-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
provider/aws: Add resource "aws_organization_account". #14147
Conversation
This is ready for review. Looking forward to getting some feedback! |
@asedge maybe add some maintainers as reviewers to request a review. |
@willejs A good suggestion, thanks! I don't seem to be able edit the list of reviewers on the right side of the PR though. |
@mbfrahry Any ideas when this will be merged? We really need this functionality. |
Target: []string{"SUCCEEDED"}, | ||
Refresh: resourceAwsOrganizationAccountStateRefreshFunc(conn, requestId), | ||
PollInterval: 10 * time.Second, | ||
Timeout: 5 * time.Minute, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do we arrive at this value as the right timeout duration?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So for the account creation we can poll based on the status using CreateAccountStatus
. However if you chose to also create an IAM role that takes some time and honestly I had no idea how long. This was a guess. During my testing I chose to create an IAM role when creating an account, then assume that role and create some resources in the new account, but it failed because the IAM role didn't yet exist. I wasn't sure how to check if the new role was created in the new account without being able to assume that role.
Also, creating an account consumes your email address and you cannot register another account with that same email address. At one point in my testing I actually ran out of email addresses to use. I learned later, via emails with AWS support, that you can change your email address associated with the account and then reuse that email address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense :)
Hello @asedge, and thanks for working on this! As part of the the Terraform 0.10 release earlier this year, all of the Terraform providers were moved to their own repositories in the terraform-providers GitHub organization, and removed from the Terraform Core repository. Unfortunately due to the fact that new issues and pull requests are being opened constantly, it was not possible for the various provider maintainers to merge all outstanding pull requests before this split, and there is no automatic way to migrate a pull request to a new repository. As a result, this pull request can sadly no longer be applied as-is, and so I'm going to close it. If you or someone else has the time and motivation to apply the same changes to the Thanks again for working on this, and sorry it was not able to be merged before the provider repository changes. |
@apparentlymart Thanks. I have a branch with this resource but am waiting for hashicorp/terraform-provider-aws#903 which vendors in the |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Another resource to help satisfy #12337.
As for the acceptance tests, I chose to skip this test by default because it's not an easily reversible action. To run the test you would need to set an environment variable specifying the email address to be used when creating the account. This creates a member account in the organization (requires an organization) and that account can only be closed manually. This puts the account into a "Suspended" state and the email address cannot be re-used to create a new account. In speaking with the AWS support team they did mention that you can change the email address on the account before closing it in order to free the original email address.