Menu
I am trying to implement a Logic to Restrict creation of AWS Resources for a Particular AWS Profile only, so that no one can accidentally create AWS resources in a different AWS Profile.
Eg - Only if the AWS Variables are set for the below profile will the AWS Resources be created
provider "aws" {
profile = "AWS_Horizontal_Dev"
region = "us-east-1"
}
If the user set's the AWS Variables for a Different Profile accidentally, then the AWS resources should not be created.
What's the best way to achieve this logic?
484
you could add allowed_account_ids argument here as well to restrict to exact AWS account, assuming your AWS profiles map to AWS accounts:
provider "aws" {
profile = "AWS_Horizontal_Dev"
region = "us-east-1"
allowed_account_ids = ["${var.allowed_account_id}"]
}
Or you could use forbidden_account_ids to exclude the accounts not allowed:
provider "aws" {
profile = "AWS_Horizontal_Dev"
region = "us-east-1"
forbidden_account_ids = ["${var.excluded_account_id}"]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
