Determine whether an AWS account is in a given set of OUs or their descendants.
Project description
AWS Account OU Membership
Checks whether an AWS account sits within a set of OUs - or their descendants - within an AWS Organization.
aws_ou_membership is a lightweight Python library that determines if a given AWS account resides within a target Organizational Unit (OU) or one of its ancestors. It uses the AWS Organizations API and supports caching for performance.
Features
- Traverse the OU hierarchy to check account membership.
- Supports custom caching using
cachetools. - Pluggable client providers (default session or STS-based assume-role).
Installation
Usage
from aws_ou_membership import OUMembershipChecker, DefaultSessionClientProvider
# Create the checker
checker = OUMembershipChecker(DefaultSessionClientProvider())
# Check if an account is in a specific OU or its ancestors
result = checker.is_in_any_ou_or_descendant(account_id="123456789012", target_haystack={"ou-abcd-efgh"})
print(result) # True or False
Custom Client Provider (Assume Role)
The organizations:ListParents action must be called from a principal within the AWS Organization's management account. It's common therefore assume a role into the management account to use this tool.
from aws_ou_membership import OUMembershipChecker, AssumeRoleClientProvider
import boto3
sts = boto3.client("sts")
provider = AssumeRoleClientProvider(
sts_client=sts,
role_arn="arn:aws:iam::111122223333:role/OrgAuditRole"
)
checker = OUMembershipChecker(provider)
Caching
You can customise the cache's TTL and max size:
checker = OUMembershipChecker(org_client_provider=..., cache_ttl=1800, cache_maxsize=256)
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aws_ou_membership-0.1.0.tar.gz.
File metadata
- Download URL: aws_ou_membership-0.1.0.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aed39dd1a5e91e2efb9bfeef697904b7ee0e67fc28fbd90ae85779e20cf73c28
|
|
| MD5 |
8df05bbe33677f00dd424a9d4a1121a7
|
|
| BLAKE2b-256 |
776844a73c5d7a2d1e7775727558943857aa649c5cfc9749a507ebd3e33fbee9
|
File details
Details for the file aws_ou_membership-0.1.0-py3-none-any.whl.
File metadata
- Download URL: aws_ou_membership-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d66deee01595bb001ac2fb8b66f0f7f92a6a9b31f0538915926874678aa3ee85
|
|
| MD5 |
ffb9c0276b10fa5bcf69a44a5abf0f3f
|
|
| BLAKE2b-256 |
e83c51ba0298687727c750d22078e6581f8b7c236b0bdbdfd97e7a7b1cf08149
|
