By using AWS re:Post, you agree to the Terms of Use
/How can organization accounts be accessed programmatically?/

How can organization accounts be accessed programmatically?

0

I want to create accounts in an organization programmatically and once created, I would like to programmatically manage resources within the account. How can this be done without having to use the AWS Console to switch accounts or reset the password? Can I use the AWS API SDK with an access key from the organization account to target the sub account?

  • After creating an account within an organization I'd like to create an IAM user with programatic access without having to switch roles or reset the password. Would prefer to do everything through the SDK.

2 Answers
0
Accepted Answer

Figured out that I can use the AWS Security Token Service to assume the role of the account in the organization and before the actions I require

answered a month ago
0

Yes, you can accomplish these tasks using the AWS SDK.

You could take a look at this AWS Bootstrap Kit example repository on GitHub. This repository contains examples of using the AWS Bootstrap Kit to set your development and deployment environment on AWS. You can get an impression how such centralized account and resource management could be accomplished.

Using AWS CDK, this example shows you how to create and manage a complete AWS Organization (including multiple accounts). You can also explore how to manage the resources in those accounts using the IaC approach - by deploying CDK constructs into various accounts of the organization. This is one possible approach.

You can also call the AWS API directly to achieve the same results, but the best practice is to use an IaC approach, for example with AWS CloudFormation or AWs CDK.

Essentially, the target accounts you want to manage must allow the central (root) account to do so. You do this by configuring the corresponding IAM roles in the target accounts and assuming them when managing the resources. The Bootstrap Kit example mentioned above shows you how to achieve that using AWS CDK.

answered a month ago
  • Are there any examples of how to do this using the SDK? These accounts will be created on demand for customer workloads so I'd rather manage the process myself using the SDK.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions