cloudposse · cloudpossebot · Feb 24, 2026 · Feb 24, 2026
diff --git a/examples/snippets/.claude/skills/developing-components/SKILL.md b/examples/snippets/.claude/skills/developing-components/SKILL.md
@@ -194,7 +194,7 @@ components:
 
 Stack files in `stacks/orgs/acme/` mirror the AWS account structure:
 
-- `orgs/acme/core/` - Core accounts (root, audit, security, identity, network, dns, auto, artifacts)
+- `orgs/acme/core/` - Core accounts (root, audit, security, network, auto, artifacts)
 - `orgs/acme/plat/` - Platform accounts (sandbox, dev, staging, prod)
 
 Within each stage, organized by region:

diff --git a/examples/snippets/.claude/skills/developing-stacks/SKILL.md b/examples/snippets/.claude/skills/developing-stacks/SKILL.md
@@ -30,8 +30,7 @@ stacks/
 │   │   ├── auto/                     # Automation account
 │   │   ├── artifacts/                # Artifacts account (ECR, S3)
 │   │   ├── audit/                    # Audit/logging account
-│   │   ├── dns/                      # DNS account
-│   │   ├── network/                  # Network account (TGW, VPN)
+│   │   ├── network/                  # Network account (TGW, VPN, DNS)
 │   │   └── security/                 # Security account
 │   └── plat/                         # Platform tenant (workloads)
 │       ├── _defaults.yaml            # Tenant defaults (tenant: plat)

diff --git a/examples/snippets/CLAUDE.md b/examples/snippets/CLAUDE.md
@@ -1,8 +1,8 @@
 # CLAUDE.md
 
 AWS infrastructure repository using Cloud Posse reference architecture with Atmos and OpenTofu. Manages multiple AWS
-accounts across core (root, audit, security, identity, network, dns, auto, artifacts) and platform (sandbox, dev,
-staging, prod) tenants.
+accounts across core (root, audit, security, network, auto, artifacts) and platform (sandbox, dev, staging, prod)
+tenants.
 
 ## Commands
 

diff --git a/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml b/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml
@@ -17,7 +17,7 @@
 #   - deploy/tfstate: Deploy Terraform state backend
 #   - deploy/organization: Create AWS Organization
 #   - deploy/accounts: Provision AWS accounts
-#   - deploy/account-settings: Configure account settings
+#   - deploy/aws-account-settings: Configure account settings
 #   - deploy/cloudtrail: Enable CloudTrail logging
 #   - deploy/ecr: Deploy ECR registry
 #
@@ -29,17 +29,24 @@ workflows:
       - command: workflow init/tfstate -f quickstart/foundation/accounts
       - command: workflow deploy/tfstate -f quickstart/foundation/accounts
       - command: workflow deploy/organization -f quickstart/foundation/accounts
+      - command: workflow deploy/organizational-units -f quickstart/foundation/accounts
       - command: workflow deploy/accounts -f quickstart/foundation/accounts
-      - command: workflow deploy/account-settings -f quickstart/foundation/accounts
+      - command: workflow deploy/scps -f quickstart/foundation/accounts
+      - command: workflow deploy/aws-account-settings -f quickstart/foundation/accounts
+      - command: workflow deploy/budgets -f quickstart/foundation/accounts
       - command: workflow deploy/cloudtrail -f quickstart/foundation/accounts
       - command: workflow deploy/ecr -f quickstart/foundation/accounts
 
   vendor:
     description: Vendor accounts layer components.
     steps:
-      - command: vendor pull --component account
+      - command: vendor pull --component aws-organization
+      - command: vendor pull --component aws-organizational-unit
+      - command: vendor pull --component aws-account
+      - command: vendor pull --component aws-scp
+      - command: vendor pull --component aws-budget
       - command: vendor pull --component account-quotas
-      - command: vendor pull --component account-settings
+      - command: vendor pull --component aws-account-settings
       - command: vendor pull --component cloudtrail
       - command: vendor pull --component cloudtrail-bucket
       - command: vendor pull --component ecr
@@ -62,29 +69,61 @@ workflows:
     description: |
       Deploy the AWS Organization. This is required before finishing the root account requirements.
     steps:
-      - command: terraform deploy account -target="aws_organizations_organization.this[0]" -s core-gbl-root
+      - command: terraform deploy aws-organization -s core-gbl-root
       - command: aws ram enable-sharing-with-aws-organization
         type: shell
 
+  deploy/organizational-units:
+    description: Deploy Organizational Units
+    steps:
+      - command: terraform deploy aws-organizational-unit/core -s core-gbl-root
+      - command: terraform deploy aws-organizational-unit/plat -s core-gbl-root
+
   deploy/accounts:
     description: Deploys all AWS Organization accounts
     steps:
-      - command: terraform apply account -s core-gbl-root
+      - command: terraform deploy aws-account/core-artifacts -s core-gbl-root
+      - command: terraform deploy aws-account/core-audit -s core-gbl-root
+      - command: terraform deploy aws-account/core-auto -s core-gbl-root
+      - command: terraform deploy aws-account/core-network -s core-gbl-root
+      - command: terraform deploy aws-account/core-security -s core-gbl-root
+      - command: terraform deploy aws-account/plat-dev -s core-gbl-root
+      - command: terraform deploy aws-account/plat-sandbox -s core-gbl-root
+      - command: terraform deploy aws-account/plat-staging -s core-gbl-root
+      - command: terraform deploy aws-account/plat-prod -s core-gbl-root
+
+  deploy/scps:
+    description: Deploy Service Control Policies
+    steps:
+      - command: terraform deploy aws-scp/deny-leaving-organization -s core-gbl-root
 
-  deploy/account-settings:
+  deploy/aws-account-settings:
     description: Apply AWS Account settings for best practices.
     steps:
-      - command: terraform deploy account-settings -s core-gbl-artifacts
-      - command: terraform deploy account-settings -s core-gbl-audit
-      - command: terraform deploy account-settings -s core-gbl-auto
-      - command: terraform deploy account-settings -s core-gbl-dns
-      - command: terraform deploy account-settings -s core-gbl-network
-      - command: terraform deploy account-settings -s core-gbl-root
-      - command: terraform deploy account-settings -s core-gbl-security
-      - command: terraform deploy account-settings -s plat-gbl-dev
-      - command: terraform deploy account-settings -s plat-gbl-prod
-      - command: terraform deploy account-settings -s plat-gbl-sandbox
-      - command: terraform deploy account-settings -s plat-gbl-staging
+      - command: terraform deploy aws-account-settings -s core-gbl-artifacts
+      - command: terraform deploy aws-account-settings -s core-gbl-audit
+      - command: terraform deploy aws-account-settings -s core-gbl-auto
+      - command: terraform deploy aws-account-settings -s core-gbl-network
+      - command: terraform deploy aws-account-settings -s core-gbl-root
+      - command: terraform deploy aws-account-settings -s core-gbl-security
+      - command: terraform deploy aws-account-settings -s plat-gbl-dev
+      - command: terraform deploy aws-account-settings -s plat-gbl-prod
+      - command: terraform deploy aws-account-settings -s plat-gbl-sandbox
+      - command: terraform deploy aws-account-settings -s plat-gbl-staging
+
+  deploy/budgets:
+    description: Deploy budgets to all accounts
+    steps:
+      - command: terraform deploy aws-budget -s core-gbl-root
+      - command: terraform deploy aws-budget -s core-gbl-artifacts
+      - command: terraform deploy aws-budget -s core-gbl-audit
+      - command: terraform deploy aws-budget -s core-gbl-auto
+      - command: terraform deploy aws-budget -s core-gbl-network
+      - command: terraform deploy aws-budget -s core-gbl-security
+      - command: terraform deploy aws-budget -s plat-gbl-dev
+      - command: terraform deploy aws-budget -s plat-gbl-sandbox
+      - command: terraform deploy aws-budget -s plat-gbl-staging
+      - command: terraform deploy aws-budget -s plat-gbl-prod
 
   deploy/cloudtrail:
     description: Start AWS Cloudtrail in audit and root accounts to track changes across the org.

diff --git a/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml b/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml
@@ -81,8 +81,6 @@ workflows:
       - command: terraform deploy iam-role/planner -s core-gbl-audit
       - command: terraform deploy iam-role/terraform -s core-gbl-auto
       - command: terraform deploy iam-role/planner -s core-gbl-auto
-      - command: terraform deploy iam-role/terraform -s core-gbl-dns
-      - command: terraform deploy iam-role/planner -s core-gbl-dns
       - command: terraform deploy iam-role/terraform -s core-gbl-network
       - command: terraform deploy iam-role/planner -s core-gbl-network
       - command: terraform deploy iam-role/terraform -s core-gbl-security
@@ -107,7 +105,6 @@ workflows:
       - command: terraform deploy github-oidc-provider -s core-gbl-artifacts
       - command: terraform deploy github-oidc-provider -s core-gbl-audit
       - command: terraform deploy github-oidc-provider -s core-gbl-auto
-      - command: terraform deploy github-oidc-provider -s core-gbl-dns
       - command: terraform deploy github-oidc-provider -s core-gbl-network
       - command: terraform deploy github-oidc-provider -s core-gbl-security
       # Platform accounts

diff --git a/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml b/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml
@@ -71,7 +71,6 @@ workflows:
       - command: terraform deploy datadog-configuration -s core-gbl-artifacts
       - command: terraform deploy datadog-configuration -s core-gbl-audit
       - command: terraform deploy datadog-configuration -s core-gbl-auto
-      - command: terraform deploy datadog-configuration -s core-gbl-dns
       - command: terraform deploy datadog-configuration -s core-gbl-network
       - command: terraform deploy datadog-configuration -s core-gbl-security
       - command: terraform deploy datadog-configuration -s plat-gbl-sandbox
@@ -85,7 +84,6 @@ workflows:
       - command: terraform deploy datadog-integration -s core-gbl-artifacts
       - command: terraform deploy datadog-integration -s core-gbl-audit
       - command: terraform deploy datadog-integration -s core-gbl-auto
-      - command: terraform deploy datadog-integration -s core-gbl-dns
       - command: terraform deploy datadog-integration -s core-gbl-network
       - command: terraform deploy datadog-integration -s core-gbl-security
       - command: terraform deploy datadog-integration -s plat-gbl-sandbox
@@ -99,7 +97,6 @@ workflows:
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-artifacts
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-audit
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-auto
-#      - command: terraform deploy datadog-logs-archive -s core-gbl-dns
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-network
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-security
 #      - command: terraform deploy datadog-logs-archive -s plat-gbl-sandbox
@@ -122,7 +119,6 @@ workflows:
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-artifacts
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-audit
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-auto
-      - command: terraform deploy datadog-lambda-forwarder -s core-use1-dns
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-network
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-security
       - command: terraform deploy datadog-lambda-forwarder -s plat-use1-sandbox

diff --git a/examples/snippets/stacks/workflows/quickstart/network/network.yaml b/examples/snippets/stacks/workflows/quickstart/network/network.yaml
@@ -90,7 +90,7 @@ workflows:
       - command: echo 'Creating primary dns zones'
         type: shell
         name: primary
-      - command: terraform deploy dns-primary -s core-gbl-dns
+      - command: terraform deploy dns-primary -s core-gbl-network
       - command: terraform deploy dns-primary -s plat-gbl-dev
       - command: terraform deploy dns-primary -s plat-gbl-staging
       - command: terraform deploy dns-primary -s plat-gbl-prod
@@ -114,7 +114,7 @@ workflows:
             terraform workspace select $1 > /dev/null
             terraform output -json zones
           }
-          for s in core-gbl-dns plat-gbl-{dev,staging,prod,sandbox} ; do
+          for s in core-gbl-network plat-gbl-{dev,staging,prod,sandbox} ; do
             output-dns $s
           done | jq 'to_entries[] | { (.key) : .value.name_servers }'