This project provides a CDK construct creating AWS organizations.

Overview

GitHub npm (scoped) PyPI Nuget GitHub Workflow Status (branch) GitHub release (latest SemVer)

AWS Organizations

This project provides a CDK construct creating AWS organizations.

Currently, there is no @aws-cdk/aws-organizations available. See this Issue on AWS CDK.

API Reference

See API.md

Install

TypeScript

npm install @pepperize/cdk-organizations

or

yarn add @pepperize/cdk-organizations

Python

pip install pepperize.cdk-organizations

C# / .Net

dotnet add package Pepperize.CDK.Organizations

Restrictions

  • The stack can only be deployed in the us-east-1 region.
  • The stack's account must be the management account of an existing organization.
  • The stack's account becomes the management account of the new organization.
  • An account belongs only to one organization with a single root.

Organization

To create a new organization or import an existing organization, add the following construct to your stack:

const organization = new Organization(stack, "Organization", {
  featureSet: FeatureSet.ALL,
});
  • The account which deploys the stack automatically becomes the management account of the new organization.
  • If an organization already exists, it will be automatically imported. The account which deploys the stacks must be the management account.
  • If the construct gets removed from the stack the organization still remains and must be manually deleted.
  • For deletion of an organization you must previously remove all the member accounts, OUs, and policies from the organization.
  • Currently, you can have only one root. AWS Organizations automatically creates it for you when you create the new organization.
  • It can only be used from within the management account in the us-east-1 region.

Organizational Unit (OU)

To create a new organizational unit (OU), add the following construct to your stack:

const organizationUnit = new OrganizationalUnit(stack, "Organization", {
  organizationalUnitName: "Project2",
  parent: organisation.root,
});

To import an existing organizational unit (OU), add the following to your stack:

const organizationUnit = OrganizationalUnit.fromOrganizationalUnitId(stack, "Organization", {
  organizationalUnitId: "ou-1234",
  organizationalUnitName: "Project2",
  parent: organisation.root,
});
  • The parent of an organizational unit (OU) can be either the organization's root or another OU within the organization.
  • An organizational unit (OU) can't be moved. You have to create a new one and move all the accounts.
  • For deletion of an organizational unit (OU) you must first move all accounts out of the OU and any child OUs, and then you can delete the child OUs.
  • It can only be used from within the management account in the us-east-1 region.

Account

To create a new account, add the following construct to your stack:

new Account(stack, "Account", {
  accountName: "MyAccount",
  email: "[email protected]",
  iamUserAccessToBilling: IamUserAccessToBilling.ALLOW,
  parent: organization.root,
});

To import an existing organizational unit (OU), add the following to your stack:

Account.fromAccountId(stack, "ImportedAccount", {
  accountId: "123456789012",
  parent: organization.root,
});
  • The email address must not already be associated with another AWS account. You may suffix the email address, i.e. [email protected].
  • An account will be created and then moved to the parent, if the parent is an organizational unit (OU).
  • It can only be used from within the management account in the us-east-1 region.
  • An account can't be deleted easily, if the construct gets removed from the stack the account still remains. Closing an AWS account

Contributing

Contributions of all kinds are welcome 🚀 Check out our contributor's guide.

For a quick start, check out a development environment:

git clone [email protected]:pepperize/cdk-organizations
cd cdk-organizations
 # install dependencies
yarn
# build with projen
yarn build

Example

See example.ts

import { App, Stack } from "aws-cdk-lib/core";
import {
  Account,
  DelegatedAdministrator,
  EnableAwsServiceAccess,
  EnablePolicyType,
  FeatureSet,
  IamUserAccessToBilling,
  Organization,
  OrganizationalUnit,
  Policy,
  PolicyAttachment,
  PolicyType,
} from "@pepperize/cdk-organizations";

const app = new App();
const stack = new Stack(app);

// Create an organization
const organization = new Organization(stack, "Organization", {
  featureSet: FeatureSet.ALL,
});
// Enable AWS Service Access (requires FeatureSet: ALL)
new EnableAwsServiceAccess(stack, "EnableAwsServiceAccess", {
  servicePrincipal: "service-abbreviation.amazonaws.com",
});

// Create an account
const account = new Account(stack, "SharedAccount", {
  accountName: "SharedAccount",
  email: "[email protected]",
  roleName: "OrganizationAccountAccessRole",
  iamUserAccessToBilling: IamUserAccessToBilling.ALLOW,
  parent: organization.root,
});
// Enable a delegated admin account
new DelegatedAdministrator(stack, "DelegatedAdministrator", {
  account: account,
  servicePrincipal: "service-abbreviation.amazonaws.com",
});

// Create an OU in the current organizations root
const projects = new OrganizationalUnit(stack, "ProjectsOU", {
  organizationalUnitName: "Projects",
  parent: organization.root,
});
new Account(stack, "Project1Account", {
  accountName: "SharedAccount",
  email: "[email protected]",
  parent: projects,
});

// Create a nested OU and attach two accounts
const project2 = new OrganizationalUnit(stack, "Project2OU", {
  organizationalUnitName: "Project2",
  parent: projects,
});
new Account(stack, "Project2DevAccount", {
  accountName: "Project 2 Dev",
  email: "[email protected]",
  parent: project2,
});
new Account(stack, "Project2ProdAccount", {
  accountName: "Project 2 Prod",
  email: "[email protected]",
  parent: project2,
});

// Enable the service control policy (SCP) type within the organization
new EnablePolicyType(stack, "EnablePolicyType", {
  root: organization.root,
  policyType: PolicyType.SERVICE_CONTROL_POLICY,
});
// Create and attach and Service Control Policy (SCP)
const policy = new Policy(stack, "Policy", {
  content: '{\\"Version\\":\\"2012-10-17\\",\\"Statement\\":{\\"Effect\\":\\"Allow\\",\\"Action\\":\\"s3:*\\"}}',
  description: "Enables admins of attached accounts to delegate all S3 permissions",
  policyName: "AllowAllS3Actions",
  policyType: PolicyType.SERVICE_CONTROL_POLICY,
});
new PolicyAttachment(stack, "PolicyAttachment", {
  target: organization.root,
  policy: policy,
});

Alternatives

Comments
  • Organizations API not able to handle concurrent requests.

    Organizations API not able to handle concurrent requests.

    We are seeing an error when trying to use this library to attach Service Control Policies, and create Organizational Units. It seems like the AWS Organizations API is not able to handle concurrent requests.

    Example code for SCPs:

    export class appStack extends cdk.Stack {
        constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
            super(scope, id, props);
            const org = new Organization(this, "master", {
                featureSet: FeatureSet.ALL
            })
    
            org.attachPolicy(scps.getPolicy(this, scps.denyLeaveOrg))
            org.attachPolicy(scps.getPolicy(this, scps.denyNewRegionsPolicy))
            org.attachPolicy(scps.getPolicy(this, scps.denyOutsideEuCentral1AndUsEast1))
            org.attachPolicy(scps.getPolicy(this, scps.denyCdkBootstrap))
        }
    }
    

    CDK can synthesise templates and deploy a Cloudformation Stack. This fails with the following error:

    Received response status [FAILED] from custom resource. Message returned: AWS Organizations can't complete your request because it conflicts with another attempt to modify the same entity. Try again later.

    We also see the same error reported when trying to create multiple OUs that are at the same level.

    Example code for OUs:

    export class appStack extends cdk.Stack {
        constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
            super(scope, id, props);
            const org = new Organization(this, "master", {
                featureSet: FeatureSet.ALL
            })
    
            const security = new OrganizationalUnit(this, "security", {
                organizationalUnitName: "Security",
                parent: org.root,
            })
    
            const deployments = new OrganizationalUnit(this, "deployments", {
                organizationalUnitName: "Deployments",
                parent: org.root,
            })
        }
    }
    

    And again the same error of

    Received response status [FAILED] from custom resource. Message returned: AWS Organizations can't complete your request because it conflicts with another attempt to modify the same entity. Try again later.

    Would it be possible to add an exponential backoff to these requests?

    opened by kiwi-33 19
  • chore(deps-dev): Bump jsii from 1.52.1 to 1.53.0

    chore(deps-dev): Bump jsii from 1.52.1 to 1.53.0

    Bumps jsii from 1.52.1 to 1.53.0.

    Release notes

    Sourced from jsii's releases.

    v1.53.0

    Features

    Bug Fixes

    • dontet: excessive overrides generated (#3355) (5460d66)
    • go: replace uses of CanConvert to Type.AssignableTo (#3373) (ae4ea62)
    • go: unable to reuse instances between child/parent interfaces (#3321) (70be636)
    • jsii: breaks due to faulty version of colors (#3328) (13c0737)
    • jsii: compiler allows inheriting interface-violating members (#3343) (b5037b9), closes #3342
    • jsii: excessive overrides declarations registered (#3375) (64a5984)
    • jsii: submodule READMEs don't have literate examples (#3347) (5769771), closes aws/aws-cdk#18589
    • kernel: kernel's private object annotations are enumerable (#3339) (d361c7b)
    • pacmak: greatly reduce go code-gen memory footprint (#3362) (77b520f)
    • python: cannot call a method that takes an empty struct (#3372) (c36b67c), closes #2846
    • remove the "comments rewriter" (#3368) (50dd3b0)
    • superchain: failure to download PowerShell (#3340) (59eaaa3)
    Changelog

    Sourced from jsii's changelog.

    1.53.0 (2022-02-09)

    Features

    Bug Fixes

    • dontet: excessive overrides generated (#3355) (5460d66)
    • go: replace uses of CanConvert to Type.AssignableTo (#3373) (ae4ea62)
    • go: unable to reuse instances between child/parent interfaces (#3321) (70be636)
    • jsii: breaks due to faulty version of colors (#3328) (13c0737)
    • jsii: compiler allows inheriting interface-violating members (#3343) (b5037b9), closes #3342
    • jsii: excessive overrides declarations registered (#3375) (64a5984)
    • jsii: submodule READMEs don't have literate examples (#3347) (5769771), closes aws/aws-cdk#18589
    • kernel: kernel's private object annotations are enumerable (#3339) (d361c7b)
    • pacmak: greatly reduce go code-gen memory footprint (#3362) (77b520f)
    • python: cannot call a method that takes an empty struct (#3372) (c36b67c), closes #2846
    • remove the "comments rewriter" (#3368) (50dd3b0)
    • superchain: failure to download PowerShell (#3340) (59eaaa3)
    Commits
    • 64a5984 fix(jsii): excessive overrides declarations registered (#3375)
    • f0b811b feat(rosetta): Rosetta manages dependencies automatically (#3269)
    • 50dd3b0 fix: remove the "comments rewriter" (#3368)
    • 5a319ac chore: npm-check-updates && yarn upgrade (#3366)
    • 32bf95c chore: npm-check-updates && yarn upgrade (#3351)
    • 5769771 fix(jsii): submodule READMEs don't have literate examples (#3347)
    • 2ab7eeb chore: npm-check-updates && yarn upgrade (#3338)
    • b5037b9 fix(jsii): compiler allows inheriting interface-violating members (#3343)
    • ad6ce99 chore: transition from using colors to chalk (#3335)
    • a1e9305 chore: npm-check-updates && yarn upgrade (#3318)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 8
  • chore(deps): Bump aws-sdk from 2.1060.0 to 2.1061.0

    chore(deps): Bump aws-sdk from 2.1060.0 to 2.1061.0

    Bumps aws-sdk from 2.1060.0 to 2.1061.0.

    Release notes

    Sourced from aws-sdk's releases.

    Release v2.1061.0

    See changelog for more information.

    Changelog

    Sourced from aws-sdk's changelog.

    2.1061.0

    • feature: Connect: This release adds tagging support for UserHierarchyGroups resource.
    • feature: EC2: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
    • feature: Fis: Added action startTime and action endTime timestamp fields to the ExperimentAction object
    • feature: GuardDuty: Amazon GuardDuty findings now include remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
    • feature: MediaTailor: This release adds support for multiple Segment Delivery Configurations. Users can provide a list of names and URLs when creating or editing a source location. When retrieving content, users can send a header to choose which URL should be used to serve content.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 7
  • Suggestion to add info to releases

    Suggestion to add info to releases

    I often look through release notes to understand what fixes/enhancements are being shipped. It is useful so that I am aware of what risks may be associated with a new release.

    Would you be willing to add such notes to GitHub releases going forward?

    opened by coltenkrauter 5
  • Issue during CreateAccount stack creation: ...conflicts with another attempt to modify the same entity.

    Issue during CreateAccount stack creation: ...conflicts with another attempt to modify the same entity.

    Context

    The first time I deployed, I got an error that the name of the account stack was too long so it failed. So, I shortened the name and then deployed again.

    Problem

    Now, when I deploy, I am getting this error,

    Received response status [FAILED] from custom resource. Message returned: AWS Organizations can't complete your request 
    because it conflicts with another attempt to modify the same entity. Try again later. Logs: /aws/lambda/VeniceOrganization-
    cdkorg-OnEventHandlerFunctionA6-TpNOToAkuuoW at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol
    /json.js:52:27) at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit 
    (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/var/runtime/node_modules/aws-sdk/lib
    /request.js:686:14) at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo 
    (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12) at /var/runtime/node_modules
    /aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9) at 
    Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/var/runtime
    /node_modules/aws-sdk/lib/sequential_executor.js:116:18) (RequestId: 71de1dae-1e33-4c17-92f3-bc917ce36630)
    
    Screen Shot 2022-08-30 at 10 15 59 AM

    I tried deploying about 12 hours ago when I first got this error. I figured I would wait and try again later. So I just tried deploying and I am getting this again.

    Finally, I deleted all of the stacks except for the CDKToolkit and then tried deploying again and I still got this error.

    Any idea why this is happening and how it can be resolved?

    opened by coltenkrauter 5
  • chore(deps-dev): Bump typescript from 4.5.4 to 4.5.5

    chore(deps-dev): Bump typescript from 4.5.4 to 4.5.5

    Bumps typescript from 4.5.4 to 4.5.5.

    Release notes

    Sourced from typescript's releases.

    TypeScript 4.5.5

    This patch release includes a number of fixes to language service crashes and assertion violations, along with improvements to JSX attribute snippets.

    For the complete list of fixed issues, check out the

    Downloads are available on:

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 5
  • Error creating account.

    Error creating account.

    Hi,

    Not sure if I'm doing something wrong, but I seem to hit this error when creating an account. I use the following python CDK code.

    # The code that defines your stack goes here
            create_account = Account(self, "Account",
                                     account_name="Account01",
                                     email="[email protected]",
                                     iam_user_access_to_billing=IamUserAccessToBilling.ALLOW,
                                     role_name="OrgRoleName"
                                     )
    

    Which results in the following request to the custom lambda function.

    2022-04-21T10:59:29.241Z	603e7cfe-5e38-420c-9ce8-383aad35bfe0	INFO	Payload: {
        "RequestType": "Create",
        "ServiceToken": "arn:aws:lambda:us-east-1:123456789012:function:cdk-example-dev-Accountcd-ProviderframeworkonEvent-yIMmO8WFRe32",
        "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cdk-example-dev/bf969cb0-c161-11ec-9c1f-0a6e6428d797",
        "RequestId": "2a55e9ad-46c0-463a-acec-943a004201f7",
        "LogicalResourceId": "AccountCreateAccount833709C2",
        "ResourceType": "Custom::Organizations_Account",
        "ResourceProperties": {
            "ServiceToken": "arn:aws:lambda:us-east-1:123456789012:function:cdk-example-dev-Accountcd-ProviderframeworkonEvent-yIMmO8WFRe32",
            "RoleName": "OrganizationAccountAccessRole",
            "IamUserAccessToBilling": "ALLOW",
            "Email": "[email protected]",
            "ImportOnDuplicate": "true",
            "RemovalPolicy": "retain",
            "AccountName": “account001”
        },
        "PhysicalResourceId": "637860476275",
        "Data": {
            "ServiceToken": "arn:aws:lambda:us-east-1:123456789012:function:cdk-example-dev-Accountcd-ProviderframeworkonEvent-yIMmO8WFRe32",
            "RoleName": "OrganizationAccountAccessRole",
            "IamUserAccessToBilling": "ALLOW",
            "Email": “[email protected]”,
            "ImportOnDuplicate": "true",
            "RemovalPolicy": "retain",
            "AccountName": "Vend001",
            "AccountId": "123456789012"
        }
    }
    

    Then I receive the following error message.

    2022-04-21T10:59:29.300Z	603e7cfe-5e38-420c-9ce8-383aad35bfe0	ERROR	Invoke Error 	{
        "errorType": "MissingRequiredParameter",
        "errorMessage": "Missing required key 'CreateAccountRequestId' in params",
        "code": "MissingRequiredParameter",
        "message": "Missing required key 'CreateAccountRequestId' in params",
        "time": "2022-04-21T10:59:29.263Z",
        "stack": [
            "MissingRequiredParameter: Missing required key 'CreateAccountRequestId' in params",
            "    at ParamValidator.fail (/var/runtime/node_modules/aws-sdk/lib/param_validator.js:50:37)",
            "    at ParamValidator.validateStructure (/var/runtime/node_modules/aws-sdk/lib/param_validator.js:61:14)",
            "    at ParamValidator.validateMember (/var/runtime/node_modules/aws-sdk/lib/param_validator.js:88:21)",
            "    at ParamValidator.validate (/var/runtime/node_modules/aws-sdk/lib/param_validator.js:34:10)",
            "    at Request.VALIDATE_PARAMETERS (/var/runtime/node_modules/aws-sdk/lib/event_listeners.js:132:42)",
            "    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)",
            "    at callNextListener (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:96:12)",
            "    at /var/runtime/node_modules/aws-sdk/lib/event_listeners.js:86:9",
            "    at finish (/var/runtime/node_modules/aws-sdk/lib/config.js:396:7)",
            "    at /var/runtime/node_modules/aws-sdk/lib/config.js:414:9"
        ]
    }
    

    I've also tried used the type script example & I receive the same error in the custom lambda functions. Just to add the AWS Account does get created, it's just the deploy fails & reports this error back to the CDK.

    opened by robh007 4
  • chore(deps-dev): bump eslint from 8.6.0 to 8.7.0

    chore(deps-dev): bump eslint from 8.6.0 to 8.7.0

    Bumps eslint from 8.6.0 to 8.7.0.

    Release notes

    Sourced from eslint's releases.

    v8.7.0

    Features

    • 19ad061 feat: no-restricted-imports support casing (#15439) (gfyoung)
    • 564ecdb feat: Support arbitrary module namespace names in no-restricted-imports (#15491) (Milos Djermanovic)
    • 968a02a feat: Support arbitrary module namespace names in no-useless-rename (#15493) (Milos Djermanovic)
    • 0d2b9a6 feat: move eslint --init to @​eslint/create-config (#15150) (唯然)
    • 127f524 feat: false negative with property option in id-match (#15474) (Nitin Kumar)
    • 359b2c1 feat: Support arbitrary module namespace names in the camelcase rule (#15490) (Milos Djermanovic)
    • 3549571 feat: Support arbitrary module namespace names in the quotes rule (#15479) (Milos Djermanovic)
    • 5563c45 feat: Support arbitrary module namespace names in keyword-spacing (#15481) (Milos Djermanovic)
    • fd3683f feat: Support arbitrary module namespace names in no-restricted-exports (#15478) (Milos Djermanovic)

    Bug Fixes

    • a8db9a5 fix: no-invalid-this false positive in class field initializer (#15495) (Milos Djermanovic)
    • 02d6426 fix: Correctly consume RuleTester statics (#15507) (Brad Zacher)
    • db15802 fix: Add property fatalErrorCount to ignored file results (#15520) (Francesco Trotta)
    • 03ac8cf fix: Prevent false positives with no-constant-condition (#15486) (Jordan Eldredge)

    Documentation

    • f50f849 docs: Update CLI docs to prefer local install (#15513) (Nicholas C. Zakas)
    • 0469eb1 docs: Update shell code fences for new website (#15522) (Olga)

    Chores

    Changelog

    Sourced from eslint's changelog.

    v8.7.0 - January 15, 2022

    • 369fb1b chore: Upgrade to [email protected] (#15526) (Brandon Mills)
    • a8db9a5 fix: no-invalid-this false positive in class field initializer (#15495) (Milos Djermanovic)
    • 19ad061 feat: no-restricted-imports support casing (#15439) (gfyoung)
    • f50f849 docs: Update CLI docs to prefer local install (#15513) (Nicholas C. Zakas)
    • 0469eb1 docs: Update shell code fences for new website (#15522) (Olga)
    • 02d6426 fix: Correctly consume RuleTester statics (#15507) (Brad Zacher)
    • db15802 fix: Add property fatalErrorCount to ignored file results (#15520) (Francesco Trotta)
    • 03ac8cf fix: Prevent false positives with no-constant-condition (#15486) (Jordan Eldredge)
    • 564ecdb feat: Support arbitrary module namespace names in no-restricted-imports (#15491) (Milos Djermanovic)
    • 968a02a feat: Support arbitrary module namespace names in no-useless-rename (#15493) (Milos Djermanovic)
    • ba6317b ci: remove master branch from CI configs (#15501) (Milos Djermanovic)
    • 0d2b9a6 feat: move eslint --init to @​eslint/create-config (#15150) (唯然)
    • 79b6340 chore: fixed typo in client-Engine (#15497) (Abhay Gupta)
    • 127f524 feat: false negative with property option in id-match (#15474) (Nitin Kumar)
    • 359b2c1 feat: Support arbitrary module namespace names in the camelcase rule (#15490) (Milos Djermanovic)
    • 3549571 feat: Support arbitrary module namespace names in the quotes rule (#15479) (Milos Djermanovic)
    • 5563c45 feat: Support arbitrary module namespace names in keyword-spacing (#15481) (Milos Djermanovic)
    • fd3683f feat: Support arbitrary module namespace names in no-restricted-exports (#15478) (Milos Djermanovic)
    • 6278281 chore: switch new syntax issue template to forms (#15480) (Nitin Kumar)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 4
  • Can I create a new OU and deploying a cloudFormation directly?(Question)

    Can I create a new OU and deploying a cloudFormation directly?(Question)

    Quick question: Can I create a new OU and deploying a cloudFormation directly into it. or I have to run the cdk for the Organisation creation first and then run a separate script with the cloudformation stack destined to that Organisation?

    opened by gabrielsantosblanchet 3
  • chore(deps-dev): Bump jsii from 1.65.0 to 1.65.1

    chore(deps-dev): Bump jsii from 1.65.0 to 1.65.1

    Bumps jsii from 1.65.0 to 1.65.1.

    Release notes

    Sourced from jsii's releases.

    v1.65.1

    Bug Fixes

    • python: reference to type does not use alias (#3728)
    Changelog

    Sourced from jsii's changelog.

    1.65.1 (2022-08-29)

    Bug Fixes

    • python: reference to type does not use alias (#3728)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    auto-approve 
    opened by dependabot[bot] 3
  • hard dependency on us-east-1

    hard dependency on us-east-1

    Hi,

    why the hard dependency on us-east-1 ? Afaik, the api is available now in all the regions. (https://docs.aws.amazon.com/general/latest/gr/ao.html)

    opened by hans-d 3
  • How to I setup developer sandbox accounts while keeping budget restrictions on those accounts

    How to I setup developer sandbox accounts while keeping budget restrictions on those accounts

    Hello,

    Thank you for https://constructs.dev/packages/@pepperize/cdk-organizations package. This is really helping me find a better way to organize the developer accounts.

    I am working on a specific use case where your advice matters a lot. I want to create developer sandbox accounts, where

    1. Each developer can access some specific set of services, like AWS Lambda, VPC, Aurora DB, etc. I believe this can be achieved using Service Control Policies (SCP), but unsure, how to use them at this time
    2. Each developer has a budget of $XX per month. I think we need to use AWS Budgets, but not sure how to use that with cdk-organizations.

    Some relevant links that I found on web are below

    Setting a budget for sandbox accounts Creating Sandbox environments How to manage cost overruns in your AWS multi-account environment – Part 1 Control developer account costs with AWS CloudFormation and AWS Budgets

    Could you please advise how I can achieve my goals using cdk-organizations?

    Thanks

    opened by hhimanshu 0
  • Deleting Account resource fails

    Deleting Account resource fails

    Hi there,

    I'm getting the following Cloud Formation error when deleting an Account resource from my stack code:

    Received response status [FAILED] from custom resource. Message returned: client.closeAccount is not a function
    

    My stack code deployed no problem. The error arises when I remove the Account resource code and redeploy.

    Sample code is as follows:

    import { Account, Organization, OrganizationalUnit } from "@pepperize/cdk-organizations";
    import { Stack } from "aws-cdk-lib";
    
    export class OrganizationStack extends Stack {
      constructor(scope: Construct, id: string, props: StackProps = {}) {
        super(scope, id, props);
    
        // Create your organization
        const organization = new Organization(stack, "Organization", {});
    
        // Create an organizational unit (OU)
        const organizationUnit = new OrganizationalUnit(stack, "OrganizationalUnit", {
          organizationalUnitName: "MyFirstOU",
          parent: organization.root,
        });
    
        // Create an account
        const account = new Account(stack, "Account", {
          accountName: "MyFirstAccount",
          email: "<your email for the member account>",
          parent: organizationUnit,
        });
      }
    }
    
    bug 
    opened by kfor90 1
  • feat(policy): use aws_organizations cfn policy

    feat(policy): use aws_organizations cfn policy

    poc: how to transition to aws cdk native cfn organizations support

    • https://github.com/aws/aws-cdk/pull/23001
    • https://github.com/aws/aws-cdk-rfcs/issues/465
    • https://github.com/aws/aws-cdk/pull/22876
    • https://github.com/aws/aws-cdk/pull/22971
    opened by pflorek 0
  • Creating OUs under current organization in Python

    Creating OUs under current organization in Python

    Hi there,

    Thanks for this library!

    I am having issues with code like the following:

    from constructs import Construct
    from aws_cdk import (
        Stack,
        RemovalPolicy,
    )
    import pepperize_cdk_organizations as orgs
    
    class MyRootStack(Stack):
        def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
            super().__init__(scope, construct_id, **kwargs)
            self.environments = ["foo", "bar", "baz"]
    
            for env in self.environments:
                ou = orgs.OrganizationalUnit(self, env,
                    organizational_unit_name=env,
                    import_on_duplicate=True,
                    removal_policy=RemovalPolicy.DESTROY,
                    parent=Stack.of(self).account,                         # HERE
                )
    

    Namely, I would like to create OUs under the current account—i.e.: the account to which the AWS credentials used to run cdk belong to. I'm missing a way to specify "this account" for the parent parameter. cdk deploy returns the following error:

    Key 'parent': Unable to deserialize value as @pepperize/cdk-organizations.IParent
    

    If I specify a string constant with the ARN or ID of the organization where I want the OUs to be created, I get the following error:

    Key 'parent': Unable to deserialize value as @pepperize/cdk-organizations.IParent
    

    I feel like this use case is frequent enough, that saying parent=None should do the trick, but would settle for a method returning the IAccount for the current account—perhaps it is there and I haven't been able to find it?

    Thanks in advance.

    -lem

    opened by nerdlem 2
  • How to rearrange organizational units and accounts after creation

    How to rearrange organizational units and accounts after creation

    Is it possible to easily rearrange the accounts and org units after creating them? Because this is (unfortunately) often required after some time if teams or products change…

    Improve the documentation how to change the organization hierarchy:

    1. Create the new nested hierarchy of organizational units, attach policies and move accounts (by simply changing their parent) -> deploy
    2. Remove all empty organizational units -> deploy

    Thx seeebiii

    documentation good first issue 
    opened by pflorek 0
  • Create new policies with a construct for SCP, AI OptOut, Back and Tag policies

    Create new policies with a construct for SCP, AI OptOut, Back and Tag policies

    It's not comfortable to pass the stringified JSON as to the Policy, let's have constructs for each policy type.

    const policy = new Policy(stack, "Policy", {
      content: '{\n"tags":{\n"CostCenter":{\n"tag_key":{\n"@@assign":"CostCenter"\n}\n}\n}\n}',
      description: "Defines the CostCenter tag key",
      policyName: "CostCenterTag",
      policyType: PolicyType.TAG_POLICY,
    });
    
    enhancement 
    opened by pflorek 0
Releases(v0.7.147)
Owner
Pepperize
Pepperize
Learn Web 2.0 and Web 3.0 Development using Next.js, Typescript, AWS CDK, AWS Serverless, Ethereum and AWS Aurora Serverless

Learn Web 2.0 Cloud and Web 3.0 Development in Baby Steps In this course repo we will learn Web 2.0 cloud development using the latest state of the ar

Panacloud Multi-Cloud Internet-Scale Modern Global Apps 89 Jan 3, 2023
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 4 Nov 16, 2022
CDK construct to periodically take snapshots of RDS databases, sanitize them, and share with selected accounts.

CDK Construct for RDS Sanitized Snapshots Periodically take snapshots of RDS databases, sanitize them, and share with selected accounts. Use this to a

CloudSnorkel 6 Dec 7, 2022
An Amazon Kendra REST API CDK example with an API Gateway, including authentication with AWS Cognito and AWS X-Ray Tracing

Amazon Kendra Web Service CDK Sample Amazon Kendra has a robust JSON API for use with the AWS SDK (software development kit), but does not expose endp

AWS Samples 8 Nov 28, 2022
MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

MerLoc MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are

Thundra 165 Dec 21, 2022
AWS Lambda & Serverless - Developer Guide with Hands-on Labs. Develop thousands line of aws lambda functions interact to aws serverless services with real-world hands-on labs

AWS Lambda & Serverless - Developer Guide with Hands-on Labs UDEMY COURSE WITH DISCOUNTED - Step by Step Development of this Repository -> https://www

awsrun 35 Dec 17, 2022
This application provides the CDK project and a frontend that allows you to build a serverless chat application based on API Gateway's WebSocket-based API feature.

Serverless chat application using ApiGateway Websockets This project lets you provision a ready-to-use fully serverless real-time chat application usi

AWS Samples 60 Jan 3, 2023
Sample AWS microservices app with service discovery defined using the CDK. Uses Docker + Fargate & ELB.

AWS Microservices Demo with CDK and Fargate About Simple AWS microservice-based app. Consists of two Spring Boot based services: Name Service GET /nam

Nick Klaene 7 Nov 23, 2022
Example Serverless DynamoDB integration tests using Jest, TypeScript and the AWS CDK

serverless dynamodb integration tests ?? Example Serverless DynamoDB integration tests using Jest, TypeScript and the AWS CDK Introduction How to inte

Lee Gilmore 8 Nov 4, 2022
Easy-to-use CDK constructs for monitoring your AWS infrastructure

CDK Monitoring Constructs Easy-to-use CDK constructs for monitoring your AWS infrastructure. Easily add commonly-used alarms using predefined properti

CDK Labs at AWS 214 Jan 6, 2023
AWS CDK compiled for web (and Node!)

cdk-web ?? DEMO ?? AWS CDK compiled for web (and Node!) cdk-web and aws-cdk-web are functionally identical packages on npm. read about the differences

Sepehr Laal 44 Dec 5, 2022
A sample CICD Deployment Pipeline for your Alexa Skills, using AWS CDK, CodeBuild and CodePipeline

Alexa Skils - CI/CD CDK Pipeline This repository will help you setting up a CI/CD pipeline for your Alexa Skills. This pipeline is powered by AWS Clou

null 5 Nov 23, 2022
Sample code for resizing Images with Lambda@Edge using the Custom Origin. You can deploy using AWS CDK.

Resizing Images with Lambda@Edge using the Custom Origin You can resize the images and convert the image format by query parameters. This Lambda@Edge

AWS Samples 16 Dec 11, 2022
A sample code that implements a simple Web app using AWS CDK v2

A sample code that implements a simple Web app using AWS CDK v2. This code will be introduced in a live coding session at AWS Summit Online Japan 2022 Developer Zone in 2022/5/25.

AWS Samples 29 Dec 5, 2022
Functionless-based mini-framework for DynamoDB migrations in AWS CDK.

dynamodb-migrations This repo is heavily in progress! Readme describes desired contract and functionality. Please do not try using it yet!. I'm not ev

Rafal Wilinski 23 Dec 20, 2022
AWS CDK stack for taking website screenshots (powered by Puppeteer)

CDK Screenshot (powered by Puppeteer) Made possible by the excellent Puppeteer. Install export AWS_PROFILE=myprofile export AWS_DEFAULT_REGION=us-east

Alexei Boronine 6 Oct 23, 2022
An AWS Cloud Native application using CDK that defines a Serverless Event Driven application for interacting with Twitter and utilising Machine Learning / AI as a Service.

AWS Serverless Event Driven Twitter Bot An AWS Cloud Native application using CDK (Written in TypeScript) that defines a Serverless Event Driven appli

null 4 Dec 18, 2022