⭐️ Organization Formation ⭐️ built by Olaf Conijn is an amazing tool which helps simplify the process of managing AWS Organizations 🥇
https://github.com/org-formation/org-formation-cli
🔥 We have wrapped org-formation-cli within a CDK App which deploys a CodePipeline pipeline which will auto manage AWS Organization.
Some of the common tasks we could
- Create Organization Units
- Move Accounts between OUs
- Create AWS New Accounts
- Manage Service Control Policies for OUs/Accounts
- Manage Account Contacts, IAM Aliases, etc..
This is a CDK Project, which means you need to have CDK installed on your local system with npm i -g aws-cdk
git clone https://github.com/raajheshkannaa/cdk-org-formation-pipeline
- Update the organization account id in the
cdkorgformation/pipeline_stack.py, which is the s3 bucket permissions where org-formation will hold the org structure in its state.json file. - Install org-formation-cli by running
npm install -g aws-organization-formation - Change directory into the
cdkorgformationfolder which holds a dummy org.yml file for reference. - From this directory, initialize the Org Structure by running
org-formation init org.yml --region us-east-1. This will overwrite the current dummyorg.ymlfile with your actual AWS Organizations structure.
cdk deploy --profile aws-org-profile
- This will create the codecommit repository and the CodePipeline with the right permissions and .yml file into the AWS Organizations Account.
- Configure your local git client to work with the newly created CodeCommit repository.
- Push the code to the CodeCommit repository to kick off the codepipeline.
- This will run the
org-formation update cdkorgformation/org.ymlcommand which will essentially make the changes you'd like to make to the AWS Organization structure.
Note: Every time you want to update or make changes to your Organization structure, such as create accounts or manage OUs, run org-formation init org.yml --region us-east-1 locally in the <cdk app>/cdkorganization/ folder, before making and pushing those changes to the code repository.
- We could use the option of building a pipeline which OrgFormation would build for us with the
org-formation init-pipelinecommand, however because we build our own pipeline and most of our automation's are built with CDK, we resort to manage OrgFormation with CDK, instead of having OrgFormation manage our CDK or Serverless apps, which are features provided by the tool built by Olaf. - Org Formation offers so much more, such as tasks which could be carried out once an account is created, such as enable CloudTrail, GuardDuty and any other CloudFormation template you'd want to run in the new account. Examples here - https://github.com/org-formation/org-formation-cli/tree/master/examples
- Again we don't use these features of org-formation, because most of the automation on new accounts is setup with CDK already long before, so we will continue to use that, while use
org-formation-clionly for managing the hierarchy or overall structure of the Organizations itself.
Heavily derived from AWS Organization Formation, built by Olaf Conijn.
Checkout this video to learn more: https://www.youtube.com/watch?v=mLAGHzidHJ0