def get_organization_root_id(): client = get_boto_client("organizations") response = client.list_roots() # debug_print(response) root_id = response['Roots'][0]['Id'] return root_id
def assume_role(account_id, role_name): debug_print("Assuming role.....") role_arn = "arn:aws:iam::{0}:role/{1}".format(account_id, role_name) client = get_boto_client('sts') assumed_role = client.assume_role( RoleArn=role_arn, RoleSessionName="account_vending_machine_lambda") return assumed_role['Credentials']
def create_s3_presigned_url(bucket, object): client = get_boto_client('s3') response = client.generate_presigned_url('get_object', Params={ 'Bucket': bucket, 'Key': object }, ExpiresIn=3600) return response
def invoke_statemachine(arn, input): client = get_boto_client("stepfunctions") account_name = input.get("accountName") response = client.start_execution(stateMachineArn=arn, name="{}-creation-{}".format( account_name, time.time()), input=json.dumps(input)) debug_print(response) return (response)
def main(event): bucket = os.environ["ACCOUNT_DATA_BUCKET"] ou = event.get("ouName") account_id = event.get("accountId") account_name = event.get("accountName") account_id = event.get("accountId") client = get_boto_client('s3') client.put_object(Body=json.dumps(event), Bucket=bucket, Key="{}/{}/{}.json".format(ou, account_name, account_id), ServerSideEncryption='AES256') return event
def create_account(name, email, role): account_request_id = None client = get_boto_client('organizations') debug_print("Creating account with {} name and e-mail {}".format( name, email)) response = client.create_account(Email=email, AccountName=name, RoleName=role, IamUserAccessToBilling="ALLOW") account_request_id = response['CreateAccountStatus']['Id'] return account_request_id
def handler(event, context): debug_print(json.dumps(event, indent=2)) s3_event = event["Records"][0]["s3"] s3_bucket = s3_event["bucket"]["name"] s3_object = s3_event["object"]["key"] client = get_boto_client("s3") response = client.get_object(Bucket=s3_bucket, Key=s3_object) content = json.loads(response['Body'].read().decode('utf-8')) debug_print(json.dumps(content, indent=2)) step_function_arn = os.environ["ACCOUNT_CREATOR_STEPFUNCTION"] invoke_statemachine(step_function_arn, content)
def create_organizational_unit(root_ou_id, ou_name): debug_print("Creating new OU if needed with name {}".format(ou_name)) ou_id = get_ou_id_for_name(root_ou_id, ou_name) if ou_id == None: client = get_boto_client("organizations") response = client.create_organizational_unit(ParentId=root_ou_id, Name=ou_name) new_ou_id = response["OrganizationalUnit"]["Id"] debug_print("Created OU with ID: {}".format(new_ou_id)) return new_ou_id debug_print("OU already existed. ID: {}".format(ou_id)) return ou_id
def main(event): account_id = event.get("accountId") account_role = event.get("accountRole") credentials = assume_role(account_id, account_role) access_key = credentials['AccessKeyId'] secret_access_key = credentials['SecretAccessKey'] session_token = credentials['SessionToken'] cfn_client = get_boto_client("cloudformation", access_key, secret_access_key, session_token) templates = event["cfnTemplates"] for template in templates: deploy_cloudformation_template(cfn_client, template, event) return event
def get_ou_id_for_name(root_id, ou_name): debug_print("get id for {} in {}".format(ou_name, root_id)) client = get_boto_client("organizations") response = client.list_organizational_units_for_parent(ParentId=root_id, MaxResults=10) ous = response["OrganizationalUnits"] for ou in ous: if ou["Name"] == ou_name: return ou["Id"] while ('NextToken' in response): response = client.list_organizational_units_for_parent( ParentId=root_id, MaxResults=50, NextToken=response['NextToken']) ous = response["OrganizationalUnits"] for ou in ous: if ou["Name"] == ou_name: return True return None
def get_account_creation_status(account_request_id): client = get_boto_client('organizations') response = client.describe_create_account_status( CreateAccountRequestId=account_request_id) return response
def move_account(root_ou_id, ou_id, account_id): client = get_boto_client('organizations') debug_print("Trying to move account....") client.move_account(AccountId=account_id, SourceParentId=root_ou_id, DestinationParentId=ou_id)