Install, configure and manage the AWS organizations management account and all its member accounts.

We use a combination of org-formation and sceptre to deploy AWS cloud resources using cloudformation.

We boostrapped our AWS management account before deployments can happen.

Deploy resources to master and all member accounts

• install nodejs
• cd org-formation
• run 'npm install'
• run npx org-formation process-tasks --profile master-profile --verbose --print-stack organization-tasks.yaml

Note: master-profile is a profile that can assume the account's organizations-admin role

• create a python 3.x virtualenv
• run pip install sceptre sceptre-ssm-resolver sceptre-date-resolver git+git://github.com/Sceptre/sceptre-file-resolver.git
• cd sceptre/folder (i.e. sceptre/sandbox)
• uncomment # profile: {{ var.profile | default("default") }} in config/configs.yaml
• run sceptre --var "profile=member-profile" --var "region=us-east-1" launch prod/my-template.yaml

Note: member-profile is a profile that can assume the member account's OrganizationAccountAccessRole role

We have setup Github actions to automate deployments to the AWS management and all member accounts. The deployment runs on every merge to the master branch.

Org-formation manages deployments to specific accounts using organization Bindings

Sceptre manages deployments to specific accounts with designated config folders (i.e. config/dev or config/prod).

Contributions are welcome.

Requirements:

• Install pre-commit app
• Clone this repo
• Run pre-commit install to install the git hook.

As a pre-deployment step we syntatically validate our sceptre and cloudformation yaml files with pre-commit.

Please install pre-commit, once installed the file validations will automatically run on every commit. Alternatively you can manually execute the validations by running pre-commit run --all-files. Please install pre-commit, once installed the file validations will automatically run on every commit.

• https://sagebionetworks.jira.com/projects/IT

• https://travis-ci.org/Sage-Bionetworks/organizations-infra

• We use the AWS SSM to store secrets for this project. Sceptre retrieves the secrets using a sceptre ssm resolver and passes them to the cloudformation stack on deployment.