Skip to content

After creating an account in the AWS organization, follow the following steps to grant access to a group in the root account.

Notifications You must be signed in to change notification settings

AVM-Consulting/organization-assume-role

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

organization-assume-role

After creating an account in the organization, follow the following steps to grant access to a group in the root account.

export AWS_DEFAULT_REGION=us-east-1
export AWS_PROFILE=xxx
SOURCE_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text --profile $AWS_PROFILE)
# enter the account id to which access is needed
TARGET_ACCOUNT_ID=xxx
#Group which will be allowed to assume role/login
IAM_GROUP=Admin

Initialize terraform, plan and apply

terraform init

Run terraform plan

terraform plan \
  -var "profile=$AWS_PROFILE"\
  -var "iam_group=$IAM_GROUP"\
  -var "source_account_id=$SOURCE_ACCOUNT_ID"\
  -var "target_account_id=$TARGET_ACCOUNT_ID"\
  -var "target_account_role=OrganizationAccountAccessRole"

Apply terraform plan

terraform apply \
  -var "profile=$AWS_PROFILE"\
  -var "iam_group=$IAM_GROUP"\
  -var "source_account_id=$SOURCE_ACCOUNT_ID"\
  -var "target_account_id=$TARGET_ACCOUNT_ID"\
  -var "target_account_role=OrganizationAccountAccessRole"

Inputs

Name Description Type Default Required
iam_group The source AWS group allowed to assume role into string Admin no
profile AWS profile for source account string - yes
region AWS region string us-east-1 no
source_account_id The AWS accounts from where can assume role into string - yes
target_account_id The AWS accounts we can assume role into string - yes
target_account_role The role name in the target account string OrganizationAccountAccessRole no

About

After creating an account in the AWS organization, follow the following steps to grant access to a group in the root account.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages