Giter VIP home page Giter VIP logo

aws-orgs's Introduction

Getting started with aws-orgs

A configuration management tool set for AWS Organizations.

Full documentation is available at https://aws-orgs.readthedocs.io/en/latest

Features

  • Ensure state of AWS Organizations and IAM resourses per yaml formatted specification files.
  • Configure AWS Organizations resources:
    • organizational units
    • service control policies
    • account creation and organizational unit placement
  • Centrally manage IAM access across AWS Organization accounts:
    • IAM users/groups in a central Auth account
    • customer managed IAM policies
    • IAM roles and trust delegation in organization accounts

Installation

Python virtual environment (recommended):

source ~/path_to_my_venv/bin/activate
pip install aws-orgs

Editable copy in venv:

git clone https://github.com/ucopacme/aws-orgs
pip install -e aws-orgs/

Uninstall:

pip uninstall aws-orgs

Configuration quick start

Run the awsorgs-spec-init script to generate an initial set of spec-files:

awsorgs-spec-init

This generates an initial config.yaml spec files under ~/.awsorgs. Edit these as needed to suit your environment.

See --help option for full usage.

Console Scripts

aws-orgs provides the following python executibles:

awsorgs
Manage recources in an AWS Organization.
awsaccounts
Manage accounts in an AWS Organization.
awsauth
Manage users, group, and roles for cross account access in an AWS Organization.
awsloginprofile
Manage AWS IAM user login profile.

All commands execute in dry-run mode by default. Include the --exec flag to affect change to AWS resources. Run each of these with the '--help' option for usage documentation.

awsorgs report
awsorgs organization
awsorgs organization --exec

awsaccounts report
awsaccounts create [--exec]
awsaccounts alias [--exec]

awsaccounts invite --account-id ID [--exec]
# from invited account:
awsorgs-accessrole --master_id ID [--exec]

awsauth report
awsauth report --users
awsauth report --delegations
awsauth report --credentials --full
awsauth report --account ucpath-prod --users --full

awsauth users [--exec]
awsauth delegations [--exec]
awsauth local-users [--exec]

awsloginprofile maryanne
awsloginprofile maryanne --new
awsloginprofile maryanne --reset
awsloginprofile maryanne --disable-expired --opt-ttl 48
Author:Ashley Gould ([email protected])
Version:0.3.1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.