feat: seperating out the service quotas

appvia · Feb 15, 2025 · 30b7e96 · 30b7e96
1 parent 02542f2
commit 30b7e96
Show file tree

Hide file tree

Showing 12 changed files with 61 additions and 60 deletions.
diff --git a/README.md b/README.md
@@ -228,7 +228,6 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
-| <a name="provider_aws.us-east-1"></a> [aws.us-east-1](#provider\_aws.us-east-1) | >= 5.0.0 |
 
 ## Inputs
 
@@ -241,7 +240,6 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 | <a name="input_enable_policy_types"></a> [enable\_policy\_types](#input\_enable\_policy\_types) | A list of policy types to enable for the organization. | `list(string)` | <pre>[<br/>  "AISERVICES_OPT_OUT_POLICY",<br/>  "BACKUP_POLICY",<br/>  "RESOURCE_CONTROL_POLICY",<br/>  "SERVICE_CONTROL_POLICY",<br/>  "TAG_POLICY"<br/>]</pre> | no |
 | <a name="input_organization"></a> [organization](#input\_organization) | The organization with the tree of organizational units and accounts to construct. Defaults to an object with an empty list of units and accounts | <pre>object({<br/>    units = optional(list(object({<br/>      name = string,<br/>      key  = string,<br/>      units = optional(list(object({<br/>        name = string,<br/>        key  = string,<br/>        units = optional(list(object({<br/>          name = string,<br/>          key  = string,<br/>          units = optional(list(object({<br/>            name = string,<br/>            key  = string,<br/>            units = optional(list(object({<br/>              name = string,<br/>              key  = string,<br/>            })), [])<br/>          })), [])<br/>        })), [])<br/>      })), [])<br/>    })), [])<br/>  })</pre> | `{}` | no |
 | <a name="input_service_control_policies"></a> [service\_control\_policies](#input\_service\_control\_policies) | A map of service control policies (SCPs) to apply to the organization's root. | <pre>map(object({<br/>    description = string<br/>    # A description for the service control policy<br/>    content = string<br/>    # The content of the service control policy<br/>    key = optional(string)<br/>    # If we created the organizational unit, this is the key to attach the policy to<br/>    target_id = optional(string)<br/>    # If the organizational unit already exists, this is the target ID to attach the policy to<br/>  }))</pre> | `{}` | no |
-| <a name="input_service_quotas"></a> [service\_quotas](#input\_service\_quotas) | A collection of service quotas to apply to the organization. | <pre>list(object({<br/>    service_code = string<br/>    # The service code of the service quota<br/>    quota_code = string<br/>    # The quota code of the service quota<br/>    value = number<br/>    # The value of the service quota<br/>  }))</pre> | `[]` | no |
 | <a name="input_tagging_policies"></a> [tagging\_policies](#input\_tagging\_policies) | A map of tagging policies to apply to the organization's root. | <pre>map(object({<br/>    description = string<br/>    # A description for the tagging policy<br/>    content = string<br/>    # The content of the tagging policy<br/>    key = optional(string)<br/>    # If we created the organizational unit, this is the key to attach the policy to<br/>    target_id = optional(string)<br/>    # If the organizational unit already exists, this is the target ID to attach the policy to<br/>  }))</pre> | `{}` | no |
 
 ## Outputs

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -3,6 +3,9 @@
 #
 
 locals {
+  ## Account id for audit account
+  audit_account_id = "123456789012"
+
   # Iterate and loop in the the content for the policies
   service_control_policies = {
     for k, x in var.service_control_policies : k => {
@@ -46,22 +49,8 @@ module "organization" {
   tagging_policies         = local.tagging_policies
   tags                     = var.tags
 
-  service_quotas = [
-    {
-      quota_code   = "L-F678F1CE"
-      service_code = "guardduty"
-      value        = 10
-    },
-    {
-      quota_code   = "L-F678F1CE"
-      service_code = "securityhub"
-      value        = 10
-    },
-  ]
-
   providers = {
-    aws           = aws
-    aws.us-east-1 = aws.us_east_1
+    aws = aws
   }
 }
 
@@ -70,10 +59,10 @@ module "organization_eu_west_2" {
 
   enable_delegation = {
     guardduty = {
-      account_name = "Audit",
+      account_id = local.audit_account_id,
     },
     securityhub = {
-      account_name = "Audit",
+      account_id = local.audit_account_id,
     },
   }
   tags = var.tags
@@ -84,7 +73,7 @@ module "organization_us_east_1" {
 
   enable_delegation = {
     guardduty = {
-      account_name = "Audit",
+      account_id = local.audit_account_id,
     },
   }
   tags = var.tags

diff --git a/locals.tf b/locals.tf
@@ -1,13 +1,4 @@
 locals {
-  ## Build a map of the service quotas
-  service_quotas = {
-    for quota in var.service_quotas : "${quota.service_code}-${quota.quota_code}" => {
-      service_code = quota.service_code
-      quota_code   = quota.quota_code
-      value        = quota.value
-    }
-  }
-
   ## Build of a map of all the organizational units from the data lookup
   current_units = {
     for ou in data.aws_organizations_organizational_units.current.children : lower(ou.name) => ou.id

diff --git a/modules/service_quotas/README.md b/modules/service_quotas/README.md
@@ -0,0 +1,17 @@
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_service_quotas"></a> [service\_quotas](#input\_service\_quotas) | A collection of service quotas to apply to the organization. | <pre>list(object({<br/>    service_code = string<br/>    # The service code of the service quota<br/>    quota_code = string<br/>    # The quota code of the service quota<br/>    value = number<br/>    # The value of the service quota<br/>  }))</pre> | `[]` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/modules/service_quotas/locals.tf b/modules/service_quotas/locals.tf
@@ -0,0 +1,11 @@
+
+locals {
+  ## Build a map of the service quotas
+  service_quotas = {
+    for quota in var.service_quotas : "${quota.service_code}-${quota.quota_code}" => {
+      service_code = quota.service_code
+      quota_code   = quota.quota_code
+      value        = quota.value
+    }
+  }
+}
diff --git a/quotas.tf → modules/service_quotas/main.tf b/quotas.tf → modules/service_quotas/main.tf
@@ -11,6 +11,4 @@ resource "aws_servicequotas_service_quota" "service_quotas" {
   service_code = each.value.service_code
   quota_code   = each.value.quota_code
   value        = each.value.value
-
-  provider = aws.us-east-1
 }
diff --git a/modules/service_quotas/outputs.tf b/modules/service_quotas/outputs.tf
diff --git a/modules/service_quotas/terraform.tf b/modules/service_quotas/terraform.tf
@@ -0,0 +1,11 @@
+
+terraform {
+  required_version = ">= 1.0.7"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
diff --git a/modules/service_quotas/variables.tf b/modules/service_quotas/variables.tf
@@ -0,0 +1,13 @@
+
+variable "service_quotas" {
+  description = "A collection of service quotas to apply to the organization."
+  type = list(object({
+    service_code = string
+    # The service code of the service quota
+    quota_code = string
+    # The quota code of the service quota
+    value = number
+    # The value of the service quota
+  }))
+  default = []
+}
diff --git a/terraform.tf b/terraform.tf
@@ -4,9 +4,8 @@ terraform {
 
   required_providers {
     aws = {
-      source                = "hashicorp/aws"
-      version               = ">= 5.0.0"
-      configuration_aliases = [aws.us-east-1]
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
     }
   }
 }
diff --git a/tests/module.tftest.hcl b/tests/module.tftest.hcl
@@ -18,19 +18,6 @@ run "basic" {
       "tagpolicies.tag.amazonaws.com",
     ]
 
-    service_quotas = [
-      {
-        quota_code   = "L-F678F1CE"
-        service_code = "guardduty"
-        value        = 10
-      },
-      {
-        quota_code   = "L-F678F1CE"
-        service_code = "securityhub"
-        value        = 10
-      },
-    ]
-
     organization = {
       units = [
         {

diff --git a/variables.tf b/variables.tf
@@ -32,19 +32,6 @@ variable "organization" {
   default = {}
 }
 
-variable "service_quotas" {
-  description = "A collection of service quotas to apply to the organization."
-  type = list(object({
-    service_code = string
-    # The service code of the service quota
-    quota_code = string
-    # The quota code of the service quota
-    value = number
-    # The value of the service quota
-  }))
-  default = []
-}
-
 variable "enable_aws_services" {
   description = "A list of AWS services to enable for the organization."
   type        = list(string)