New resource for Macie2 Organization Admin Account

[coderGo93]

Added a new resource, docs and tests for Macie Organization Admin Account called aws_macie2_organization_admin_account

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates #13432

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSMacie2_serial/OrganizationAdminAccount'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSMacie2_serial/OrganizationAdminAccount -timeout 180m
=== RUN   TestAccAWSMacie2_serial
=== RUN   TestAccAWSMacie2_serial/OrganizationAdminAccount
=== RUN   TestAccAWSMacie2_serial/OrganizationAdminAccount/basic
=== RUN   TestAccAWSMacie2_serial/OrganizationAdminAccount/disappears
--- PASS: TestAccAWSMacie2_serial (49.20s)
    --- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount (49.20s)
        --- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount/basic (27.50s)
        --- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount/disappears (21.70s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       49.250s

...

[gdavison]

One change to skip the tests if they're not being run in an Organization management account, otherwise looks good

[gdavison]

The Organization Admin Account tests fail if they are run in an AWS Organization member (non management) account with the error AccessDeniedException: The request failed because you must be a user of the management account for your AWS organization to perform this operation.

You can add a custom ErrorCheck function for this resource that tests for that error message, e.g.

Suggested change

	ErrorCheck: testAccErrorCheck(t, macie2.EndpointsID),
	ErrorCheck: testAccErrorCheckSkipMacie2OrganizationAdminAccount(t),

and

func testAccErrorCheckSkipMacie2OrganizationAdminAccount(t *testing.T) resource.ErrorCheckFunc {
	return testAccErrorCheckSkipMessagesContaining(t,
		"AccessDeniedException: The request failed because you must be a user of the management account for your AWS organization to perform this operation",
	)
}

[coderGo93]

Understood, thank you for the suggestion, graham 👍

[gdavison]

I missed a step in the test configuration: it needs to create an Organization

[gdavison]

One last change

[gdavison]

Because we're creating an Organization, we have to add a PreCheck that ensures we're not already in an Organization account

Suggested change

	PreCheck: func() { testAccPreCheck(t) },
	PreCheck: func() {
	testAccPreCheck(t)
	testAccOrganizationsAccountPreCheck(t)
	},

[gdavison]

Looks good 🚀

Acceptance test results in an Organization main account

--- PASS: TestAccAWSMacie2_serial (563.77s)
...
--- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount (39.88s)
--- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount/basic (21.10s)
--- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount/disappears (18.78s)

Acceptance test results in a non Organization account

--- PASS: TestAccAWSMacie2_serial (563.77s)
...
--- PASS: TestAccAWSMacie2_serial/OrganizationAdminAccount (0.74s)
--- SKIP: TestAccAWSMacie2_serial/OrganizationAdminAccount/basic (0.36s)
--- SKIP: TestAccAWSMacie2_serial/OrganizationAdminAccount/disappears (0.38s)

[ghost]

This has been released in version 3.41.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.