ghndrx/terraform-foundation
1
0
Fork 0
mirror of https://github.com/ghndrx/terraform-foundation.git synced 2026-02-10 06:45:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Terraform Foundation - AWS Landing Zone

Browse Source 
Enterprise-grade multi-tenant AWS cloud foundation.

Modules:
- GitHub OIDC for keyless CI/CD authentication
- IAM account settings and security baseline
- AWS Config Rules for compliance
- ABAC (Attribute-Based Access Control)
- SCPs (Service Control Policies)

Features:
- Multi-account architecture
- Cost optimization patterns
- Security best practices
- Comprehensive documentation

Tech: Terraform, AWS Organizations, IAM Identity Center
This commit is contained in:
Greg Hendrickson
2026-02-01 20:06:28 +00:00
commit 6136cde9bb
145 changed files with 30832 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
terraform/modules/app-account/outputs.tf Normal file
View File

@@ -0,0 +1,49 @@
################################################################################
# App Account - Outputs
################################################################################
output "account_id" {
value = aws_organizations_account.this.id
description = "AWS account ID"
}
output "account_arn" {
value = aws_organizations_account.this.arn
description = "AWS account ARN"
}
output "account_name" {
value = aws_organizations_account.this.name
description = "Account name"
}
output "account_email" {
value = aws_organizations_account.this.email
description = "Account root email"
sensitive = true
}
output "admin_role_arn" {
value = "arn:aws:iam::${aws_organizations_account.this.id}:role/${var.admin_role_name}"
description = "Admin role ARN for cross-account access"
}
output "cross_account_readonly_role_arn" {
value = var.create_cross_account_roles ? aws_iam_role.cross_account_readonly[0].arn : null
description = "Cross-account readonly role ARN"
}
output "cross_account_admin_role_arn" {
value = var.create_cross_account_roles ? aws_iam_role.cross_account_admin[0].arn : null
description = "Cross-account admin role ARN"
}
output "budget_id" {
value = var.budget_limit > 0 ? aws_budgets_budget.this[0].id : null
description = "Budget ID"
}
output "account_tags" {
value = local.account_tags
description = "Account tags"
}