@pepperize/cdk-organizations
Version:
Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).
54 lines • 8.38 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.OrganizationProvider = void 0;
const aws_cdk_lib_1 = require("aws-cdk-lib");
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
const custom_resources_1 = require("aws-cdk-lib/custom-resources");
const on_event_handler_function_1 = require("./on-event-handler-function");
/**
* Creates a custom resource provider to create the organization in AWS organization.
*
* <strong>If the organization already exists, it will be just returned.</strong>
* <strong>Organization deletion is currently not supported!</strong>
*
* @see https://docs.aws.amazon.com/cdk/api/v1/docs/custom-resources-readme.html#provider-framework
*/
class OrganizationProvider extends aws_cdk_lib_1.NestedStack {
/**
* Retrieve OrganizationProvider as stack singleton resource.
*
* @see https://github.com/aws/aws-cdk/issues/5023
*/
static getOrCreate(scope) {
const stack = aws_cdk_lib_1.Stack.of(scope);
const id = "cdk-organizations.OrganizationProvider";
const existing = stack.node.tryFindChild(id);
return existing || new OrganizationProvider(stack, id, {});
}
constructor(scope, id, props) {
super(scope, id, props);
const organizationsRegion = process.env.CDK_AWS_PARTITION === "aws-cn" ? "cn-northwest-1" : "us-east-1";
this.onEventHandler = new on_event_handler_function_1.OnEventHandlerFunction(this, "OnEventHandlerFunction", {
environment: {
ORGANIZATIONS_ENDPOINT_REGION: organizationsRegion,
},
timeout: aws_cdk_lib_1.Duration.minutes(10),
initialPolicy: [
new aws_iam_1.PolicyStatement({
actions: ["organizations:CreateOrganization", "organizations:DescribeOrganization"],
resources: ["*"],
}),
// permit the creation of service-linked role https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org
new aws_iam_1.PolicyStatement({
actions: ["iam:CreateServiceLinkedRole"],
resources: [`arn:${aws_cdk_lib_1.Aws.PARTITION}:iam::*:role/*`],
}),
],
});
this.provider = new custom_resources_1.Provider(this, "Provider", {
onEventHandler: this.onEventHandler,
});
}
}
exports.OrganizationProvider = OrganizationProvider;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3JnYW5pemF0aW9uLXByb3ZpZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL29yZ2FuaXphdGlvbi1wcm92aWRlci9vcmdhbml6YXRpb24tcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWtGO0FBQ2xGLGlEQUFzRDtBQUV0RCxtRUFBd0Q7QUFFeEQsMkVBQXFFO0FBSXJFOzs7Ozs7O0dBT0c7QUFDSCxNQUFhLG9CQUFxQixTQUFRLHlCQUFXO0lBQ25EOzs7O09BSUc7SUFDSSxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQWdCO1FBQ3hDLE1BQU0sS0FBSyxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlCLE1BQU0sRUFBRSxHQUFHLHdDQUF3QyxDQUFDO1FBQ3BELE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQVEsUUFBaUMsSUFBSSxJQUFJLG9CQUFvQixDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDdkYsQ0FBQztJQWVELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBZ0M7UUFDeEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsTUFBTSxtQkFBbUIsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLGlCQUFpQixLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQztRQUV4RyxJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksa0RBQXNCLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO1lBQy9FLFdBQVcsRUFBRTtnQkFDWCw2QkFBNkIsRUFBRSxtQkFBbUI7YUFDbkQ7WUFDRCxPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzdCLGFBQWEsRUFBRTtnQkFDYixJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLGtDQUFrQyxFQUFFLG9DQUFvQyxDQUFDO29CQUNuRixTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7Z0JBQ0YsK0lBQStJO2dCQUMvSSxJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLDZCQUE2QixDQUFDO29CQUN4QyxTQUFTLEVBQUUsQ0FBQyxPQUFPLGlCQUFHLENBQUMsU0FBUyxnQkFBZ0IsQ0FBQztpQkFDbEQsQ0FBQzthQUNIO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFFBQVEsR0FBRyxJQUFJLDJCQUFRLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUM3QyxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7U0FDcEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBckRELG9EQXFEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEF3cywgRHVyYXRpb24sIE5lc3RlZFN0YWNrLCBOZXN0ZWRTdGFja1Byb3BzLCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IEZ1bmN0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIjtcbmltcG9ydCB7IFByb3ZpZGVyIH0gZnJvbSBcImF3cy1jZGstbGliL2N1c3RvbS1yZXNvdXJjZXNcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBPbkV2ZW50SGFuZGxlckZ1bmN0aW9uIH0gZnJvbSBcIi4vb24tZXZlbnQtaGFuZGxlci1mdW5jdGlvblwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIE9yZ2FuaXphdGlvblByb3ZpZGVyUHJvcHMgZXh0ZW5kcyBOZXN0ZWRTdGFja1Byb3BzIHt9XG5cbi8qKlxuICogQ3JlYXRlcyBhIGN1c3RvbSByZXNvdXJjZSBwcm92aWRlciB0byBjcmVhdGUgdGhlIG9yZ2FuaXphdGlvbiBpbiBBV1Mgb3JnYW5pemF0aW9uLlxuICpcbiAqIDxzdHJvbmc+SWYgdGhlIG9yZ2FuaXphdGlvbiBhbHJlYWR5IGV4aXN0cywgaXQgd2lsbCBiZSBqdXN0IHJldHVybmVkLjwvc3Ryb25nPlxuICogPHN0cm9uZz5Pcmdhbml6YXRpb24gZGVsZXRpb24gaXMgY3VycmVudGx5IG5vdCBzdXBwb3J0ZWQhPC9zdHJvbmc+XG4gKlxuICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vY2RrL2FwaS92MS9kb2NzL2N1c3RvbS1yZXNvdXJjZXMtcmVhZG1lLmh0bWwjcHJvdmlkZXItZnJhbWV3b3JrXG4gKi9cbmV4cG9ydCBjbGFzcyBPcmdhbml6YXRpb25Qcm92aWRlciBleHRlbmRzIE5lc3RlZFN0YWNrIHtcbiAgLyoqXG4gICAqIFJldHJpZXZlIE9yZ2FuaXphdGlvblByb3ZpZGVyIGFzIHN0YWNrIHNpbmdsZXRvbiByZXNvdXJjZS5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvaXNzdWVzLzUwMjNcbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZ2V0T3JDcmVhdGUoc2NvcGU6IENvbnN0cnVjdCk6IE9yZ2FuaXphdGlvblByb3ZpZGVyIHtcbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHNjb3BlKTtcbiAgICBjb25zdCBpZCA9IFwiY2RrLW9yZ2FuaXphdGlvbnMuT3JnYW5pemF0aW9uUHJvdmlkZXJcIjtcbiAgICBjb25zdCBleGlzdGluZyA9IHN0YWNrLm5vZGUudHJ5RmluZENoaWxkKGlkKTtcbiAgICByZXR1cm4gKGV4aXN0aW5nIGFzIE9yZ2FuaXphdGlvblByb3ZpZGVyKSB8fCBuZXcgT3JnYW5pemF0aW9uUHJvdmlkZXIoc3RhY2ssIGlkLCB7fSk7XG4gIH1cbiAgLyoqXG4gICAqIENyZWF0ZXMgYW4gT3JnYW5pemF0aW9uIGFuZCByZXR1cm5zIHRoZSByZXN1bHQgZnJvbSBkZXNjcmliZU9yZ2FuaXphdGlvbi5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL09yZ2FuaXphdGlvbnMuaHRtbCNjcmVhdGVPcmdhbml6YXRpb24tcHJvcGVydHlcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL09yZ2FuaXphdGlvbnMuaHRtbCNkZXNjcmliZU9yZ2FuaXphdGlvbi1wcm9wZXJ0eVxuICAgKi9cbiAgcHVibGljIHJlYWRvbmx5IG9uRXZlbnRIYW5kbGVyOiBGdW5jdGlvbjtcbiAgLyoqXG4gICAqIFRoZSBwcm92aWRlciB0byBjcmVhdGUgb3IgZGVzY3JpYmUgYW4gb3JnYW5pemF0aW9uLlxuICAgKlxuICAgKiBAc2VlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jZGsvYXBpL3YxL2RvY3MvY3VzdG9tLXJlc291cmNlcy1yZWFkbWUuaHRtbCNhc3luY2hyb25vdXMtcHJvdmlkZXJzLWlzY29tcGxldGVcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBwcm92aWRlcjogUHJvdmlkZXI7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE9yZ2FuaXphdGlvblByb3ZpZGVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIGNvbnN0IG9yZ2FuaXphdGlvbnNSZWdpb24gPSBwcm9jZXNzLmVudi5DREtfQVdTX1BBUlRJVElPTiA9PT0gXCJhd3MtY25cIiA/IFwiY24tbm9ydGh3ZXN0LTFcIiA6IFwidXMtZWFzdC0xXCI7XG5cbiAgICB0aGlzLm9uRXZlbnRIYW5kbGVyID0gbmV3IE9uRXZlbnRIYW5kbGVyRnVuY3Rpb24odGhpcywgXCJPbkV2ZW50SGFuZGxlckZ1bmN0aW9uXCIsIHtcbiAgICAgIGVudmlyb25tZW50OiB7XG4gICAgICAgIE9SR0FOSVpBVElPTlNfRU5EUE9JTlRfUkVHSU9OOiBvcmdhbml6YXRpb25zUmVnaW9uLFxuICAgICAgfSxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLm1pbnV0ZXMoMTApLFxuICAgICAgaW5pdGlhbFBvbGljeTogW1xuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXCJvcmdhbml6YXRpb25zOkNyZWF0ZU9yZ2FuaXphdGlvblwiLCBcIm9yZ2FuaXphdGlvbnM6RGVzY3JpYmVPcmdhbml6YXRpb25cIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdLFxuICAgICAgICB9KSxcbiAgICAgICAgLy8gcGVybWl0IHRoZSBjcmVhdGlvbiBvZiBzZXJ2aWNlLWxpbmtlZCByb2xlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9vcmdhbml6YXRpb25zL2xhdGVzdC91c2VyZ3VpZGUvb3Jnc19tYW5hZ2Vfb3JnX2NyZWF0ZS5odG1sI2NyZWF0ZS1vcmdcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogW1wiaWFtOkNyZWF0ZVNlcnZpY2VMaW5rZWRSb2xlXCJdLFxuICAgICAgICAgIHJlc291cmNlczogW2Bhcm46JHtBd3MuUEFSVElUSU9OfTppYW06Oio6cm9sZS8qYF0sXG4gICAgICAgIH0pLFxuICAgICAgXSxcbiAgICB9KTtcblxuICAgIHRoaXMucHJvdmlkZXIgPSBuZXcgUHJvdmlkZXIodGhpcywgXCJQcm92aWRlclwiLCB7XG4gICAgICBvbkV2ZW50SGFuZGxlcjogdGhpcy5vbkV2ZW50SGFuZGxlcixcbiAgICB9KTtcbiAgfVxufVxuIl19