I am trying to create an AWS commercial account using credentials from the management account of an AWS Organization. Once that account is created, I want to assume a role and create a VPC in this new commercial account. My secret/access keys are saved in my credentials file under the profile of commercial.
account.tf
# Create a new AWS account
resource "aws_organizations_account" "new_account" {
provider = aws.management
email = "new-account-email@example.com"
name = "NewCommercialAccount"
role_name = "OrganizationAccountAccessRole"
}
# Output the new account ID
output "new_account_id" {
value = aws_organizations_account.new_account.id
}
provider.tf
provider "aws" {
alias = "management"
region = "us-east-1"
profile = "commercial"
}
provider "aws" {
alias = "new_account"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::${aws_organizations_account.new_account.id}:role/OrganizationAccountAccessRole"
}
}
vpc.tf
resource "aws_vpc" "my_vpc" {
provider = aws.new_account
cidr_block = "10.0.0.0/16"
tags = {
Name = "MyVPC"
}
}
resource "aws_subnet" "my_subnet" {
provider = aws.new_account
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "MySubnet"
}
}
I am getting the following error and do not know why, “The argument “role_arn” is required, but no definition was found.”
Any ideas?
Environment
- Terraform version: Terraform v1.9.5
- Operating System: Windows 10