UNPKG

@pepperize/cdk-organizations

Version:

Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).

github.com/pepperize/cdk-organizations

pepperize/cdk-organizations

57 lines • 10.1 kB

JavaScript

"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.DelegatedAdministrator = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const custom_resources_1 = require("aws-cdk-lib/custom-resources"); const constructs_1 = require("constructs"); /** * Enables the specified member account to administer the Organizations features of the specified AWS service. It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service. * * You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). * * @see https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html */ class DelegatedAdministrator extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); const { account, servicePrincipal, region } = props; const organizationsRegion = process.env.CDK_AWS_PARTITION === "aws-cn" ? "cn-northwest-1" : "us-east-1"; new custom_resources_1.AwsCustomResource(this, "DelegatedAdministratorCustomResource", { resourceType: "Custom::Organizations_DelegatedAdministrator", onCreate: { service: "Organizations", action: "registerDelegatedAdministrator", // https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Organizations.html#registerDelegatedAdministrator-property region: region ?? organizationsRegion, physicalResourceId: custom_resources_1.PhysicalResourceId.of(`${account.accountId}:${servicePrincipal}`), parameters: { AccountId: account.accountId, ServicePrincipal: servicePrincipal, }, ignoreErrorCodesMatching: "AccountAlreadyRegisteredException", // https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html#API_RegisterDelegatedAdministrator_Errors }, ...(props.removalPolicy === aws_cdk_lib_1.RemovalPolicy.RETAIN ? {} : { onDelete: { service: "Organizations", action: "deregisterDelegatedAdministrator", // https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Organizations.html#deregisterDelegatedAdministrator-property region: region ?? organizationsRegion, parameters: { AccountId: account.accountId, ServicePrincipal: servicePrincipal, }, }, }), installLatestAwsSdk: false, policy: custom_resources_1.AwsCustomResourcePolicy.fromSdkCalls({ resources: custom_resources_1.AwsCustomResourcePolicy.ANY_RESOURCE, }), }); } } exports.DelegatedAdministrator = DelegatedAdministrator; _a = JSII_RTTI_SYMBOL_1; DelegatedAdministrator[_a] = { fqn: "@pepperize/cdk-organizations.DelegatedAdministrator", version: "0.7.988" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVsZWdhdGVkLWFkbWluaXN0cmF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvZGVsZWdhdGVkLWFkbWluaXN0cmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEM7QUFDNUMsbUVBQThHO0FBQzlHLDJDQUF1QztBQXdCdkM7Ozs7OztHQU1HO0FBQ0gsTUFBYSxzQkFBdUIsU0FBUSxzQkFBUztJQUNuRCxZQUFtQixLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFrQztRQUNqRixLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxFQUFFLEdBQUcsS0FBSyxDQUFDO1FBQ3BELE1BQU0sbUJBQW1CLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUM7UUFFeEcsSUFBSSxvQ0FBaUIsQ0FBQyxJQUFJLEVBQUUsc0NBQXNDLEVBQUU7WUFDbEUsWUFBWSxFQUFFLDhDQUE4QztZQUM1RCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLGVBQWU7Z0JBQ3hCLE1BQU0sRUFBRSxnQ0FBZ0MsRUFBRSxxSEFBcUg7Z0JBQy9KLE1BQU0sRUFBRSxNQUFNLElBQUksbUJBQW1CO2dCQUNyQyxrQkFBa0IsRUFBRSxxQ0FBa0IsQ0FBQyxFQUFFLENBQUMsR0FBRyxPQUFPLENBQUMsU0FBUyxJQUFJLGdCQUFnQixFQUFFLENBQUM7Z0JBQ3JGLFVBQVUsRUFBRTtvQkFDVixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7b0JBQzVCLGdCQUFnQixFQUFFLGdCQUFnQjtpQkFDbkM7Z0JBQ0Qsd0JBQXdCLEVBQUUsbUNBQW1DLEVBQUUsa0pBQWtKO2FBQ2xOO1lBQ0QsR0FBRyxDQUFDLEtBQUssQ0FBQyxhQUFhLEtBQUssMkJBQWEsQ0FBQyxNQUFNO2dCQUM5QyxDQUFDLENBQUMsRUFBRTtnQkFDSixDQUFDLENBQUM7b0JBQ0UsUUFBUSxFQUFFO3dCQUNSLE9BQU8sRUFBRSxlQUFlO3dCQUN4QixNQUFNLEVBQUUsa0NBQWtDLEVBQUUsdUhBQXVIO3dCQUNuSyxNQUFNLEVBQUUsTUFBTSxJQUFJLG1CQUFtQjt3QkFDckMsVUFBVSxFQUFFOzRCQUNWLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUzs0QkFDNUIsZ0JBQWdCLEVBQUUsZ0JBQWdCO3lCQUNuQztxQkFDRjtpQkFDRixDQUFDO1lBQ04sbUJBQW1CLEVBQUUsS0FBSztZQUMxQixNQUFNLEVBQUUsMENBQXVCLENBQUMsWUFBWSxDQUFDO2dCQUMzQyxTQUFTLEVBQUUsMENBQXVCLENBQUMsWUFBWTthQUNoRCxDQUFDO1NBQ0gsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUF0Q0gsd0RBdUNDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUmVtb3ZhbFBvbGljeSB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQXdzQ3VzdG9tUmVzb3VyY2UsIEF3c0N1c3RvbVJlc291cmNlUG9saWN5LCBQaHlzaWNhbFJlc291cmNlSWQgfSBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IElBY2NvdW50IH0gZnJvbSBcIi4vYWNjb3VudFwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIERlbGVnYXRlZEFkbWluaXN0cmF0b3JQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgbWVtYmVyIGFjY291bnQgaW4gdGhlIG9yZ2FuaXphdGlvbiB0byByZWdpc3RlciBhcyBhIGRlbGVnYXRlZCBhZG1pbmlzdHJhdG9yLlxuICAgKi9cbiAgcmVhZG9ubHkgYWNjb3VudDogSUFjY291bnQ7XG4gIC8qKlxuICAgKiBUaGUgc2VydmljZSBwcmluY2lwYWwgb2YgdGhlIEFXUyBzZXJ2aWNlIGZvciB3aGljaCB5b3Ugd2FudCB0byBtYWtlIHRoZSBtZW1iZXIgYWNjb3VudCBhIGRlbGVnYXRlZCBhZG1pbmlzdHJhdG9yLlxuICAgKi9cbiAgcmVhZG9ubHkgc2VydmljZVByaW5jaXBhbDogc3RyaW5nO1xuICAvKipcbiAgICogVGhlIHJlZ2lvbiB0byBkZWxlZ2F0ZSB0aGUgYWRtaW5pc3RyYXRvciBpbi5cbiAgICovXG4gIHJlYWRvbmx5IHJlZ2lvbj86IHN0cmluZztcbiAgLyoqXG4gICAqIElmIHNldCB0byBSZW1vdmFsUG9saWN5LlJFVEFJTiwgdGhlIGRlbGVnYXRpb24gd2lsbCBub3QgYmUgcmVtb3ZlZC5cbiAgICpcbiAgICogQGRlZmF1bHQgUmVtb3ZhbFBvbGljeS5ERVNUUk9ZXG4gICAqL1xuICByZWFkb25seSByZW1vdmFsUG9saWN5PzogUmVtb3ZhbFBvbGljeTtcbn1cblxuLyoqXG4gKiBFbmFibGVzIHRoZSBzcGVjaWZpZWQgbWVtYmVyIGFjY291bnQgdG8gYWRtaW5pc3RlciB0aGUgT3JnYW5pemF0aW9ucyBmZWF0dXJlcyBvZiB0aGUgc3BlY2lmaWVkIEFXUyBzZXJ2aWNlLiBJdCBncmFudHMgcmVhZC1vbmx5IGFjY2VzcyB0byBBV1MgT3JnYW5pemF0aW9ucyBzZXJ2aWNlIGRhdGEuIFRoZSBhY2NvdW50IHN0aWxsIHJlcXVpcmVzIElBTSBwZXJtaXNzaW9ucyB0byBhY2Nlc3MgYW5kIGFkbWluaXN0ZXIgdGhlIEFXUyBzZXJ2aWNlLlxuICpcbiAqIFlvdSBjYW4gcnVuIHRoaXMgYWN0aW9uIG9ubHkgZm9yIEFXUyBzZXJ2aWNlcyB0aGF0IHN1cHBvcnQgdGhpcyBmZWF0dXJlLiBGb3IgYSBjdXJyZW50IGxpc3Qgb2Ygc2VydmljZXMgdGhhdCBzdXBwb3J0IGl0LCBzZWUgdGhlIGNvbHVtbiBTdXBwb3J0cyBEZWxlZ2F0ZWQgQWRtaW5pc3RyYXRvciBpbiB0aGUgdGFibGUgYXQgQVdTIFNlcnZpY2VzIHRoYXQgeW91IGNhbiB1c2Ugd2l0aCBBV1MgT3JnYW5pemF0aW9ucyBpbiB0aGUgW0FXUyBPcmdhbml6YXRpb25zIFVzZXIgR3VpZGVdKGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9vcmdhbml6YXRpb25zL2xhdGVzdC91c2VyZ3VpZGUvb3Jnc19pbnRlZ3JhdGVfc2VydmljZXNfbGlzdC5odG1sKS5cbiAqXG4gKiBAc2VlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hY2NvdW50cy9sYXRlc3QvcmVmZXJlbmNlL3VzaW5nLW9yZ3MtZGVsZWdhdGVkLWFkbWluLmh0bWxcbiAqL1xuZXhwb3J0IGNsYXNzIERlbGVnYXRlZEFkbWluaXN0cmF0b3IgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBwdWJsaWMgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IERlbGVnYXRlZEFkbWluaXN0cmF0b3JQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCB7IGFjY291bnQsIHNlcnZpY2VQcmluY2lwYWwsIHJlZ2lvbiB9ID0gcHJvcHM7XG4gICAgY29uc3Qgb3JnYW5pemF0aW9uc1JlZ2lvbiA9IHByb2Nlc3MuZW52LkNES19BV1NfUEFSVElUSU9OID09PSBcImF3cy1jblwiID8gXCJjbi1ub3J0aHdlc3QtMVwiIDogXCJ1cy1lYXN0LTFcIjtcblxuICAgIG5ldyBBd3NDdXN0b21SZXNvdXJjZSh0aGlzLCBcIkRlbGVnYXRlZEFkbWluaXN0cmF0b3JDdXN0b21SZXNvdXJjZVwiLCB7XG4gICAgICByZXNvdXJjZVR5cGU6IFwiQ3VzdG9tOjpPcmdhbml6YXRpb25zX0RlbGVnYXRlZEFkbWluaXN0cmF0b3JcIixcbiAgICAgIG9uQ3JlYXRlOiB7XG4gICAgICAgIHNlcnZpY2U6IFwiT3JnYW5pemF0aW9uc1wiLFxuICAgICAgICBhY3Rpb246IFwicmVnaXN0ZXJEZWxlZ2F0ZWRBZG1pbmlzdHJhdG9yXCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL2xhdGVzdC9BV1MvT3JnYW5pemF0aW9ucy5odG1sI3JlZ2lzdGVyRGVsZWdhdGVkQWRtaW5pc3RyYXRvci1wcm9wZXJ0eVxuICAgICAgICByZWdpb246IHJlZ2lvbiA/PyBvcmdhbml6YXRpb25zUmVnaW9uLFxuICAgICAgICBwaHlzaWNhbFJlc291cmNlSWQ6IFBoeXNpY2FsUmVzb3VyY2VJZC5vZihgJHthY2NvdW50LmFjY291bnRJZH06JHtzZXJ2aWNlUHJpbmNpcGFsfWApLFxuICAgICAgICBwYXJhbWV0ZXJzOiB7XG4gICAgICAgICAgQWNjb3VudElkOiBhY2NvdW50LmFjY291bnRJZCxcbiAgICAgICAgICBTZXJ2aWNlUHJpbmNpcGFsOiBzZXJ2aWNlUHJpbmNpcGFsLFxuICAgICAgICB9LFxuICAgICAgICBpZ25vcmVFcnJvckNvZGVzTWF0Y2hpbmc6IFwiQWNjb3VudEFscmVhZHlSZWdpc3RlcmVkRXhjZXB0aW9uXCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9vcmdhbml6YXRpb25zL2xhdGVzdC9BUElSZWZlcmVuY2UvQVBJX1JlZ2lzdGVyRGVsZWdhdGVkQWRtaW5pc3RyYXRvci5odG1sI0FQSV9SZWdpc3RlckRlbGVnYXRlZEFkbWluaXN0cmF0b3JfRXJyb3JzXG4gICAgICB9LFxuICAgICAgLi4uKHByb3BzLnJlbW92YWxQb2xpY3kgPT09IFJlbW92YWxQb2xpY3kuUkVUQUlOXG4gICAgICAgID8ge31cbiAgICAgICAgOiB7XG4gICAgICAgICAgICBvbkRlbGV0ZToge1xuICAgICAgICAgICAgICBzZXJ2aWNlOiBcIk9yZ2FuaXphdGlvbnNcIixcbiAgICAgICAgICAgICAgYWN0aW9uOiBcImRlcmVnaXN0ZXJEZWxlZ2F0ZWRBZG1pbmlzdHJhdG9yXCIsIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL2xhdGVzdC9BV1MvT3JnYW5pemF0aW9ucy5odG1sI2RlcmVnaXN0ZXJEZWxlZ2F0ZWRBZG1pbmlzdHJhdG9yLXByb3BlcnR5XG4gICAgICAgICAgICAgIHJlZ2lvbjogcmVnaW9uID8/IG9yZ2FuaXphdGlvbnNSZWdpb24sXG4gICAgICAgICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICAgICAgICBBY2NvdW50SWQ6IGFjY291bnQuYWNjb3VudElkLFxuICAgICAgICAgICAgICAgIFNlcnZpY2VQcmluY2lwYWw6IHNlcnZpY2VQcmluY2lwYWwsXG4gICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICB9LFxuICAgICAgICAgIH0pLFxuICAgICAgaW5zdGFsbExhdGVzdEF3c1NkazogZmFsc2UsXG4gICAgICBwb2xpY3k6IEF3c0N1c3RvbVJlc291cmNlUG9saWN5LmZyb21TZGtDYWxscyh7XG4gICAgICAgIHJlc291cmNlczogQXdzQ3VzdG9tUmVzb3VyY2VQb2xpY3kuQU5ZX1JFU09VUkNFLFxuICAgICAgfSksXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==