Class: Tfctl::AwsOrg

Inherits:

Object

• Object
• Tfctl::AwsOrg

Defined in:

lib/tfctl/aws_org.rb

Instance Method Summary

• #accounts(org_units) ⇒ Object

  Gets account data for specified OUs from AWS Organizations API.

• #initialize(role_arn) ⇒ AwsOrg constructor

  A new instance of AwsOrg.

Constructor Details

#initialize(role_arn) ⇒ AwsOrg

Returns a new instance of AwsOrg.

# File 'lib/tfctl/aws_org.rb', line 9

def initialize(role_arn)
    @aws_org_client = Aws::Organizations::Client.new(
        region:      'us-east-1',
        # Assume role in primary account to read AWS organization API
        credentials: aws_assume_role(role_arn),
    )
end

Instance Method Details

#accounts(org_units) ⇒ Object

Gets account data for specified OUs from AWS Organizations API

# File 'lib/tfctl/aws_org.rb', line 18

def accounts(org_units)
    output = { accounts: [] }

    aws_ou_ids = aws_ou_list

    org_units.each do |ou_path|
        raise Tfctl::Error, "Error: OU: #{ou_path}, does not exists in AWS organization" unless aws_ou_ids.key?(ou_path)

        parent_id = aws_ou_ids[ou_path]

        @aws_org_client.list_accounts_for_parent(parent_id: parent_id).accounts.each do |account|
            next unless account.status == 'ACTIVE'

            output[:accounts] << {
                name:       account.name,
                id:         account.id,
                arn:        account.arn,
                email:      account.email,
                ou_path:    ou_path.to_s,
                ou_parents: ou_path.to_s.split('/'),
                profiles:   [],
            }
        end
    end
    output
end