## Description This reference architecture gives you a way to use multiple accounts like `dev`, `staging` and `prod` in the same architecture. This allows you specify at the architecture level but also at the configuration level which credentials you use for which account and how to scope the resources by their own account. The Terraform code will be generated to reflect this scenario. > `You need to change the credentials or add yours for this architecture to work with your accounts.` ## Architecture components ### Accounts The accounts resources allows you to specify which account is used with which email and role name. ### Resources Cloud resources like VPC, subnet and instances. They are put into the right account by just specifying the name of the account in the region component that contains these resources. ### Configuration The Terraform and provider configuration to specify the assume role for every account. This configuration is visible in the file `providers.tf` ``` provider "aws" { assume_role { role_arn = "arn:aws:iam::${aws_organizations_account.prod.id}:role/admin" } alias = "prod" region = "us-east-2" } ``` ## How to use the architecture Go to the templates and clone the architecture. Modify the fowllowing variables according to your needs: **N.B:** Feel free to remove some resources if they are relevant to your use-case. The main purpose of this architecture is to depict how multi-account works in Brainboard. | Variable | Description | | --- | --- | | cidr_block | The CIDR block of the VPC | | az1 | The name of 1st availability zone | | az2 | The name of 2nd availability zone | | instance_size | Sepcify the size of the EC2 instance | | default_ami | The default Ubuntu AMI in Ohio region | | tags | Specify the tags you want to add to all resources | # Maintainer(s) You can reach out to these maintainers if you need help or assistance: - [Brainboard cloud team](mailto:support@brainboard.co)