Skip to content
/ aft-alternate-contacts Public

Sample customization to update AWS alternate contacts via AFT

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wellsiau-aws/aft-alternate-contacts

BranchesTags

Repository files navigation

aft-alternate-contacts

Description

This Terraform module implements state machine to update AWS account alternate contacts based on custom_fields parameter from aft-account-requests module. For implementation guidance, refer to the AWS Control Tower workshop for AFT.

Sample usage

Sample of custom_fields implementation for aft-alternate-contacts:

module "vending_account_1" {
  source = "./modules/aft-account-request"
  ...
  custom_fields = {
    alternate_contact = jsonencode(
      {
        "billing"= {
          "email-address" = "billing@mycompany.com",
          "name"          = "Account Receiveable",
          "phone-number"  = "+11234567890",
          "title"         = "Billing Department"
        },
        "operations"= {
          "email-address" = "ops@mycompany.com",
          "name"          = "Operations 24/7",
          "phone-number"  = "+11234567890",
          "title"         = "DevOps Team"
        },
        "security"= {
          "email-address" = "soc@mycompany.com",
          "name"          = "Security Ops Center",
          "phone-number"  = "+11234567890",
          "title"         = "SOC Team"
        }
      }
    )
    another_custom_field1 = "a"
    another_custom_field1 = "b"
  }
  ...
}

Overview

Diagram below depicts the invocation of aft-alternate-contacts as part of aft-account-provisioning-customizations. alternate contact state machine overview

The aft-alternate-contacts state machine consist of three separate Lambda functions that extracts the custom fields, validate the contacts information using regex and then updates the alternate contact in the target account. alternate contact state machine workflow

Requirements

This module requires Account Factory for Terraform (AFT) and must be deployed as part of account provisioning customization.

Name Version
terraform >= 0.15.0
aws >= 3.15

Providers

Name Version
archive n/a
aws n/a

Resources

Name Type
aws_cloudwatch_log_group.aft_alternate_contacts_add_lambda_log resource
aws_cloudwatch_log_group.aft_alternate_contacts_extract_lambda_log resource
aws_cloudwatch_log_group.aft_alternate_contacts_validate_lambda_log resource
aws_iam_role.aft_alternate_contacts_add_lambda_role resource
aws_iam_role.aft_alternate_contacts_extract_lambda_role resource
aws_iam_role.aft_alternate_contacts_state_role resource
aws_iam_role.aft_alternate_contacts_validate_lambda_role resource
aws_iam_role_policy.aft_alternate_contacts_add_lambda_role_policy resource
aws_iam_role_policy.aft_alternate_contacts_state_role_policy resource
aws_iam_role_policy_attachment.aft_alternate_contacts_add_lambda_role_policy_attachment resource
aws_iam_role_policy_attachment.aft_alternate_contacts_extract_lambda_role_policy_attachment resource
aws_iam_role_policy_attachment.aft_alternate_contacts_validate_lambda_role_policy_attachment resource
aws_lambda_function.aft_alternate_contacts_add_lambda resource
aws_lambda_function.aft_alternate_contacts_extract_lambda resource
aws_lambda_function.aft_alternate_contacts_validate_lambda resource
aws_sfn_state_machine.aft_alternate_contacts_state resource
archive_file.aft_alternate_contacts_add data source
archive_file.aft_alternate_contacts_extract data source
archive_file.aft_alternate_contacts_validate data source
aws_caller_identity.aft_management_id data source
aws_dynamodb_table.aft_request_metadata_table data source
aws_iam_policy.AWSLambdaBasicExecutionRole data source
aws_region.aft_management_region data source
aws_ssm_parameter.aft_request_metadata_table_name data source

Inputs

Name Description Type Default Required
aws_ct_mgt_account_id Control Tower Management Account Id string n/a yes
aws_ct_mgt_org_id Control Tower Organization Id string n/a yes
cloudwatch_log_group_retention Lambda CloudWatch log group retention period string "0" no

Outputs

Name Description
aft_alternate_contacts_add_lambda_arn aft-alternate-contacts-add Lambda ARN
aft_alternate_contacts_extract_lambda_arn aft-alternate-contacts-extract Lambda ARN
aft_alternate_contacts_state_machine_arn State machine ARN
aft_alternate_contacts_validate_lambda_arn aft-alternate-contacts-validate Lambda ARN

About

Sample customization to update AWS alternate contacts via AFT

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages