Updated readme for same account and cross account examplefile.

rahul-infra · rahul-infra · commit fdf8e38a3415 · 2025-11-26T14:30:49.000+05:30
diff --git a/README.md b/README.md
@@ -2,6 +2,10 @@
 # terraform-aws-ecs-deployment
 
 Terraform module to deploy production-ready applications and services on an existing ECS infra.
+This module supports both same-account and cross-account ACM → Route53 validation workflows. For same-account usage, simply map the providers as providers = { aws = aws, aws.cross_account_provider = aws } without any assume role.
+For cross-account setups, you must have an IAM Role in the Route53 Hosted Zone account (Account B) that allows Account A (where ACM and application resources are created) to assume it. This role should grant permissions such as route53:ChangeResourceRecordSets, route53:ListHostedZonesByName, and route53:ListResourceRecordSets, along with a trust policy that permits Account A to assume the role.
+When using cross-account mode, configure an alias provider with assume_role and pass it to the module as:
+providers = { aws = aws, aws.cross_account_provider = aws.cross_account_provider }.
 
 ## Architecture Diagram
 
diff --git a/examples/cross-account/README.md b/examples/cross-account/README.md
@@ -1,13 +1,20 @@
 <!-- BEGIN_TF_DOCS -->
 # ECS Deployment Complete
 
+
+
 Configuration in this directory creates:
 
 - ECS Service in a pre-configured ECS Cluster and corresponding ECS Capacity Providers
 - Internet-facing Application Load Balancer to access the deployed services with S3 bucket for storing access and connection logs, and
 - ACM to generate and validate an Amazon-issued certificate for a base domain
 
 
+For cross-account Route53 validation, configure the alias provider with assume_role and pass it to the module as:
+providers = { aws = aws, aws.cross_account_provider = aws.cross_account_provider }.
+Ensure the cross_account_provider includes the assume_role block pointing to the Route53 account role.
+provider "aws" { alias = "cross_account_provider" ... assume_role { role_arn = "<role>" } }
+
 ## Prerequisites
 
 **Create an IAM Role in the Hosted Zone Account (Account B)**
diff --git a/examples/same-account/README.md b/examples/same-account/README.md
@@ -7,6 +7,11 @@ Configuration in this directory creates:
 - Internet-facing Application Load Balancer to access the deployed services with S3 bucket for storing access and connection logs, and
 - ACM to generate and validate an Amazon-issued certificate for a base domain
 
+
+For same-account Route53 validation, map the alias provider to the main provider as:
+providers = { aws = aws, aws.cross_account_provider = aws }.
+No assume_role block is required in same-account mode.
+
 ## Example `tfvars` Configuration
 
 ```tf
