Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How can I Loop through AWS Accounts using SSO with PowerShell or Python

0

My company has over 50 accounts which I need to loop through to pull values from the cost explorer. We use SSO and I want to use automation to regularly pull these values so unfortunately I can't use a session token or the generated access key and secret access key as they seem to be temporary. My company does leverage AWS Organisations though I do not have that level of permissions to use the functionality.

PowerShell: Though I haven't looped through all the listed accounts, I've used initialize-AWSSSOConfiguration which limits access to 20 accounts, even with a specific acccountid specified.

Python/CMD: Using Python with CMD calls, I am able to loop through accounts by explicitly creating a profile per account though this is quite time consuming.

With the above in mind, is there an easy way to loop through all profiles that doesn't require too much configuration?

Topics
Management & GovernanceCloud Financial Management
Tags
AWS Command Line InterfaceAWS Cost ExplorerAWS Tools for Windows PowerShell
Language
English
asked 8 months ago169 views
1 Answer
1

What is your end goal with pulling this data?

The Payer account has access to the costing data for both the payer and all the linked accounts. Getting a read-only account that only has access to cost explorer would be the easiest solution for what you asked. But as you mentioned, having regular automated access would be difficult unless you were able to use something like a Lambda or EC2 to run the query (since they get permissions via IAM).

However, remember that Cost Explorer API calls have a cost. What would be more efficient is to use Cost and Usage Reports (CUR) to store the billing data (which can be stored longer and be more fine grained than Cost Explorer supplies) into an S3 bucket and then query that data via something like Athena.

Additionally, you can utilize the existing CUDOS and CID dashboards that can be deployed in Quicksight to see dashboards of the costing data. And/or build your own dashboards. This will give you a more scalable and automated solution.

AWS
EXPERT
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content