You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/data-sources/landingzone.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -111,16 +111,16 @@ Optional:
111
111
-`aws_lambda_arn` (String) If provided, it is invoked after each project replication. You can use it to trigger a custom Account Vending Machine to perform several additional provisioning steps.
### Nested Schema for `spec.platform_properties.aws.aws_lambda_arn`
114
+
### Nested Schema for `spec.platform_properties.aws.aws_role_mappings`
115
115
116
116
Required:
117
117
118
118
-`platform_role` (String) The AWS platform role
119
119
-`policies` (List of String) List of policies associated with this role mapping
120
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--aws--aws_lambda_arn--project_role_ref))
120
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--aws--aws_role_mappings--project_role_ref))
### Nested Schema for `spec.platform_properties.aws.aws_role_mappings.project_role_ref`
124
124
125
125
Required:
126
126
@@ -189,16 +189,16 @@ Optional:
189
189
-`azure_function` (Attributes) Assign an Azure function to the Landing Zone configuration to trigger a small piece of code in the cloud. (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_function))
### Nested Schema for `spec.platform_properties.azurerg.azure_function`
192
+
### Nested Schema for `spec.platform_properties.azurerg.azure_rg_role_mappings`
193
193
194
194
Required:
195
195
196
196
-`azure_group_suffix` (String) The given role name will be injected into the group name via the group naming pattern configured on the platform instance.
197
197
-`azure_role_definition_ids` (List of String) Role Definitions with the given IDs will be attached to this Azure Role.
198
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_function--project_role_ref))
198
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_rg_role_mappings--project_role_ref))
### Nested Schema for `spec.platform_properties.azurerg.azure_rg_role_mappings.project_role_ref`
202
202
203
203
Required:
204
204
@@ -233,15 +233,15 @@ Optional:
233
233
-`gcp_folder_id` (String) Google Cloud Projects will be added to this Google Cloud Folder. This allows applying Organization Policies to all projects managed under this Landing Zone.
### Nested Schema for `spec.platform_properties.gcp.gcp_folder_id`
236
+
### Nested Schema for `spec.platform_properties.gcp.gcp_role_mappings`
237
237
238
238
Required:
239
239
240
240
-`platform_roles` (List of String) Can be empty. List of GCP IAM roles to assign to the meshProject role.
241
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--gcp--gcp_folder_id--project_role_ref))
241
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--gcp--gcp_role_mappings--project_role_ref))
Copy file name to clipboardExpand all lines: docs/data-sources/platform.md
+15-15Lines changed: 15 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -166,7 +166,7 @@ Read-Only:
166
166
-`workload_identity_config` (Attributes) Workload identity configuration (alternative to `service_user_config`) (see [below for nested schema](#nestedatt--spec--config--aws--replication--access_config--workload_identity_config))
### Nested Schema for `spec.config.aws.replication.access_config.workload_identity_config`
169
+
### Nested Schema for `spec.config.aws.replication.access_config.service_user_config`
170
170
171
171
Read-Only:
172
172
@@ -196,11 +196,11 @@ Read-Only:
196
196
-`sso_access_token` (String) The AWS IAM Identity Center SCIM Access Token that was generated via the Automatic provisioning config in AWS IAM Identity Center.
### Nested Schema for `spec.config.aws.replication.aws_sso.sso_access_token`
199
+
### Nested Schema for `spec.config.aws.replication.aws_sso.aws_role_mappings`
200
200
201
201
Required:
202
202
203
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--config--aws--replication--aws_sso--sso_access_token--project_role_ref))
203
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--config--aws--replication--aws_sso--aws_role_mappings--project_role_ref))
### Nested Schema for `spec.config.aws.replication.aws_sso.aws_role_mappings.project_role_ref`
215
215
216
216
Required:
217
217
@@ -292,7 +292,7 @@ Read-Only:
292
292
-`azure_role` (Attributes) The Azure role definition. (see [below for nested schema](#nestedatt--spec--config--azure--replication--azure_role_mappings--azure_role))
### Nested Schema for `spec.config.azure.replication.azure_role_mappings.azure_role`
295
+
### Nested Schema for `spec.config.azure.replication.azure_role_mappings.project_role_ref`
296
296
297
297
Required:
298
298
@@ -333,18 +333,18 @@ Read-Only:
333
333
-`subscription_owner_object_ids` (List of String) One or more principals Object IDs (e.g. user groups, SPNs) that meshStack will ensure have an 'Owner' role assignment on the managed subscriptions. This can be useful to satisfy Azure's constraint of at least one direct 'Owner' role assignment per Subscription. If you want to use a Service Principal please use the Enterprise Application Object ID. You can not use the replicator object ID here, because meshStack always removes its high privilege access after a Subscription creation.
### Nested Schema for `spec.config.azure.replication.provisioning.subscription_owner_object_ids`
336
+
### Nested Schema for `spec.config.azure.replication.provisioning.customer_agreement`
337
337
338
338
Read-Only:
339
339
340
340
-`billing_scope` (String) ID of the MCA Billing Scope used for creating subscriptions. Must follow this format: `/providers/Microsoft.Billing/billingAccounts/$accountId/billingProfiles/$profileId/invoiceSections/$sectionId`.
341
341
-`destination_entra_id` (String) Microsoft Entra ID Tenant UUID where created subscriptions should be moved. Set this to the Microsoft Entra ID Tenant hosting your landing zones.
342
342
-`source_entra_tenant` (String) Microsoft Entra ID Tenant UUID or domain name used for creating subscriptions. Set this to the Microsoft Entra ID Tenant owning the MCA Billing Scope. If source and destination Microsoft Entra ID Tenants are the same, you need to use UUID.
343
-
-`source_service_principal` (Attributes) Configure the SPN used by meshStack to create a new Subscription in your MCA billing scope. For more information on the required permissions, see the [Azure docs](https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants). (see [below for nested schema](#nestedatt--spec--config--azure--replication--provisioning--subscription_owner_object_ids--source_service_principal))
343
+
-`source_service_principal` (Attributes) Configure the SPN used by meshStack to create a new Subscription in your MCA billing scope. For more information on the required permissions, see the [Azure docs](https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants). (see [below for nested schema](#nestedatt--spec--config--azure--replication--provisioning--customer_agreement--source_service_principal))
344
344
-`subscription_creation_error_cooldown_sec` (Number) This value must be defined in seconds. It is a safety mechanism to avoid duplicate Subscription creation in case of an error on Azure's MCA API. This delay should be a bit higher than it usually takes to create subscriptions. For big installations this is somewhere between 5-15 minutes. The default of 900s should be fine for most installations.
### Nested Schema for `spec.config.gcp.replication.gcp_role_mappings.gcp_role`
509
+
### Nested Schema for `spec.config.gcp.replication.gcp_role_mappings.project_role_ref`
510
510
511
511
Required:
512
512
@@ -527,7 +527,7 @@ Read-Only:
527
527
-`service_account_workload_identity_config` (Attributes) Service account workload identity configuration (alternative to serviceAccountCredentialsConfig) (see [below for nested schema](#nestedatt--spec--config--gcp--replication--service_account_config--service_account_workload_identity_config))
Copy file name to clipboardExpand all lines: docs/resources/landingzone.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,16 +114,16 @@ Optional:
114
114
-`aws_lambda_arn` (String) If provided, it is invoked after each project replication. You can use it to trigger a custom Account Vending Machine to perform several additional provisioning steps.
### Nested Schema for `spec.platform_properties.aws.aws_lambda_arn`
117
+
### Nested Schema for `spec.platform_properties.aws.aws_role_mappings`
118
118
119
119
Required:
120
120
121
121
-`platform_role` (String) The AWS platform role
122
122
-`policies` (List of String) List of policies associated with this role mapping
123
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--aws--aws_lambda_arn--project_role_ref))
123
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--aws--aws_role_mappings--project_role_ref))
### Nested Schema for `spec.platform_properties.aws.aws_role_mappings.project_role_ref`
127
127
128
128
Required:
129
129
@@ -192,16 +192,16 @@ Optional:
192
192
-`azure_function` (Attributes) Assign an Azure function to the Landing Zone configuration to trigger a small piece of code in the cloud. (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_function))
### Nested Schema for `spec.platform_properties.azurerg.azure_function`
195
+
### Nested Schema for `spec.platform_properties.azurerg.azure_rg_role_mappings`
196
196
197
197
Required:
198
198
199
199
-`azure_group_suffix` (String) The given role name will be injected into the group name via the group naming pattern configured on the platform instance.
200
200
-`azure_role_definition_ids` (List of String) Role Definitions with the given IDs will be attached to this Azure Role.
201
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_function--project_role_ref))
201
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--azurerg--azure_rg_role_mappings--project_role_ref))
### Nested Schema for `spec.platform_properties.azurerg.azure_rg_role_mappings.project_role_ref`
205
205
206
206
Required:
207
207
@@ -236,15 +236,15 @@ Optional:
236
236
-`gcp_folder_id` (String) Google Cloud Projects will be added to this Google Cloud Folder. This allows applying Organization Policies to all projects managed under this Landing Zone.
### Nested Schema for `spec.platform_properties.gcp.gcp_folder_id`
239
+
### Nested Schema for `spec.platform_properties.gcp.gcp_role_mappings`
240
240
241
241
Required:
242
242
243
243
-`platform_roles` (List of String) Can be empty. List of GCP IAM roles to assign to the meshProject role.
244
-
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--gcp--gcp_folder_id--project_role_ref))
244
+
-`project_role_ref` (Attributes) the meshProject role (see [below for nested schema](#nestedatt--spec--platform_properties--gcp--gcp_role_mappings--project_role_ref))
0 commit comments