sparse-intern-71089
11/29/2022, 9:56 PMfresh-minister-66960
11/29/2022, 9:57 PM# Create new subaccount
new_account = organizations.Account(
client_name,
email=email,
close_on_deletion=True,
role_name=role_name,
name=client_name,
iam_user_access_to_billing="ALLOW",
)
account_id = ""
while not account_id:
# This is how we get the ID of 'new_account'
organization = organizations.get_organization()
for account in organization.accounts:
if account.name == client_name:
account_id = str(account.id)
# Intermediate provider that will assume admin role on the newly created account
iam_role_provider = Provider(
resource_name="admin-provider",
profile="mf",
assume_role={"role_arn": f"arn:aws:iam::{account_id}:role/{role_name}"},
skip_metadata_api_check=False,
skip_credentials_validation=True,
)
# Create new S3 bucket
bucket = s3.Bucket(
client_name,
acl="private",
versioning=s3.BucketVersioningArgs(
enabled=True,
),
bucket=client_name,
opts=ResourceOptions(provider=iam_role_provider),
)
iam_for_lambda = iam.Role(
"iamForLambda",
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""",
opts=ResourceOptions(provider=iam_role_provider),
)
# This is the lambda function we will deploy
lambda_function = lambda_.Function(
resource_name=lambda_name,
name=lambda_name,
code=FileArchive("package/"),
handler="XXXX",
runtime=lambda_runtime,
layers=get_latest_layers(
[
"XXXX",
]
),
role=iam_for_lambda.arn,
opts=ResourceOptions(provider=iam_role_provider),
)
fresh-minister-66960
11/29/2022, 11:54 PMfresh-minister-66960
12/02/2022, 8:04 PM