use sequential var to order accounts

Author: jakebark

README.md

@@ -60,6 +60,8 @@ module "pipeline" {
     "workload2" = "223344556677"
     "workload3" = "334455667788"
   }
+  # Optional: For sequential deployment in specific order
+  # sequential = ["workload1", "workload2", "workload3"]
 }
 ```
 
@@ -69,15 +71,31 @@ module "pipeline" {
 
 `accounts` is a map of the target AWS accounts. 
 
-`connection` is the connection arn of the [connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome-connections.html) to the third-party repo. 
+`connection` is the connection arn of the [connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome-connections.html) to the third-party repo.
+
+### Sequential Deployment
+By default, the pipeline deploys terraform to AWS accounts in parallel. To deploy terraform sequentially (Eg dev -> test -> prod), use the `sequential` input:
+
+```hcl
+module "pipeline" {
+  ... 
+  accounts   = {
+    "dev"  = "112233445566"
+    "test" = "223344556677"
+    "prod" = "334455667788"
+  }
+  sequential = ["dev", "test", "prod"]
+}
+```
+
+`sequential` is an ordered list of the AWS accounts in `accounts`. 
 
 ### Optional Inputs
 
 ```hcl
 module "pipeline" {
   ...
   branch                = "main"
-  deployment_type       = "parallel"
   mode                  = "SUPERSEDED"
   detect_changes        = false
   kms_key               = aws_kms_key.this.arn

codepipeline.tf

@@ -50,11 +50,11 @@ resource "aws_codepipeline" "this" {
     }
   }
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? [] : ["plan"]
+    for_each = local.is_sequential ? [] : ["plan"]
     content {
       name = "Plan"
       dynamic "action" {
-        for_each = var.accounts
+        for_each = local.ordered_accounts
         content {
           name            = action.key
           category        = "Build"
@@ -104,11 +104,11 @@ resource "aws_codepipeline" "this" {
   }
 
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? [] : ["apply"]
+    for_each = local.is_sequential ? [] : ["apply"]
     content {
       name = "Apply"
       dynamic "action" {
-        for_each = var.accounts
+        for_each = local.ordered_accounts
         content {
           name            = action.key
           category        = "Build"
@@ -147,7 +147,7 @@ resource "aws_codepipeline" "this" {
   }
 
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? var.accounts : {}
+    for_each = local.is_sequential ? local.ordered_accounts : {}
     content {
       name = stage.key
 

locals.tf

@@ -12,6 +12,11 @@ locals {
     tags = "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
   })
 
+  is_sequential = var.sequential != []
+  ordered_accounts = local.is_sequential ? {
+    for name in var.sequential : name => var.accounts[name]
+  } : var.accounts
+
   env_var = {
     CHECKOV_SKIPS       = join(",", "${var.checkov_skip}")
     CHECKOV_VERSION     = var.checkov_version

variables.tf

@@ -74,16 +74,6 @@ variable "codebuild_policy" {
   default     = null
 }
 
-variable "deployment_type" {
-  description = "deployment type, parallel or sequential"
-  type        = string
-  default     = "parallel"
-  validation {
-    condition     = contains(["parallel", "sequential"], var.deployment_type)
-    error_message = "The pipeline mode must be 'parallel' or 'sequential'"
-  }
-}
-
 variable "detect_changes" {
   description = "allows third-party servicesm like GitHub to invoke the pipeline"
   type        = bool
@@ -126,6 +116,12 @@ variable "notifications" {
   default = null
 }
 
+variable "sequential" {
+  description = "list of account names in sequential deployment order"
+  type        = list(string)
+  default     = []
+}
+
 variable "tags" {
   description = "tags to check for"
   type        = string