Last active
March 30, 2018 20:50
-
-
Save davidmlentz/12ae79df0b1009e4702cd02b981c0ea7 to your computer and use it in GitHub Desktop.
Shell script to call the AWS Organizations API to create an AWS account and parse out the AccountId
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create an AWS account | |
# The account must use an email address not associated with any other AWS account | |
ACCOUNT_EMAIL='new-team@company.com' | |
ACCOUNT_NAME='new-team' | |
AWS_RESULT=$(aws organizations create-account --email ${ACCOUNT_EMAIL} --account-name "${ACCOUNT_NAME}") | |
# Get the request ID from the create-account operation | |
AWS_REQUEST_ID=`echo $AWS_RESULT | python -mjson.tool | grep '^\(.*\)Id\(.*\)$' | sed 's/^\(.*\)": "\(.*\)",$/\2/'` | |
# Check the status of the AWS account creation call. | |
# If it's not 'SUCCEEDED' or 'FAILED', wait 3 seconds and check again: | |
STATE='undefined' | |
while [[ "$STATE" != "SUCCEEDED" && "$STATE" != "FAILED" ]]; | |
do | |
AWS_STATUS_RESULT=$(aws organizations describe-create-account-status --create-account-request-id $AWS_REQUEST_ID) | |
STATE=`echo $AWS_STATUS_RESULT | python -mjson.tool | grep '^\(.*\)State\(.*\)$' | sed 's/^\(.*\)": "\(.*\)"\(.*\)$/\2/'` | |
echo "AWS account creation status = ${STATE}" | |
sleep 3 | |
done; | |
if [[ "$STATE" == "FAILED" ]]; then | |
REASON=`echo $AWS_STATUS_RESULT | python -mjson.tool | grep '^\(.*\)FailureReason\(.*\)$' | sed 's/^\(.*\)": "\(.*\)"\(.*\)$/\2/'` | |
echo "Account creation failed. Reason: ${REASON}" | |
else | |
# Get the ID of the new account: | |
AWS_ACCOUNT_ID=`echo $AWS_STATUS_RESULT | python -mjson.tool | grep '^\(.*\)AccountId\(.*\)$' | sed 's/^\(.*\)": "\(.*\)"\(.*\)$/\2/'` | |
echo "AWS_ACCOUNT_ID = ${AWS_ACCOUNT_ID}" | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"autoscaling:Describe*", | |
"budgets:ViewBudget", | |
"cloudfront:GetDistributionConfig", | |
"cloudfront:ListDistributions", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetTrailStatus", | |
"cloudwatch:Describe*", | |
"cloudwatch:Get*", | |
"cloudwatch:List*", | |
"codedeploy:List*", | |
"codedeploy:BatchGet*", | |
"directconnect:Describe*", | |
"dynamodb:List*", | |
"dynamodb:Describe*", | |
"ec2:Describe*", | |
"ecs:Describe*", | |
"ecs:List*", | |
"elasticache:Describe*", | |
"elasticache:List*", | |
"elasticfilesystem:DescribeFileSystems", | |
"elasticfilesystem:DescribeTags", | |
"elasticloadbalancing:Describe*", | |
"elasticmapreduce:List*", | |
"elasticmapreduce:Describe*", | |
"es:ListTags", | |
"es:ListDomainNames", | |
"es:DescribeElasticsearchDomains", | |
"health:DescribeEvents", | |
"health:DescribeEventDetails", | |
"health:DescribeAffectedEntities", | |
"kinesis:List*", | |
"kinesis:Describe*", | |
"lambda:AddPermission", | |
"lambda:GetPolicy", | |
"lambda:List*", | |
"lambda:RemovePermission", | |
"logs:Get*", | |
"logs:Describe*", | |
"logs:FilterLogEvents", | |
"logs:TestMetricFilter", | |
"rds:Describe*", | |
"rds:List*", | |
"redshift:DescribeClusters", | |
"redshift:DescribeLoggingStatus", | |
"route53:List*", | |
"s3:GetBucketLogging", | |
"s3:GetBucketLocation", | |
"s3:GetBucketNotification", | |
"s3:GetBucketTagging", | |
"s3:ListAllMyBuckets", | |
"s3:PutBucketNotification", | |
"ses:Get*", | |
"sns:List*", | |
"sns:Publish", | |
"sqs:ListQueues", | |
"support:*", | |
"tag:getResources", | |
"tag:getTagKeys", | |
"tag:getTagValues" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment