Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow 'Root' as an OU name to apply a stackset to all accounts in our Organization #8

Closed
wants to merge 2 commits into from
Closed

allow 'Root' as an OU name to apply a stackset to all accounts in our Organization #8

wants to merge 2 commits into from

Conversation

RutgerBeyen
Copy link

@RutgerBeyen RutgerBeyen commented Apr 27, 2020
edited
Loading

Allow a Cloudformation Stackset to be deployed to all accounts in the AWS Organization with a single statement, in stead of having to supply all OUs or AccountIDs separately.
This code allows the use of

deploy_to_ou:
  - Root

in the manifest file.
The result is that the affected Cloudformation Stack will be deployed in every account under the AWS Organization, including the master account.

Allow an SCP to be attached to the Root level of the AWS Organization with a single statement, in stead of having to supply all OUs separately.
This code allows the use of

apply_to_accounts_in_ou:
  - Root

in the manifest file.
The result is that the affected SCP is attached at the 'root' level of the AWS Organization, and consequently inherited by all OUs and accounts automatically.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@groverlalit
Copy link
Member

Thanks for opening the the pull request. We have added this to our backlog.

@RobReus
Copy link

RobReus commented Jul 13, 2020

@groverlalit with the recent 1.2.0 release, was this one included in? We really need this feature for our use-cases, and from the looks of this PR, its ready to be merged in.

@jefp
Copy link

jefp commented Aug 4, 2020

@groverlalit with the recent 1.2.0 release, was this one included in? We really need this feature for our use-cases, and from the looks of this PR, its ready to be merged in.

+1 I have a customer with this need too.

@abragg
Copy link

abragg commented Aug 5, 2020

+1
I need to install additional processing for account-factory lifecycle events.

abragg
abragg reviewed Aug 5, 2020
View reviewed changes
source/manifest/manifest_parser.py
Comment on lines +155 to +158

if ou_name == 'Root':
accounts_in_ou.extend(accounts_in_all_ous)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

accounts_in_all_ous is not defined in this context. I believe a better change would be to lines 255 and 256 (now 259 and 260).

        _ou_name_to_id_map = {"Root":root_id}
        _all_ou_ids = [root_id]

@adamcousins
Copy link

Does the current version support

deploy_to_ou: 
      - Root

and is the current behaviour able to deploy to the Master account?

For those wondering, you can move the Master account into a new OU created and then you can target that OU (ie target the master account). Such as:

deploy_to_ou: 
      - OU_WITH_MASTER_ACCOUNT_INSIDE_IT

@jefp
Copy link

jefp commented Aug 26, 2020

This could break the upgrades of Control Tower.
During a repair, CT will move the master account into the Root OU.

Does the current version support

deploy_to_ou: 
      - Root

and is the current behaviour able to deploy to the Master account?

For those wondering, you can move the Master account into a new OU created and then you can target that OU (ie target the master account). Such as:

deploy_to_ou: 
      - OU_WITH_MASTER_ACCOUNT_INSIDE_IT

@mikkelramlov
Copy link

+1

@hunttom
Copy link

hunttom commented Feb 25, 2021
edited
Loading

++1. This a blocker for me. Why hasn't this been merged yet? This seems like an good recommendation.

@rakshb
Copy link

rakshb commented Mar 8, 2021

@hunttom This is currently in our backlog. We have other highly requested features that we are adding in the next release of CFCT.. We will review this request in a future update

@hunttom
Copy link

hunttom commented Mar 10, 2021

@hunttom This is currently in our backlog. We have other highly requested features that we are adding in the next release of CFCT.. We will review this request in a future update

Thanks, we are eagerly looking forward to it!

@gschaffer-cxn
Copy link

@rakshb any estimation on release? Could we have maybe some transparency what you are working on a la https://github.com/aws/containers-roadmap/projects/1 ?

@maykays maykays added the enhancement New feature or request label May 17, 2021
@aijunpeng
Copy link
Member

This feature has been released.

@aijunpeng aijunpeng closed this Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abragg abragg abragg left review comments

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.