diff --git a/modules/aws/organizations/account/README.md b/modules/aws/organizations/account/README.md
index 8a5cc5a4..e0158658 100644
--- a/modules/aws/organizations/account/README.md
+++ b/modules/aws/organizations/account/README.md
@@ -1,7 +1,7 @@
-
+
+
[![Contributors][contributors-shield]][contributors-url]
[![Forks][forks-shield]][forks-url]
[![Stargazers][stars-shield]][stars-url]
@@ -18,7 +19,6 @@
[![MIT License][license-shield]][license-url]
[![LinkedIn][linkedin-shield]][linkedin-url]
-
@@ -41,7 +41,6 @@
-
Table of Contents
@@ -59,14 +58,14 @@
-
+
## Usage
```
module "account_prod_infrastructure" {
- source = "github.com/zachreborn/terraform-modules//modules/aws/organizations_account"
-
+ source = "github.com/zachreborn/terraform-modules//modules/aws/organizations/account"
+
name = "account_prod_infrastructure"
email = "aws_environments+account@example.com"
parent_id = var.account_parent_id
@@ -80,18 +79,19 @@ _For more examples, please refer to the [Documentation](https://github.com/zachr
+
## Requirements
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 4.0.0 |
+| Name | Version |
+| ------------------------------------------------------------------------ | -------- |
+| [terraform](#requirement_terraform) | >= 1.0.0 |
+| [aws](#requirement_aws) | >= 4.0.0 |
## Providers
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 4.0.0 |
+| Name | Version |
+| ------------------------------------------------ | -------- |
+| [aws](#provider_aws) | >= 4.0.0 |
## Modules
@@ -99,41 +99,42 @@ No modules.
## Resources
-| Name | Type |
-|------|------|
+| Name | Type |
+| -------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| [aws_organizations_account.account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_account) | resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [close\_on\_deletion](#input\_close\_on\_deletion) | (Optional) If true, a deletion event will close the account. Otherwise, it will only remove from the organization. | `bool` | `false` | no |
-| [email](#input\_email) | (Required) The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. | `string` | n/a | yes |
-| [iam\_user\_access\_to\_billing](#input\_iam\_user\_access\_to\_billing) | (Optional) If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information. | `string` | `"ALLOW"` | no |
-| [name](#input\_name) | (Required) A friendly name for the member account. | `string` | n/a | yes |
-| [parent\_id](#input\_parent\_id) | (Optional) Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection. | `string` | `null` | no |
-| [role\_name](#input\_role\_name) | (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so Terraform cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignore\_changes is used. | `string` | `"OrganizationAccountAccessRole"` | no |
-| [tags](#input\_tags) | (Optional) Key-value map of resource tags. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | `{}` | no |
+| Name | Description | Type | Default | Required |
+| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | --------------------------------- | :------: |
+| [close_on_deletion](#input_close_on_deletion) | (Optional) If true, a deletion event will close the account. Otherwise, it will only remove from the organization. | `bool` | `false` | no |
+| [email](#input_email) | (Required) The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. | `string` | n/a | yes |
+| [iam_user_access_to_billing](#input_iam_user_access_to_billing) | (Optional) If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information. | `string` | `"ALLOW"` | no |
+| [name](#input_name) | (Required) A friendly name for the member account. | `string` | n/a | yes |
+| [parent_id](#input_parent_id) | (Optional) Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection. | `string` | `null` | no |
+| [role_name](#input_role_name) | (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so Terraform cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignore_changes is used. | `string` | `"OrganizationAccountAccessRole"` | no |
+| [tags](#input_tags) | (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | `{}` | no |
## Outputs
-| Name | Description |
-|------|-------------|
-| [arn](#output\_arn) | n/a |
-| [id](#output\_id) | n/a |
-| [tags\_all](#output\_tags\_all) | n/a |
+| Name | Description |
+| ----------------------------------------------------------- | ----------- |
+| [arn](#output_arn) | n/a |
+| [id](#output_id) | n/a |
+| [tags_all](#output_tags_all) | n/a |
+
+
## License
Distributed under the MIT License. See `LICENSE.txt` for more information.
(back to top)
-
-
+
## Contact
Zachary Hill - [![LinkedIn][linkedin-shield]][linkedin-url] - zhill@zacharyhill.co
@@ -142,19 +143,18 @@ Project Link: [https://github.com/zachreborn/terraform-modules](https://github.c
(back to top)
-
-
+
## Acknowledgments
-* [Zachary Hill](https://zacharyhill.co)
-* [Jake Jones](https://github.com/jakeasarus)
+- [Zachary Hill](https://zacharyhill.co)
+- [Jake Jones](https://github.com/jakeasarus)
(back to top)
-
+
[contributors-shield]: https://img.shields.io/github/contributors/zachreborn/terraform-modules.svg?style=for-the-badge
[contributors-url]: https://github.com/zachreborn/terraform-modules/graphs/contributors
[forks-shield]: https://img.shields.io/github/forks/zachreborn/terraform-modules.svg?style=for-the-badge
@@ -169,4 +169,4 @@ Project Link: [https://github.com/zachreborn/terraform-modules](https://github.c
[linkedin-url]: https://www.linkedin.com/in/zachary-hill-5524257a/
[product-screenshot]: /images/screenshot.webp
[Terraform.io]: https://img.shields.io/badge/Terraform-7B42BC?style=for-the-badge&logo=terraform
-[Terraform-url]: https://terraform.io
\ No newline at end of file
+[Terraform-url]: https://terraform.io
diff --git a/modules/aws/organizations/organization/README.md b/modules/aws/organizations/organization/README.md
index 738b7fc3..aded73cc 100644
--- a/modules/aws/organizations/organization/README.md
+++ b/modules/aws/organizations/organization/README.md
@@ -68,7 +68,7 @@ This example creates an AWS Organization with the default settings.
```
module "organization" {
- source = "github.com/zachreborn/terraform-modules//modules/aws/organization"
+ source = "github.com/zachreborn/terraform-modules//modules/aws/organizations/organization"
aws_service_access_principals = [
"aws-artifact-account-sync.amazonaws.com",
@@ -80,27 +80,6 @@ module "organization" {
}
```
-### Delegated Admin Example
-
-This example creates and AWS Organization and delegates administrative access to another account.
-
-```
-module "organization" {
- source = "github.com/zachreborn/terraform-modules//modules/aws/organization"
-
- aws_service_access_principals = [
- "aws-artifact-account-sync.amazonaws.com",
- "backup.amazonaws.com",
- "cloudtrail.amazonaws.com",
- "sso.amazonaws.com",
- ]
- enabled_policy_types = ["TAG_POLICY"]
- delegated_administrators = {
- "123456789012" = "service-abbreviation.amazonaws.com"
- }
-}
-```
-
_For more examples, please refer to the [Documentation](https://github.com/zachreborn/terraform-modules)_
(back to top)
@@ -108,18 +87,19 @@ _For more examples, please refer to the [Documentation](https://github.com/zachr
+
## Requirements
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 4.0.0 |
+| Name | Version |
+| ------------------------------------------------------------------------ | -------- |
+| [terraform](#requirement_terraform) | >= 1.0.0 |
+| [aws](#requirement_aws) | >= 4.0.0 |
## Providers
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 4.0.0 |
+| Name | Version |
+| ------------------------------------------------ | -------- |
+| [aws](#provider_aws) | >= 4.0.0 |
## Modules
@@ -127,29 +107,30 @@ No modules.
## Resources
-| Name | Type |
-|------|------|
+| Name | Type |
+| -------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| [aws_organizations_organization.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_organization) | resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [aws\_service\_access\_principals](#input\_aws\_service\_access\_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature\_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | [
"account.amazonaws.com",
"aws-artifact-account-sync.amazonaws.com",
"backup.amazonaws.com",
"cloudtrail.amazonaws.com",
"health.amazonaws.com",
"sso.amazonaws.com"
]
| no |
-| [enabled\_policy\_types](#input\_enabled\_policy\_types) | (Optional) List of Organizations policy types to enable in the Organization Root. Organization must have feature\_set set to ALL. For additional information about valid policy types (e.g., AISERVICES\_OPT\_OUT\_POLICY, BACKUP\_POLICY, SERVICE\_CONTROL\_POLICY, and TAG\_POLICY), see the AWS Organizations API Reference. | `list(string)` | `null` | no |
-| [feature\_set](#input\_feature\_set) | (Optional) Specify 'ALL' (default) or 'CONSOLIDATED\_BILLING'. | `string` | `"ALL"` | no |
+| Name | Description | Type | Default | Required |
+| ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: |
+| [aws_service_access_principals](#input_aws_service_access_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | [
"account.amazonaws.com",
"aws-artifact-account-sync.amazonaws.com",
"backup.amazonaws.com",
"cloudtrail.amazonaws.com",
"health.amazonaws.com",
"sso.amazonaws.com"
]
| no |
+| [enabled_policy_types](#input_enabled_policy_types) | (Optional) List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference. | `list(string)` | `null` | no |
+| [feature_set](#input_feature_set) | (Optional) Specify 'ALL' (default) or 'CONSOLIDATED_BILLING'. | `string` | `"ALL"` | no |
## Outputs
-| Name | Description |
-|------|-------------|
-| [accounts](#output\_accounts) | List of organization accounts.All elements have these attributes: arn, email, id, name, status. |
-| [arn](#output\_arn) | ARN of the organization |
-| [id](#output\_id) | ID of the organization |
-| [master\_account\_arn](#output\_master\_account\_arn) | ARN of the master account |
-| [master\_account\_email](#output\_master\_account\_email) | Email address of the master account |
-| [master\_account\_id](#output\_master\_account\_id) | ID of the master account |
-| [roots](#output\_roots) | List of organization roots.All elements have these attributes: arn, id, name, policy\_types. |
+| Name | Description |
+| ----------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| [accounts](#output_accounts) | List of organization accounts.All elements have these attributes: arn, email, id, name, status. |
+| [arn](#output_arn) | ARN of the organization |
+| [id](#output_id) | ID of the organization |
+| [master_account_arn](#output_master_account_arn) | ARN of the master account |
+| [master_account_email](#output_master_account_email) | Email address of the master account |
+| [master_account_id](#output_master_account_id) | ID of the master account |
+| [roots](#output_roots) | List of organization roots.All elements have these attributes: arn, id, name, policy_types. |
+