Applying Terraform On Two Different AWS Accounts In the Same Plan

Question

We're currently porting some of our CloudFormation templates to Terraform. In one of these templates we use a custom resource with a Lambda function.

The purpose of the function is to assume a role in our main AWS account; where R53 DNS is managed, and add a newly generated CloudFront dns there.

I am wondering if there's a way to do this in terraform, such that:

create the cloudfront resource, alb, etc on the dev/qa/prod accounts
add the r53 recordset to the main account

All within the same terraform plan. Can I choose an IAM role when creating a resource? Or choose the account where the resource should be created?

The only reference I have found is here

Possible duplicate of [Deploying to multiple AWS accounts with Terraform?](https://stackoverflow.com/questions/52206436/deploying-to-multiple-aws-accounts-with-terraform) — ydaetskcoR, Jul 02 '19 at 16:01
@ydaetskcoR that's true! Although stackoverflow didnt return that in my search — Sam Hammamy, Jul 02 '19 at 16:04

WalKh · Answer 1 · 2019-07-02T15:48:12.953

You can configure multiple providers ( one per account in your case) and create an alias for each. Then you will need to specify the provider for each ressource. Example:

provider "aws" {
  region  = "eu-west-1"
  profile = "profile1"
  alias   = "account1"
}

provider "aws" {
  region  = "eu-west-1"
  profile = "profile2"
  alias   = "account2"
}

resource "aws_lambda_function" "function1" {
  provider = "aws.account1" // will be created in account 1
  ...
}
resource "aws_lambda_function" "function2" {
  provider = "aws.account2" // will be created in account 2
  ...
}

Applying Terraform On Two Different AWS Accounts In the Same Plan

1 Answers1