Add AWS Organization and Single Account Integration Examples

arielb135 · arielb135 · commit cc7d22cf2b2d · 2025-06-08T14:56:57.000+03:00
- Introduced example Terraform configurations for integrating AWS organizations and single accounts with Jit.
- Created `organization_integration.tf` and `variables.tf` for organization integration, including necessary variables and module configurations.
- Created `account_integration.tf` and `variables.tf` for single account integration, detailing the required variables and module settings.
- Both examples include configurations for Jit API integration and AWS provider settings.
diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf b/src/integrations/aws_integration_automation/examples/aws_organization/organization_integration.tf
@@ -0,0 +1,43 @@
+# Example: AWS Organization Integration with Jit
+# This example shows how to integrate an entire AWS organization with Jit
+
+terraform {
+  required_version = ">= 1.5"
+  
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}
+
+# Configure the AWS Provider
+provider "aws" {
+  region = var.aws_region
+}
+
+# Organization Integration Module
+module "jit_aws_org_integration" {
+  source = "../../"
+  
+  # Jit API Configuration
+  jit_client_id = var.jit_client_id  # Set via environment variable or terraform.tfvars
+  jit_secret    = var.jit_secret     # Set via environment variable or terraform.tfvars
+  jit_region    = "us"               # Use "eu" for European API endpoint
+  
+  # Integration Configuration
+  integration_type        = "org"
+  aws_regions_to_monitor = var.regions_to_monitor
+  
+  # Organization Configuration
+  organization_root_id        = var.organization_root_id          # Your AWS Organization Root ID
+  should_include_root_account = var.should_include_root_account   # Whether to include the management account
+  
+  # Stack Configuration
+  stack_name            = "JitOrgIntegration"
+  resource_name_prefix = "JitOrg"                # Optional: Prefix for CloudFormation resources
+  
+  # CloudFormation Configuration
+  capabilities = ["CAPABILITY_NAMED_IAM"]
+}
diff --git a/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf b/src/integrations/aws_integration_automation/examples/aws_organization/variables.tf
@@ -0,0 +1,37 @@
+
+# Variables that should be defined in your root module or terraform.tfvars
+variable "jit_client_id" {
+  description = "Jit API Client ID"
+  type        = string
+  sensitive   = true
+}
+
+variable "jit_secret" {
+  description = "Jit API Secret"
+  type        = string
+  sensitive   = true
+}
+
+variable "organization_root_id" {
+  description = "AWS Organization Root ID"
+  type        = string
+  sensitive   = true
+}
+
+variable "should_include_root_account" {
+  description = "Whether to include the root account in the monitoring."
+  type        = bool
+  default     = false
+}
+
+variable "regions_to_monitor" {
+  description = "AWS regions to monitor using Jit"
+  type        = list(string)
+  default     = ["us-east-1", "us-west-2"]
+}
+
+variable "aws_region" {
+  description = "AWS region to deploy the integration to"
+  type        = string
+  default     = "us-east-1"
+}
diff --git a/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf b/src/integrations/aws_integration_automation/examples/single_account/account_integration.tf
@@ -14,12 +14,12 @@ terraform {
 
 # Configure the AWS Provider
 provider "aws" {
-  region = "us-east-1"
+  region = var.aws_region
 }
 
 # Single Account Integration Module
 module "jit_aws_account_integration" {
-  source = "../"
+  source = "../../"
   
   # Jit API Configuration
   jit_client_id = var.jit_client_id  # Set via environment variable or terraform.tfvars
@@ -28,26 +28,13 @@ module "jit_aws_account_integration" {
   
   # Integration Configuration
   integration_type        = "account"
-  aws_regions_to_monitor = ["us-east-1", "us-west-2"]
+  aws_regions_to_monitor = var.regions_to_monitor
   
   # Stack Configuration
   stack_name            = "JitAccountIntegration"
-  account_name         = "Production Account"        # Optional: Display name in Jit platform
-  resource_name_prefix = "JitProd"                  # Optional: Prefix for CloudFormation resources
+  account_name         = var.account_name          # Optional: Display name in Jit platform
+  resource_name_prefix = var.resource_name_prefix  # Optional: Prefix for CloudFormation resources
   
   # CloudFormation Configuration
   capabilities = ["CAPABILITY_NAMED_IAM"]
 }
-
-# Variables that should be defined in your root module or terraform.tfvars
-variable "jit_client_id" {
-  description = "Jit API Client ID"
-  type        = string
-  sensitive   = true
-}
-
-variable "jit_secret" {
-  description = "Jit API Secret"
-  type        = string
-  sensitive   = true
-}
diff --git a/src/integrations/aws_integration_automation/examples/single_account/variables.tf b/src/integrations/aws_integration_automation/examples/single_account/variables.tf
@@ -0,0 +1,37 @@
+
+# Variables that should be defined in your root module or terraform.tfvars
+variable "jit_client_id" {
+  description = "Jit API Client ID"
+  type        = string
+  sensitive   = true
+}
+
+variable "jit_secret" {
+  description = "Jit API Secret"
+  type        = string
+  sensitive   = true
+}
+
+variable "regions_to_monitor" {
+  description = "AWS regions to monitor using Jit"
+  type        = list(string)
+  default     = ["us-east-1", "us-west-2"]
+}
+
+variable "aws_region" {
+  description = "AWS region to deploy the integration to"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "account_name" {
+  description = "Name of the account to monitor"
+  type        = string
+  default     = "Production Account"
+}
+
+variable "resource_name_prefix" {
+  description = "Prefix for the resource name"
+  type        = string
+  default     = "JitProd"
+}
