Release: 1.3.3

.gitignore

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 ### Linux ###

VERSION

@@ -1 +1 @@
-1.3.2
+1.3.3

data.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 data "local_file" "version" {

examples/bitbucket+tf_enterprise/main.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 module "aft" {

examples/codecommit+tf_oss/main.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 module "aft" {

examples/github+tf_oss/main.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 module "aft" {

examples/githubenterprise+tf_cloud/main.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 module "aft" {

examples/multiple-account-customizations/account-customization-dev/api_helpers/post-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Post-API Helpers"

examples/multiple-account-customizations/account-customization-dev/api_helpers/pre-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Pre-API Helpers"

examples/multiple-account-customizations/account-customization-dev/terraform/aft-providers.jinja

@@ -0,0 +1,14 @@
+## Auto generated providers.tf ##
+## Updated on: {{ timestamp }} ##
+
+provider "aws" {
+  region = "{{ provider_region }}"
+  assume_role {
+    role_arn    = "{{ target_admin_role_arn }}"
+  }
+  default_tags {
+    tags = {
+      managed_by                  = "AFT"
+    }
+  }
+}

examples/multiple-account-customizations/account-customization-dev/terraform/backend.jinja

@@ -0,0 +1,26 @@
+## Auto generated backend.tf ##
+## Updated on: {{ timestamp }} ##
+
+{% if tf_distribution_type == "oss" -%}
+terraform {
+  required_version = ">= 0.15.1"
+  backend "s3" {
+    region         = "{{ region }}"
+    bucket         = "{{ bucket }}"
+    key            = "{{ key }}"
+    dynamodb_table = "{{ dynamodb_table }}"
+    encrypt        = "true"
+    kms_key_id     = "{{ kms_key_id }}"
+    role_arn       = "{{ aft_admin_role_arn }}"
+  }
+}
+{% else -%}
+terraform {
+    backend "remote" {
+        organization = "{{ terraform_org_name }}"
+        workspaces {
+        name = "{{ terraform_workspace_name }}"
+        }
+    }
+}
+{% endif %}

examples/multiple-account-customizations/account-customization-dev/terraform/main.tf

@@ -0,0 +1,16 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+module "developer_customizations" {
+  source = "../../modules/development"
+  providers = {
+    aws = aws
+  }
+}
+
+module "security_customizations" {
+  source = "../../modules/security"
+  providers = {
+    aws = aws
+  }
+}

examples/multiple-account-customizations/account-customization-prod/api_helpers/post-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Post-API Helpers"

examples/multiple-account-customizations/account-customization-prod/api_helpers/pre-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Pre-API Helpers"

examples/multiple-account-customizations/account-customization-prod/terraform/aft-providers.jinja

@@ -0,0 +1,14 @@
+## Auto generated providers.tf ##
+## Updated on: {{ timestamp }} ##
+
+provider "aws" {
+  region = "{{ provider_region }}"
+  assume_role {
+    role_arn    = "{{ target_admin_role_arn }}"
+  }
+  default_tags {
+    tags = {
+      managed_by                  = "AFT"
+    }
+  }
+}

examples/multiple-account-customizations/account-customization-prod/terraform/backend.jinja

@@ -0,0 +1,26 @@
+## Auto generated backend.tf ##
+## Updated on: {{ timestamp }} ##
+
+{% if tf_distribution_type == "oss" -%}
+terraform {
+  required_version = ">= 0.15.1"
+  backend "s3" {
+    region         = "{{ region }}"
+    bucket         = "{{ bucket }}"
+    key            = "{{ key }}"
+    dynamodb_table = "{{ dynamodb_table }}"
+    encrypt        = "true"
+    kms_key_id     = "{{ kms_key_id }}"
+    role_arn       = "{{ aft_admin_role_arn }}"
+  }
+}
+{% else -%}
+terraform {
+    backend "remote" {
+        organization = "{{ terraform_org_name }}"
+        workspaces {
+        name = "{{ terraform_workspace_name }}"
+        }
+    }
+}
+{% endif %}

examples/multiple-account-customizations/account-customization-prod/terraform/main.tf

@@ -0,0 +1,16 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+module "prod_customizations" {
+  source = "../../modules/production"
+  providers = {
+    aws = aws
+  }
+}
+
+module "security_customizations" {
+  source = "../../modules/security"
+  providers = {
+    aws = aws
+  }
+}

examples/multiple-account-customizations/modules/development/main.tf

@@ -0,0 +1,9 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+resource "aws_ssm_parameter" "example_parameter_dev" {
+  name  = "/aft/example/parameter_dev"
+  type  = "String"
+  value = "developer customizations"
+}

examples/multiple-account-customizations/modules/production/main.tf

@@ -0,0 +1,8 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+resource "aws_ssm_parameter" "example_parameter_prod" {
+  name  = "/aft/example/parameter_prod"
+  type  = "String"
+  value = "Production customizations"
+}

examples/multiple-account-customizations/modules/security/main.tf

@@ -0,0 +1,8 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+resource "aws_ssm_parameter" "example_parameter_security" {
+  name  = "/aft/example/parameter_security"
+  type  = "String"
+  value = "Security customizations"
+}

examples/multiple-regions-customization/multiple-regions/api_helpers/post-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Post-API Helpers"

examples/multiple-regions-customization/multiple-regions/api_helpers/pre-api-helpers.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+echo "Executing Pre-API Helpers"

examples/multiple-regions-customization/multiple-regions/main.tf

@@ -0,0 +1,21 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+resource "aws_ssm_parameter" "param-us-east-2" {
+  name  = "/aft/example/region"
+  type  = "String"
+  value = "us-east-2"
+
+  # Declare the custom provider using the alias
+  provider = aws.us_east_2
+}
+
+resource "aws_ssm_parameter" "param-us-west-1" {
+  name  = "/aft/example/region"
+  type  = "String"
+  value = "us-west-1"
+
+  # Declare the custom provider using the alias
+  provider = aws.us_west_1
+}

examples/multiple-regions-customization/multiple-regions/terraform/aft-providers.jinja

@@ -0,0 +1,42 @@
+## Auto generated providers.tf ##
+## Updated on: {{ timestamp }} ##
+
+provider "aws" {
+  region = "{{ provider_region }}"
+  assume_role {
+    role_arn    = "{{ target_admin_role_arn }}"
+  }
+  default_tags {
+    tags = {
+      managed_by                  = "AFT"
+    }
+  }
+}
+
+# Custom provider for 'us-east-2' region
+provider "aws" {
+  alias  = "us_east_2"
+  region = "us-east-2"
+  assume_role {
+    role_arn    = "{{ target_admin_role_arn }}"
+  }
+  default_tags {
+    tags = {
+      managed_by                  = "AFT"
+    }
+  }
+}
+
+# Custom provider for 'us-west-1' region
+provider "aws" {
+  alias  = "us_west_1"
+  region = "us-west-1"
+  assume_role {
+    role_arn    = "{{ target_admin_role_arn }}"
+  }
+  default_tags {
+    tags = {
+      managed_by                  = "AFT"
+    }
+  }
+}

examples/multiple-regions-customization/multiple-regions/terraform/backend.jinja

@@ -0,0 +1,26 @@
+## Auto generated backend.tf ##
+## Updated on: {{ timestamp }} ##
+
+{% if tf_distribution_type == "oss" -%}
+terraform {
+  required_version = ">= 0.15.1"
+  backend "s3" {
+    region         = "{{ region }}"
+    bucket         = "{{ bucket }}"
+    key            = "{{ key }}"
+    dynamodb_table = "{{ dynamodb_table }}"
+    encrypt        = "true"
+    kms_key_id     = "{{ kms_key_id }}"
+    role_arn       = "{{ aft_admin_role_arn }}"
+  }
+}
+{% else -%}
+terraform {
+    backend "remote" {
+        organization = "{{ terraform_org_name }}"
+        workspaces {
+        name = "{{ terraform_workspace_name }}"
+        }
+    }
+}
+{% endif %}

locals.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 locals {

main.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 module "packaging" {

modules/aft-account-provisioning-framework/data.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 data "aws_region" "aft_management" {}

modules/aft-account-provisioning-framework/iam.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 ######### invoke_aft_account_provisioning_framework #########

modules/aft-account-provisioning-framework/lambda.tf

@@ -1,4 +1,4 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# Copyright Amazon.com, Inc. or its affiliates. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 #
 ### VALIDATE REQUEST FUNCTION
@@ -10,6 +10,7 @@ resource "aws_lambda_function" "validate_request" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_validate_request.arn
   handler          = "aft_account_provisioning_framework_validate_request.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -35,6 +36,7 @@ resource "aws_lambda_function" "get_account_info" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_get_account_info.arn
   handler          = "aft_account_provisioning_framework_get_account_info.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -59,6 +61,7 @@ resource "aws_lambda_function" "create_role" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_create_role.arn
   handler          = "aft_account_provisioning_framework_create_role.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -84,6 +87,7 @@ resource "aws_lambda_function" "tag_account" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_tag_account.arn
   handler          = "aft_account_provisioning_framework_tag_account.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -108,6 +112,7 @@ resource "aws_lambda_function" "persist_metadata" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_persist_metadata.arn
   handler          = "aft_account_provisioning_framework_persist_metadata.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -134,6 +139,7 @@ resource "aws_lambda_function" "account_metadata_ssm" {
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_persist_metadata.arn
   handler          = "aft_account_provisioning_framework_account_metadata_ssm.lambda_handler"
   source_code_hash = var.provisioning_framework_archive_hash
+  memory_size      = 1024
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]