feat: Allow deploying all resources in management account (#112)

* feat: allow deploy all reosurces in managment account

* chore: update min tf version

* chore: run precommit

* chore: remove aliased provider and fix precommit

* fix: precommit version

* chore: fix variable name

* chore: remove unned resource group

* fix: docs

Author: hayk99

examples-internal/organizational-k8s-threat-reuse_cloudtrail_s3/README.md

@@ -87,7 +87,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.3.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |

examples-internal/organizational-k8s-threat-reuse_cloudtrail_s3/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

examples/organizational/README.md

@@ -137,17 +137,17 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.20.1 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | >= 4.0.0 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |
 
 ## Modules
 
@@ -168,6 +168,7 @@ $ terraform apply
 | Name | Type |
 |------|------|
 | [aws_iam_role.connector_ecs_task](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_caller_identity.me](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.task_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [sysdig_secure_connection.current](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_connection) | data source |

examples/organizational/data.tf

@@ -1,2 +1,3 @@
 data "aws_region" "current" {}
 data "sysdig_secure_connection" "current" {}
+data "aws_caller_identity" "me" {}

examples/organizational/main.tf

@@ -2,6 +2,9 @@
 # resources deployed always in management account
 # with default provider
 #-------------------------------------
+locals {
+  deploy_same_account = data.aws_caller_identity.me.account_id == var.sysdig_secure_for_cloud_member_account_id
+}
 
 module "resource_group" {
   source = "../../modules/infrastructure/resource-group"
@@ -10,6 +13,7 @@ module "resource_group" {
 }
 
 module "resource_group_secure_for_cloud_member" {
+  count = local.deploy_same_account ? 0 : 1
   providers = {
     aws = aws.member
   }

examples/organizational/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version               = ">= 4.0.0"

examples/single-account-apprunner/README.md

@@ -64,14 +64,14 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |
 
 ## Modules
 

examples/single-account-apprunner/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     sysdig = {
       source  = "sysdiglabs/sysdig"

examples/single-account-ecs/README.md

@@ -64,14 +64,14 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |
 
 ## Modules
 

examples/single-account-ecs/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     sysdig = {
       source  = "sysdiglabs/sysdig"

examples/single-account-k8s/README.md

@@ -75,7 +75,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.3.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.33 |
@@ -84,9 +84,9 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
-| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | >=2.3.0 |
+| <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | >= 0.5.33 |
 
 ## Modules
 

examples/single-account-k8s/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

examples/trigger-events/README.md

@@ -42,14 +42,14 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

examples/trigger-events/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/cloudtrail/README.md

@@ -5,14 +5,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
 
 ## Modules
 

modules/infrastructure/cloudtrail/main.tf

@@ -18,7 +18,10 @@ resource "aws_cloudtrail" "cloudtrail" {
   tags = var.tags
 
   ## note: seems required to avoid racing conditions (InsufficientSnsTopicPolicyException on cloudtrail creation) /shrug
-  depends_on = [aws_s3_bucket_policy.cloudtrail_s3, aws_sns_topic_policy.allow_cloudtrail_publish]
+  depends_on = [
+    aws_s3_bucket_policy.cloudtrail_s3,
+    aws_sns_topic_policy.allow_cloudtrail_publish
+  ]
 }
 
 data "aws_caller_identity" "me" {}

modules/infrastructure/cloudtrail/sns_permissions.tf

@@ -25,8 +25,10 @@ data "aws_iam_policy_document" "cloudtrail_sns" {
       sid    = "AllowSysdigSecureForCloudSubscribe"
       effect = "Allow"
       principals {
-        identifiers = ["arn:aws:iam::${var.organizational_config.sysdig_secure_for_cloud_member_account_id}:role/${var.organizational_config.organizational_role_per_account}"]
-        type        = "AWS"
+        identifiers = [
+          "arn:aws:iam::${var.organizational_config.sysdig_secure_for_cloud_member_account_id}:role/${var.organizational_config.organizational_role_per_account}"
+        ]
+        type = "AWS"
         #        more open policy but without requiring aws provider role
         #        identifiers = ["sqs.amazonaws.com"]
         #        type        = "Service"

modules/infrastructure/cloudtrail/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 4.0.0"

modules/infrastructure/cloudtrail_s3-sns-sqs/README.md

@@ -39,14 +39,14 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/cloudtrail_s3-sns-sqs/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/codebuild/README.md

@@ -5,14 +5,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/codebuild/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/ecs-vpc/README.md

@@ -6,14 +6,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/ecs-vpc/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/eks/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/permissions/cloud-connector/README.md

@@ -5,14 +5,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-connector/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/permissions/cloud-scanning/README.md

@@ -5,14 +5,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-scanning/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/permissions/general/README.md

@@ -8,14 +8,14 @@ General permissions that apply to both cloud-connector and cloud-scanning module
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/permissions/general/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"

modules/infrastructure/permissions/iam-user/README.md

@@ -38,14 +38,14 @@ Note: Contact us if this authentication system does not match your requirement.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
 
 ## Modules
 

modules/infrastructure/permissions/iam-user/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.15.0"
+  required_version = ">= 1.0.0"
   required_providers {
     aws = {
       version = ">= 3.50.0"