diff --git a/tag-shared-vpc-resources/README.md b/tag-shared-vpc-resources/README.md
index 7a73dd3..44774be 100644
--- a/tag-shared-vpc-resources/README.md
+++ b/tag-shared-vpc-resources/README.md
@@ -38,9 +38,28 @@ to apply tags on the local network ACLs. There are enhancements issues for this
# Usage
```hcl
+# use of `tf-control` wrappers sets this value to your Linux username $USER
+variable "os_username" {
+ type = string
+ default = null
+}
+
+provider "aws" {
+ alias = "network_account"
+ region = var.region
+ profile = var.profile
+ assume_role {
+ role_arn = "arn:aws-us-gov:iam::057405694017:role/r-inf-tf-remote-shared-vpc"
+ session_name = var.os_username
+ }
+}
+
module "tag_shared" {
source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//tag-shared-vpc-resources?ref=tf-upgrade"
- network_account_profile = "057445207498-ent-gov-network-sa"
+ providers {
+ aws = aws
+ aws.network_account = aws.network_account
+ }
## optional, with defaults
### tag_enabled_vpcs = true
@@ -62,7 +81,9 @@ indicating the AWS CLI has been run to obtain the data, and the second to tag th
You need to have these AWS CLI IAM profiles and accounts available:
* AWS Profile for account where VPC resources are shared (primarily the ability to tag resoruces)
-* AWS Profile for account from which VPC resoruces are shared (read access to specific VPC resouces, `ec2:Describe*`)
+* The ability from your current profile to assume the role `r-inf-tf-remote-shared-vpc` in the Network account (this would be a different
+account for SA, Lab, or EW; that will be updated once such stuff is available). A provider alias will be defined as shown
+in the example (though the role ARN may differ in partition or account).
## Application Requirements
@@ -70,10 +91,7 @@ This requires the `aws` CLI v2.
## Input Variables
-* network\_account\_profile
-
-Use the appropriate source account where the VPC resource were shared as the `network_account_profile` input variable.
-The Account ID is obtained from that remote account.
+* tag\_enbled\_*
## Output Variables
@@ -124,7 +142,7 @@ COMMAND tf-directory-setup.py -l s3
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 0.13 |
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [aws](#requirement\_aws) | >= 3.66.0 |
| [ldap](#requirement\_ldap) | >= 0.5.4 |
| [local](#requirement\_local) | >= 1.0.0 |
@@ -181,7 +199,6 @@ No modules.
| [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
| [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
-| [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
| [tag\_enabled\_dhcp\_options](#input\_tag\_enabled\_dhcp\_options) | Flag to tag or not tag shared VPC DHCP option sets | `bool` | `true` | no |
| [tag\_enabled\_network\_acls](#input\_tag\_enabled\_network\_acls) | Flag to tag or not tag shared Network ACLs | `bool` | `true` | no |
diff --git a/tag-shared-vpc-resources/main.tf b/tag-shared-vpc-resources/main.tf
index 47f0f1a..ce9d253 100644
--- a/tag-shared-vpc-resources/main.tf
+++ b/tag-shared-vpc-resources/main.tf
@@ -39,9 +39,28 @@
* # Usage
*
* ```hcl
+* # use of `tf-control` wrappers sets this value to your Linux username $USER
+* variable "os_username" {
+* type = string
+* default = null
+* }
+*
+* provider "aws" {
+* alias = "network_account"
+* region = var.region
+* profile = var.profile
+* assume_role {
+* role_arn = "arn:aws-us-gov:iam::057405694017:role/r-inf-tf-remote-shared-vpc"
+* session_name = var.os_username
+* }
+* }
+*
* module "tag_shared" {
* source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//tag-shared-vpc-resources?ref=tf-upgrade"
-* network_account_profile = "057445207498-ent-gov-network-sa"
+* providers {
+* aws = aws
+* aws.network_account = aws.network_account
+* }
*
* ## optional, with defaults
* ### tag_enabled_vpcs = true
@@ -63,7 +82,9 @@
* You need to have these AWS CLI IAM profiles and accounts available:
*
* * AWS Profile for account where VPC resources are shared (primarily the ability to tag resoruces)
-* * AWS Profile for account from which VPC resoruces are shared (read access to specific VPC resouces, `ec2:Describe*`)
+* * The ability from your current profile to assume the role `r-inf-tf-remote-shared-vpc` in the Network account (this would be a different
+* account for SA, Lab, or EW; that will be updated once such stuff is available). A provider alias will be defined as shown
+* in the example (though the role ARN may differ in partition or account).
*
* ## Application Requirements
*
@@ -71,10 +92,7 @@
*
* ## Input Variables
*
-* * network_account_profile
-*
-* Use the appropriate source account where the VPC resource were shared as the `network_account_profile` input variable.
-* The Account ID is obtained from that remote account.
+* * tag_enbled_*
*
* ## Output Variables
*
diff --git a/tag-shared-vpc-resources/network_account.credentials.tf b/tag-shared-vpc-resources/network_account.credentials.tf.off
similarity index 100%
rename from tag-shared-vpc-resources/network_account.credentials.tf
rename to tag-shared-vpc-resources/network_account.credentials.tf.off
diff --git a/tag-shared-vpc-resources/variables.auto.tfvars.example b/tag-shared-vpc-resources/variables.auto.tfvars.example
index 5fc075e..24d0053 100644
--- a/tag-shared-vpc-resources/variables.auto.tfvars.example
+++ b/tag-shared-vpc-resources/variables.auto.tfvars.example
@@ -1,2 +1,2 @@
-# network_account_profile = "057405694017-ent-gov-network-prod"
-network_account_profile = "057445207498-ent-gov-network-sa"
+# network_account_profile = "057405694017-ent-gov-network-prod"
+# network_account_profile = "057445207498-ent-gov-network-sa"
diff --git a/tag-shared-vpc-resources/variables.tf b/tag-shared-vpc-resources/variables.tf
index 58a8722..b6bfe90 100644
--- a/tag-shared-vpc-resources/variables.tf
+++ b/tag-shared-vpc-resources/variables.tf
@@ -1,7 +1,7 @@
-variable "network_account_profile" {
- description = "AWS profile of the source account sharing the VPC resources"
- type = string
-}
+## variable "network_account_profile" {
+## description = "AWS profile of the source account sharing the VPC resources"
+## type = string
+## }
variable "tag_enabled_vpcs" {
description = "Flag to tag or not tag shared VPCs"
diff --git a/tag-shared-vpc-resources/versions.tf b/tag-shared-vpc-resources/versions.tf
deleted file mode 120000
index a76a35d..0000000
--- a/tag-shared-vpc-resources/versions.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common//versions.tf
\ No newline at end of file
diff --git a/tag-shared-vpc-resources/versions.tf b/tag-shared-vpc-resources/versions.tf
new file mode 100644
index 0000000..907372c
--- /dev/null
+++ b/tag-shared-vpc-resources/versions.tf
@@ -0,0 +1,31 @@
+terraform {
+ # experiments = [module_variable_optional_attrs]
+ required_version = ">= 1.0.0"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 3.66.0"
+ configuration_aliases = [aws.network_account]
+ }
+ null = {
+ source = "hashicorp/null"
+ version = ">= 3.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.0"
+ }
+ template = {
+ source = "hashicorp/template"
+ version = ">= 2.0"
+ }
+ ldap = {
+ source = "trevex/ldap"
+ version = ">= 0.5.4"
+ }
+ local = {
+ source = "hashicorp/local"
+ version = ">= 1.0.0"
+ }
+ }
+}