From 06b4693f0709eb0ac52534ca7cb4212a013dd635 Mon Sep 17 00:00:00 2001
From: Choi Yunho <cyunho62100@dgu.ac.kr>
Date: Tue, 29 Jul 2025 16:33:45 +0900
Subject: [PATCH 1/2] =?UTF-8?q?variables=20=EB=B0=A9=EC=8B=9D=20=EB=B3=80?=
 =?UTF-8?q?=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/cd.yml                              |  3 +++
 .gitignore                                            |  2 +-
 .../inspector-delegation/organizations/main.tf        | 11 +----------
 .../inspector-delegation/organizations/variables.tf   |  5 +++++
 .../runtime-verification/inspector/main.tf            | 10 +---------
 .../runtime-verification/inspector/variables.tf       |  5 +++++
 6 files changed, 16 insertions(+), 20 deletions(-)
 create mode 100644 management-team-account/inspector-delegation/organizations/variables.tf
 create mode 100644 operation-team-account/runtime-verification/inspector/variables.tf

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 7d5d252c..d79262b9 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -109,3 +109,6 @@ jobs:
         env:
           TF_VAR_slack_webhook_url: ${{ secrets.TF_VAR_slack_webhook_url }}
           TF_VAR_allowed_source_ips: ${{ secrets.TF_VAR_allowed_source_ips }}
+          TF_VAR_operation_account_id: ${{ secrets.TF_VAR_operation_account_id }}
+          TF_VAR_prod_account_id: ${{ secrets.TF_VAR_prod_account_id }}
+          
diff --git a/.gitignore b/.gitignore
index 08d00230..5e1575d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,4 +28,4 @@ ehthumbs.db             # Windows
 .vscode/
 
 # OpenSearch alert 생성 시 생기는 임시 파일
-modules/opensearch/slack_response.json
\ No newline at end of file
+modules/opensearch/slack_response.json
diff --git a/management-team-account/inspector-delegation/organizations/main.tf b/management-team-account/inspector-delegation/organizations/main.tf
index 3f02a968..6ff7604e 100644
--- a/management-team-account/inspector-delegation/organizations/main.tf
+++ b/management-team-account/inspector-delegation/organizations/main.tf
@@ -12,15 +12,6 @@ provider "aws" {
   region = "ap-northeast-2"
 }
 
-provider "aws" {
-  alias  = "operation"
-  region = "ap-northeast-2"
-}
-
-data "aws_caller_identity" "operation" {
-  provider = aws.operation
-}
-
 resource "aws_inspector2_delegated_admin_account" "this" {
-  account_id = data.aws_caller_identity.operation.account_id
+  account_id = var.operation_account_id
 }
\ No newline at end of file
diff --git a/management-team-account/inspector-delegation/organizations/variables.tf b/management-team-account/inspector-delegation/organizations/variables.tf
new file mode 100644
index 00000000..d3383873
--- /dev/null
+++ b/management-team-account/inspector-delegation/organizations/variables.tf
@@ -0,0 +1,5 @@
+variable "operation_account_id" {
+  description = "operation account"
+  type        = string
+  sensitive   = true
+}
diff --git a/operation-team-account/runtime-verification/inspector/main.tf b/operation-team-account/runtime-verification/inspector/main.tf
index cb6f1ffa..c63f46b6 100644
--- a/operation-team-account/runtime-verification/inspector/main.tf
+++ b/operation-team-account/runtime-verification/inspector/main.tf
@@ -12,14 +12,6 @@ provider "aws" {
   region = "ap-northeast-2"
 }
 
-provider "aws" {
-  alias  = "prod"
-  region = "ap-northeast-2"
-}
-
-data "aws_caller_identity" "prod" {
-  provider = aws.prod
-}
 
 data "aws_caller_identity" "current" {}
 
@@ -29,5 +21,5 @@ resource "aws_inspector2_enabler" "this" {
 }
 
 resource "aws_inspector2_delegated_admin_account" "prod_account" {
-  account_id = data.aws_caller_identity.prod.account_id
+  account_id = var.prod_account_id
 }
\ No newline at end of file
diff --git a/operation-team-account/runtime-verification/inspector/variables.tf b/operation-team-account/runtime-verification/inspector/variables.tf
new file mode 100644
index 00000000..19152677
--- /dev/null
+++ b/operation-team-account/runtime-verification/inspector/variables.tf
@@ -0,0 +1,5 @@
+variable "prod_account_id" {
+  description = "prod account"
+  type        = string
+  sensitive   = true
+}

From 2dbd028e1bacbc6aa2669d21fae2021c103f585b Mon Sep 17 00:00:00 2001
From: Choi Yunho <cyunho62100@dgu.ac.kr>
Date: Tue, 29 Jul 2025 16:44:00 +0900
Subject: [PATCH 2/2] refactor CI.yml

---
 .github/workflows/CI.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 2f807e1a..10ec87b2 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -91,6 +91,8 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       INFRACOST_TERRAFORM_CLI_WRAPPER: false
       TF_VAR_slack_webhook_url: ${{ secrets.TF_VAR_slack_webhook_url }}
+      TF_VAR_operation_account_id: ${{ secrets.TF_VAR_operation_account_id }}
+      TF_VAR_prod_account_id: ${{ secrets.TF_VAR_prod_account_id }}
 
     steps:
       - name: Checkout Code