repository moved, maintained elsewhere -> https://github.com/curlim/aws-organizations-account-resource
This AWS CloudFormation resource provider implements the concurrent creation of new Accounts using the AWS Organizations API.
The process of vending accounts is one of most important task while setting up a cloud foundation on AWS. This resource provider helps to vend accounts reliable and concurrent.
See example usage of the resource below. Detailed documentation can be found in the /docs folder.
Simple Example:
Account:
Type: ProServe::Organizations::Account
Properties:
AccountName: f3ddb23235a8d1ff-test
AccountEmail: [email protected]
OrganizationalUnitId: ou-abcd-12345678
Outputs:
AccountId:
Value: !Ref AccountExample with dedicated deployment account access role and cost center tag. Additionally, it will actually close the AWS Account automatically on deletion in AWS CloudFormation:
Account:
Type: ProServe::Organizations::Account
Properties:
AccountName: f3ddb23235a8d1ff-test
AccountEmail: [email protected]
OrganizationalUnitId: ou-abcd-12345678
AlternateContacts:
Billing:
Email: [email protected]
Name: John Doe
PhoneNumber: 123-456-7890
Title: Billing Dep
Operations:
Email: [email protected]
Name: John Doe
PhoneNumber: 123-456-7890
Title: Ops Center
Security:
Email: [email protected]
Name: John Doe
PhoneNumber: 123-456-7890
Title: Security Officer
DeploymentAccountConfiguration:
AccountId: 123456789012
RoleName: DeploymentAccountAccessRole
AWSManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
CloseAccountOnDeletion: true
Tags:
- Key: mycorp:CostCenter
Value: ABC123
Outputs:
AccountId:
Value: !Ref Account
AccountReqId:
Value: !GetAtt Account.AccountRequestIdBefore you can update the alternate contact information for an AWS account that is managed by AWS Organizations, you must first enable integration between AWS Account Management and Organizations. For more information, see Enabling trusted access for AWS Account Management.
You can use the following link to deploy the CloudFormation resource provider directly into your AWS account. Ensure you are logged into the AWS Console before following it. After following the link, ensure you picked the desired Region on the top right within the AWS Console.
Quickstart CloudFormation Link
To enable cross-account functionality you have to set a type configuration on the private cloudformation resource provider
aws cloudformation set-type-configuration --type-arn <type-arn-without-version> --configuration-alias standard --configuration "{\"RoleArn\":\"<aws-iam-role-arn>\"}"To disable cross-account functionality, put an empty type configuration:
aws cloudformation set-type-configuration --type-arn <type-arn-without-version> --configuration-alias standard --configuration "{}"Account Vending Stacksets are NOT part of this resource provider.
- While code samples in this repository has been tested and believe it works well, as always, be sure to test it in your environment before using it in production!
The RPDK will automatically generate the correct resource model from the schema whenever the project is built via Maven. You can also do this manually with the following command: cfn generate.
Please don't modify files under
target/generated-sources/rpdk, as they will be automatically overwritten.
The code uses Lombok, and you may have to install IDE integrations to enable auto-complete for Lombok-annotated classes.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.