Skip to content

JumpToTheCloud/aws-organizations

BranchesTags

Repository files navigation

AWS Organizations Construct Library

AWS Organization

Getting started

Installation

Install the library in your project:

npm install @jttc/aws-organization
yarn add @jttc/aws-organization

Usage

New Organization

To create a new AWS Organization, use the Organization Construct provided. By default, it creates an organization with all FeatureSet.

import { Construct } from 'constructs';
import { Organization } from '@jttc/aws-organizations';

export class OrganizationStack extends Construct {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    new Organization(this, 'Organization');
  }
}

New Organization Unit from root organization

To create a new AWS Organization Unit, use the OrganizationUnit Construct provided.

import { Construct } from 'constructs';
import { Organization, OrganizationUnit } from '@jttc/aws-organizations';

export class OrganizationStack extends Construct {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    const organization = new Organization(this, 'Organization');

    new OrganizationUnit(this, 'WorkloadsOrganizationUnit', {
      organizationUnitName: 'workloads',
      parent: organization,
    });
  }
}

Create new Account

To create a new Account, use the Account Construct provided.

import { Construct } from 'constructs';
import {
  Organization,
  OrganizationUnit,
  Account,
} from '@jttc/aws-organizations';

export class OrganizationStack extends Construct {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    const organization = new Organization(this, 'Organization');

    const workloadOrganizationUnit = new OrganizationUnit(
      this,
      'WorkloadsOrganizationUnit',
      {
        organizationUnitName: 'workloads',
        parent: organization,
      }
    );

    new Account(this, 'ProdAccount', {
      accountName: 'prodc-account',
      email: 'prod@example.com'
      parent: workloadOrganizationUnit,
    });
  }
}

Service Control Policy

Attached a Service Control Policy to an Organization Unit or an Account

import { Construct } from 'constructs';
import {
  Organization,
  OrganizationUnit,
  Account,
  ServiceControlPolicy
} from '@jttc/aws-organizations';

export class OrganizationStack extends Construct {
  constructor(scope: Construct, id: string) {
    super(scope, id);

    const organization = new Organization(this, 'Organization');

    const workloadOrganizationUnit = new OrganizationUnit(
      this,
      'WorkloadsOrganizationUnit',
      {
        organizationUnitName: 'workloads',
        parent: organization,
      }
    );

    new Account(this, 'ProdAccount', {
      accountName: 'prodc-account',
      email: 'prod@example.com'
      parent: workloadOrganizationUnit,
    });

    const policy = new PolicyStatement({
      effect: Effect.ALLOW,
      actions: ['s3:*'],
      resources: ['*'],
    });
    
    new ServiceControlPolicy(stack, 'ServiceControlPolicy', {
      name: 'test-policy',
      description: 'test policy',
      statements: [policy],
      targetIds: [workloadOrganizationUnit.organizationUnitId],
    });
  }
}

About

AWS Organization CDK Construct

jumptothecloud.github.io/aws-organizations/

Topics

aws aws-cdk aws-organisation

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages