AWS Organizations

the aws organizations connector facilitates the management and retrieval of aws account and organizational structure information aws organizations offers policy based management for multiple aws accounts with the aws organizations turbine connector, users can automate account management and governance within the swimlane platform this connector enables the retrieval of detailed account information and organizational structure, streamlining compliance and oversight processes by integrating with aws organizations, swimlane turbine users can enhance their security automation workflows, ensuring efficient management of aws resources and policies across their enterprise limitations none to date supported versions this connector supports the latest version of the aws organizations api additional docs aws organizations api docs https //boto3 amazonaws com/v1/documentation/api/latest/reference/services/organizations html configuration prerequisites to utilize the aws organizations connector for turbine, ensure you have the following aws credentials for authentication with the necessary permissions to access aws organizations these include access key your aws access key id secret key your aws secret access key region name the aws region where your aws organizations is hosted authentication methods to effectively utilize the aws organizations connector with swimlane turbine, ensure you have the following prerequisites aws credentials authentication with the following parameters access key id your unique aws identifier key secret key your secret key for aws api access region name the aws region your organization operates in obtaining aws credentials to manage multiple aws accounts centrally, you can use aws organizations this service helps you consolidate billing, apply policies, and automate account management across your environment to use this integration, you will need to enable and configure aws organizations in your aws account by following the steps below log in to your aws account and navigate to the aws organizations console if you have not already created an organization, click on create organization and choose enable all features once the organization is created, you will be assigned a management account (formerly known as the master account) to add member accounts click add an aws account choose to create a new account, invite an existing one, or add an account from an organization provide the necessary details and follow the on screen instructions managing organizational units and policies aws organizations allows you to group accounts using organizational units (ous) and apply service control policies (scps) to manage permissions in the aws organizations console, navigate to the organizational units section click create organizational unit to define logical groupings of accounts select an ou, then click on policies to attach scps to create or attach a service control policy click policies from the left hand menu choose create policy and define your json policy document attach the policy to an ou or directly to an account permissions to allow users or roles to manage aws organizations, specific permissions must be granted open the iam management console navigate to the user or role that requires access click on the permissions tab and then click on the add permissions button at the top right of the permissions block choose attach policies, then search for and select awsorganizationsfullaccess click add permissions at the bottom right corner if fine grained permissions are needed, create a custom iam policy using specific organizations actions depending on your use case capabilities this connector provides the following capabilities describe account describe organization describe account retrieves aws organizations related information about the specified account aws organizations's documentation for this action can be found here https //boto3 amazonaws com/v1/documentation/api/latest/reference/services/organizations/client/describe account html describe organization retrieves information about the organization that the user's account belongs to aws organizations's documentation for this action can be found here https //boto3 amazonaws com/v1/documentation/api/latest/reference/services/organizations/client/describe organization html configurations aws organizations authentication authenticates using aws credentials configuration parameters parameter description type required access key aws access key string required secret key aws secret key string required region name the aws region where you want to create new connections string required role arn optional role arn to assume leave blank unless tasks need to assume a different role string optional external id external id to assume iam role optional value used for assuming roles can be added, or removed in trusted relationships of target role string optional session token use if a session token is provided when switching roles string optional role session name defaults to sessionfromswimlane \<hash> when no value is provide string optional actions describe account retrieves detailed information about a specified aws organizations account using the accountid endpoint method get input argument name type required description accountid string required the unique identifier (id) of the aws account that you want information about output parameter type description id string unique identifier arn string output field arn name string name of the resource email string output field email joinedmethod string http method to use joinedtimestamp number output field joinedtimestamp status string status value example \[ { "id" "555555555555", "arn" "arn\ aws\ organizations 111111111111\ account/o exampleorgid/555555555555", "name" "beta account", "email" "anika\@example com", "joinedmethod" "invited", "joinedtimestamp" 1481756563 134, "status" "active" } ] describe organization retrieves information about the aws organization linked to the user's account, including its structure and service control policies endpoint method get output parameter type description masteraccountarn string output field masteraccountarn masteraccountemail string output field masteraccountemail masteraccountid string unique identifier id string unique identifier featureset string output field featureset arn string output field arn availablepolicytypes array type of the resource type string type of the resource status string status value example \[ { "masteraccountarn" "arn\ aws\ organizations 111111111111\ account/o exampleorgid/111111111111", "masteraccountemail" "diego\@example com", "masteraccountid" "111111111111", "id" "o exampleorgid", "featureset" "all", "arn" "arn\ aws\ organizations 111111111111\ organization/o exampleorgid", "availablepolicytypes" \[ {} ] } ]