1 Answer
- Newest
- Most votes
- Most comments
1
ATM There seems to be no CLi for checking support levels.
However, using a tip from this SO post https://stackoverflow.com/questions/54730858/can-the-aws-support-plan-be-changed-via-cli-api heres a Bash script you could run from the management account as long as you can assume a common role in each other account.
Requires jq, bash, cli and role in every sub account
#!/bin/bash
#User configurable variables
roletoassume="OrganizationAccountAccessRole"
accounts=$(aws organizations list-accounts --query "Accounts[*].Id")
account=$(aws organizations describe-organization |jq .Organization.MasterAccountId | tr -d '"')
masteraccount=$account
SUPPORT_STATUS=$(eval aws support describe-severity-levels --region us-east-1 2>&1)
if [[ "$SUPPORT_STATUS" == *"SubscriptionRequiredException"* ]]; then
echo $account,"No Support Enabled for account"
elif [[ "$SUPPORT_STATUS" == *"AccessDeniedException"* ]]; then
echo $account,"Access denied or roles not properly setup"
elif [[ "$SUPPORT_STATUS" == *"critical"* ]]; then
echo $account,"Enterprise Support already enabled for account..."
elif [[ "$SUPPORT_STATUS" == *"urgent"* ]]; then
echo $account,"Only Business Level Support enabled for account..."
elif [[ "$SUPPORT_STATUS" == *"high"* ]]; then
echo $account,"Only Developer Level Support enabled for account..."
fi
echo $accounts | jq -c .[]| while read i;
do
account=$(echo $i | tr -d '"')
if [[ "$account" != "$masteraccount" ]]
then
sts=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${roletoassume} --role-session-name mysession)
var=( $(echo $sts | jq '.[] | .AccessKeyId, .SecretAccessKey, .SessionToken') )
export AWS_ACCESS_KEY_ID=$(echo ${var[0]} | tr -d '"')
export AWS_SECRET_ACCESS_KEY=$(echo ${var[1]} | tr -d '"')
export AWS_SESSION_TOKEN=$(echo ${var[2]} | tr -d '"')
SUPPORT_STATUS=$(eval aws support describe-severity-levels --region us-east-1 2>&1)
if [[ "$SUPPORT_STATUS" == *"SubscriptionRequiredException"* ]]; then
echo $account,"No Support Enabled for account"
elif [[ "$SUPPORT_STATUS" == *"AccessDeniedException"* ]]; then
echo $account,"Access denied or roles not properly setup"
elif [[ "$SUPPORT_STATUS" == *"critical"* ]]; then
echo $account,"Enterprise Support already enabled for account..."
elif [[ "$SUPPORT_STATUS" == *"urgent"* ]]; then
echo $account,"Only Business Level Support enabled for account..."
elif [[ "$SUPPORT_STATUS" == *"high"* ]]; then
echo $account,"Only Developer Level Support enabled for account..."
fi
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
fi
done
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago