aws-ia
diff --git a/‎CODEOWNERS‎
Lines changed: 1 addition & 1 deletion b/‎CODEOWNERS‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 4 additions & 0 deletions b/‎README.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 11 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎VERSION‎
Lines changed: 1 addition & 1 deletion b/‎VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎locals.tf‎
Lines changed: 1 addition & 0 deletions b/‎locals.tf‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎main.tf‎
Lines changed: 8 additions & 7 deletions b/‎main.tf‎
Lines changed: 8 additions & 7 deletions
@@ -1 +1 @@
-@balltrev @adam-daily @hanafya @tonynv @andrew-glenn @stumins @snebhu3 @aws-ia/aws-ia
+* @ouyanguf @wiltangg @aviwshah @harrisonhku @JamesActually @dashbat @dhingraa-github @sk-at-amazon @aspiratr-aws
@@ -109,6 +109,8 @@ As of version 1.6.0, AFT collects anonymous operational metrics to help AWS impr
 | <a name="input_account_request_repo_branch"></a> [account\_request\_repo\_branch](#input\_account\_request\_repo\_branch) | Branch to source account request repo from | `string` | `"main"` | no |
 | <a name="input_account_request_repo_name"></a> [account\_request\_repo\_name](#input\_account\_request\_repo\_name) | Repository name for the account request files. For non-CodeCommit repos, name should be in the format of Org/Repo | `string` | `"aft-account-request"` | no |
 | <a name="input_aft_backend_bucket_access_logs_object_expiration_days"></a> [aft\_backend\_bucket\_access\_logs\_object\_expiration\_days](#input\_aft\_backend\_bucket\_access\_logs\_object\_expiration\_days) | Amount of days to keep the objects stored in the access logs bucket for AFT backend buckets | `number` | `365` | no |
+| <a name="input_aft_customer_private_subnets"></a> [aft\_customer\_private\_subnets](#input\_aft\_customer\_private\_subnets) | A list of private subnets to deploy AFT resources in, if customer is providing an existing VPC. Only supported for new deployments. | `list(string)` | `[]` | no |
+| <a name="input_aft_customer_vpc_id"></a> [aft\_customer\_vpc\_id](#input\_aft\_customer\_vpc\_id) | The VPC ID to deploy AFT resources in, if customer is providing an existing VPC. Only supported for new deployments. | `string` | `null` | no |
 | <a name="input_aft_enable_vpc"></a> [aft\_enable\_vpc](#input\_aft\_enable\_vpc) | Flag turning use of VPC on/off for AFT | `bool` | `true` | no |
 | <a name="input_aft_feature_cloudtrail_data_events"></a> [aft\_feature\_cloudtrail\_data\_events](#input\_aft\_feature\_cloudtrail\_data\_events) | Feature flag toggling CloudTrail data events on/off | `bool` | `false` | no |
 | <a name="input_aft_feature_delete_default_vpcs_enabled"></a> [aft\_feature\_delete\_default\_vpcs\_enabled](#input\_aft\_feature\_delete\_default\_vpcs\_enabled) | Feature flag toggling deletion of default VPCs on/off | `bool` | `false` | no |
@@ -137,9 +139,11 @@ As of version 1.6.0, AFT collects anonymous operational metrics to help AWS impr
 | <a name="input_log_archive_account_id"></a> [log\_archive\_account\_id](#input\_log\_archive\_account\_id) | Log Archive Account Id | `string` | n/a | yes |
 | <a name="input_log_archive_bucket_object_expiration_days"></a> [log\_archive\_bucket\_object\_expiration\_days](#input\_log\_archive\_bucket\_object\_expiration\_days) | Amount of days to keep the objects stored in the AFT logging bucket | `number` | `365` | no |
 | <a name="input_maximum_concurrent_customizations"></a> [maximum\_concurrent\_customizations](#input\_maximum\_concurrent\_customizations) | Maximum number of customizations/pipelines to run at once | `number` | `5` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to apply to resources deployed by AFT. | `map(any)` | `null` | no |
 | <a name="input_terraform_api_endpoint"></a> [terraform\_api\_endpoint](#input\_terraform\_api\_endpoint) | API Endpoint for Terraform. Must be in the format of https://xxx.xxx. | `string` | `"https://app.terraform.io/api/v2/"` | no |
 | <a name="input_terraform_distribution"></a> [terraform\_distribution](#input\_terraform\_distribution) | Terraform distribution being used for AFT - valid values are oss, tfc, or tfe | `string` | `"oss"` | no |
 | <a name="input_terraform_org_name"></a> [terraform\_org\_name](#input\_terraform\_org\_name) | Organization name for Terraform Cloud or Enterprise | `string` | `"null"` | no |
+| <a name="input_terraform_project_name"></a> [terraform\_project\_name](#input\_terraform\_project\_name) | Project name for Terraform Cloud or Enterprise - project must exist before deployment | `string` | `"Default Project"` | no |
 | <a name="input_terraform_token"></a> [terraform\_token](#input\_terraform\_token) | Terraform token for Cloud or Enterprise | `string` | `"null"` | no |
 | <a name="input_terraform_version"></a> [terraform\_version](#input\_terraform\_version) | Terraform version being used for AFT | `string` | `"1.6.0"` | no |
 | <a name="input_tf_backend_secondary_region"></a> [tf\_backend\_secondary\_region](#input\_tf\_backend\_secondary\_region) | AFT creates a backend for state tracking for its own state as well as OSS cases. The backend's primary region is the same as the AFT region, but this defines the secondary region to replicate to. | `string` | `""` | no |
 
@@ -0,0 +1,11 @@
+## Reporting Security Issues
+
+Amazon Web Services (AWS) is dedicated to the responsible disclosure of security vulnerabilities.  
+  
+We kindly ask that you **do not** open a public GitHub issue to report security concerns.  
+  
+Instead, please submit the issue to the AWS Vulnerability Disclosure Program via [HackerOne](https://hackerone.com/aws_vdp) or send your report via [email](mailto:[email protected]).  
+  
+For more details, visit the [AWS Vulnerability Reporting Page](http://aws.amazon.com/security/vulnerability-reporting/).  
+
+Thank you in advance for collaborating with us to help protect our customers.
@@ -1 +1 @@
-1.13.5
+1.14.0
@@ -25,6 +25,7 @@ locals {
   delete_default_vpc_lambda_function_name          = "aft-delete-default-vpc"
   enroll_support_lambda_function_name              = "aft-enroll-support"
   enable_cloudtrail_lambda_function_name           = "aft-enable-cloudtrail"
+  aft_tags                                         = merge(var.tags, { managed_by = "AFT" })
   ssm_paths = {
     aft_tf_aws_customizations_module_url_ssm_path     = "/aft/config/aft-pipeline-code-source/repo-url"
     aft_tf_aws_customizations_module_git_ref_ssm_path = "/aft/config/aft-pipeline-code-source/repo-git-ref"
 
@@ -18,7 +18,7 @@ module "aft_account_provisioning_framework" {
   aft_failure_sns_topic_arn                        = module.aft_account_request_framework.aft_failure_sns_topic_arn
   aft_common_layer_arn                             = module.aft_lambda_layer.layer_version_arn
   aft_kms_key_arn                                  = module.aft_account_request_framework.aft_kms_key_arn
-  aft_enable_vpc                                   = var.aft_enable_vpc
+  aft_enable_vpc                                   = module.aft_account_request_framework.vpc_deployment
   aft_vpc_private_subnets                          = module.aft_account_request_framework.aft_vpc_private_subnets
   aft_vpc_default_sg                               = module.aft_account_request_framework.aft_vpc_default_sg
   cloudwatch_log_group_retention                   = var.cloudwatch_log_group_retention
@@ -56,10 +56,10 @@ module "aft_account_request_framework" {
   request_framework_archive_hash              = module.packaging.request_framework_archive_hash
   lambda_runtime_python_version               = local.lambda_runtime_python_version
   backup_recovery_point_retention             = var.backup_recovery_point_retention
+  aft_customer_vpc_id                         = var.aft_customer_vpc_id
+  aft_customer_private_subnets                = var.aft_customer_private_subnets
 }
 
-
-
 module "aft_backend" {
   providers = {
     aws.primary_region   = aws.aft_management
@@ -101,7 +101,7 @@ module "aft_code_repositories" {
   global_customizations_repo_branch               = var.global_customizations_repo_branch
   log_group_retention                             = var.cloudwatch_log_group_retention
   global_codebuild_timeout                        = var.global_codebuild_timeout
-  aft_enable_vpc                                  = var.aft_enable_vpc
+  aft_enable_vpc                                  = module.aft_account_request_framework.vpc_deployment
 }
 
 module "aft_customizations" {
@@ -137,7 +137,7 @@ module "aft_customizations" {
   customizations_archive_hash                       = module.packaging.customizations_archive_hash
   global_codebuild_timeout                          = var.global_codebuild_timeout
   lambda_runtime_python_version                     = local.lambda_runtime_python_version
-  aft_enable_vpc                                    = var.aft_enable_vpc
+  aft_enable_vpc                                    = module.aft_account_request_framework.vpc_deployment
 }
 
 module "aft_feature_options" {
@@ -167,7 +167,7 @@ module "aft_feature_options" {
   enroll_support_lambda_function_name       = local.enroll_support_lambda_function_name
   enable_cloudtrail_lambda_function_name    = local.enable_cloudtrail_lambda_function_name
   lambda_runtime_python_version             = local.lambda_runtime_python_version
-  aft_enable_vpc                            = var.aft_enable_vpc
+  aft_enable_vpc                            = module.aft_account_request_framework.vpc_deployment
 }
 
 module "aft_iam_roles" {
@@ -201,7 +201,7 @@ module "aft_lambda_layer" {
   builder_archive_path                              = module.packaging.builder_archive_path
   builder_archive_hash                              = module.packaging.builder_archive_hash
   cloudwatch_log_group_retention                    = var.cloudwatch_log_group_retention
-  aft_enable_vpc                                    = var.aft_enable_vpc
+  aft_enable_vpc                                    = module.aft_account_request_framework.vpc_deployment
 }
 
 module "aft_ssm_parameters" {
@@ -259,6 +259,7 @@ module "aft_ssm_parameters" {
   terraform_token                                             = var.terraform_token # Null default value #tfsec:ignore:general-secrets-no-plaintext-exposure
   terraform_version                                           = var.terraform_version
   terraform_org_name                                          = var.terraform_org_name
+  terraform_project_name                                      = var.terraform_project_name
   aft_feature_cloudtrail_data_events                          = var.aft_feature_cloudtrail_data_events
   aft_feature_enterprise_support                              = var.aft_feature_enterprise_support
   aft_feature_delete_default_vpcs_enabled                     = var.aft_feature_delete_default_vpcs_enabled
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-@balltrev @adam-daily @hanafya @tonynv @andrew-glenn @stumins @snebhu3 @aws-ia/aws-ia`
	`1`	`+* @ouyanguf @wiltangg @aviwshah @harrisonhku @JamesActually @dashbat @dhingraa-github @sk-at-amazon @aspiratr-aws`