def ensure_account_created(
organizations,
account_name,
email,
iam_user_access_to_billing,
assumable_role_in_root_account_arn,
organization_account_access_role,
):
logger.info('Checking if need to create')
response = organizations.list_accounts_single_page()
account_id = None
for account in response.get('Accounts', []):
if account.get('Name') == account_name:
account_id = account.get('Id')
logger.info('Already created')
break
if account_id is None:
logger.info('Creating account')
response = organizations.create_account(
Email=email,
AccountName=account_name,
RoleName=organization_account_access_role,
IamUserAccessToBilling=iam_user_access_to_billing
)
id = response.get('CreateAccountStatus').get('Id')
logger.info('Waiting')
while response.get('CreateAccountStatus').get('State') == 'IN_PROGRESS':
logger.info(
'Still waiting: {}'.format(response.get('CreateAccountStatus').get('State'))
)
time.sleep(5)
response = organizations.describe_create_account_status(CreateAccountRequestId=id)
logger.info(
'Finished: {}'.format(response.get('CreateAccountStatus').get('State'))
)
if response.get('CreateAccountStatus').get('State') == 'SUCCEEDED':
account_id = response.get('CreateAccountStatus').get('AccountId')
counter = 20
while counter > 0:
time.sleep(10)
try:
with betterboto_client.CrossMultipleAccountsClientContextManager(
'codebuild',
[
(assumable_role_in_root_account_arn, 'assumable_role_in_root_account_arn'),
(f"arn:aws:iam::{account_id}:role/{organization_account_access_role}", 'organization_account_access_role'),
]
) as spoke_codebuild:
spoke_codebuild.list_projects()
logger.info("Was able to assume role into the spoke and call codebuild")
counter = 0
except Exception as e:
counter -= 1
logger.error("type error: " + str(e))
logger.error(traceback.format_exc())
else:
raise Exception(
f"Account was not created correctly: {response.get('CreateAccountStatus').get('FailureReason')}")
return account_id
def bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary):
cross_accounts = []
index = 0
for role in iam_role_arns:
cross_accounts.append((role, 'bootstrapping-role-{}'.format(index)))
index += 1
with betterboto_client.CrossMultipleAccountsClientContextManager(
'cloudformation', cross_accounts) as cloudformation:
_do_bootstrap_spoke(puppet_account_id, cloudformation,
config.get_puppet_version(), permission_boundary)
def wait_for_cloudformation_in(iam_role_arns):
cross_accounts = []
index = 0
for role in iam_role_arns:
cross_accounts.append(
(role, "waiting-for-cloudformation-{}".format(index)))
index += 1
with betterboto_client.CrossMultipleAccountsClientContextManager(
"cloudformation", cross_accounts) as cloudformation:
while True:
try:
result = cloudformation.list_stacks()
logger.info(f"Was able to list stacks: {result}")
break
except Exception as e:
logger.error("type error: " + str(e))
logger.error(traceback.format_exc())
def bootstrap_spoke_as(
puppet_account_id,
iam_role_arns,
permission_boundary,
puppet_role_name,
puppet_role_path,
):
cross_accounts = []
index = 0
for role in iam_role_arns:
cross_accounts.append((role, "bootstrapping-role-{}".format(index)))
index += 1
with betterboto_client.CrossMultipleAccountsClientContextManager(
"cloudformation", cross_accounts) as cloudformation:
_do_bootstrap_spoke(
puppet_account_id,
cloudformation,
permission_boundary,
puppet_role_name,
puppet_role_path,
)
