Skip to main content
Control Tower 0.7.11Last updated in version 0.7.6

Control Tower Controls

View Source Release Notes

This is a Terraform module for managing AWS Control Tower controls.

AWS Control Tower controls apply to an entire organizational unit (OU), and the control affects every AWS account within the OU. Therefore, when users perform any action in any account in your landing zone, the action is subject to the controls that govern the OU.

For a full list of preventive, detective and proactive controls, see the AWS Control Tower controls library.

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S CONTROL-TOWER-CONTROLS MODULE
# ------------------------------------------------------------------------------------------------------

module "control_tower_controls" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-controls?ref=v0.7.11"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # Configuration of AWS Control Tower Guardrails
  controls = <list(object(
    control_names           = list(string)
    organizational_unit_ids = list(string)
  ))>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # If set to true, this module will look for the specified organizational unit
  # (OU) recursively under the root of the organization. If set to false, it
  # will only look for the OU directly under the root.
  discover_ous_recursively = false

}