def ensure_account_created( organizations, account_name, email, iam_user_access_to_billing, assumable_role_in_root_account_arn, organization_account_access_role, ): logger.info('Checking if need to create') response = organizations.list_accounts_single_page() account_id = None for account in response.get('Accounts', []): if account.get('Name') == account_name: account_id = account.get('Id') logger.info('Already created') break if account_id is None: logger.info('Creating account') response = organizations.create_account( Email=email, AccountName=account_name, RoleName=organization_account_access_role, IamUserAccessToBilling=iam_user_access_to_billing ) id = response.get('CreateAccountStatus').get('Id') logger.info('Waiting') while response.get('CreateAccountStatus').get('State') == 'IN_PROGRESS': logger.info( 'Still waiting: {}'.format(response.get('CreateAccountStatus').get('State')) ) time.sleep(5) response = organizations.describe_create_account_status(CreateAccountRequestId=id) logger.info( 'Finished: {}'.format(response.get('CreateAccountStatus').get('State')) ) if response.get('CreateAccountStatus').get('State') == 'SUCCEEDED': account_id = response.get('CreateAccountStatus').get('AccountId') counter = 20 while counter > 0: time.sleep(10) try: with betterboto_client.CrossMultipleAccountsClientContextManager( 'codebuild', [ (assumable_role_in_root_account_arn, 'assumable_role_in_root_account_arn'), (f"arn:aws:iam::{account_id}:role/{organization_account_access_role}", 'organization_account_access_role'), ] ) as spoke_codebuild: spoke_codebuild.list_projects() logger.info("Was able to assume role into the spoke and call codebuild") counter = 0 except Exception as e: counter -= 1 logger.error("type error: " + str(e)) logger.error(traceback.format_exc()) else: raise Exception( f"Account was not created correctly: {response.get('CreateAccountStatus').get('FailureReason')}") return account_id
def bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary): cross_accounts = [] index = 0 for role in iam_role_arns: cross_accounts.append((role, 'bootstrapping-role-{}'.format(index))) index += 1 with betterboto_client.CrossMultipleAccountsClientContextManager( 'cloudformation', cross_accounts) as cloudformation: _do_bootstrap_spoke(puppet_account_id, cloudformation, config.get_puppet_version(), permission_boundary)
def wait_for_cloudformation_in(iam_role_arns): cross_accounts = [] index = 0 for role in iam_role_arns: cross_accounts.append( (role, "waiting-for-cloudformation-{}".format(index))) index += 1 with betterboto_client.CrossMultipleAccountsClientContextManager( "cloudformation", cross_accounts) as cloudformation: while True: try: result = cloudformation.list_stacks() logger.info(f"Was able to list stacks: {result}") break except Exception as e: logger.error("type error: " + str(e)) logger.error(traceback.format_exc())
def bootstrap_spoke_as( puppet_account_id, iam_role_arns, permission_boundary, puppet_role_name, puppet_role_path, ): cross_accounts = [] index = 0 for role in iam_role_arns: cross_accounts.append((role, "bootstrapping-role-{}".format(index))) index += 1 with betterboto_client.CrossMultipleAccountsClientContextManager( "cloudformation", cross_accounts) as cloudformation: _do_bootstrap_spoke( puppet_account_id, cloudformation, permission_boundary, puppet_role_name, puppet_role_path, )