Use AWS IAM Access Analyzer in AWS Organizations

[ewbankkit]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Analyzers can now be created in the AWS Organizations master account or a delegated member account with the entire organization as the zone of trust.

New or Affected Resource(s)

• aws_accessanalyzer_analyzer

Potential Terraform Configuration

resource "aws_accessanalyzer_analyzer" "example" {
  type = "ORGANIZATION"
}

References

Announcement.
Blog post.

Requires AWS SDK v1.30.0:

• Update module aws/aws-sdk-go to v1.30.4 #12414

Related:

• Support AWS IAM Access Analyzer #11102
• New Resource: aws_accessanalyzer_analyzer #11169

Organizations definitely needs to supported for the analyzer.

[sutharshan-sharma]

@ewbankkit @bflad Any example usage available for aws_accessanalyzer_archive_rule resource in Terraform ?

[diego-ojeda-binbash]

I would also appreciate that this is implemented 🙏

Its usage should be straightforward:

resource "aws_accessanalyzer_analyzer" "example" {
  name = "example"
  type = "ORGANIZATION"
}

[bflad]

Support for this functionality has been merged and will release with version 3.2.0 of the Terraform AWS Provider, later this week. 👍