4

I want to use the resource "data" in Terraform for example for an sns topic but I don't want too look for a resource in the aws-account, for which I'm deploying my other resources. It should look up to my other aws-account (in the same organization) and find resources in there. Is there a way to make this happen?

data "aws_sns_topic" "topic_alarms_data" {
  name = "topic_alarms"
}
Thanatos-Delta
  • 67
  • 1
  • 9
  • Ok I found something I will try. There is a data resource for your organizations resource. So probably this will work for me. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization – Thanatos-Delta Sep 23 '21 at 10:01
  • 2
    You need to configure a second aws provider with an alias and use that provider to resolve the data source. – luk2302 Sep 23 '21 at 10:03
  • Does https://stackoverflow.com/a/52206826/2291321 answer your question? – ydaetskcoR Sep 23 '21 at 12:13
  • It would, if I wouldn't have to keep the environments separated. I have multiple workspaces and this workspace shouldn't have credentials for the other environment. Maybe I could create an IAM-User with a minimum access to gwt data about resources. So it will take a while until I can accept this as an answer to my question. – Thanatos-Delta Sep 23 '21 at 12:25

1 Answers1

5

Define an aws provider with credentials to the remote account:

# Default provider that you use:
provider "aws" {
  region = var.context.aws_region
  assume_role {
    role_arn = format("arn:aws:iam::%s:role/TerraformRole", var.account_id)
  }
}

provider "aws" {
  alias = "remote"
  region = var.context.aws_region
  assume_role {
    role_arn = format("arn:aws:iam::%s:role/TerraformRole", var.remote_account_id)
  }
}

data "aws_sns_topic" "topic_alarms_data" {
  provider = aws.remote
  name     = "topic_alarms"
}

Now the topics are loaded from the second provider.

mhvelplund
  • 2,099
  • 3
  • 22
  • 38