feat: adding the ability to specify additional payer accounts (#58)

appvia · Sep 16, 2024 · 6117430 · 6117430
1 parent c4ccb28
commit 6117430
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 30 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -2,3 +2,5 @@ AVD-AWS-0089
 AVD-AWS-0090 # https://avd.aquasec.com/misconfig/avd-aws-0090
 AVD-AWS-0132 # https://avd.aquasec.com/misconfig/avd-aws-0132
 AVD-AWS-0057 # https://avd.aquasec.com/misconfig/avd-aws-0057
+AVD-AWS-0066 # https://avd.aquasec.com/misconfig/avd-aws-0066
+
diff --git a/Makefile b/Makefile
@@ -31,9 +31,9 @@ all:
 examples: 
 	@echo "--> Running examples"
 	$(MAKE) documentation
+	$(MAKE) validate-examples 
 	$(MAKE) lint-examples
 	$(MAKE) security-examples
-	$(MAKE) validate-examples 
 
 documentation: 
 	@echo "--> Generating documentation"

diff --git a/README.md b/README.md
@@ -123,6 +123,7 @@ The `terraform-docs` utility is used to generate this README. Follow the below s
 |------|-------------|------|---------|:--------:|
 | <a name="input_dashboards_bucket_name"></a> [dashboards\_bucket\_name](#input\_dashboards\_bucket\_name) | The name of the bucket to store the dashboards configurations | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to all resources | `map(string)` | n/a | yes |
+| <a name="input_additional_payer_accounts"></a> [additional\_payer\_accounts](#input\_additional\_payer\_accounts) | List of additional payer accounts to be included in the collectors module | `list(string)` | `[]` | no |
 | <a name="input_enable_backup_module"></a> [enable\_backup\_module](#input\_enable\_backup\_module) | Indicates if the Backup module should be enabled | `bool` | `true` | no |
 | <a name="input_enable_budgets_module"></a> [enable\_budgets\_module](#input\_enable\_budgets\_module) | Indicates if the Budget module should be enabled | `bool` | `true` | no |
 | <a name="input_enable_compute_optimizer_dashboard"></a> [enable\_compute\_optimizer\_dashboard](#input\_enable\_compute\_optimizer\_dashboard) | Indicates if the Compute Optimizer dashboard should be enabled | `bool` | `true` | no |

diff --git a/locals.tf b/locals.tf
@@ -2,6 +2,7 @@
 locals {
   ## The region where the stack is being deployed 
   region = data.aws_region.cost_analysis.name
+
   ## Is the account id for the cost analysis account 
   cost_analysis_account_id = data.aws_caller_identity.cost_analysis.account_id
   ## Is the management account id  
@@ -20,5 +21,8 @@ locals {
       }
     } if var.enable_sso
   ]...)
+
+  ## Is the payer account id used in the collection configuration 
+  payer_account_ids = distinct(sort(concat([local.management_account_id], var.additional_payer_accounts)))
 }
 
diff --git a/main.tf b/main.tf
@@ -227,7 +227,7 @@ module "collector" {
   source = "github.com/aws-samples/aws-cudos-framework-deployment//terraform-modules/cur-setup-destination?ref=0.3.9"
 
   # Source account whom will be replicating the CUR data to the collector account
-  source_account_ids = [local.management_account_id]
+  source_account_ids = local.payer_account_ids
   # Indicates if we should create CUR data in the cost analysis account
   create_cur = false
 
@@ -290,20 +290,20 @@ resource "aws_cloudformation_stack" "cudos_read_permissions" {
   template_url = format("%s/cudos/%s", local.stacks_base_url, "deploy-data-read-permissions.yaml")
 
   parameters = {
-    "AllowModuleReadInMgmt"            = "yes",
-    "DataCollectionAccountID"          = local.cost_analysis_account_id,
-    "IncludeBackupModule"              = var.enable_backup_module ? "yes" : "no",
-    "IncludeBudgetsModule"             = var.enable_budgets_module ? "yes" : "no",
-    "IncludeComputeOptimizerModule"    = var.enable_compute_optimizer_module ? "yes" : "no",
-    "IncludeCostAnomalyModule"         = var.enable_cost_anomaly_module ? "yes" : "no",
-    "IncludeECSChargebackModule"       = var.enable_ecs_chargeback_module ? "yes" : "no",
-    "IncludeHealthEventsModule"        = var.enable_health_events ? "yes" : "no"
-    "IncludeInventoryCollectorModule"  = var.enable_inventory_module ? "yes" : "no",
-    "IncludeRDSUtilizationModule"      = var.enable_rds_utilization_module ? "yes" : "no",
-    "IncludeRightsizingModule"         = var.enable_rightsizing_module ? "yes" : "no",
-    "IncludeTAModule"                  = var.enable_tao_module ? "yes" : "no",
-    "IncludeTransitGatewayModule"      = var.enable_transit_gateway_module ? "yes" : "no",
-    "OrganizationalUnitIds"            = local.organization_root_id,
+    "AllowModuleReadInMgmt"           = "yes",
+    "DataCollectionAccountID"         = local.cost_analysis_account_id,
+    "IncludeBackupModule"             = var.enable_backup_module ? "yes" : "no",
+    "IncludeBudgetsModule"            = var.enable_budgets_module ? "yes" : "no",
+    "IncludeComputeOptimizerModule"   = var.enable_compute_optimizer_module ? "yes" : "no",
+    "IncludeCostAnomalyModule"        = var.enable_cost_anomaly_module ? "yes" : "no",
+    "IncludeECSChargebackModule"      = var.enable_ecs_chargeback_module ? "yes" : "no",
+    "IncludeHealthEventsModule"       = var.enable_health_events ? "yes" : "no"
+    "IncludeInventoryCollectorModule" = var.enable_inventory_module ? "yes" : "no",
+    "IncludeRDSUtilizationModule"     = var.enable_rds_utilization_module ? "yes" : "no",
+    "IncludeRightsizingModule"        = var.enable_rightsizing_module ? "yes" : "no",
+    "IncludeTAModule"                 = var.enable_tao_module ? "yes" : "no",
+    "IncludeTransitGatewayModule"     = var.enable_transit_gateway_module ? "yes" : "no",
+    "OrganizationalUnitIds"           = local.organization_root_id,
   }
 
   depends_on = [
@@ -323,20 +323,20 @@ resource "aws_cloudformation_stack" "cudos_data_collection" {
   template_url = format("%s/cudos/%s", local.stacks_base_url, "deploy-data-collection.yaml")
 
   parameters = {
-    "IncludeBackupModule"              = var.enable_backup_module ? "yes" : "no",
-    "IncludeBudgetsModule"             = var.enable_budgets_module ? "yes" : "no",
-    "IncludeComputeOptimizerModule"    = var.enable_compute_optimizer_module ? "yes" : "no",
-    "IncludeCostAnomalyModule"         = var.enable_cost_anomaly_module ? "yes" : "no",
-    "IncludeECSChargebackModule"       = var.enable_ecs_chargeback_module ? "yes" : "no",
-    "IncludeHealthEventsModule"        = var.enable_health_events ? "yes" : "no"
-    "IncludeInventoryCollectorModule"  = var.enable_inventory_module ? "yes" : "no",
-    "IncludeLicenseManagerModule"      = var.enable_license_manager_module ? "yes" : "no",
-    "IncludeOrgDataModule"             = var.enable_org_data_module ? "yes" : "no",
-    "IncludeRDSUtilizationModule"      = var.enable_rds_utilization_module ? "yes" : "no",
-    "IncludeRightsizingModule"         = var.enable_rightsizing_module ? "yes" : "no",
-    "IncludeTAModule"                  = var.enable_tao_module ? "yes" : "no",
-    "IncludeTransitGatewayModule"      = var.enable_transit_gateway_module ? "yes" : "no",
-    "ManagementAccountID"              = local.management_account_id,
+    "IncludeBackupModule"             = var.enable_backup_module ? "yes" : "no",
+    "IncludeBudgetsModule"            = var.enable_budgets_module ? "yes" : "no",
+    "IncludeComputeOptimizerModule"   = var.enable_compute_optimizer_module ? "yes" : "no",
+    "IncludeCostAnomalyModule"        = var.enable_cost_anomaly_module ? "yes" : "no",
+    "IncludeECSChargebackModule"      = var.enable_ecs_chargeback_module ? "yes" : "no",
+    "IncludeHealthEventsModule"       = var.enable_health_events ? "yes" : "no"
+    "IncludeInventoryCollectorModule" = var.enable_inventory_module ? "yes" : "no",
+    "IncludeLicenseManagerModule"     = var.enable_license_manager_module ? "yes" : "no",
+    "IncludeOrgDataModule"            = var.enable_org_data_module ? "yes" : "no",
+    "IncludeRDSUtilizationModule"     = var.enable_rds_utilization_module ? "yes" : "no",
+    "IncludeRightsizingModule"        = var.enable_rightsizing_module ? "yes" : "no",
+    "IncludeTAModule"                 = var.enable_tao_module ? "yes" : "no",
+    "IncludeTransitGatewayModule"     = var.enable_transit_gateway_module ? "yes" : "no",
+    "ManagementAccountID"             = local.management_account_id,
   }
 
   depends_on = [

diff --git a/variables.tf b/variables.tf
@@ -4,6 +4,12 @@ variable "tags" {
   type        = map(string)
 }
 
+variable "additional_payer_accounts" {
+  description = "List of additional payer accounts to be included in the collectors module"
+  type        = list(string)
+  default     = []
+}
+
 variable "enable_quicksight_subscription" {
   description = "Enable QuickSight subscription"
   type        = bool