Automatically generate your AWS account configurations through AWS Organizations
The switchroles-lambda project leverages AWS Lambda to streamline the generation of AWS configurations for accounts in Organizations. It provides a flexible and scalable solution for managing AWS resources across multiple accounts and regions. It is designed with AWS Extend Switch Roles and AESR S3 Config Sender in mind.
Requirements
Ensure you have the following dependencies installed on your system:
- Python:
version 3.10.12 - boto3:
version 1.34.43
- Clone the switchroles-lambda repository:
git clone git@github.com:XargsUK/switchroles-lambda.git- Change to the project directory:
cd switchroles-lambda- Install the dependencies:
pip install -r requirements.txtThis python script can be run locally or deployed as an AWS Lambda function.
| Name | Description | Example |
|---|---|---|
| S3_BUCKET | The name of the S3 bucket where the configurations will be stored (if not running locally). | awsconfigs-bucket |
| ASSUME_ROLE | The role name to be assumed in each payer account. | AccountSwitcherLambdaRole |
| ROLE_NAMES | Comma-separated role names for which the configurations will be generated. | Admin,Developer,ReadOnly |
| SESSION_NAME | The session name to use when assuming roles. | RoleSwitcherLambdav2 |
| PAYER_ACCOUNT_IDS | Comma-separated AWS payer account IDs. | 123456789012,210987654321 |
| OU_OVERRIDES | JSON string of organizational unit (OU) ID to name mappings for overrides. | {"ou-xyz1-abcdefgh":"Engineering","ou-xyz2-abcdefgh":"Marketing"} |
| running_locally | Set true for Local execution, false for Lambda. | true |
| AWS_REGION | The AWS region to use for the Lambda function. | us-west-2 |
| AWS_PROFILE | The AWS profile to use for the Lambda function. | default |
Start by setting your environment variables:
export running_locally=true
export S3_BUCKET=S3_BUCKET_NAME
...Once you've set your environment variables the following command to run switchroles-lambda:
python lambda_handler.pyContributions are welcome! Here are several ways you can contribute:
- Submit Pull Requests: Review open PRs, and submit your own PRs.
- Report Issues: Submit bugs found or log feature requests for the
switchroles-lambdaproject.
- Fork the Repository: Start by forking the project repository to your local account.
- Clone Locally: Clone the forked repository to your local machine using a git client.
git clone `repo_url` - Create a New Branch: Always work on a new branch, giving it a descriptive name.
git checkout -b new-feature-x
- Make Your Changes: Develop and test your changes locally.
- Commit Your Changes: Commit with a clear message describing your updates.
git commit -m 'Implemented new feature x.' - Push to GitHub: Push the changes to your forked repository.
git push origin new-feature-x
- Submit a Pull Request: Create a PR against the original project repository. Clearly describe the changes and their motivations.
Once your PR is reviewed and approved, it will be merged into the main branch.
This project is protected under the MIT License.