- organization
- organization tasks
- budget alarms
- cloudtrail
- guardduty
- subdomains
- cross account bucket
- cross account role
- cross account role with alarm
- cross account secret
- cross account lambda
- wildcard certs (2 regions)
- custom account creation workflow
- Terraform
Basic organization that demonstrates most of the IaC features for AWS Organizations: organization.yml
Basic taskfile that contains all examples below: organization-tasks.yml. Includes another taskfile organization-iam-tasks.yml which contains roles.
Note: This feature needs Billing Alerts and Access to the Billing and Cost Management console enabled in the Organizations Root Account. It might need up to 24 hours until these changes are propagated and a deployment of this example is possible.
Basic example on how to create budget alarms based on tags that are defined on the account.
Example on how to do a basic cloud trail implementation. Demonstrates cross account references
Example on how to do a basic guardduty implementation. Demonstrates cross account references / ForeachElement / DependsOnAccount
Example on how to provision route 53 subdomains for all accounts within your organization based on a tag and including a root hosted zone in the organization master account.
Reusable template to do cross account access to S3 bucket.
templates/cross-account-bucket.yml
Reusable template to do cross account IAM roles.
templates/cross-account-role.yml
Reusable template to do cross account IAM roles with an alarm (based on CloudTrail)
templates/cross-account-role-with-alarm.yml
Reusable template to do cross account secretsmanager secrets.
templates/cross-account-secret.yml
Reusable template to do cross account lambdas. Assumes the lambda is deployed by another means (serverless? SAM?)
templates/cross-account-lambda.yml
Template that demonstrates provisioning wildcard certificates in both us-east-1 and another region while having the ARNs to these certicates stored locally in SSM.
Serverless project that demonstrate how to customize and extern the account creation process using CloudWatch/ EventBridge event rules and StepFunctions
Example implementation for deploying infrastructure using Terraform with an S3 Bucket as backend.
