sysdiglabs · ravinadhruve10 · Apr 28, 2025 · Apr 25, 2025
@@ -73,7 +73,7 @@ There are four new parameters to configure organizational deployments on the clo
 3. `include_accounts` - List of AWS Accounts to deploy the Sysdig Secure for Cloud resources in.
 4. `exclude_accounts` - List of AWS Accounts to exclude deploying the Sysdig Secure for Cloud resources in.
 
-**WARNING**: module variable `organizational_unit_ids` / `org_units` will be DEPRECATED soon going forward. Please work with Sysdig to migrate your Terraform installs to use `include_ouids` instead to achieve the same deployment outcome.
+**WARNING**: module variable `organizational_unit_ids` / `org_units` will be DEPRECATED on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs to use `include_ouids` instead to achieve the same deployment outcome.
 
 ### Stackset Instances Installation
 

@@ -62,7 +62,7 @@ No modules.
 | <a name="input_kms_key_deletion_window"></a> [kms\_key\_deletion\_window](#input\_kms\_key\_deletion\_window) | Deletion window for shared KMS key | `number` | `7` | no |
 | <a name="input_mgt_stackset"></a> [mgt\_stackset](#input\_mgt\_stackset) | (Optional) Indicates if the management stackset should be deployed | `bool` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the installation. Assigned to most child resource(s) | `string` | `"sysdig-secure-scanning"` | no |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>(Optional) List of Organization Unit IDs in which to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.<br>(Optional) List of Organization Unit IDs in which to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
 | <a name="input_regions"></a> [regions](#input\_regions) | (Optional) List of regions in which to install Agentless Scanning | `set(string)` | `[]` | no |
 | <a name="input_scanning_account_id"></a> [scanning\_account\_id](#input\_scanning\_account\_id) | The identifier of the account that will receive volume snapshots | `string` | `"878070807337"` | no |
 | <a name="input_stackset_admin_role_arn"></a> [stackset\_admin\_role\_arn](#input\_stackset\_admin\_role\_arn) | (Optional) stackset admin role to run SELF\_MANAGED stackset | `string` | `""` | no |

@@ -27,7 +27,7 @@ check "validate_org_configuration_params" {
   assert {
     condition     = length(var.org_units) == 0  # if this condition is false we throw warning
     error_message = <<-EOT
-    WARNING: TO BE DEPRECATED 'org_units': Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
+    WARNING: TO BE DEPRECATED 'org_units' on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
     EOT
   }
 
@@ -37,7 +37,7 @@ check "validate_org_configuration_params" {
     ERROR: If both org_units and include_ouids/exclude_ouids/include_accounts/exclude_accounts variables are populated,
     ONLY org_units will be considered. Please use only one of the two methods.
 
-    Note: org_units is going to be DEPRECATED soon, please work with Sysdig to migrate your Terraform installs.
+    Note: org_units is going to be DEPRECATED on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs.
     EOT
   }
 }

@@ -32,7 +32,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
+    TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, list of Organization Unit IDs to setup Agentless Scanning. By default, Agentless Scanning will be setup in all accounts within the Organization.
     This field is ignored if `is_organizational = false`
     EOF

@@ -52,7 +52,7 @@ No modules.
 |----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-------------------------------------------------------------|:--------:|
 | <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region              | `number`      | `90`                                                        |    no    |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                                    | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account) | `bool`        | `false`                                                     |    no    |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units)                                                            | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Org unit id to install cspm                                                                                                                           | `set(string)` | `[]`                                                        |    no    |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units)                                                            | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Org unit id to install cspm                                                                                                                           | `set(string)` | `[]`                                                        |    no    |
 | <a name="input_region"></a> [region](#input\_region)                                                                       | Default region for resource creation in organization mode                                                                                             | `string`      | `""`                                                        |    no    |
 | <a name="input_tags"></a> [tags](#input\_tags)                                                                             | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning                                              | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> |    no    |
 | <a name="input_timeout"></a> [timeout](#input\_timeout)                                                                    | Default timeout values for create, update, and delete operations                                                                                      | `string`      | `"30m"`                                                     |    no    |

@@ -27,7 +27,7 @@ check "validate_org_configuration_params" {
   assert {
     condition     = length(var.org_units) == 0  # if this condition is false we throw warning
     error_message = <<-EOT
-    WARNING: TO BE DEPRECATED 'org_units': Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
+    WARNING: TO BE DEPRECATED 'org_units' on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
     EOT
   }
 
@@ -37,7 +37,7 @@ check "validate_org_configuration_params" {
     ERROR: If both org_units and include_ouids/exclude_ouids/include_accounts/exclude_accounts variables are populated,
     ONLY org_units will be considered. Please use only one of the two methods.
 
-    Note: org_units is going to be DEPRECATED soon, please work with Sysdig to migrate your Terraform installs.
+    Note: org_units is going to be DEPRECATED on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs.
     EOT
   }
 }

@@ -10,7 +10,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
+    TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, org units to install cspm.
     EOF
   type        = set(string)

@@ -76,7 +76,7 @@ No modules.
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy EventBridge to an AWS Organization (Or specific OUs) | `bool` | `false` | no |
 | <a name="input_mgt_stackset"></a> [mgt\_stackset](#input\_mgt\_stackset) | (Optional) Indicates if the management stackset should be deployed | `bool` | `true` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Optional) Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sysdig-secure-events"` | no |
-| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization." | `set(string)` | `[]` | no |
+| <a name="input_org_units"></a> [org\_units](#input\_org\_units) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.<br>When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization." | `set(string)` | `[]` | no |
 | <a name="input_regions"></a> [regions](#input\_regions) | (Optional) List of regions in which to setup EventBridge. By default, current region is selected | `set(string)` | `[]` | no |
 | <a name="input_rule_state"></a> [rule\_state](#input\_rule\_state) | State of the rule. When state is ENABLED, the rule is enabled for all events except those delivered by CloudTrail. To also enable the rule for events delivered by CloudTrail, set state to ENABLED\_WITH\_ALL\_CLOUDTRAIL\_MANAGEMENT\_EVENTS. | `string` | `"ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS"` | no |
 | <a name="input_stackset_admin_role_arn"></a> [stackset\_admin\_role\_arn](#input\_stackset\_admin\_role\_arn) | (Optional) stackset admin role arn to run SELF\_MANAGED stackset | `string` | `""` | no |

@@ -27,7 +27,7 @@ check "validate_org_configuration_params" {
   assert {
     condition     = length(var.org_units) == 0  # if this condition is false we throw warning
     error_message = <<-EOT
-    WARNING: TO BE DEPRECATED 'org_units': Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
+    WARNING: TO BE DEPRECATED 'org_units' on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
     EOT
   }
 
@@ -37,7 +37,7 @@ check "validate_org_configuration_params" {
     ERROR: If both org_units and include_ouids/exclude_ouids/include_accounts/exclude_accounts variables are populated,
     ONLY org_units will be considered. Please use only one of the two methods.
 
-    Note: org_units is going to be DEPRECATED soon, please work with Sysdig to migrate your Terraform installs.
+    Note: org_units is going to be DEPRECATED on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs.
     EOT
   }
 }

@@ -6,7 +6,7 @@ variable "is_organizational" {
 
 variable "org_units" {
   description = <<-EOF
-    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
+    TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, list of Organization Unit IDs in which to setup EventBridge. By default, EventBridge will be setup in all accounts within the Organization.
     This field is ignored if `is_organizational = false`
     EOF

@@ -59,7 +59,7 @@ No modules.
 |----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-------------------------------------------------------------|:--------:|
 | <a name="input_failure_tolerance_percentage"></a> [failure\_tolerance\_percentage](#input\_failure\_tolerance\_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region                                                     | `number`      | `90`                                                        |    no    |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational)                                    | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account)                                        | `bool`        | `false`                                                     |    no    |
-| <a name="input_organizational_unit_ids"></a> [organizational\_unit\_ids](#input\_organizational\_unit\_ids)                | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded | `set(string)` | `[]`                                                        |    no    |
+| <a name="input_organizational_unit_ids"></a> [organizational\_unit\_ids](#input\_organizational\_unit\_ids)                | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.<br>Restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded | `set(string)` | `[]`                                                        |    no    |
 | <a name="input_region"></a> [region](#input\_region)                                                                       | Default region for resource creation in organization mode                                                                                                                                    | `string`      | `""`                                                        |    no    |
 | <a name="input_tags"></a> [tags](#input\_tags)                                                                             | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning                                                                                     | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> |    no    |
 | <a name="input_timeout"></a> [timeout](#input\_timeout)                                                                    | Default timeout values for create, update, and delete operations                                                                                                                             | `string`      | `"30m"`                                                     |    no    |

@@ -27,7 +27,7 @@ check "validate_org_configuration_params" {
   assert {
     condition     = length(var.organizational_unit_ids) == 0  # if this condition is false we throw warning
     error_message = <<-EOT
-    WARNING: TO BE DEPRECATED 'organizational_unit_ids': Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
+    WARNING: TO BE DEPRECATED 'organizational_unit_ids' on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs to use 'include_ouids' instead.
     EOT
   }
 
@@ -37,7 +37,7 @@ check "validate_org_configuration_params" {
     ERROR: If both organizational_unit_ids and include_ouids/exclude_ouids/include_accounts/exclude_accounts variables are populated,
     ONLY organizational_unit_ids will be considered. Please use only one of the two methods.
 
-    Note: organizational_unit_ids is going to be DEPRECATED soon, please work with Sysdig to migrate your Terraform installs.
+    Note: organizational_unit_ids is going to be DEPRECATED on 30th November, 2025. Please work with Sysdig to migrate your Terraform installs.
     EOT
   }
 }

@@ -49,7 +49,7 @@ variable "is_gov_cloud_onboarding" {
 
 variable "organizational_unit_ids" {
   description = <<-EOF
-    TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.
+    TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.
     When set, restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded.
     Default: onboard all organizational units.
     EOF

@@ -53,7 +53,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_tags"></a> [tags](#input_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>"product": "sysdig-secure-for-cloud"<br>}</pre> | no |
 | <a name="input_is_organizational"></a> [is_organizational](#input_is_organizational) | Set this field to 'true' to deploy Agentless Workload Scanning to an AWS Organization (Or specific OUs) | `bool` | `false` | no |
-| <a name="input_organizational_units_ids"></a> [organizational_units_ids](#input_org_units) | TO BE DEPRECATED: Please work with Sysdig to migrate to using `include_ouids` instead.<br>List of Organization Unit IDs in which to setup Agentless Workload Scanning. By default, Agentless Workload Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
+| <a name="input_organizational_units_ids"></a> [organizational_units_ids](#input_org_units) | TO BE DEPRECATED on 30th November, 2025: Please work with Sysdig to migrate to using `include_ouids` instead.<br>List of Organization Unit IDs in which to setup Agentless Workload Scanning. By default, Agentless Workload Scanning will be setup in all accounts within the Organization. This field is ignored if `is_organizational = false` | `set(string)` | `[]` | no |
 | <a name="input_timeout"></a> [timeout](#input_timeout) | Default timeout values for create, update, and delete operations | `string` | `"30m"` | no |
 | <a name="input_failure_tolerance_percentage"></a> [failure_tolerance_percentage](#input_failure_tolerance_percentage) | The percentage of accounts, per Region, for which stack operations can fail before AWS CloudFormation stops the operation in that Region | `number` | `90` | no |
 | <a name="input_lambda_scanning_enabled"></a> [lambda_scanning_enabled](#input_lambda_scanning_enabled) | Set this field to 'true' to deploy Agentless Workload Scanning for Lambda functions | `bool` | `false` | no |