README.md

terraform-aws-org-new-account-delete-default-vpcs

A Terraform module to delete the default VPCs in all regions when new AWS accounts are added or invited to an AWS Organization.

The Lambda function is triggered for the account by an Event Rule that matches the CreateAccountResult or InviteAccountToOrganization events. The function then describes the available regions, and deletes all resources associated with the default VPC in every region for that account.

Requirements

Name	Version
terraform	>= 1.3
aws	>= 4.9

Providers

Name	Version
aws	>= 4.9

Resources

Name	Type
aws_iam_policy_document.lambda	data source
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
project_name	Project name to prefix resources with	string	n/a	yes
assume_role_name	Name of the IAM role that the lambda will assume in the target account	string	"OrganizationAccountAccessRole"	no
dry_run	Boolean toggle to control the dry-run mode of the lambda function	bool	true	no
event_bus_name	Event bus name to create event rules in	string	"default"	no
event_types	Event types that will trigger this lambda	set(string)	[ "CreateAccountResult", "InviteAccountToOrganization" ]	no
lambda	Object of optional attributes passed on to the lambda module	object({ artifacts_dir = optional(string, "builds") build_in_docker = optional(bool, false) create_package = optional(bool, true) ephemeral_storage_size = optional(number) ignore_source_code_hash = optional(bool, true) local_existing_package = optional(string) memory_size = optional(number, 128) recreate_missing_package = optional(bool, false) runtime = optional(string, "python3.8") s3_bucket = optional(string) s3_existing_package = optional(map(string)) s3_prefix = optional(string) store_on_s3 = optional(bool, false) timeout = optional(number, 300) })	{}	no
log_level	Log level for lambda	string	"INFO"	no
max_workers	Number of worker threads to use to process delete	number	20	no
tags	Tags for resource	map(string)	{}	no

Outputs

No outputs.