feat: changing the logic for the account target

Author: gambol99

README.md

@@ -29,10 +29,11 @@ This module provides a simple way to deploy a CloudFormation stack to multiple a
 | <a name="input_name"></a> [name](#input\_name) | The name of the cloudformation stack | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | The tags to apply to the cloudformation stack | `map(string)` | n/a | yes |
 | <a name="input_template"></a> [template](#input\_template) | The body of the cloudformation template to deploy | `string` | n/a | yes |
+| <a name="input_accounts"></a> [accounts](#input\_accounts) | A list of account IDs used as a target | `list(string)` | `null` | no |
 | <a name="input_call_as"></a> [call\_as](#input\_call\_as) | Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account | `string` | `"SELF"` | no |
 | <a name="input_capabilities"></a> [capabilities](#input\_capabilities) | The capabilities required to deploy the cloudformation template | `list(string)` | <pre>[<br/>  "CAPABILITY_NAMED_IAM",<br/>  "CAPABILITY_AUTO_EXPAND",<br/>  "CAPABILITY_IAM"<br/>]</pre> | no |
+| <a name="input_enable_exclude"></a> [enable\_exclude](#input\_enable\_exclude) | Indicates the accounts list will be used as an exclusion list | `bool` | `false` | no |
 | <a name="input_enabled_regions"></a> [enabled\_regions](#input\_enabled\_regions) | The regions to deploy the cloudformation stack to (if empty, deploys to current region) | `list(string)` | `null` | no |
-| <a name="input_exclude_accounts"></a> [exclude\_accounts](#input\_exclude\_accounts) | A list of account IDs to exclude from the deployment | `list(string)` | `null` | no |
 | <a name="input_failure_tolerance_count"></a> [failure\_tolerance\_count](#input\_failure\_tolerance\_count) | The number of failures that are tolerated before the stack operation is stopped | `number` | `0` | no |
 | <a name="input_max_concurrent_count"></a> [max\_concurrent\_count](#input\_max\_concurrent\_count) | The maximum number of concurrent deployments | `number` | `10` | no |
 | <a name="input_organizational_units"></a> [organizational\_units](#input\_organizational\_units) | The organizational units to deploy the stackset to | `list(string)` | `[]` | no |

main.tf

@@ -40,8 +40,8 @@ resource "aws_cloudformation_stack_set_instance" "ou" {
   stack_set_name = aws_cloudformation_stack_set.stackset.name
 
   deployment_targets {
-    accounts                = var.exclude_accounts
-    account_filter_type     = var.exclude_accounts != null ? "DIFFERENCE" : null
+    accounts                = var.accounts
+    account_filter_type     = var.accounts != null && var.enable_exclude ? "DIFFERENCE" : null
     organizational_unit_ids = [each.value.organization_unit]
   }
 

tests/module.tftest.hcl

@@ -33,10 +33,11 @@ run "exclude_accounts" {
     tags        = {}
     template    = ""
     parameters  = {}
-    exclude_accounts = [
+    accounts = [
       "123456789012",
       "123456789013"
     ]
+    enable_exclude = true
   }
 }
 

variables.tf

@@ -27,12 +27,18 @@ variable "enabled_regions" {
   default     = null
 }
 
-variable "exclude_accounts" {
-  description = "A list of account IDs to exclude from the deployment"
+variable "accounts" {
+  description = "A list of account IDs used as a target"
   type        = list(string)
   default     = null
 }
 
+variable "enable_exclude" {
+  description = "Indicates the accounts list will be used as an exclusion list"
+  type        = bool
+  default     = false
+}
+
 variable "description" {
   description = "The description of the cloudformation stack"
   type        = string