From 048bd33178c2c4689fe91c0840ee8b1681b0bc70 Mon Sep 17 00:00:00 2001
From: Rafal P | Raftech <rafal.pieniazek@raftech.nl>
Date: Fri, 7 Jun 2024 09:27:17 +0200
Subject: [PATCH 1/2] adds fix for default billing value for IAM

---
 .pre-commit-config.yaml       |  5 -----
 modules/accounts/README.md    | 10 ++++++++--
 modules/accounts/main.tf      |  2 +-
 modules/accounts/variables.tf |  2 +-
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e1d4c32..732471f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,8 +23,3 @@ repos:
           - "--args=--only=terraform_standard_module_structure"
           - "--args=--only=terraform_workspace_remote"
       - id: terraform_trivy
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
-    hooks:
-      - id: check-merge-conflict
-      - id: end-of-file-fixer
diff --git a/modules/accounts/README.md b/modules/accounts/README.md
index 30eff70..c623817 100644
--- a/modules/accounts/README.md
+++ b/modules/accounts/README.md
@@ -14,7 +14,7 @@ A Terraform module which configures your AWS Organization and creates AWS accoun
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.49.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5 |
 
 ## Resources
 
@@ -24,15 +24,21 @@ A Terraform module which configures your AWS Organization and creates AWS accoun
 | [aws_account_alternate_contact.operations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact) | resource |
 | [aws_account_alternate_contact.security](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_alternate_contact) | resource |
 | [aws_account_primary_contact.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_primary_contact) | resource |
+| [aws_guardduty_detector.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector) | resource |
+| [aws_guardduty_organization_admin_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_organization_admin_account) | resource |
+| [aws_inspector2_delegated_admin_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/inspector2_delegated_admin_account) | resource |
 | [aws_organizations_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_account) | resource |
 | [aws_organizations_delegated_administrator.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_delegated_administrator) | resource |
+| [aws_securityhub_organization_admin_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_organization_admin_account) | resource |
+| [aws_vpc_ipam_organization_admin_account.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam_organization_admin_account) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_accounts"></a> [accounts](#input\_accounts) | List of AWS accounts to create | <pre>map(object({<br>    email                            = string<br>    close_on_deletion                = optional(bool)<br>    iam_user_access_to_billing       = optional(bool)<br>    delegated_administrator_services = list(string)<br>    tags                             = optional(map(string))<br>    parent_id                        = optional(string)<br>  }))</pre> | n/a | yes |
+| <a name="input_accounts"></a> [accounts](#input\_accounts) | List of AWS accounts to create | <pre>map(object({<br>    email                            = string<br>    close_on_deletion                = optional(bool)<br>    iam_user_access_to_billing       = optional(string)<br>    delegated_administrator_services = list(string)<br>    tags                             = optional(map(string))<br>    parent_id                        = optional(string)<br>  }))</pre> | n/a | yes |
 | <a name="input_contacts"></a> [contacts](#input\_contacts) | Primary and alternate contacts for the accounts | <pre>object({<br>    primary_contact = object({<br>      address_line_1     = string<br>      address_line_2     = optional(string)<br>      address_line_3     = optional(string)<br>      city               = string<br>      company_name       = optional(string)<br>      country_code       = string<br>      district_or_county = optional(string)<br>      full_name          = string<br>      phone_number       = string<br>      postal_code        = string<br>      state_or_region    = optional(string)<br>      website_url        = optional(string)<br>    })<br>    operations_contact = object({<br>      name          = string<br>      title         = string<br>      email_address = string<br>      phone_number  = optional(string)<br>    })<br>    billing_contact = object({<br>      name          = string<br>      title         = string<br>      email_address = string<br>      phone_number  = optional(string)<br>    })<br>    security_contact = object({<br>      name          = string<br>      title         = string<br>      email_address = string<br>      phone_number  = optional(string)<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to the resources | `map(string)` | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/accounts/main.tf b/modules/accounts/main.tf
index 3fa768e..860376c 100644
--- a/modules/accounts/main.tf
+++ b/modules/accounts/main.tf
@@ -4,7 +4,7 @@ resource "aws_organizations_account" "default" {
   name                       = each.key
   email                      = each.value.email
   close_on_deletion          = try(each.value.close_on_deletion, null)
-  iam_user_access_to_billing = try(each.value.iam_user_access_to_billing, null)
+  iam_user_access_to_billing = each.value.iam_user_access_to_billing == null ? "ALLOW" : each.value.iam_user_access_to_billing
   tags                       = merge(each.value.tags, var.tags)
   parent_id                  = try(each.value.parent_id, null)
 }
diff --git a/modules/accounts/variables.tf b/modules/accounts/variables.tf
index b70b21e..e07187e 100644
--- a/modules/accounts/variables.tf
+++ b/modules/accounts/variables.tf
@@ -3,7 +3,7 @@ variable "accounts" {
   type = map(object({
     email                            = string
     close_on_deletion                = optional(bool)
-    iam_user_access_to_billing       = optional(bool)
+    iam_user_access_to_billing       = optional(string)
     delegated_administrator_services = list(string)
     tags                             = optional(map(string))
     parent_id                        = optional(string)

From f14eab610c54dea9021a449fb8ea0ae122f3acf6 Mon Sep 17 00:00:00 2001
From: Rafal P | Raftech <rafal.pieniazek@raftech.nl>
Date: Fri, 7 Jun 2024 09:28:03 +0200
Subject: [PATCH 2/2] use OU key instead of extra name property

---
 modules/accounts/README.md                | 2 +-
 modules/organizational-units/README.md    | 4 ++--
 modules/organizational-units/main.tf      | 2 +-
 modules/organizational-units/variables.tf | 1 -
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/modules/accounts/README.md b/modules/accounts/README.md
index c623817..a2f5b4a 100644
--- a/modules/accounts/README.md
+++ b/modules/accounts/README.md
@@ -54,4 +54,4 @@ Checkout our other :point\_right: [terraform modules](https://registry.terraform
 
 ## Copyright
 
-Copyright © 2017-2023 [Blackbird Cloud](https://www.blackbird.cloud)
\ No newline at end of file
+Copyright © 2017-2023 [Blackbird Cloud](https://www.blackbird.cloud)
diff --git a/modules/organizational-units/README.md b/modules/organizational-units/README.md
index 9203a83..f23de48 100644
--- a/modules/organizational-units/README.md
+++ b/modules/organizational-units/README.md
@@ -15,7 +15,7 @@ A Terraform module which configures your AWS Organization and creates AWS accoun
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.49.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5 |
 
 ## Resources
 
@@ -27,7 +27,7 @@ A Terraform module which configures your AWS Organization and creates AWS accoun
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_organization_units"></a> [organization\_units](#input\_organization\_units) | List of organizational units to create | <pre>map(object(<br>    {<br>      name      = string<br>      parent_id = string<br>      tags      = optional(map(string))<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_organization_units"></a> [organization\_units](#input\_organization\_units) | List of organizational units to create | <pre>map(object(<br>    {<br>      parent_id = string<br>      tags      = optional(map(string))<br>    }<br>  ))</pre> | n/a | yes |
 
 ## Outputs
 
diff --git a/modules/organizational-units/main.tf b/modules/organizational-units/main.tf
index 828f036..6c69a70 100644
--- a/modules/organizational-units/main.tf
+++ b/modules/organizational-units/main.tf
@@ -1,7 +1,7 @@
 resource "aws_organizations_organizational_unit" "default" {
   for_each = var.organization_units
 
-  name      = each.value.name
+  name      = each.key
   parent_id = each.value.parent_id
   tags      = each.value.tags
 }
diff --git a/modules/organizational-units/variables.tf b/modules/organizational-units/variables.tf
index 3d8f972..6ddbaee 100644
--- a/modules/organizational-units/variables.tf
+++ b/modules/organizational-units/variables.tf
@@ -2,7 +2,6 @@ variable "organization_units" {
   description = "List of organizational units to create"
   type = map(object(
     {
-      name      = string
       parent_id = string
       tags      = optional(map(string))
     }