Skip to content

02 iam demo

Jump to bottom
Paul Duvall edited this page Jan 6, 2021 · 38 revisions

Deploying AWS Organizations as Code through a Deployment Pipeline

This demo is based on Managing AWS Organizations using the open source org-formation tool — Part 2 published by AWS.

Enable AWS Organizations

  1. To begin, go to AWS Organizations and enable Organizations for your AWS Account.
  2. From your Cloud9 terminal, run the following commands:

Install org-formation

npm i aws-organization-formation -g

Provision a Deployment Pipeline for AWS Organizations

org-formation init-pipeline organization.yml --region us-east-1

It will launch a CloudFormation stack (called organization-formation-build) that automatically provisions CodeCommit, CodePipeline, and CodeBuild resources. Once the CloudFormation stack is complete, view the provisioned AWS Developer Tools by going to each of the service links below and finding the organization-formation* resources in each of the services.

  1. Go to AWS CodeCommit (repository name is organization-formation).
  2. Go to AWS CodePipeline (pipeline name is orgformation-pipeline).
  3. Go to AWS CodeBuild (build project name is orgformation-build).

Add a new Member AWS Account to the AWS Organization

  1. Select the organization-formation repository in the AWS CodeCommit console.
  2. Edit the organization.yml file by adding the code snippet below to the bottom of the file (change the values for RootEmail and AccountOwnerEmail to your email address):
  MyNewAccount:
    Type: OC::ORG::Account
    Properties:
      AccountName: csoa2-acct
      RootEmail: YOUREMAIL+csoa2@youremaildomain.com
      Alias: org-csoa2
      PasswordPolicy: !Ref PasswordPolicy
      Tags:
        BudgetThreshold: 100
        AccountOwnerEmail: YOUREMAIL+csoa2@youremaildomain.com

  PasswordPolicy:
    Type: OC::ORG::PasswordPolicy
    Properties:
      MinimumPasswordLength: 12
      RequireLowercaseCharacters: true
      RequireNumbers: true
      RequireSymbols: true
      RequireUppercaseCharacters: true
      AllowUsersToChangePassword: true
  1. Commit the changes to CodeCommit.
  2. View the changes get deployed in the AWS CodePipeline organization-formation pipeline.
  3. Go back to AWS Organizations and find the new AWS Account you have configured to be added in your AWS Organization.

View the Organization

  1. Go to AWS Organizations to view the newly provisioned AWS account.
  2. Go to the AWS Website and click the Sign In to the Console button.
  3. With the Root User radio button selected, enter the RootEmail you entered in the organization.yml file.
  4. Click on the Forgot Password link. AWS will automatically send you an email to the address provided.
  5. In your email, click on the Confirm Password link. This will bring you to an AWS page to create a password and setup your account. Change your password.

Delete CloudFormation Stacks

  • Once you've completed the demo, delete the CloudFormation stack with the command below.
aws cloudformation delete-stack --stack-name organization-formation-build

Resources

Clone this wiki locally