Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable additional regions on account creation #581

Open
diegoroccia opened this issue Sep 23, 2024 · 2 comments
Open

Enable additional regions on account creation #581

diegoroccia opened this issue Sep 23, 2024 · 2 comments

Comments

@diegoroccia
Copy link

Subject of the issue

Please excuse if the feature is documented and I could just not finf it.

I am looking into how to enable additional regions on account creation. It has to be on account creation because I am setting AWS SSO in that region, so not having the region enabled makes the pipeline fail because the org-formation is unable to assume the role in the target account

Specifically, I am using ap-east-1

Your environment

  • version of org-foramtion (ofn --version)
  • version of node (node --version)
  • which OS/distro

Steps to reproduce

Tell us how to reproduce this issue. Please provide ofn projct files if possible,
you can use this template as a base.
https://plnkr.co/edit/m568SDw2KPufQsUl

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

@yannickvr
Copy link

I'm assuming something among the lines of this?

  ProductionAccount:
    Type: OC::ORG::Account
    Properties:
      RootEmail: production@myorg.com
      AccountName: Production Account
      Tags:
        budget-alarm-threshold: '2500'
        account-owner-email: my@email.com
      OptInRegions:
        - af-south-2
        - ap-east-1

@tcondeixa
Copy link

tcondeixa commented Oct 4, 2024

I'm assuming something among the lines of this?

  ProductionAccount:
    Type: OC::ORG::Account
    Properties:
      RootEmail: production@myorg.com
      AccountName: Production Account
      Tags:
        budget-alarm-threshold: '2500'
        account-owner-email: my@email.com
      OptInRegions:
        - af-south-2
        - ap-east-1

That would be an option to enable extra regions and unblock the use-case. IMO the enabled regions are controlled already as part of the OC::ORG:: Account resource, so It would be better we could specify all the regions to be enabled and not only extra ones. Otherwise this would require another CR to disable regions that will interfere with the current one.
Maybe that was what you suggested but not what is described in the issue, so just want to be sure about this OptInRegions is all regions to enable and to create the entrypoint role, and not only extra regions to opt in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants