I have Terrafrom script that build infrastructure on AWS main account. In my AWS account i have sub organisations . I need to run my TF script to build infrastructure on one of that sub-organisation. How can i do it ?
The best practice to do so is to create a "TerraformRole" in your sub account, which can be assumed by the "TerraformRole" from your master AWS account.
You then define the AWS provider to assume this role.
provider "aws" {
version = "~> 2.33.0"
region = var.region
assume_role {
role_arn = "arn:aws:iam::${var.account_id}:role/${var.terraform_role_name}"
}
}