Nowadays, customers have several linked accounts in their AWS Organizations. These linked accounts might require different alternate contacts for many reasons and keeping such contacts updated is fundamental. Unfortunately, populating such contacts might be a complex and time-consuming activity. Customers would like to fill in their AWS linked accounts alternate contacts in a simple and quick way, closer to their daily way of working, like exporting to a CSV file, modifying it keeping the original formatting, and importing the updated contacts from the management account. This is what the script does.
This work has been inspired by the blog post Programmatically managing alternate contacts on member accounts with AWS Organizations
- The AWS Organizations must have all features enabled, please see Enabling all features in your organization.
- You need to enable trusted access with AWS Organizations for AWS Account Management, please see Enabling trusted access for AWS Account Management.
- Only the AWS Organizations management account can export and import the linked accounts alternate contacts.
The script leverages on AWS CLI 2.0 and AWS CloudShell to enable the AWS Organizations management account to easily export all the linked accounts alternate contacts to a regular CSV file. Then, the file can be integrated or updated, and uploaded again. The CSV format has to be kept to make it works properly: account ids has to be formatted as a plain number without decimal or 1000 separator, same for phone number, avoid additional comma like in the name or tile, and pay attention to special characters.
- Each account/contact type in the CSV file has to provide all the corresponding alternate contact details: Name, email, Title, Phone Number. In case any of them is missed, the corresponding entry will be skipped.
- When modifying the file with spredsheet tools, the accounts id and phone number might be formatted as exponentional formula, e.g., 123456789 as 1.23+E8, while a plain number is needed. Thus, format the entire column as "Number" without decimal and 1000 separator.
- We recommend to limit the CSV file to only those rows that need to be updated.
- When you export the alternate contacts, feel free to create a copy for backup. Such a copy can be used to either roll-back or to compare against the file that will be imported, double checking the changes.
- Management account alternat contacts will not be imported/changed.
-
From the AWS Organizations management account run AWS CloudShell
-
Upload the script alternate-contacts-to-from-csv.sh into AWS CloudShell
- Make the script exectuable
$ chmod +x alternate-contacts-to-from-csv.sh
- Run the script to export the alternate contacts on a CSV file, as follow
$ ./alternate-contacts-to-from-csv.sh -o aws-alternate-contacts.csv
-
From AWS CloudShell you can download the resulting CSV file: keep a copy as a backup.
-
Review and integrate the CSV file: each account entry has to report all the corresponding alternate contacts details, otherwise it will not be imported.
-
File has to end with a new line empty
-
We recommend to limit the CSV file to only those rows that need to be updated
-
(Optional) Review the differences between the original CSV and the one to import, being sure about the changes made
-
Rename the downloaded file in CloudShell, to avoid error during the upload of the updated version
-
Finally, upload the CSV file into AWS CloudShell and run the import command, as follow
$ ./alternate-contacts-to-from-csv.sh -i aws-alternate-contacts.csv
-
Attention: the uploaded file will be avaiable in the home folder and it should be moved to the right folder
-
Check the alternate contacts in the AWS Organizations.
Simple but powerful.
First, check the CSV formatting, as explained in the "Things to know" section. Format both account id and phone number as "Number" without decimal and 1000 separator and try again.
See CONTRIBUTING for more information.
This solution is licensed under the MIT-0 License. See the LICENSE file.