An efficient way to deploy Service Control Policies (SCPs) with Terraform.
This pattern defaults to SCPs for Root, Sandbox, and Workload OUs. If the pattern is not edited, it will deploy example SCPs to these OUs. This is obviously not recommended.
Using the default code and policies as a guide rail:
- Add or edit the variables in
config.auto.tfvars
andvariables.tf
. - Add or edit the module blocks in
main.tf
. - Add or edit the directories in the
policies
directory to align with your OUs.
- Drag + drop your SCP
json
templates in the correct directory inpolicies
. - Initialize the directory and apply.
... thats it. The module does the undifferentiated heavy lifting and applies it to the specified OUs.
There are a series of example SCPs available in the policies
directory. Before you edit and deploy them, ensure that you carefully consider the requirements of your organization and the impact that these controls may have.
- SCPs (AWS Organizations User Guide)
- Resource: aws_organizations_policy
- Resource: aws_organizations_policy_attachment
- Data Source: aws_organizations_organization
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.