TEXAS A&M UNIVERSITY
it-cloud-account-hub
Audience: Platform Engineers and Cloud Operations.
Purpose: Understand the account hub repository structure and workflow.
Overview
The it-cloud-account-hub repository houses:
- Account definition files generated by ServiceNow
- Terraform code for creating accounts in AWS, Azure, GCP, and Kion
Repository Structure
it-cloud-account-hub/
├── accounts/
│ └── aws/
│ └── definitions/
│ ├── account1.json
│ ├── account2.json
│ └── ...
├── main.tf
├── account.tf
└── ...
Definitions
When ServiceNow receives a new account request, the GitHub Spoke creates a JSON definition file:
Definition File Location
accounts/aws/definitions/<account-name>.json
Definition File Structure
{
"business_unit": "department-name",
"resource_name": "project-name",
"data_classification": "public|confidential",
"owners": ["netid1@tamu.edu", "netid2@tamu.edu"],
"expenditure": 1000,
"famis_code": "02-123456"
}
Terraform Workflow
main.tf — Account Map
Creates a map-type object from all JSON definition files:
locals {
account_definitions = {
for f in fileset("${path.module}/accounts/aws/definitions", "*.json") :
trimsuffix(f, ".json") => jsondecode(file("${path.module}/accounts/aws/definitions/${f}"))
}
}
account.tf — Module Calls
AWS Account Module
Uses for_each to iterate over the account map:
module "aws_account" {
for_each = local.account_definitions
source = "github.com/tamu-edu/it-ae-tfmod-aws-account"
account_name = each.key
data_classification = each.value.data_classification
owners = each.value.owners
# ... additional variables
}
Kion Module
Takes outputs from the AWS module and creates Kion resources:
module "kion" {
for_each = local.account_definitions
source = "github.com/tamu-edu/it-ae-tfmod-kion-account"
is_aws = true
account_number = module.aws_account[each.key].account_id
account_name = each.key
expenditure = each.value.expenditure
# ... additional variables
}
Workflow Diagram
Related Documentation
| Module | Purpose |
|---|---|
| AWS Module | Creates AWS Organizations account and Azure AD group |
| Kion Module | Creates Kion user group, project, and CAR |