Comments (3)
@NickDarvey did you ever figure out a work around? I'm having the same issue
from org-formation-reference.
hi!
completely missed this before.
The error is: ERROR: Roles may not be assumed by root accounts.
I kinda wonder what the intention was behind running these commands as root, but this step will need to be ran as an IAM user.
you might already have an IAM user provisioned in the target account (or otherwise temporarily create one) you can use by running aws configure
or setting up your credentials in ~/.aws/credentials
.
from org-formation-reference.
I managed to run the script after the following changes:
- Created an IAM account in my MasterAccount
- Assigned the predefined
AdministratorAccess
Permissions policy to the user created in 1. - Added a custom inline policy to allow assuming a role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
- Generated access keys for the IAM user created in step 1
- Configured my AWS CLI to use the access key generated in step 4
- Executed the following command to create the OrganizationFormationBuildAccessRole role:
aws cloudformation create-stack --stack-name org-formation-role --template-body file://src/templates/000-org-build/role.yml --region eu-north-1 --capabilities CAPABILITY_NAMED_IAM
- Ensured to update line 74 and line 77 with the correct email domain and address.
- Finally executed
npx org-formation update ./src/organization.yml --verbose
to build.
This seems to be the expected procedure! If so, updating the documentation or creating a bootstrap script for this would be beneficial. I am happy to help out!
from org-formation-reference.
Related Issues (20)
- 080-aws-config-inventory: decide on ConfigTopic HOT 1
- 000-org-build: should OrgPipelineRole be toned down? HOT 1
- 020-secure-defaults: allow for accounts with public s3 buckets HOT 1
- documentation: add the readme's HOT 1
- types: check and verify whether we are using the right/latest versions
- 000-org-build: move artficats buckets name to toplevel _parameters
- project: add a github action to perform linting upon checking and PR
- 080-aws-config-inventory: consolidate to a single template
- Error when configuring SSO HOT 4
- Run linters on every commit HOT 2
- add transit gateway to reference project
- SCP template: required key [Content] not found , extraneous key [PolicyDocument] is not permitted. HOT 2
- Patterns used here versus those in org-formation-cli/examples HOT 2
- Unable to init from cli HOT 5
- "Master" branch isn't the default branch when creating a new CodeCommit repo
- Can't create deny-unsupported-regions SCP HOT 5
- Had to complete steps out of order
- 020-secure-defaults: Error validating schemaHandlerPackage
- Can't configure service control policies (SCPs) with org-formation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from org-formation-reference.