examples configaggregator: example aggregator for delegated admin

examples/tf/configaggregator/main.tf

@@ -0,0 +1,33 @@
+resource "aws_config_configuration_aggregator" "organization" {
+  depends_on = [aws_iam_role_policy_attachment.organization]
+
+  name = "telophase-config-aggregator" # Required
+
+  organization_aggregation_source {
+    all_regions = true
+    role_arn    = aws_iam_role.organization.arn
+  }
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["config.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "organization" {
+  name               = "telophase-config-aggregator-role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+}
+
+resource "aws_iam_role_policy_attachment" "organization" {
+  role       = aws_iam_role.organization.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"
+}

examples/tf/configaggregator/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  backend "s3" {
+    bucket = "terraform-state-${telophase.account_id}"
+    key    = "configaggregator/terraform.tfstate"
+    region = "us-west-2"
+  }
+}
+
+
+provider "aws" {
+  region = "us-east-1"
+}