This project provides a CDK construct creating AWS organizations.
Project description
AWS Organizations
This project provides a CDK construct creating AWS organizations.
Currently, there is no
@aws-cdk/aws-organizations
available. See this Issue on AWS CDK.
- AWS Account Management Reference Guide
- AWS Organizations User Guide
- AWS API Reference
- AWS CDK Custom Resources
See API.md
Install
TypeScript
npm install @pepperize/cdk-organizations
or
yarn add @pepperize/cdk-organizations
Python
pip install pepperize.cdk-organizations
C# / .Net
dotnet add package Pepperize.CDK.Organizations
Example
See example.ts
import { App, Stack } from "@aws-cdk/core";
import {
Account,
DelegatedAdministrator,
EnableAwsServiceAccess,
FeatureSet,
IamUserAccessToBilling,
Organization,
OrganizationalUnit,
Policy,
PolicyAttachment,
PolicyType,
} from "@pepperize/cdk-organizations";
const app = new App();
const stack = new Stack(app);
// Create an organization
const organization = new Organization(stack, "Organization", {
featureSet: FeatureSet.ALL,
});
// Enable AWS Service Access (requires FeatureSet: ALL)
new EnableAwsServiceAccess(stack, "EnableAwsServiceAccess", {
servicePrincipal: "service-abbreviation.amazonaws.com",
});
// Create an account
const account = new Account(stack, "SharedAccount", {
accountName: "SharedAccount",
email: "info+shared-account@pepperize.com",
roleName: "OrganizationAccountAccessRole",
iamUserAccessToBilling: IamUserAccessToBilling.ALLOW,
parent: organization.root,
});
// Enable a delegated admin account
new DelegatedAdministrator(stack, "DelegatedAdministrator", {
account: account,
servicePrincipal: "service-abbreviation.amazonaws.com",
});
// Create an OU in the current organizations root
const projects = new OrganizationalUnit(stack, "ProjectsOU", {
organizationalUnitName: "Projects",
parent: organization.root,
});
new Account(stack, "Project1Account", {
accountName: "SharedAccount",
email: "info+project1@pepperize.com",
parent: projects,
});
// Create a nested OU and attach two accounts
const project2 = new OrganizationalUnit(stack, "Project2OU", {
organizationalUnitName: "Project2",
parent: projects,
});
new Account(stack, "Project2DevAccount", {
accountName: "Project 2 Dev",
email: "info+project2-dev@pepperize.com",
parent: project2,
});
new Account(stack, "Project2ProdAccount", {
accountName: "Project 2 Prod",
email: "info+project2-prod@pepperize.com",
parent: project2,
});
// Attach a policy to an attachment target
const policy = new Policy(stack, "Policy", {
content: '{\\"Version\\":\\"2012-10-17\\",\\"Statement\\":{\\"Effect\\":\\"Allow\\",\\"Action\\":\\"s3:*\\"}}',
description: "Enables admins of attached accounts to delegate all S3 permissions",
policyName: "AllowAllS3Actions",
policyType: PolicyType.SERVICE_CONTROL_POLICY,
});
new PolicyAttachment(stack, "PolicyAttachment", {
target: organization.root,
policy: policy,
});
Alternatives
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pepperize.cdk-organizations-0.0.20.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c2410aff68b7473c23ab5b82c02a44b172cdb9c3306e79ff71ee3b60de66ba1b |
|
MD5 | 187d10c5270a51fb990f7d9feaf1338b |
|
BLAKE2b-256 | 095de818261b04da070ffd06920696676e84ceb84a45799f3e1b53250bc5e5c0 |
Close
Hashes for pepperize.cdk_organizations-0.0.20-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | dfc234f5f66d76cfae95ea69a0bc6e842e8387fdfb193c98cc16bf4b763faa19 |
|
MD5 | 33e4cdb6ed03df98d74fd212c6fe9419 |
|
BLAKE2b-256 | 424f59848e996b3c306bfdb6f2f260806370d6ce910053a048a8bf09cdbfdda3 |