feat: Support to manage an AWS Organizations policy

README.md

@@ -7,6 +7,7 @@ A Terraform module that creates an AWS Organizations.
 - Create member account
 - Create organizational unit
 - Delegated Administrator
+- Manage an AWS Organizations policy
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements

modules/policy/README.md

@@ -0,0 +1,43 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.65.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.66.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_organizations_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_content"></a> [content](#input\_content) | (Required) The policy content to add to the new policy. | `any` | n/a | yes |
+| <a name="input_description"></a> [description](#input\_description) | (Optional) A description to assign to the policy. | `string` | `null` | no |
+| <a name="input_name"></a> [name](#input\_name) | (Required) The friendly name to assign to the policy. | `string` | n/a | yes |
+| <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | (Optional) If set to true, destroy will not delete the policy and instead just remove the resource from state. | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) Key-value map of resource tags. | `map(string)` | `{}` | no |
+| <a name="input_type"></a> [type](#input\_type) | (Optional) The type of policy to create. | `string` | `"SERVICE_CONTROL_POLICY"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_aws_organizations_policy_arn"></a> [aws\_organizations\_policy\_arn](#output\_aws\_organizations\_policy\_arn) | Amazon Resource Name (ARN) of the policy. |
+| <a name="output_aws_organizations_policy_id"></a> [aws\_organizations\_policy\_id](#output\_aws\_organizations\_policy\_id) | The unique identifier (ID) of the policy. |
+| <a name="output_aws_organizations_policy_tags_all"></a> [aws\_organizations\_policy\_tags\_all](#output\_aws\_organizations\_policy\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block. |
+<!-- END_TF_DOCS -->

modules/policy/main.tf

@@ -0,0 +1,8 @@
+resource "aws_organizations_policy" "this" {
+  content      = var.content
+  name         = var.name
+  description  = var.description
+  skip_destroy = var.skip_destroy
+  type         = var.type
+  tags         = var.tags
+}

modules/policy/outputs.tf

@@ -0,0 +1,14 @@
+output "aws_organizations_policy_id" {
+  description = "The unique identifier (ID) of the policy."
+  value       = aws_organizations_policy.this.id
+}
+
+output "aws_organizations_policy_arn" {
+  description = "Amazon Resource Name (ARN) of the policy."
+  value       = aws_organizations_policy.this.arn
+}
+
+output "aws_organizations_policy_tags_all" {
+  description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block."
+  value       = aws_organizations_policy.this.tags_all
+}

modules/policy/variables.tf

@@ -0,0 +1,33 @@
+variable "content" {
+  description = "(Required) The policy content to add to the new policy."
+  type        = any
+}
+
+variable "name" {
+  description = "(Required) The friendly name to assign to the policy."
+  type        = string
+}
+
+variable "description" {
+  description = "(Optional) A description to assign to the policy."
+  type        = string
+  default     = null
+}
+
+variable "skip_destroy" {
+  description = "(Optional) If set to true, destroy will not delete the policy and instead just remove the resource from state."
+  type        = bool
+  default     = false
+}
+
+variable "type" {
+  description = "(Optional) The type of policy to create."
+  type        = string
+  default     = "SERVICE_CONTROL_POLICY"
+}
+
+variable "tags" {
+  description = "(Optional) Key-value map of resource tags."
+  type        = map(string)
+  default     = {}
+}

modules/policy/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.4.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.65.0"
+    }
+  }
+}

modules/policy_attachment/README.md

@@ -0,0 +1,36 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.65.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.66.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_organizations_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy_attachment) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_policy_id"></a> [policy\_id](#input\_policy\_id) | (Required) The unique identifier (ID) of the policy that you want to attach to the target. | `string` | n/a | yes |
+| <a name="input_skip_destroy"></a> [skip\_destroy](#input\_skip\_destroy) | (Optional) If set to true, destroy will not detach the policy and instead just remove the resource from state. | `bool` | `false` | no |
+| <a name="input_target_id"></a> [target\_id](#input\_target\_id) | (Required) The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

modules/policy_attachment/main.tf

@@ -0,0 +1,5 @@
+resource "aws_organizations_policy_attachment" "this" {
+  policy_id    = var.policy_id
+  target_id    = var.target_id
+  skip_destroy = var.skip_destroy
+}

modules/policy_attachment/variables.tf

@@ -0,0 +1,15 @@
+variable "policy_id" {
+  description = "(Required) The unique identifier (ID) of the policy that you want to attach to the target."
+  type        = string
+}
+
+variable "target_id" {
+  description = "(Required) The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to."
+  type        = string
+}
+
+variable "skip_destroy" {
+  description = "(Optional) If set to true, destroy will not detach the policy and instead just remove the resource from state."
+  type        = bool
+  default     = false
+}

modules/policy_attachment/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.4.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.65.0"
+    }
+  }
+}