_version = "~> 1.0" - - backend "s3" {} -} - -provider "aws" { - region = var.aws_region } data "aws_caller_identity" "current" {} @@ -110,7 +100,7 @@ resource "null_resource" "docker_build" { aws ecr get-login-password --region ${data.aws_region.current.name} | docker login \ --username AWS \ --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com - docker build -t ${local.app_name}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name} -f ../Dockerfile ../ + docker build -t ${local.app_name}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name} -f ../../Dockerfile ../../ docker tag ${local.app_name}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}:latest ${aws_ecr_repository.billing_reports_ecr.repository_url}:latest docker push ${aws_ecr_repository.billing_reports_ecr.repository_url}:latest EOT diff --git a/operations-account-terraform-resources/variables.tf b/terraform/operations-account/variables.tf similarity index 99% rename from operations-account-terraform-resources/variables.tf rename to terraform/operations-account/variables.tf index 769d998..74803c3 100644 --- a/operations-account-terraform-resources/variables.tf +++ b/terraform/operations-account/variables.tf @@ -10,4 +10,4 @@ variable "lz_mgmt_account_id" { description = "AWS Account ID for LZ Master account" type = string -} \ No newline at end of file +} diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..e10d1ce --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,11 @@ +variable "ops_account_id" { + description = "The AWS account ID for the operations account." +} + +variable "mgmt_account_id" { + description = "The AWS account ID for the management account." +} + +variable "mgmt_account_phase1_bucket_suffix" { + description = "The suffix for the phase1 bucket in the management account." +} diff --git a/terraform/versions.tf b/terraform/versions.tf new file mode 100644 index 0000000..1d8f47e --- /dev/null +++ b/terraform/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~>4.0" + configuration_aliases = [ + aws.master-account, + aws.Operations-account + ] + } + } +} From 658fed5f545b95cf1dedf9ab16cdae8be19a3939 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 4 Aug 2023 00:20:52 +0000 Subject: [PATCH 2/4] terraform-docs: automated action --- terraform/README.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 terraform/README.md diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..2a52e5d --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,34 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | ~>4.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [management-account](#module\_management-account) | ./management-account | n/a | +| [operations-account](#module\_operations-account) | ./operations-account | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [mgmt\_account\_id](#input\_mgmt\_account\_id) | The AWS account ID for the management account. | `any` | n/a | yes | +| [mgmt\_account\_phase1\_bucket\_suffix](#input\_mgmt\_account\_phase1\_bucket\_suffix) | The suffix for the phase1 bucket in the management account. | `any` | n/a | yes | +| [ops\_account\_id](#input\_ops\_account\_id) | The AWS account ID for the operations account. | `any` | n/a | yes | + +## Outputs + +No outputs. + \ No newline at end of file From 0665c230867d26598f185312e8bfea27f0ae0e51 Mon Sep 17 00:00:00 2001 From: Warren Uniewski Date: Thu, 3 Aug 2023 17:21:25 -0700 Subject: [PATCH 3/4] fix formatting --- terraform/management-account/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/management-account/variables.tf b/terraform/management-account/variables.tf index d3e00e4..c12f545 100644 --- a/terraform/management-account/variables.tf +++ b/terraform/management-account/variables.tf @@ -9,7 +9,7 @@ variable "aws_region" { variable "ops_account_id" { description = "LZ Operator AWS Account ID" - type = string + type = string default = "111519536032" } @@ -17,6 +17,6 @@ variable "ops_account_id" { variable "mgmt_account_phase1_bucket_suffix" { description = "Master account phase1 S3 bucket suffix" - type = string + type = string default = "1rzwj0x4t5b9l" } \ No newline at end of file From 6bdb1d57bb0091816c88b78f19917f3ad1cbd748 Mon Sep 17 00:00:00 2001 From: Warren Uniewski Date: Fri, 4 Aug 2023 09:43:04 -0700 Subject: [PATCH 4/4] add depends_on to opertions-account module --- terraform/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index 7c6e687..a5936f9 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -15,4 +15,6 @@ module "operations-account" { providers = { aws = aws.Operations-account } + + depends_on = [module.management-account] }