Comments (2)
yes - i think we think about this along the same lines.
i am currently working on this and my current thinking is a bit like the following:
org-formation init-pipeline --build-account-id 1111 --etc --template https://raw.github.com/path/to.zip
this would:
- download the zip and replace contents with defauls and/parameters
- repack the output and upload to codecommit as the initial commit.
I am going to take the SSO things out of this project as it requires manual steps.
I think it should be possible to have other projects with e.g. compliance as code using AWS Config, Monitoring towards slack that could be installed in a similar way and wire these together. still, having this baseline is step 1.
SAR would install a cloudformation template that creates an initial pipeline to bootstrap this process.
The steps would roughly be:
- visit SAR in the AWS console, select template and install the pipeline that bootstraps
- the pipeline that bootstraps runs
npm i
on org-formation and thenorg-formation init-pipeline --build-account-id 1111 --etc --template https://raw.github.com/path/to.zip
- org-formation init pipeline creates(?) or assumes a role in the build account and sets up the org-formation repository.
quite a bit to wrap your head around i guess :) but pretty sure this will work.
happy to think about a structure in which we can work together on this!
from org-formation-reference.
I would love to see something like this, I think it could even be part of the org-formation
cli itself. I do have some thoughts:
I just started to build a landing zone/org-formation setup from scratch to see what the process would be, and there's definitely some manual work required initially before you can let org-formation start configuring everything, like creating the organization itself and enabling all features and policy types. I think these are things that org-formation could handle directly. As someone who works with many different customers and will likely be doing this a bunch, I'd love to have a really streamlined process for creating and configuring new AWS organizations
I would love to be able to take an existing orgformation repo like this reference architecture or something else (replacing the emails and account id of the management account - maybe these could be parameterized?), and have that be all I need to tell org-formation
to create my organization. Including a build account setup (which now requires you to go in and manually create the build account first). All of that starting with a brand new AWS account (assuming I've created a user to execute org-formation
with). I basically want to treat something like this reference architecture repo as a parameterized template for how I want to define AWS Organizations configurations for any number of customers/management accounts
There's some kinks to something like this, for instance AWS SSO, since that is required to be manually setup, so any SSO configuration I might have in my reference architecture would break the first time around, so I'd probably have to break that out into a two-step process. The CLI would also have to be pretty solid around how it handles retries since AWS accounts can take a bit until they're ready to be used after creation
Ultimately, I'd still want everything else to be in one org-formation creat-everything-for-me
command
These are just some thoughts, what we have now is fantastic and lightyears ahead of anything else, so I definitely appreciate all of the work put in to building something like this ❤️
from org-formation-reference.
Related Issues (20)
- 080-aws-config-inventory: decide on ConfigTopic HOT 1
- 000-org-build: should OrgPipelineRole be toned down? HOT 1
- 020-secure-defaults: allow for accounts with public s3 buckets HOT 1
- documentation: add the readme's HOT 1
- types: check and verify whether we are using the right/latest versions
- 000-org-build: move artficats buckets name to toplevel _parameters
- project: add a github action to perform linting upon checking and PR
- 080-aws-config-inventory: consolidate to a single template
- Error when configuring SSO HOT 4
- Run linters on every commit HOT 2
- add transit gateway to reference project
- SCP template: required key [Content] not found , extraneous key [PolicyDocument] is not permitted. HOT 2
- Initialize org-formation with root user HOT 3
- Patterns used here versus those in org-formation-cli/examples HOT 2
- Unable to init from cli HOT 5
- "Master" branch isn't the default branch when creating a new CodeCommit repo
- Can't create deny-unsupported-regions SCP HOT 5
- Had to complete steps out of order
- 020-secure-defaults: Error validating schemaHandlerPackage
- Can't configure service control policies (SCPs) with org-formation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from org-formation-reference.