Muppet is a combination of python/terraform scripts that fully automates and version controls AWS account creation.
Organizations/Individuals that have an existing AWS master/billing account and want to create multiple AWS accounts with billing tied to their master account. Muppet is not suitable if your use case is to create a personal/singular AWS account.
The core components of muppet are:
- AWS Workmail: Muppet uses the workmail API to automate the create of email accounts, a requirement when creating an AWS account.
- Terraform: Muppet uses Terraform to create the AWS account in AWS Organizations and store the config state. In the near future, the goal is to configure workmail via terraform as well. See here for more detail/if you want to contribute.
- Boto3: Muppet used Boto3, the AWS python SDK, to create email accounts in AWS workmail.
Prior to using Muppet, the following pre-requisites need to be in place:
- AWS Organizations: Set up AWS Organizations in your master/billing AWS account. All accounts that you create using Muppet will fall under this Organization.
- AWS Workmail: Create an AWS workmail account. The first 25 users are free to create and then its $4 per user per month.
- Terraform/Boto3: Ensure that you have installed Terraform/Boto3 in the environment that you are running Muppet in. Familiarize yourself with the concept of Modules in Terraform.
- Configure AWS Credentials: Configure your AWS credentials with read/write access to AWS Workmail and AWS Organizations in your AWS account.
Muppet is very simple to use, hence the name :P. To get started:
- Clone the repository
$ git clone git@github.com:ruzin/muppet.git
- In example.tf, provide your custom values including your workmail account organization id and workmail account domain.
module "prod-account" {
source = "./module"
workmail_org_id = "m-xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
workmail_account_domain = "example.com"
account_name = "your_account_name"
password = "your_password"
}
- Set your AWS credentials as environment variables. See here for more info.
$ export AWS_ACCESS_KEY_ID="anaccesskey"
$ export AWS_SECRET_ACCESS_KEY="asecretkey"
$ export AWS_DEFAULT_REGION="eu-west-1"
- Run terraform init & then terraform apply.
$ terraform init
$ terraform apply
- If you are happy with the plan, proceed and your AWS account will be created :)
- To see details on how to access your newly created account, see here.
- Note: You may want to reset the root account password for the account that was created. See here for details. For some bizarre reason, AWS still hasn't exposed the API calls to automate this :(.