This script is designed to manage AWS Organization handshakes by filtering for open invitations and then canceling and re-inviting the accounts. It automates the process of handling account invitations within an AWS Organization, ensuring that only current and relevant invitations are active.
- Filter Open Invitations: The script filters for handshakes that are in an 'OPEN' state and of the 'INVITE' action type, indicating pending invitations.
- Cancel and Re-invite: For each open invitation, the script cancels the existing handshake and immediately sends a new invitation to the account.
- Set Internal Field Separator (IFS): The script begins by setting the IFS to a comma, which is used to parse the output of AWS CLI commands.
- List Open Handshakes: It uses the
aws organizations list-handshakes-for-organizationcommand to list all handshakes associated with the organization. - Filter with jq: Utilizes
jqto filter out handshakes that are open and are invitations. - Process Each Handshake: For each filtered handshake, the script does the following:
- Prints the handshake ID and account ID to the console.
- Cancels the existing handshake using the
aws organizations cancel-handshakecommand. - Sends a new invitation to the account using the
aws organizations invite-account-to-organizationcommand.
- AWS CLI: The script requires the AWS Command Line Interface (CLI) to be installed and configured with appropriate credentials.
- jq: This script uses
jqfor parsing and filtering JSON output from AWS CLI commands.
To use the script, simply run it from your terminal. Ensure that you have the necessary permissions to list, cancel, and send invitations within your AWS Organization.
bash aws-org-reinvite-accounts-to-org.sh