From fb9ea82b741575f63b449af677c5fa96c38a95fa Mon Sep 17 00:00:00 2001
From: Steven Davidovitz <steven.davidovitz@dominodatalab.com>
Date: Wed, 4 Oct 2023 15:04:30 -0700
Subject: [PATCH] add a validation check that source and destination accounts
 are different

---
 dst_backup_vault.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dst_backup_vault.tf b/dst_backup_vault.tf
index 4e7c3e7..5de143e 100644
--- a/dst_backup_vault.tf
+++ b/dst_backup_vault.tf
@@ -2,4 +2,11 @@ resource "aws_backup_vault" "aws_dst_backup_vault" {
   name        = "aws_backup_vault"
   provider    = aws.dst
   kms_key_arn = aws_kms_key.aws_dst_backup_kms_key.arn
-}
\ No newline at end of file
+
+  lifecycle {
+    precondition {
+      condition     = data.aws_caller_identity.current.account_id != data.aws_caller_identity.dst_account.account_id
+      error_message = "Destination account ID (${data.aws_caller_identity.dst_account.account_id}) must not match source account ID (${data.aws_caller_identity.current.account_id})"
+    }
+  }
+}