Skip to main content
Control Tower 0.8.1

Control Tower Execution Role

View Source Release Notes

Creates an IAM Role that allows Control Tower to manage the AWS account in which you deploy this role. If you create an AWS account using Control Tower, Control Tower will create this IAM role itself, but if you are importing an existing account into Control Tower, you have to create this IAM role yourself, which is where this module comes in handy.

https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S CONTROL-TOWER-EXECUTION-ROLE MODULE
# ------------------------------------------------------------------------------------------------------

module "control_tower_execution_role" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-control-tower.git//modules/landingzone/control-tower-execution-role?ref=v0.8.1"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The ID of the your management (root) AWS account where Control Tower is
  # enabled. This is the AWS account that will get access to the IAM role
  # created by this module.
  control_tower_management_account_id = <string>

}


Reference

Required

The ID of the your management (root) AWS account where Control Tower is enabled. This is the AWS account that will get access to the IAM role created by this module.