Skip to content

Commit

Permalink
Update AWS Accounts to less than 10 to not exceed quota limit (#11)
Browse files Browse the repository at this point in the history
  • Loading branch information
san99tiago authored Sep 27, 2023
1 parent 6312a1a commit 25eb4f7
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 52 deletions.
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,16 @@ The deployment process is intended to run with GitHub Actions Workflows and impl

To understand the AWS Credentials usage for GitHub Actions auth, please refer to the [`prerequisites/README.md`](.github/prerequisites/README.md).

## Manual Steps (Only Once) 👋

As of now, IAM Identity Center (successor to AWS Single Sign-On) has to be "manually" enabled once, so that the SSO Configurations and Permission Sets can be created via IaC. In order to do so, we have to go to the SSO Console and click on `Enable IAM Identity Center`:

<img src="assets/aws-cdk-organizations-demo-sso-enable.png" width=90%> <br>

Then, we have to configure our SSO URL as follows:

<img src="assets/aws-cdk-organizations-demo-sso-url.png" width=50%> <br>

## Special thanks 🎁

- Huge shout-out to [pepperize/cdk-organizations](https://github.com/pepperize/cdk-organizations) for the Custom AWS-CDK Constructs that are provided for managing this project.
Expand Down
Binary file added assets/aws-cdk-organizations-demo-sso-enable.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/aws-cdk-organizations-demo-sso-url.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
87 changes: 35 additions & 52 deletions cdk/stacks/cdk_organization.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from aws_cdk import (
Stack,
CfnOutput,
RemovalPolicy,
)
from constructs import Construct
from pepperize_cdk_organizations import (
Expand Down Expand Up @@ -172,14 +173,16 @@ def create_accounts_inside_ou_sandbox(self):
parent=self.top_level_ou_sandbox,
role_name="OrganizationAccountAccessRole",
)
self.account_sandbox_2 = Account(
self,
"SandboxAccount2",
account_name="san99tiago-sandbox-2",
email="san99tiagodemo+san99tiago-sandbox-2@gmail.com",
parent=self.top_level_ou_sandbox,
role_name="OrganizationAccountAccessRole",
)

# # DELETED TO AVOID LIMIT QUOTA OF 10 ACCOUNTS IN DEMO
# self.account_sandbox_2 = Account(
# self,
# "SandboxAccount2",
# account_name="san99tiago-sandbox-2",
# email="san99tiagodemo+san99tiago-sandbox-2@gmail.com",
# parent=self.top_level_ou_sandbox,
# role_name="OrganizationAccountAccessRole",
# )

def create_ou_infrastructure(self):
"""
Expand Down Expand Up @@ -322,22 +325,28 @@ def create_accounts_inside_ou_marketing(self):
Method that creates AWS Accounts inside the Organizational Units (OUs)
for "Marketing".
"""
self.account_marketing_dev = Account(
self,
"AccountMarketingDev",
account_name="marketing-dev",
email="san99tiagodemo+marketing-dev@gmail.com",
parent=self.ou_marketing_non_prod,
role_name="OrganizationAccountAccessRole",
)
self.account_marketing_prod = Account(
self,
"AccountMarketingProd",
account_name="marketing-prod",
email="san99tiagodemo+marketing-prod@gmail.com",
parent=self.ou_marketing_prod,
role_name="OrganizationAccountAccessRole",
)
pass
# # TODO: Activate when quota limit is greater than 10 accounts
# self.account_marketing_dev = Account(
# self,
# "AccountMarketingDev",
# account_name="marketing-dev",
# email="san99tiagodemo+marketing-dev@gmail.com",
# parent=self.ou_marketing_non_prod,
# role_name="OrganizationAccountAccessRole",
# removal_policy=RemovalPolicy.RETAIN,
# import_on_duplicate=True,
# )

# # TODO: Activate when quota limit is greater than 10 accounts
# self.account_marketing_prod = Account(
# self,
# "AccountMarketingProd",
# account_name="marketing-prod",
# email="san99tiagodemo+marketing-prod@gmail.com",
# parent=self.ou_marketing_prod,
# role_name="OrganizationAccountAccessRole",
# )

def create_ou_policy_staging_tests(self):
"""
Expand Down Expand Up @@ -374,21 +383,16 @@ def add_cdk_accounts_dependencies(self):
# ! IMPORTANT: We MUST add these dependencies, as AWS Organizations only support
# ... one account creation "IN_PROGRESS". We add CDK dependency to solve issue
# ... and wait for the previous one to finish, to continue with the next...
self.account_sandbox_2.node.add_dependency(self.account_sandbox_1)
self.account_shared_services_non_prod.node.add_dependency(
self.account_sandbox_2
self.account_sandbox_1
)
self.account_shared_services_prod.node.add_dependency(
self.account_shared_services_non_prod
)
self.account_finance_dev.node.add_dependency(self.account_shared_services_prod)
self.account_finance_qa.node.add_dependency(self.account_finance_dev)
self.account_finance_prod.node.add_dependency(self.account_finance_qa)
self.account_marketing_dev.node.add_dependency(self.account_finance_prod)
self.account_marketing_prod.node.add_dependency(self.account_marketing_dev)
self.account_policy_staging_tests.node.add_dependency(
self.account_marketing_prod
)
self.account_policy_staging_tests.node.add_dependency(self.account_finance_prod)

def generate_cloudformation_outputs(self):
"""
Expand Down Expand Up @@ -437,13 +441,6 @@ def generate_cloudformation_outputs(self):
description="ID of SandboxAccount1 Account",
)

CfnOutput(
self,
"AccountSandbox2Id",
value=self.account_sandbox_2.account_id,
description="ID of SandboxAccount2 Account",
)

CfnOutput(
self,
"AccountSharedServicesNonProdId",
Expand Down Expand Up @@ -479,20 +476,6 @@ def generate_cloudformation_outputs(self):
description="ID of AccountFinanceProd Account",
)

CfnOutput(
self,
"AccountMarketingDevId",
value=self.account_marketing_dev.account_id,
description="ID of AccountMarketingDev Account",
)

CfnOutput(
self,
"AccountMarketingProdId",
value=self.account_marketing_prod.account_id,
description="ID of AccountMarketingProd Account",
)

CfnOutput(
self,
"AccountPolicyStagingTestsId",
Expand Down

0 comments on commit 25eb4f7

Please sign in to comment.