rdkls/aws_extend_switch_roles_config_generator.py

## aws_extend_switch_roles_config_generator.py
#!/usr/bin/env python
# Generate config file for chrome extension "aws-extend-switch-roles"
# https://github.com/tilfin/aws-extend-switch-roles

import boto3
import argparse
import hashlib
from pprint import pprint

parser = argparse.ArgumentParser()
parser.add_argument('--verbose', '-v', action='store_true')
args = parser.parse_args()

client = boto3.client('organizations')
res = client.list_roots()
root_ou_id = res['Roots'][0]['Id']
ous = client.list_organizational_units_for_parent(ParentId=root_ou_id)

def get_accounts_with_ou_data(ous):
    # Generate a flat list of Accounts, each of which includes the OU Name & ID
    accounts_with_ou_data = []

    i=0
    for ou in ous['OrganizationalUnits']:
        i += 1
        res = client.list_accounts_for_parent(ParentId=ou['Id'])
        if args.verbose:
            print('id %s' % ou['Id'])
            pprint(res)

        for account in res['Accounts']:
            account_data_extended = {
                'ou_id'         : ou['Id'],
                'ou_name'       : ou['Name'],
                'hexcolor'      : s_to_hexcolor(ou['Name']),
            }
            for k in account.keys():
                # This field causes quicksight to choke on import, and we don't care about it anyway
                if 'JoinedTimestamp' != k:
                    account_data_extended['account_'+k.lower()] = account[k]

            accounts_with_ou_data.append(account_data_extended)
    return accounts_with_ou_data

def s_to_hexcolor(s):
    hc = hashlib.md5(s).hexdigest()[:6]
    return hc

if __name__ == '__main__':
    accounts_with_ou_data = get_accounts_with_ou_data(ous)

    for a in accounts_with_ou_data:
        print """\n[profile {account_name}]
role_arn = arn:aws:iam::{account_id}/ADFS-Administrator
color = {hexcolor}""".format(**a)

    if args.verbose or args.verbose:
        pprint(accounts_with_ou_data)
	#!/usr/bin/env python
	# Generate config file for chrome extension "aws-extend-switch-roles"
	# https://github.com/tilfin/aws-extend-switch-roles

	import boto3
	import argparse
	import hashlib
	from pprint import pprint

	parser = argparse.ArgumentParser()
	parser.add_argument('--verbose', '-v', action='store_true')
	args = parser.parse_args()

	client = boto3.client('organizations')
	res = client.list_roots()
	root_ou_id = res['Roots'][0]['Id']
	ous = client.list_organizational_units_for_parent(ParentId=root_ou_id)

	def get_accounts_with_ou_data(ous):
	# Generate a flat list of Accounts, each of which includes the OU Name & ID
	accounts_with_ou_data = []

	i=0
	for ou in ous['OrganizationalUnits']:
	i += 1
	res = client.list_accounts_for_parent(ParentId=ou['Id'])
	if args.verbose:
	print('id %s' % ou['Id'])
	pprint(res)

	for account in res['Accounts']:
	account_data_extended = {
	'ou_id' : ou['Id'],
	'ou_name' : ou['Name'],
	'hexcolor' : s_to_hexcolor(ou['Name']),
	}
	for k in account.keys():
	# This field causes quicksight to choke on import, and we don't care about it anyway
	if 'JoinedTimestamp' != k:
	account_data_extended['account_'+k.lower()] = account[k]

	accounts_with_ou_data.append(account_data_extended)
	return accounts_with_ou_data

	def s_to_hexcolor(s):
	hc = hashlib.md5(s).hexdigest()[:6]
	return hc

	if __name__ == '__main__':
	accounts_with_ou_data = get_accounts_with_ou_data(ous)

	for a in accounts_with_ou_data:
	print """\n[profile {account_name}]
	role_arn = arn:aws:iam::{account_id}/ADFS-Administrator
	color = {hexcolor}""".format(**a)

	if args.verbose or args.verbose:
	pprint(accounts_with_ou_data)