New Organization Unit #41

	name:
	New Organization Unit

	on:
	workflow_dispatch:
	inputs:
	account:
	description: 'AWS Management account ID'
	required: true
	type: string

	ou:
	description: 'New Organization Unit name'
	required: true
	type: string

	env:
	AWS_REGION : eu-central-1
	ACCOUNT: ${{ inputs.account }}
	OU: ${{ inputs.ou }}
	GITHUB_OWNER: ${{ github.repository_owner }}

	permissions:
	id-token: write
	contents: write
	jobs:
	AssumeRoleAndTerraformApply:
	runs-on: ubuntu-22.04
	steps:
	- name: Git clone the repository
	uses: actions/checkout@v4
	- name: configure aws credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	role-to-assume: arn:aws:iam::${{ env.ACCOUNT }}:role/service-role/cicd_role
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ env.AWS_REGION }}
	# Hello from AWS: WhoAmI
	- name: Sts GetCallerIdentity
	run: \|
	aws sts get-caller-identity
	- name: Create new OU via Terraform
	run: \|
	cd ou_resources
	terraform init -backend-config=../_terraform/remote_backend.hcl
	terraform workspace select -or-create $OU
	terraform apply --auto-approve -var ou_name=$OU -var github_owner=$GITHUB_OWNER
	- name: Update Backstage Catalog entries
	run: \|
	git config user.name github-actions
	git config user.email github-actions@github.com
	git add .
	git diff-index --quiet HEAD \|\| git commit -m "Added OU to catalog"
	git push

Provide feedback