feat: adding the feature to deploy via accounts

Author: gambol99

README.md

@@ -29,11 +29,11 @@ This module provides a simple way to deploy a CloudFormation stack to multiple a
 | <a name="input_name"></a> [name](#input\_name) | The name of the cloudformation stack | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | The tags to apply to the cloudformation stack | `map(string)` | n/a | yes |
 | <a name="input_template"></a> [template](#input\_template) | The body of the cloudformation template to deploy | `string` | n/a | yes |
-| <a name="input_accounts"></a> [accounts](#input\_accounts) | A list of account IDs used as a target | `list(string)` | `null` | no |
+| <a name="input_accounts"></a> [accounts](#input\_accounts) | When using an account deployments, the following accounts will be included | `list(string)` | `null` | no |
 | <a name="input_call_as"></a> [call\_as](#input\_call\_as) | Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account | `string` | `"SELF"` | no |
 | <a name="input_capabilities"></a> [capabilities](#input\_capabilities) | The capabilities required to deploy the cloudformation template | `list(string)` | <pre>[<br/>  "CAPABILITY_NAMED_IAM",<br/>  "CAPABILITY_AUTO_EXPAND",<br/>  "CAPABILITY_IAM"<br/>]</pre> | no |
-| <a name="input_enable_exclude"></a> [enable\_exclude](#input\_enable\_exclude) | Indicates the accounts list will be used as an exclusion list | `bool` | `false` | no |
 | <a name="input_enabled_regions"></a> [enabled\_regions](#input\_enabled\_regions) | The regions to deploy the cloudformation stack to (if empty, deploys to current region) | `list(string)` | `null` | no |
+| <a name="input_exclude_accounts"></a> [exclude\_accounts](#input\_exclude\_accounts) | When using an organizational deployments, the following accounts will be excluded | `list(string)` | `null` | no |
 | <a name="input_failure_tolerance_count"></a> [failure\_tolerance\_count](#input\_failure\_tolerance\_count) | The number of failures that are tolerated before the stack operation is stopped | `number` | `0` | no |
 | <a name="input_max_concurrent_count"></a> [max\_concurrent\_count](#input\_max\_concurrent\_count) | The maximum number of concurrent deployments | `number` | `10` | no |
 | <a name="input_organizational_units"></a> [organizational\_units](#input\_organizational\_units) | The organizational units to deploy the stackset to | `list(string)` | `[]` | no |

locals.tf

@@ -16,6 +16,6 @@ locals {
     ]
   ])
 
-  deployments = { for x in local.organization_unit_deployments : x.key => x }
+  organizational_deployments = { for x in local.organization_unit_deployments : x.key => x }
 }
 

main.tf

@@ -33,19 +33,36 @@ resource "aws_cloudformation_stack_set" "stackset" {
 
 ## Deploy the stackset to the following organizational units
 resource "aws_cloudformation_stack_set_instance" "ou" {
-  for_each = local.deployments
+  for_each = local.organizational_deployments
 
   call_as        = var.call_as
   region         = each.value.region
   stack_set_name = aws_cloudformation_stack_set.stackset.name
 
   deployment_targets {
-    accounts                = var.accounts
-    account_filter_type     = var.accounts != null && var.enable_exclude ? "DIFFERENCE" : null
+    accounts                = var.exclude_accounts
+    account_filter_type     = var.exclude_accounts != null ? "DIFFERENCE" : null
     organizational_unit_ids = [each.value.organization_unit]
   }
 
   depends_on = [
     aws_cloudformation_stack_set.stackset,
   ]
 }
+
+## Deploy the stackset to the following accounts
+resource "aws_cloudformation_stack_set_instance" "accounts" {
+  for_each = var.accounts != null ? toset(var.accounts) : toset([])
+
+  call_as        = var.call_as
+  region         = each.value.region
+  stack_set_name = aws_cloudformation_stack_set.stackset.name
+
+  deployment_targets {
+    accounts = var.accounts
+  }
+
+  depends_on = [
+    aws_cloudformation_stack_set.stackset,
+  ]
+}

tests/module.tftest.hcl

@@ -33,11 +33,10 @@ run "exclude_accounts" {
     tags        = {}
     template    = ""
     parameters  = {}
-    accounts = [
+    exclude_accounts = [
       "123456789012",
       "123456789013"
     ]
-    enable_exclude = true
   }
 }
 

variables.tf

@@ -28,15 +28,15 @@ variable "enabled_regions" {
 }
 
 variable "accounts" {
-  description = "A list of account IDs used as a target"
+  description = "When using an account deployments, the following accounts will be included"
   type        = list(string)
   default     = null
 }
 
-variable "enable_exclude" {
-  description = "Indicates the accounts list will be used as an exclusion list"
-  type        = bool
-  default     = false
+variable "exclude_accounts" {
+  description = "When using an organizational deployments, the following accounts will be excluded"
+  type        = list(string)
+  default     = null
 }
 
 variable "description" {