Skip to content

Instantly share code, notes, and snippets.

@hoegertn
Created September 14, 2020 09:04
Show Gist options
  • Save hoegertn/390f80857f745f3487ecbf2ffbef137b to your computer and use it in GitHub Desktop.
Save hoegertn/390f80857f745f3487ecbf2ffbef137b to your computer and use it in GitHub Desktop.
CDK bootstrap helper
import json
import inquirer
import boto3
import os
import sys
import subprocess
def select_account():
orga_client = boto3.client('organizations')
accounts = []
paginator = orga_client.get_paginator('list_accounts')
page_iterator = paginator.paginate()
for page in page_iterator:
for account in page['Accounts']:
accounts.append(account)
choice = inquirer.list_input(
"Select AWS Account",
choices=list(map(lambda acc: (acc['Name'], acc['Id']), accounts))
)
return choice
def select_region(account_id):
# Jump into selected account
rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
assumed_role_object = boto3.client('sts').assume_role(
RoleArn=rolearn, RoleSessionName="selectRegion")
client = boto3.client(
'ec2',
aws_access_key_id=assumed_role_object['Credentials']['AccessKeyId'],
aws_secret_access_key=assumed_role_object['Credentials']['SecretAccessKey'],
aws_session_token=assumed_role_object['Credentials']['SessionToken']
)
# List all regions and let user select one
regions = [region['RegionName'] for region in client.describe_regions()['Regions']]
choice = inquirer.list_input(
"Select AWS Region",
choices=regions, default="eu-central-1"
)
return choice
def deploy_cdk(account_id, aws_region):
# Jump into selected account
print(" > Accessing account %s ..." % account_id)
rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
assumed_role_object = boto3.client('sts').assume_role(
RoleArn=rolearn, RoleSessionName="createVpc")
print(" > Initialize CDK in account '%s' and region '%s'" % (account_id, aws_region))
my_env = os.environ.copy()
my_env["AWS_ACCESS_KEY_ID"] = assumed_role_object['Credentials']['AccessKeyId']
my_env["AWS_SECRET_ACCESS_KEY"] = assumed_role_object['Credentials']['SecretAccessKey']
my_env["AWS_SESSION_TOKEN"] = assumed_role_object['Credentials']['SessionToken']
my_env["CDK_NEW_BOOTSTRAP"] = '1'
process = subprocess.run([
'cdk',
'bootstrap',
'--cloudformation-execution-policies',
'arn:aws:iam::aws:policy/AdministratorAccess',
'--trust',
'<PUT YOUR CI/CD account here>',
'aws://%s/%s' % (account_id, aws_region),
],
stdout=sys.stdout,
stderr=sys.stderr,
stdin=subprocess.DEVNULL,
env=my_env,
universal_newlines=True
)
print("DONE")
print("")
account_id = select_account()
aws_region = select_region(account_id)
deploy_cdk(account_id, aws_region)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment