AWS: Organizations Support

[tbugfinder]

Use Case

As a Cloud Administrator or Security Admin I have to apply settings within all accounts and regions. There it should be possible to apply code within all member accounts or based on OUs.

Describe the Solution You Would Like

Apply code (e.g. IAM roles, Service Settings) on all Org members and regions (depending on service).

Describe Alternatives You've Considered

boto3 + python scripting
lambda deployment (e.g. awslabs)

Additional Context

N/A

[welcome]

Thanks for opening your first issue here! We will follow up as soon as we can.

[MikaelSmith]

Thanks for submitting this! I'd like to make sure I understand what "apply code" means, as this feels like a fairly abstract idea. Do you have examples in mind of what this interaction might look like? Alternatively, examples of what you've done with boto3 + python scripting that you could share?

[tbugfinder]

Well, maybe I've a wrong understanding of wash's target.
"Apply code" was meant as e.g. an AWS API call or applying a cloudformation template to the Org or member accounts or OU(s).
This repo https://github.com/awslabs/aws-securityhub-multiaccount-scripts contains .py code as well as a cloudformation template.

[MikaelSmith]

Ok, I'll have to think about this a bit and look at some examples.

Is the idea that you have a cloudformation template and it's an alternative to what you already do? Or that it's a different way of constructing those templates? Is applying a cloudformation template to an Org currently hard?