Merge pull request #4721 from ameukam/aws-workloads-accounts

k8s-ci-robot · web-flow · commit 83e060759039 · 2023-02-02T18:00:28.000-08:00
AWS: create more accounts
diff --git a/infra/aws/terraform/management-account/organization-accounts-infrastructure.tf b/infra/aws/terraform/management-account/organization-accounts-infrastructure.tf
@@ -0,0 +1,34 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+module "infra_shared_services" {
+  source = "../modules/org-account"
+
+  account_name               = "k8s-infra-shared-services"
+  email                      = "k8s-infra-aws-admins+infra-shared-services@kubernetes.io"
+  iam_user_access_to_billing = "ALLOW"
+  parent_id                  = aws_organizations_organizational_unit.infrastructure.id
+}
+
+module "infra_network" {
+  source = "../modules/org-account"
+
+  account_name               = "k8s-infra-shared-services"
+  email                      = "k8s-infra-aws-admins+infra-network@kubernetes.io"
+  iam_user_access_to_billing = "ALLOW"
+  parent_id                  = aws_organizations_organizational_unit.infrastructure.id
+}
diff --git a/infra/aws/terraform/management-account/organization-accounts-security.tf b/infra/aws/terraform/management-account/organization-accounts-security.tf
@@ -23,6 +23,15 @@ module "security_audit" {
   parent_id                  = aws_organizations_organizational_unit.security.id
 }
 
+module "security_engineering" {
+  source = "../modules/org-account"
+
+  account_name               = "k8s-infra-security-engineering"
+  email                      = "k8s-infra-aws-admins+security-engineering@kubernetes.io"
+  iam_user_access_to_billing = "ALLOW"
+  parent_id                  = aws_organizations_organizational_unit.security.id
+}
+
 module "security_incident_response" {
   source = "../modules/org-account"
 
@@ -39,12 +48,3 @@ module "security_logs" {
   iam_user_access_to_billing = "ALLOW"
   parent_id                  = aws_organizations_organizational_unit.security.id
 }
-
-module "infra_shared_services" {
-  source = "../modules/org-account"
-
-  account_name               = "k8s-infra-shared-services"
-  email                      = "k8s-infra-aws-admins+infra-shared-services@kubernetes.io"
-  iam_user_access_to_billing = "ALLOW"
-  parent_id                  = aws_organizations_organizational_unit.infrastructure.id
-}
diff --git a/infra/aws/terraform/management-account/organization-accounts-workloads-prod.tf b/infra/aws/terraform/management-account/organization-accounts-workloads-prod.tf
@@ -0,0 +1,23 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+module "artifacts-k8s-io" {
+  source = "../modules/org-account"
+
+  account_name               = "k8s-infra-security-logs"
+  email                      = "k8s-infra-aws-admins+artifacts-k8S-io@kubernetes.io"
+  parent_id                  = aws_organizations_organizational_unit.production.id
+}
diff --git a/infra/aws/terraform/management-account/organizational-units.tf b/infra/aws/terraform/management-account/organizational-units.tf
@@ -14,6 +14,11 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+/*
+This file contains :
+  - Organizational Units of the AWS organization
+*/
+
 resource "aws_organizations_organizational_unit" "security" {
   name      = "Security"
   parent_id = aws_organizations_organization.default.roots[0].id
@@ -31,3 +36,39 @@ resource "aws_organizations_organizational_unit" "infrastructure" {
     prevent_destroy = true
   }
 }
+
+resource "aws_organizations_organizational_unit" "workloads" {
+  name      = "Workloads"
+  parent_id = aws_organizations_organization.default.roots[0].id
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "aws_organizations_organizational_unit" "production" {
+  name      = "Production"
+  parent_id = aws_organizations_organizational_unit.workloads.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "aws_organizations_organizational_unit" "non_production" {
+  name      = "Non-Production"
+  parent_id = aws_organizations_organizational_unit.workloads.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "aws_organizations_organizational_unit" "boskos" {
+  name      = "Boskos"
+  parent_id = aws_organizations_organizational_unit.workloads.id
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
