Before we dive into setting up an additional provider it might help to go over a little of the project structure for Amazon Account Factory for Terraform (AFT). When you create a new customization script. When you copy the template directory in your project you will notice in your terraform folder two jinja files these files act as templates that work with the AFT pipeline to properly configure your terraform script for execution. By default these files come pre-configured with one provider in the template this provider will become the provider to your target account when executing the pipeline. jinja uses {{ variable }} to replace the values in the file to those ambient in the execution pipeline. So what if you need to configure a cross-account dependency between your account and another account?
Configuring a 2nd provider is pretty straight forward simply copy the provider block and paste it into the template file and replace the role_arn with a role to the secondary account. If using AFT in other accounts you could assume the /AWSAFTExecution role in the secondary account to gain administative access for the terraform provider and then set your alias in the second block to something you can reference in your script. That's it now you can apply changes to multiple accounts via the customization script
provider "aws" {
region = "us-east-1"
alias = "*YOURALIASHERE*"
assume_role {
role_arn = "arn:aws:iam::*YOURACCOUNTHERE*:role/AWSAFTExecution"
}
default_tags {
tags = {
managed_by = "AFT"
}
}
}
