aws_controltower

type AwsControlTowerTerraformModifier func(c *GenerateAwsControlTowerTfConfigurationArgs)

type AwsSubAccount struct {
	// The name of the AwsProfile to use (in AWS configuration)
	AwsProfile string

	// The AwsRegion this profile should use if any resources are created
	AwsRegion string

	// The Alias of the provider block
	Alias string
}

type GenerateAwsControlTowerTfConfigurationArgs struct {
	// For AWS Subaccounts in consolidated CT setups
	SubAccounts []AwsSubAccount

	// ARN for the S3 bucket for consolidated CloudTrail logging
	S3BucketArn string

	// The SNS topic ARN
	SNSTopicArn string

	// The Aws profile of the log archive account
	LogArchiveProfile string

	// The Aws region of the log archive account
	LogArchiveRegion string

	// The Aws profile of the audit account
	AuditProfile string

	// The Aws region of the audit account
	AuditRegion string

	// The audit account flag input in the format profile:region
	AuditAccount string

	// The log archive account flag input in the format profile:region
	LogArchiveAccount string

	// A name for the cross account policy
	CrossAccountPolicyName string

	// Whether cloudtrail log file integrity validation is enabled
	EnableLogFileValidation bool

	// The length of the external ID to generate. Max length is 1224. Ignored when use_existing_iam_role is set to true
	ExternalIdLength int

	// The IAM role ARN is required when setting use_existing_iam_role to true
	IamRoleArn string

	// The external ID configured inside the IAM role is required when setting use_existing_iam_role to true
	IamRoleExternalID string

	// The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true
	IamRoleName string

	//The Lacework AWS account that the IAM role will grant access
	LaceworkAwsAccountID string

	// The name of the integration in Lacework.
	LaceworkIntegrationName string

	// The prefix that will be used at the beginning of every generated resource
	Prefix string

	// The SQS queue name
	SqsQueueName string

	// A map/dictionary of Tags to be assigned to created resources
	Tags map[string]string

	// Set this to true to use an existing IAM role from the log_archive AWS Account
	UseExistingIamRole bool

	// Amount of time to wait before the next resource is provisioned
	WaitTime int

	// The KMS key arn, if Control Tower was deployed with custom KMS key
	KmsKeyArn string

	// Mapping of AWS accounts to Lacework accounts within a Lacework organization
	OrgAccountMappings OrgAccountMapping

	// OrgAccountMapping json used for flag input
	OrgAccountMappingsJson string

	// Lacework Profile to use
	LaceworkProfile string

	// Lacework Organization
	LaceworkOrganizationLevel bool

	// The Lacework AWS Root Account ID
	LaceworkAccountID string
}

type OrgAccountMap struct {
	LaceworkAccount string   `json:"lacework_account"`
	AwsAccounts     []string `json:"aws_accounts"`
}

type OrgAccountMapping struct {
	DefaultLaceworkAccount string          `json:"default_lacework_account"`
	Mapping                []OrgAccountMap `json:"mapping"`
}