- Newest
- Most votes
- Most comments
Figured out that I can use the AWS Security Token Service to assume the role of the account in the organization and before the actions I require
Yes, you can accomplish these tasks using the AWS SDK.
You could take a look at this AWS Bootstrap Kit example repository on GitHub. This repository contains examples of using the AWS Bootstrap Kit to set your development and deployment environment on AWS. You can get an impression how such centralized account and resource management could be accomplished.
Using AWS CDK, this example shows you how to create and manage a complete AWS Organization (including multiple accounts). You can also explore how to manage the resources in those accounts using the IaC approach - by deploying CDK constructs into various accounts of the organization. This is one possible approach.
You can also call the AWS API directly to achieve the same results, but the best practice is to use an IaC approach, for example with AWS CloudFormation or AWs CDK.
Essentially, the target accounts you want to manage must allow the central (root) account to do so. You do this by configuring the corresponding IAM roles in the target accounts and assuming them when managing the resources. The Bootstrap Kit example mentioned above shows you how to achieve that using AWS CDK.
Are there any examples of how to do this using the SDK? These accounts will be created on demand for customer workloads so I'd rather manage the process myself using the SDK.
Relevant content
- asked 2 years ago
- asked 2 years ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
After creating an account within an organization I'd like to create an IAM user with programatic access without having to switch roles or reset the password. Would prefer to do everything through the SDK.