According to AWS, image builder now integrates AWS organizations to distribute AMI’s:
Unfortunately the Terraform Resource: aws_imagebuilder_distribution_configuration
Hi,
opened 01:38AM - 27 Nov 21 UTC
enhancement
service/imagebuilder
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https… ://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
* Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
* If you are interested in working on this issue or have submitted a pull request, please leave a comment
### Description
Amazon EC2 Image Builder [has added the ability](https://aws.amazon.com/about-aws/whats-new/2021/11/ec2-image-builder-sharing-amis-aws-organization-units/) to share Amazon Machine Images (AMIs) with AWS Organizations and Organizational Units (OUs) (rather than just individual accounts) in the image distribution phase of the build process. This means we no longer have to update AMI permissions for individual AWS accounts every time a new account is added.
Extend the existing `aws_imagebuilder_distribution_configuration` [resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/imagebuilder_infrastructure_configuration) and [data source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/imagebuilder_distribution_configuration) to enable the use of this capability within Terraform.
### New or Affected Resource(s)
- [`aws_imagebuilder_distribution_configuration`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/imagebuilder_infrastructure_configuration) (affected resource): requires new `organizational_unit_arns` and `organization_arns` sub-arguments within the `distribution.ami_distribution_configuration.launch_permission` argument.
- [`aws_imagebuilder_distribution_configuration`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/imagebuilder_distribution_configuration) (affected data source): requires new `organizational_unit_arns` and `organization_arns` sub-attributes within the `distribution.ami_distribution_configuration.launch_permission` attribute.
### Potential Terraform Configuration
```hcl
resource "aws_imagebuilder_distribution_configuration" "example" {
name = "example"
distribution {
ami_distribution_configuration {
ami_tags = {
CostCenter = "IT"
}
name = "example-{{ imagebuilder:buildDate }}"
launch_permission {
organizational_unit_arns = ["arn:aws:organizations::123456789123:ou/o-foobar123/ou-1foo-2foobar"],
organization_arns = ["arn:aws:organizations::123456789123:organization/o-foobar123"]
}
}
region = "us-east-1"
}
}
```
### Requires
- `aws-sdk-go` version 1.42.12: #21939
### References
- AWS Announcement: https://aws.amazon.com/about-aws/whats-new/2021/11/ec2-image-builder-sharing-amis-aws-organization-units/
- User Guide: https://docs.aws.amazon.com/transfer/latest/userguide/transfer-workflows.html
- Relevant EC2 Image Builder API Docs:
- `CreateDistributionConfiguration`: https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateDistributionConfiguration.html
- `LaunchPermissionConfiguration`:
https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_LaunchPermissionConfiguration.html
- Related issue for adding similar support for AMIs via `aws_ami_launch_permission`: #21617
1 Like
Thanks for the info!