Release: 1.3.1.build_72173

.gitignore

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ### Linux ###
 *~
 

VERSION

@@ -1 +1 @@
-1.3.0
+1.3.1.build_72173

data.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "local_file" "version" {
   filename = "${path.module}/VERSION"
 }

examples/bitbucket+tf_enterprise/main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 module "aft" {
   source = "github.com/aws-ia/terraform-aws-control_tower_account_factory"
   # Required Vars

examples/codecommit+tf_oss/main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 module "aft" {
   source = "github.com/aws-ia/terraform-aws-control_tower_account_factory"
   # Required Vars

examples/github+tf_oss/main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 module "aft" {
   source = "github.com/aws-ia/terraform-aws-control_tower_account_factory"
   # Required Vars

examples/githubenterprise+tf_cloud/main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 module "aft" {
   source = "github.com/aws-ia/terraform-aws-control_tower_account_factory"
   # Required Vars

locals.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 locals {
   aft_version                                      = chomp(trimspace(data.local_file.version.content))
   aft_account_provisioning_customizations_sfn_name = "aft-account-provisioning-customizations"

main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 module "packaging" {
   source = "./modules/aft-archives"
 }
@@ -167,6 +170,8 @@ module "aft_lambda_layer" {
   aft_vpc_private_subnets                           = module.aft_account_request_framework.aft_vpc_private_subnets
   aft_vpc_default_sg                                = module.aft_account_request_framework.aft_vpc_default_sg
   s3_bucket_name                                    = module.aft_customizations.aft_codepipeline_customizations_bucket_name
+  builder_archive_path                              = module.packaging.builder_archive_path
+  builder_archive_hash                              = module.packaging.builder_archive_hash
 }
 
 module "aft_ssm_parameters" {

modules/aft-account-provisioning-framework/data.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "aws_region" "aft_management" {}
 data "aws_caller_identity" "aft_management" {}
 data "aws_iam_policy" "AWSLambdaBasicExecutionRole" {

modules/aft-account-provisioning-framework/iam.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ######### invoke_aft_account_provisioning_framework #########
 
 # Validate Request Lambda Permissions

modules/aft-account-provisioning-framework/lambda.tf

@@ -1,4 +1,6 @@
-
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ### VALIDATE REQUEST FUNCTION
 
 resource "aws_lambda_function" "validate_request" {

modules/aft-account-provisioning-framework/locals.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 locals {
   lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn]
 }

modules/aft-account-provisioning-framework/outputs.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 output "state_machine_arn" {
   value = aws_sfn_state_machine.aft_account_provisioning_framework_sfn.arn
 }

modules/aft-account-provisioning-framework/states.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 locals {
   state_machine_source = "${path.module}/states/aft_account_provisioning_framework.asl.json"
   replacements_map = {

modules/aft-account-provisioning-framework/variables.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 variable "aft_account_provisioning_framework_sfn_name" {
   type = string
 }

modules/aft-account-provisioning-framework/versions.tf

@@ -1,10 +1,13 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 terraform {
   required_version = ">= 0.15.1"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.72"
+      version = ">= 3.72, < 4.0.0"
     }
   }
 }

modules/aft-account-request-framework/backup.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_backup_vault" "aft_controltower_backup_vault" {
   name        = "aft-controltower-backup-vault"
   kms_key_arn = aws_kms_key.aft.arn

modules/aft-account-request-framework/data.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "aws_region" "aft-management" {}
 
 data "aws_caller_identity" "aft-management" {}

modules/aft-account-request-framework/ddb.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 # Table that stores account-meta data
 resource "aws_dynamodb_table" "aft_request_metadata" {
   name           = "aft-request-metadata"

modules/aft-account-request-framework/eventbridge.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ######### Control Tower Event Bus #########
 resource "aws_cloudwatch_event_bus" "aft_from_ct_management" {
   name = "aft-events-from-ct-management"

modules/aft-account-request-framework/iam.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ######### Control Tower Events - CT Management #########
 resource "aws_iam_role" "aft_control_tower_events" {
   provider           = aws.ct_management

modules/aft-account-request-framework/kms.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_kms_key" "aft" {
   description         = "AFT KMS key"
   enable_key_rotation = "true"

modules/aft-account-request-framework/lambda.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ######## aft_account_request_audit_trigger ########
 
 resource "aws_lambda_function" "aft_account_request_audit_trigger" {
@@ -27,11 +30,12 @@ resource "time_sleep" "wait_60_seconds" {
 }
 
 resource "aws_lambda_event_source_mapping" "aft_account_request_audit_trigger" {
-  depends_on        = [time_sleep.wait_60_seconds]
-  event_source_arn  = aws_dynamodb_table.aft_request.stream_arn
-  function_name     = aws_lambda_function.aft_account_request_audit_trigger.arn
-  starting_position = "LATEST"
-  batch_size        = 1
+  depends_on             = [time_sleep.wait_60_seconds]
+  event_source_arn       = aws_dynamodb_table.aft_request.stream_arn
+  function_name          = aws_lambda_function.aft_account_request_audit_trigger.arn
+  starting_position      = "LATEST"
+  batch_size             = 1
+  maximum_retry_attempts = 1
 }
 
 resource "aws_cloudwatch_log_group" "aft_account_request_audit_trigger" {
@@ -64,10 +68,11 @@ resource "aws_lambda_function" "aft_account_request_action_trigger" {
 }
 
 resource "aws_lambda_event_source_mapping" "aft_account_request_action_trigger" {
-  event_source_arn  = aws_dynamodb_table.aft_request.stream_arn
-  function_name     = aws_lambda_function.aft_account_request_action_trigger.arn
-  starting_position = "LATEST"
-  batch_size        = 1
+  event_source_arn       = aws_dynamodb_table.aft_request.stream_arn
+  function_name          = aws_lambda_function.aft_account_request_action_trigger.arn
+  starting_position      = "LATEST"
+  batch_size             = 1
+  maximum_retry_attempts = 1
 }
 
 resource "aws_cloudwatch_log_group" "aft_account_request_action_trigger" {

modules/aft-account-request-framework/locals.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 locals {
   lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn]
 }

modules/aft-account-request-framework/outputs.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 output "sns_topic_arn" {
   description = "arn of aft notifications sns topic"
   value       = aws_sns_topic.aft_notifications.arn

modules/aft-account-request-framework/sns.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_sns_topic" "aft_notifications" {
   name              = "aft-notifications"
   kms_master_key_id = "alias/aws/sns"

modules/aft-account-request-framework/sqs.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_sqs_queue" "aft_account_request" {
   name                              = "aft-account-request.fifo"
   fifo_queue                        = true

modules/aft-account-request-framework/variables.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 variable "account_factory_product_name" {
   type = string
 }

modules/aft-account-request-framework/versions.tf

@@ -1,10 +1,13 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 terraform {
   required_version = ">= 0.15.1"
 
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = ">= 3.72"
+      version               = ">= 3.72, < 4.0.0"
       configuration_aliases = [aws.ct_management]
     }
   }

modules/aft-account-request-framework/vpc.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_vpc" "aft_vpc" {
   cidr_block           = var.aft_vpc_cidr
   enable_dns_support   = true

modules/aft-archives/data.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "archive_file" "provisioning_framework" {
   type        = "zip"
   source_dir  = "${path.module}/../../src/aft_lambda/aft_account_provisioning_framework"
@@ -20,3 +23,9 @@ data "archive_file" "feature_options" {
   source_dir  = "${path.module}/../../src/aft_lambda/aft_feature_options"
   output_path = "${path.module}/../../src/aft_lambda/aft_feature_options.zip"
 }
+
+data "archive_file" "builder" {
+  type        = "zip"
+  source_dir  = "${path.module}/../../src/aft_lambda/aft_builder"
+  output_path = "${path.module}/../../src/aft_lambda/aft_builder.zip"
+}

modules/aft-archives/outputs.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 output "provisioning_framework_archive_path" {
   value = data.archive_file.provisioning_framework.output_path
 }
@@ -29,3 +32,11 @@ output "feature_options_archive_path" {
 output "feature_options_archive_hash" {
   value = data.archive_file.feature_options.output_base64sha256
 }
+
+output "builder_archive_path" {
+  value = data.archive_file.builder.output_path
+}
+
+output "builder_archive_hash" {
+  value = data.archive_file.builder.output_base64sha256
+}

modules/aft-backend/main.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "aws_caller_identity" "current" {
   provider = aws.primary_region
 }

modules/aft-backend/outputs.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 output "bucket_id" {
   description = "The name of the primary bucket."
   value       = aws_s3_bucket.primary-backend-bucket.id

modules/aft-backend/variables.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 variable "primary_region" {
   type = string
 }

modules/aft-backend/versions.tf

@@ -1,10 +1,13 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 terraform {
   required_version = ">= 0.15.1"
 
   required_providers {
     aws = {
       source                = "hashicorp/aws"
-      version               = ">= 3.72"
+      version               = ">= 3.72, < 4.0.0"
       configuration_aliases = [aws.primary_region, aws.secondary_region]
     }
   }

modules/aft-code-repositories/buildspecs/ct-aft-account-provisioning-customizations.yml

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 version: 0.2
 
 phases:

modules/aft-code-repositories/buildspecs/ct-aft-account-request.yml

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 version: 0.2
 
 phases:

modules/aft-code-repositories/codebuild.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 data "local_file" "account_request_buildspec" {
   filename = "${path.module}/buildspecs/ct-aft-account-request.yml"
 }
@@ -18,7 +21,7 @@ resource "aws_codebuild_project" "account_request" {
   }
 
   environment {
-    compute_type                = "BUILD_GENERAL1_SMALL"
+    compute_type                = "BUILD_GENERAL1_MEDIUM"
     image                       = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
     type                        = "LINUX_CONTAINER"
     image_pull_credentials_type = "CODEBUILD"
@@ -61,7 +64,7 @@ resource "aws_codebuild_project" "account_provisioning_customizations_pipeline"
   }
 
   environment {
-    compute_type                = "BUILD_GENERAL1_SMALL"
+    compute_type                = "BUILD_GENERAL1_MEDIUM"
     image                       = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
     type                        = "LINUX_CONTAINER"
     image_pull_credentials_type = "CODEBUILD"

modules/aft-code-repositories/codecommit.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 resource "aws_codecommit_repository" "global_customizations" {
   count           = local.vcs.is_codecommit ? 1 : 0
   repository_name = var.global_customizations_repo_name

modules/aft-code-repositories/codepipeline.tf

@@ -1,3 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
 ##############################################################
 # CodeCommit - account-request
 ##############################################################