What?
Let’s say we already have an AWS root account set up and want to add an environment, for example, production.
Problem 1. After creating the root account, the other AWS accounts are also created manually.
AWS accounts hierarchy looks like this:
...
Before creating the user, SSO should be enabled from root for prod account, and at this step all users who should have access to prod can be invited to SSO.
Problem 2: SSO configuration is done manually.
After manually enabling SSO, we need to add yaml config file through which the IAM user will be created:
...
After just check that TFC correctly executes applying.
Environment Setup
Problem 3. We don’t have dependencies between workspaces, so we can’t integrate this configuration with the IAM user’s creation part.
We need to create a new subfolder in infrastructure/1-environments folder, for example prod-1:
...