Package Exports
- aws-organization-formation
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (aws-organization-formation) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
AWS Organization Formation
Makes managing AWS Organizations easy!
Organization Formation allows you to manage AWS Organization resources and accounts using CloudFormation syntax.
Installation
> npm i aws-organization-formationGetting started
The intended user for this tool is anyone that manages an AWS Organizations. You might already have an Organization set up using a different tool (e.g. landingzone, control tower) or you might want to start from scratch. Either way: this tool helps you manage you AWS Organizations resources and Cloudformation templates across your AWS Accounts.
I already have an AWS Organization
Great! you might not only already have an AWS Organization but also know some of the challanges when managing other resources (CoudTrail, GuardDuty, centralized logging, shared services) across your accounts.
To get started you first need an org-formation template that describes all your Organization resources such as Accounts, OUs and SCPs.
After Installation you can generate this file using the following command:
> org-formation init organization.yml --region us-east-1 [--profile org-master-account]example output organization.yml file
AWSTemplateFormatVersion: '2010-09-09-OC'
Organization:
Root:
Type: OC::ORG::MasterAccount
Properties:
AccountName: My Organization Root
AccountId: '123123123123'
Tags:
budget-alarm-threshold: '2500'
account-owner-email: my@email.com
OrganizationRoot:
Type: OC::ORG::OrganizationRoot
Properties:
ServiceControlPolicies:
- !Ref RestrictUnusedRegionsSCP
ProductionAccount:
Type: OC::ORG::Account
Properties:
RootEmail: production@myorg.com
AccountName: Production Account
Tags:
budget-alarm-threshold: '2500'
account-owner-email: my@email.com
DevelopmentAccount:
Type: OC::ORG::Account
Properties:
RootEmail: development@myorg.com
AccountName: Development Account
Tags:
budget-alarm-threshold: '2500'
account-owner-email: my@email.com
DevelopmentOU:
Type: OC::ORG::OrganizationalUnit
Properties:
OrganizationalUnitName: development
Accounts:
- !Ref DevelopmentAccount
ProductionOU:
Type: OC::ORG::OrganizationalUnit
Properties:
OrganizationalUnitName: production
Accounts:
- !Ref ProductionAccount
RestrictUnusedRegionsSCP:
Type: OC::ORG::ServiceControlPolicy
Properties:
PolicyName: RestrictUnusedRegions
Description: Restrict Unused regions
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: DenyUnsupportedRegions
Effect: Deny
NotAction:
- 'cloudfront:*'
- 'iam:*'
- 'route53:*'
- 'support:*'
Resource: '*'
Condition:
StringNotEquals:
'aws:RequestedRegion':
- eu-west-1
- us-east-1
- eu-central-1You can make changes to the file you generated and upate your organization using the update commmand. Alternatively you can run create-change-set and update-change-set. Read more in the cli reference
Once you got the hang of managing organization resources, use these organization resources to write smarter cloudformation that allows you to provision resources across your organization. Read more about managing resources across accounts.
I would like to create a new AWS Organization from scratch
//todo: effectively create an AWS Organization and follow steps above.