New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclusive management of aws_organizations_policy_attachments #26352
Comments
Adding one limitation that we're running into:
|
If the |
@bulebuk Give the issue a 馃憤 if you want to help prioritize it! |
Not a solution for the exclusive management component of this request, but we just published a lambda terraform module that will replace one SCP with another. It has logic to handle the condition when there is a single SCP attached, as is the case with the |
Community Note
Description
I am noticing some limitations between how the AWS SCP API is implemented and the implementation of
aws_organizations_policy_attachment
...aws_organizations_policy_attachment
doesn't have any way of removing the auto-attached policy, so the limit is suddenly 4I would like to be able to:
I think both of those would be possible with a couple mechanisms:
I am not entirely sure what the "best" or most "canonical" way of getting there might be, but I was considering the "exclusive" management feature that some resources have for some attachments/rules, such as IAM Roles and Security Groups. I could see such a feature being implemented in the
aws_organizations_account
andaws_organizations_organizational_unit
resources, as a newpolicy_ids
argument, or perhaps as a new "plural" resourceaws_organizations_policy_attachments
?Happy to adjust this feature request if there is a more preferable approach!
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: