Terraform AWS Graveyard Lambda

Description

This module creates a Lambda function that automatically moves closed AWS accounts to a designated Graveyard Organizational Unit (OU) within AWS Organizations. This helps maintain a clean organizational structure by segregating inactive accounts from active ones. The Lambda function:

Monitors for account closure events (EventBridge)
Validates account status
Moves closed accounts to a specified Graveyard OU
Maintains an audit trail of account movements
Runs on a scheduled basis to catch any missed accounts

Usage

module "aws_graveyard_lambda" {
  source  = "appvia/graveyard/aws"
  version = "0.0.1"

  graveyard_ou_name      = "Graveyard"    # The name of your Graveyard OU or the OU to move closed accounts to
  schedule_expression    = "rate(1 day)"  # How often the Lambda should run to catch any missed accounts

  tags = {
    Environment = "prod"
    Managed_by  = "terraform"
    Purpose     = "account-management"
  }
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

Make changes to the .terraform-docs.yml file
Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Providers

Name	Version
aws	>= 5.0.0

Inputs

Name	Description	Type	Default	Required
graveyard_ou_name	Name of the Organizational Unit where closed accounts should be moved	`string`	n/a	yes
lambda_role_name	Name of the IAM role for the Lambda function	`string`	n/a	yes
tags	Default tags to apply to all resources	`map(string)`	n/a	yes
cloudwatch_logs_kms_key_id	KMS key ID for encrypting CloudWatch logs	`string`	`null`	no
cloudwatch_logs_log_group_class	Class for the CloudWatch log group	`string`	`"STANDARD"`	no
cloudwatch_logs_retention_in_days	Number of days to retain CloudWatch logs	`number`	`3`	no
lambda_description	Description of the Lambda function	`string`	`"Function to move closed accounts to the Graveyard OU"`	no
lambda_function_name	Name of the Lambda function	`string`	`"lza-graveyard"`	no
lambda_role_path	Path for the IAM role for the Lambda function	`string`	`"/service-role/"`	no
lambda_runtime	Runtime for the Lambda function	`string`	`"python3.9"`	no
schedule_expression	Schedule expression for periodic account checks (e.g., 'rate(1 day)' or 'cron(0 12 * * ? *)')	`string`	`"rate(1 day)"`	no
sns_topic_arn	ARN of the SNS topic for account movement notifications	`string`	`null`	no

Outputs

No outputs.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github		.github
assets/functions		assets/functions
docs		docs
examples/basic		examples/basic
scripts		scripts
tests		tests
.commitlintrc.yaml		.commitlintrc.yaml
.gitignore		.gitignore
.terraform-docs.yml		.terraform-docs.yml
.tflint.hcl		.tflint.hcl
.trivyignore		.trivyignore
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SECURITY.md		SECURITY.md
main.tf		main.tf
outputs.tf		outputs.tf
renovate.json		renovate.json
terraform.tf		terraform.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Terraform AWS Graveyard Lambda

Description

Usage

Update Documentation

Providers

Inputs

Outputs

About

Releases 1

Packages

Languages

License

appvia/terraform-aws-graveyard

Folders and files

Latest commit

History

Repository files navigation

Terraform AWS Graveyard Lambda

Description

Usage

Update Documentation

Providers

Inputs

Outputs

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages