I'm looking for guidance on setting up a multi-account AWS architecture with Terraform. Specifically, I need a minimal example. To give you some background, I've got a `sandbox` account where I plan to create roles that allow for the launch of EC2 instances, and these roles will need the right assume role policy to give access to an administrative account. I've set up an S3 bucket in the admin account to host the Terraform state. My goals are: 1) Create EC2 instances in the sandbox account; 2) Store the state in the S3 bucket; 3) Define roles and permissions with minimal access; 4) Utilize workspaces for easy account switching; and 5) Maintain everything strictly in Terraform without manual console changes. Is this feasible, or am I aiming too high?
5 Answers
Have you considered using Terragrunt? It could simplify some of your use cases and help manage configurations better for the multi-account structure.
Check out AWS Organizations! You can create and manage accounts via Terraform using the `aws_organization_account` resource. Plus, if you feel adventurous, setting up AWS Identity Center could offer users a seamless login experience across accounts with SSO.
You're on the right track! Finding a specific example might be tough since creating multiple accounts is a lot of work. While it might not always be necessary, following the article's recommendations seems like a solid approach!
Are you setting this up for a business or just exploring for personal knowledge? Multi-account setups can indeed get complex, so planning is essential for a smooth workflow. If it's for a company, laying a solid foundation now is a wise move!
I personally handle this with Pulumi. It's another good option if you're looking into alternatives for managing infrastructure.
Yes, it's for a company. I know it might feel like overkill initially, but I want to build a good foundation for the future.