Skip to content

Fixed issue #610 on prompting user they are not using an account capable of setting up AWS Organization #611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fixed issue #610 on prompting user they are not using an account capable of setting up AWS Organization #611

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4e7ba0e
Fixed issue #610 on prompting user they are not using an account capa…
Aug 23, 2023
5181fef
Merge remote-tracking branch 'origin' into fix/610-aws-org-check
Aug 24, 2023
ddc1e5a
Merge remote-tracking branch 'origin' into fix/610-aws-org-check
Aug 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 26 additions & 8 deletions iambic/config/wizard.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1105,6 +1105,16 @@ def setup_aws_configuration(self):
# need bootstrapping
self.boto3_session = boto3.Session(region_name=self.aws_default_region)
self.autodetected_org_settings = {}
try:
org_client = self.boto3_session.client("organizations")
self.autodetected_org_settings = org_client.describe_organization()[
"Organization"
]
except Exception:
# we are wrapping inside a try-except block because the user
# may not have organization setup yet, so we don't want to
# crash in that case.
pass

default_caller_identity = self.boto3_session.client(
"sts", region_name=self.aws_default_region
Expand Down Expand Up @@ -1350,17 +1360,25 @@ def maybe_prompt():
return True
else:
# Currently only 1 org per config is supported.
click.echo(
"\nIf you would like to use AWS Organizations, the IAMbic hub account you configured must be the same "
"AWS account as your AWS Organization."
log.error(
"If you would like to use AWS Organizations, the IAMbic hub account you"
"\nconfigured must be the same AWS account as your AWS Organization."
"\nPlease follow AWS guide to setup an AWS organization first. If you already have an organization setup,"
"\nmake sure you are using the organization management account before running IAMbic setup"
)
return questionary.confirm("Is this the case?").unsafe_ask()
raise ValueError("Not AWS Organization management account")

if maybe_prompt():
if self.config.aws and self.config.aws.organizations:
self.configuration_wizard_aws_organizations_edit()
try:
if maybe_prompt():
if self.config.aws and self.config.aws.organizations:
self.configuration_wizard_aws_organizations_edit()
else:
self.configuration_wizard_aws_organizations_add()
except ValueError as e:
if e.args[0] == "Not AWS Organization management account":
return
else:
self.configuration_wizard_aws_organizations_add()
raise

def configuration_wizard_aws(self):
self.setup_aws_configuration()
Expand Down