{"id":21090,"date":"2018-06-19T08:42:55","date_gmt":"2018-06-19T06:42:55","guid":{"rendered":"https:\/\/www.inovex.de\/blog\/?p=13105"},"modified":"2022-11-29T08:00:49","modified_gmt":"2022-11-29T07:00:49","slug":"terraform-in-an-aws-multi-account-environment","status":"publish","type":"post","link":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/","title":{"rendered":"Terraform in an AWS Multi Account Environment"},"content":{"rendered":"<div>\n<p>Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.<\/p>\n<\/div>\n<p><!--more--><\/p>\n<div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Requirements\" >Requirements<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Solutions\" >Solutions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Keep-separate-subdirectories\" >Keep separate subdirectories<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Terraform-Workspaces\" >Terraform Workspaces<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Account-isolation\" >Account isolation<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#Alternative\" >Alternative<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Requirements\"><\/span>Requirements<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let&#8217;s define requirements we&#8217;ve met in some customer projects before we try and conquer them:<\/p>\n<div>1. Terraform as infrastructure provider tool. As there are multiple team members a remote state in an S3 bucket is needed.<\/div>\n<div>2. Different AWS Account for each stage.<\/div>\n<div>3. Three stages (dev, test, prod) with the same infrastructure setup. Everything should be the same, except in sizing: different sizes for the instances and various volume sizes.<\/div>\n<div>4. The S3 bucket for the remote state has to be managed within these AWS accounts. This means: Total isolation of the separate stages.<\/div>\n<div>5. Terraform will be used within CI\/CD pipelines to automate service delivery.<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Solutions\"><\/span>Solutions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div>\n<p>With these requirements in mind, there are several solutions.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Keep-separate-subdirectories\"><\/span>Keep separate subdirectories<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>The most obvious solution is to keep each stage within its own subdirectory and handle each subdirectory as an individual terraform project with its own state file. Works like a charm, problem solved\u2014dear subconscious, please ignore the necessary code duplication. Until you have to modify your infrastructure in each separate subdirectory\u2014over and over again to keep it up to date.<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Terraform-Workspaces\"><\/span>Terraform Workspaces<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>So let&#8217;s look at the built-in-feature mentioned at the Terraform\u00a0docs:<\/div>\n<blockquote><p>Where possible, it&#8217;s recommended to use a single backend configuration for all environments and use the terraform workspace command to switch between workspaces.<\/p><\/blockquote>\n<div>Terraform Workspaces offer the possibility to deploy multiple instances from one code base. Each workspace in one project is linked to one state file. Reflecting on the specified requirements this means breaking the isolation of the stages (requirement 4) as all the stages would have to share one S3 bucket.<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Account-isolation\"><\/span>Account isolation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>Take a look at the provider configuration in its basic values. This configuration causes Terraform to look into your <span class=\"lang:sh decode:true crayon-inline \">~\/.aws<\/span>\u00a0 directory for an AWS default configuration and <a href=\"https:\/\/www.terraform.io\/docs\/providers\/aws\/\" target=\"_blank\" rel=\"noopener\">write everything into the mentioned s3 bucket<\/a>.<\/div>\n<\/div>\n<div>\n<pre class=\"lang:sh decode:true\" title=\"TF default AWS provider\"># cat main.tf\r\n\r\nterraform {\r\n\r\nbackend \"s3\" {\r\n\r\nbucket = \"my-tf-remote-state\"\r\n\r\nregion = \"eu-central-1\"\r\n\r\nkey = \"webtier\/terraform.tfstate\"\r\n\r\nencrypt = true\r\n\r\ndynamodb_table = \"my-tf-remote-state-lock\"\r\n\r\n}\r\n\r\n}\r\n\r\nprovider \"aws\" {\r\n\r\nregion = \"eu-central-1\"\r\n\r\n}<\/pre>\n<\/div>\n<div>\n<div>Let&#8217;s make this configuration a little bit more dynamic by injecting variables during runtime. This is needed to work in separate AWS accounts. There are some config values we can inject during terraform execution:<\/div>\n<ul>\n<li>most obvious: the AWS account to use which can be addressed with the configuration parameter<\/li>\n<li>backend configuration while initializing the terraform project: the <span class=\"lang:sh decode:true crayon-inline \">-backend-config<\/span>\u00a0 flag supports config parameter like <span class=\"lang:sh decode:true crayon-inline \">bucket<\/span>\u00a0 and <span class=\"lang:sh decode:true crayon-inline\">dynamodb_table<\/span>.<\/li>\n<\/ul>\n<div>To sum up these two settings, you&#8217;ll want something like this\u2014assuming you&#8217;ve got an <span class=\"lang:sh decode:true crayon-inline \">aws-dev<\/span>\u00a0 profile:<\/div>\n<\/div>\n<div>\n<pre class=\"lang:sh decode:true\" title=\"Injecting enviroment variables\"># terraform init -backend-config=\"bucket=\"my-tf-remote-state-dev\" -backend-config=\"dynamodb_table=my-tf-remote-state-lock-dev\" -backend-config=\"key=webtier-dev\/terraform.tfstate\"\r\n\r\n# terraform plan -var aws-account=aws-dev<\/pre>\n<\/div>\n<div>\n<div><\/div>\n<div>Hard to remember, therefore let&#8217;s wrap it up an a <a href=\"https:\/\/github.com\/la3mmchen\/terraform-multi-account\/blob\/master\/Makefile\" target=\"_blank\" rel=\"noopener\">Makefile<\/a> to have a portable solution.<\/div>\n<div><\/div>\n<div>In addition, you might want to have different variables for your stages\u2014e.g. different EC2 types. Luckily Terraform does provide an option to handle environment files, so our Makefile supports this as well.<\/div>\n<div><\/div>\n<\/div>\n<div>\n<div>As you will see the Makefile creates some unique prefix to identify the S3 bucket. Furthermore, there is some input handling for an integration in ci\/cd pipelines (tested with gitlab-ci). With this solution your Terraform code only needs to be modified in some places where things will have to insert as variables:<\/div>\n<\/div>\n<div>\n<pre class=\"lang:sh decode:true \" title=\"Make TF\"># make plan env=aws-dev\r\n\r\n(..)\r\n\r\nAWS_PROFILE=aws-dev terraform init -backend-config=\"bucket=825df6bc4eef-state\" -backend-config=\"dynamodb_table=825df6bc4eef-state-lock\" -backend-config=\"key=terraform-multi-account\/terraform.tfstate\"\r\n\r\n# cat .env.aws-dev\r\n\r\naccount_id=123456\r\n\r\nec2_node_type=\"t2.micro\"\r\n\r\n# cat .env.aws-prod\r\n\r\naccount_id=12345678910\r\n\r\nec2_node_type=\"t2.large\"\r\n\r\nec2_volume_size=\"10\"%\r\n\r\n# cat main.tf\r\n\r\nvariable \"ec2_node_type\" {}\r\n\r\nresource \"aws_launch_configuration\" \"ec2_instance\" {\r\n\r\n name_prefix = \"ec2-\"\r\n\r\n image_id = \"${var.ec2_ami}\"\r\n\r\n instance_type = \"${var.ec2_node_type}\"\r\n\r\n (...)\r\n\r\n<\/pre>\n<\/div>\n<div>\n<div>These are only snippets. A complete example can be <a href=\"https:\/\/github.com\/la3mmchen\/terraform-multi-account\" target=\"_blank\" rel=\"noopener\">found at Github<\/a>.<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Alternative\"><\/span>Alternative<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div>\n<p>Take a look at the stuff <a href=\"https:\/\/github.com\/gruntwork-io\/terragrunt\" target=\"_blank\" rel=\"noopener\">Terragrunt<\/a> does. It might be worth a try.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.<\/p>\n","protected":false},"author":51,"featured_media":13508,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"ep_exclude_from_search":false,"footnotes":""},"tags":[71],"service":[414],"coauthors":[{"id":51,"display_name":"Alexander Koehler","user_nicename":"akoehler"}],"class_list":["post-21090","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-cloud","service-cloud"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Terraform in an AWS Multi Account Environment<\/title>\n<meta name=\"description\" content=\"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Terraform in an AWS Multi Account Environment\" \/>\n<meta property=\"og:description\" content=\"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/\" \/>\n<meta property=\"og:site_name\" content=\"inovex GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inovexde\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-19T06:42:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-29T07:00:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alexander Koehler\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws-1024x576.png\" \/>\n<meta name=\"twitter:creator\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:site\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alexander Koehler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"3\u00a0Minuten\" \/>\n\t<meta name=\"twitter:label3\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data3\" content=\"Alexander Koehler\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/\"},\"author\":{\"name\":\"Alexander Koehler\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/c8b69d79f24d10ba023c773e6f730e88\"},\"headline\":\"Terraform in an AWS Multi Account Environment\",\"datePublished\":\"2018-06-19T06:42:55+00:00\",\"dateModified\":\"2022-11-29T07:00:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/\"},\"wordCount\":572,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/terraform-aws.png\",\"keywords\":[\"Cloud\"],\"articleSection\":[\"English Content\",\"General\",\"Infrastructure\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/\",\"name\":\"Terraform in an AWS Multi Account Environment\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/terraform-aws.png\",\"datePublished\":\"2018-06-19T06:42:55+00:00\",\"dateModified\":\"2022-11-29T07:00:49+00:00\",\"description\":\"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/terraform-aws.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/terraform-aws.png\",\"width\":1920,\"height\":1080,\"caption\":\"Managing AWS Instances with Terraform\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/terraform-in-an-aws-multi-account-environment\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Terraform in an AWS Multi Account Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"name\":\"inovex GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#organization\",\"name\":\"inovex GmbH\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"contentUrl\":\"https:\\\/\\\/www.inovex.de\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/inovex-logo-16-9-1.png\",\"width\":1921,\"height\":1081,\"caption\":\"inovex GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inovexde\",\"https:\\\/\\\/x.com\\\/inovexgmbh\",\"https:\\\/\\\/www.instagram.com\\\/inovexlife\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inovex\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC7r66GT14hROB_RQsQBAQUQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/#\\\/schema\\\/person\\\/c8b69d79f24d10ba023c773e6f730e88\",\"name\":\"Alexander Koehler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g340076fe0f986a5b6ea4f2d21b5542ca\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g\",\"caption\":\"Alexander Koehler\"},\"url\":\"https:\\\/\\\/www.inovex.de\\\/de\\\/blog\\\/author\\\/akoehler\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Terraform in an AWS Multi Account Environment","description":"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/","og_locale":"de_DE","og_type":"article","og_title":"Terraform in an AWS Multi Account Environment","og_description":"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.","og_url":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/","og_site_name":"inovex GmbH","article_publisher":"https:\/\/www.facebook.com\/inovexde","article_published_time":"2018-06-19T06:42:55+00:00","article_modified_time":"2022-11-29T07:00:49+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png","type":"image\/png"}],"author":"Alexander Koehler","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws-1024x576.png","twitter_creator":"@inovexgmbh","twitter_site":"@inovexgmbh","twitter_misc":{"Verfasst von":"Alexander Koehler","Gesch\u00e4tzte Lesezeit":"3\u00a0Minuten","Written by":"Alexander Koehler"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#article","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/"},"author":{"name":"Alexander Koehler","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/c8b69d79f24d10ba023c773e6f730e88"},"headline":"Terraform in an AWS Multi Account Environment","datePublished":"2018-06-19T06:42:55+00:00","dateModified":"2022-11-29T07:00:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/"},"wordCount":572,"commentCount":0,"publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png","keywords":["Cloud"],"articleSection":["English Content","General","Infrastructure"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/","url":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/","name":"Terraform in an AWS Multi Account Environment","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#primaryimage"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png","datePublished":"2018-06-19T06:42:55+00:00","dateModified":"2022-11-29T07:00:49+00:00","description":"Terraform is a great tool to spin up environments on AWS\u2014or in other clouds. But when it comes to a multi account environment there might be a gap. This article offers different solutions to bypass this with some kind of Makefile magic.","breadcrumb":{"@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#primaryimage","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2018\/06\/terraform-aws.png","width":1920,"height":1080,"caption":"Managing AWS Instances with Terraform"},{"@type":"BreadcrumbList","@id":"https:\/\/www.inovex.de\/de\/blog\/terraform-in-an-aws-multi-account-environment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inovex.de\/de\/"},{"@type":"ListItem","position":2,"name":"Terraform in an AWS Multi Account Environment"}]},{"@type":"WebSite","@id":"https:\/\/www.inovex.de\/de\/#website","url":"https:\/\/www.inovex.de\/de\/","name":"inovex GmbH","description":"","publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inovex.de\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.inovex.de\/de\/#organization","name":"inovex GmbH","url":"https:\/\/www.inovex.de\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","width":1921,"height":1081,"caption":"inovex GmbH"},"image":{"@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inovexde","https:\/\/x.com\/inovexgmbh","https:\/\/www.instagram.com\/inovexlife\/","https:\/\/www.linkedin.com\/company\/inovex","https:\/\/www.youtube.com\/channel\/UC7r66GT14hROB_RQsQBAQUQ"]},{"@type":"Person","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/c8b69d79f24d10ba023c773e6f730e88","name":"Alexander Koehler","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g340076fe0f986a5b6ea4f2d21b5542ca","url":"https:\/\/secure.gravatar.com\/avatar\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1daa2890ce81430d74625468a1646a89dfabd4398a920224e9790f71b20fee74?s=96&d=retro&r=g","caption":"Alexander Koehler"},"url":"https:\/\/www.inovex.de\/de\/blog\/author\/akoehler\/"}]}},"_links":{"self":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/users\/51"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/comments?post=21090"}],"version-history":[{"count":1,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21090\/revisions"}],"predecessor-version":[{"id":33823,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/21090\/revisions\/33823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media\/13508"}],"wp:attachment":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media?parent=21090"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/tags?post=21090"},{"taxonomy":"service","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/service?post=21090"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/coauthors?post=21090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}