-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathorganization-new-acc.sh
executable file
·173 lines (152 loc) · 5.75 KB
/
organization-new-acc.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#Copyright 2008-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
#Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
#
# http://aws.amazon.com/apache2.0/
#
#or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
#!/bin/bash
function usage
{
echo "usage: organization_new_acc.sh [-h] --account_name ACCOUNT_NAME
--account_email ACCOUNT_EMAIL
--cl_profile_name CLI_PROFILE_NAME
[--ou_name ORGANIZATION_UNIT_NAME]
[--region AWS_REGION]"
}
newAccName=""
newAccEmail=""
newProfile=""
roleName="OrganizationAccountAccessRole"
destinationOUname=""
region="us-east-1"
while [ "$1" != "" ]; do
case $1 in
-n | --account_name ) shift
newAccName=$1
;;
-e | --account_email ) shift
newAccEmail=$1
;;
-p | --cl_profile_name ) shift
newProfile=$1
;;
-o | --ou_name ) shift
destinationOUname=$1
;;
-r | --region ) shift
region=$1
;;
-h | --help ) usage
exit
;;
esac
shift
done
if [ "$newAccName" = "" ] || [ "$newAccEmail" = "" ] || [ "$newProfile" = "" ]
then
usage
exit
fi
printf "Email: $newAccEmail\n"
printf "Create New Account\n"
ReqID=$(aws organizations create-account --email $newAccEmail --account-name "$newAccName" --role-name $roleName \
--query 'CreateAccountStatus.[Id]' \
--output text)
printf "Waiting for New Account ..."
orgStat=$(aws organizations describe-create-account-status --create-account-request-id $ReqID \
--query 'CreateAccountStatus.[State]' \
--output text)
while [ $orgStat != "SUCCEEDED" ]
do
if [ $orgStat = "FAILED" ]
then
printf "\nAccount Failed to Create\n"
exit 1
fi
printf "."
sleep 10
orgStat=$(aws organizations describe-create-account-status --create-account-request-id $ReqID \
--query 'CreateAccountStatus.[State]' \
--output text)
done
accID=$(aws organizations describe-create-account-status --create-account-request-id $ReqID \
--query 'CreateAccountStatus.[AccountId]' \
--output text)
accARN="arn:aws:iam::$accID:role/$roleName"
printf "\nCreate New CLI Profile\n"
aws configure set region $region --profile $newProfile
aws configure set role_arn $accARN --profile $newProfile
aws configure set source_profile slalom-test --profile $newProfile
cfcntr=0
printf "Waiting for CF Service ..."
aws cloudformation list-stacks --profile $newProfile > /dev/null 2>&1
actOut=$?
while [[ $actOut -ne 0 && $cfcntr -le 10 ]]
do
sleep 5
aws cloudformation list-stacks --profile $newProfile > /dev/null 2>&1
actOut=$?
if [ $actOut -eq 0 ]
then
break
fi
printf "."
cfcntr=$[$cfcntr +1]
done
if [ $cfcntr -gt 10 ]
then
printf "\nCF Service not available\n"
exit 1
fi
printf "\nCreate VPC Under New Account\n"
aws cloudformation create-stack --stack-name VPC --template-body file://CF-VPC.json --profile $newProfile > /dev/null 2>&1
if [ $? -ne 0 ]
then
printf "CF VPC Stack Failed to Create\n"
exit 1
fi
printf "Waiting for CF Stack to Finish ..."
cfStat=$(aws cloudformation describe-stacks --stack-name VPC --profile $newProfile --query 'Stacks[0].[StackStatus]' --output text)
while [ $cfStat != "CREATE_COMPLETE" ]
do
sleep 5
printf "."
cfStat=$(aws cloudformation describe-stacks --stack-name VPC --profile $newProfile --query 'Stacks[0].[StackStatus]' --output text)
if [ $cfStat = "CREATE_FAILED" ]
then
printf "\nVPC Failed to Create\n"
exit 1
fi
done
printf "\nVPC Created\n"
printf "Create Role and Policy\n"
aws cloudformation create-stack --stack-name Roles --template-body file://CF-IAM.json --capabilities CAPABILITY_NAMED_IAM --profile $newProfile > /dev/null 2>&1
cfStat=$(aws cloudformation describe-stacks --stack-name Roles --profile $newProfile --query 'Stacks[0].[StackStatus]' --output text)
while [ $cfStat != "CREATE_COMPLETE" ]
do
sleep 5
printf "."
cfStat=$(aws cloudformation describe-stacks --stack-name Roles --profile $newProfile --query 'Stacks[0].[StackStatus]' --output text)
if [ $cfStat = "CREATE_FAILED" ]
then
printf "\Role Failed to Create\n"
exit 1
fi
done
printf "Role Created\n"
printf "Create Configure Rule\n"
configRole=arn:aws:iam::$accID:role/service-role/config-rule-role
aws configservice put-configuration-recorder --configuration-recorder name=default,roleARN=$configRole --recording-group allSupported=true,includeGlobalResourceTypes=true --profile $newProfile > /dev/null 2>&1
aws configservice put-config-rule --config-rule file://CF-ConfigRules.json --profile $newProfile > /dev/null 2>&1
#if [ "$destinationOUname" != "" ]
#then
# printf "Moving New Account to OU\n"
# rootOU=$(aws organizations list-roots --query 'Roots[0].[Id]' --output text)
# destOU=$(aws organizations list-organizational-units-for-parent --parent-id $rootOU --query 'OrganizationalUnits[?Name==`'$destinationOUname'`].[Id]' --output text)
# aws organizations move-account --account-id $accID --source-parent-id $rootOU --destination-parent-id $destOU > /dev/null 2>&1
# if [ $? -ne 0 ]
# then
# printf "Moving Account Failed\n"
# fi
#fi