Reviewers, please note:
The PR changes a lot of files. In particular, the providers.tf
and therefore the README.md
for nearly every
component. Therefore it will likely be easier to review this PR one commit at a time.
import_role_arn
and import_profile_name
have been removed as they are no longer needed. Current versions of
Terraform (probably beginning with v1.1.0, but maybe as late as 1.3.0, I have not found authoritative information) can
read data sources during plan and so no longer need a role to be explicitly specified while importing. Feel free to
perform your own tests to make yourself more comfortable that this is correct.
What
- Updates to allow Terraform to dynamically assume a role based on the user, to allow some users to run
terraform plan
but not terraform apply
- Deploy standard
providers.tf
to all components that need an aws
provider - Move extra provider configurations to separate file, so that
providers.tf
can remain consistent/identical among
components and thus be easily updated - Create
provider-awsutils.mixin.tf
to provide consistent, maintainable implementation
- Make
aws-sso
vendor safe - Deprecate
sso
module in favor of aws-saml
Why
- Allow users to try new code or updated configurations by running
terraform plan
without giving them permission to
make changes with Terraform - Make it easier for people directly logged into target accounts to still run Terraform
- Follow-up to , which updated
aws-teams
and aws-team-roles
, to make aws-sso
consistent - Reduce confusion by moving deprecated code to
deprecated/