I'll try to share my approach to use private GitHub hosted terraform modules with AFT v1.5.1. It relies on GH App to create ephemeral tokens during Global Customization stage which will share with the target account so it can be used during Account Customization stage.
Relates to: aws-ia/terraform-aws-control_tower_account_factory#42
Pre-requirements:
- Create a GH APP:
- Permissions: allow the clone of repositories
- Set to a restricted list of terraform modules repos
- Create parameter store entries for GH_APP pem, id and installation_id under AFT_MGT account