Connection Wizard - Terraform

Introduction

The Cloudsaver Connection Wizard's Terraform connector enables rapid deployment of AWS IAM cross-account roles and permission policies using existing Terraform infrastructure. The guide demonstrates implementation using the Terraform command-line interface.

Getting Started

Users begin by logging into Cloudsaver and selecting "Get started" from the dashboard. The process requires:

• Terraform authentication credentials for the AWS Organization's management account
• Authorization to deploy IAM roles and policies
• Knowledge of the AWS Organization's management account ID (obtainable from the AWS Management Console or CLI)

After entering the management account ID, the customized Terraform template becomes available for download.

Command-Line Implementation

Verification Steps

1. Confirm Terraform credentials are configured for the management account
2. Run an organizations command with describe organization to verify authentication
3. Execute an sts command with get caller identity to confirm account access
4. Ensure matching account numbers between commands

Template Configuration

Users must add AWS provider blocks to the downloaded template, as Cloudsaver generates templates without these blocks to accommodate different deployment scenarios. At minimum, configuration should target the AWS Organization's management account.

Required additions include:

• A Required Providers block for AWS
• A provider block specifying the desired region (IAM resources are global)

Deployment Process

• Initialize with terraform init
• Format with terraform fmt
• Validate with terraform validate
• Apply with terraform apply(entering "yes" at the confirmation prompt)

Upon successful deployment, the Connection Wizard confirms the connection, and the Connections tree displays the connected management account.