Skip to content

Commit

Permalink
fix: inspector needs work (#47)
Browse files Browse the repository at this point in the history
  • Loading branch information
pgollucci authored Nov 22, 2024
1 parent f91ec1c commit 37260dd
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 37 deletions.
56 changes: 28 additions & 28 deletions bin/p6lzctl
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,7 @@ p6_lz_run_bootstrap() {
local region=$AWS_REGION

p6_h2 "Bootstrapping"
p6_lz_util_cdk_execute "$action" "" "$action_id" "$region"
p6_lz_util_cdk_execute "$action" "" "$account_id" "$region"

p6_return_void
}
Expand Down Expand Up @@ -439,31 +439,6 @@ p6_lz_run_phase_2() {
p6_return_void
}

######################################################################
#<
#
# Function: p6_lz_run_phase_2_bootstrap_trust(action)
#
# Args:
# action -
#
# Environment: _2_
#>
######################################################################
p6_lz_run_phase_2_bootstrap_trust() {
local action="$1"

p6_h3 "Phase 2: Bootstrap Trust"
local management_account_id=$(p6_aws_svc_organizations_management_account_id_get)
local account_ids=$(p6_aws_svc_organizations_account_list_active_ids_without_management)
local account_id
for account_id in $account_ids; do
p6_aws_svc_organizations_sts_run_as p6_lz_util_bootstrap_trust "$action" "$account_id" "$region" "$management_account_id"
done

p6_return_void
}

######################################################################
#<
#
Expand All @@ -477,7 +452,7 @@ p6_lz_run_phase_2_account_context() {
p6_h3 "Phase 2: Account Context"
local pair
for pair in $(p6_aws_svc_organizations_accounts_list_active_ids_and_names); do
local name=$(p6_echo "$pair" | cut -d= -f1 | sed -e 's,p6m7g8-,,')
local name=$(p6_echo "$pair" | cut -d= -f1 | sed -e 's,p6m7g8-,,' -e 's,p6m7g8,management,')
local account_id=$(p6_echo "$pair" | cut -d= -f2)

if p6_file_exists cdk.context.json; then
Expand All @@ -497,6 +472,31 @@ p6_lz_run_phase_2_account_context() {
p6_return_void
}

######################################################################
#<
#
# Function: p6_lz_run_phase_2_bootstrap_trust(action)
#
# Args:
# action -
#
# Environment: _2_
#>
######################################################################
p6_lz_run_phase_2_bootstrap_trust() {
local action="$1"

p6_h3 "Phase 2: Bootstrap Trust"
local management_account_id=$(p6_aws_svc_organizations_management_account_id_get)
local account_ids=$(p6_aws_svc_organizations_account_list_active_ids_without_management)
local account_id
for account_id in $account_ids; do
p6_aws_svc_organizations_sts_run_as "$account_id" p6_lz_util_bootstrap_trust "$action" "" "$account_id" "$AWS_REGION" "$management_account_id"
done

p6_return_void
}

######################################################################
#<
#
Expand Down Expand Up @@ -881,7 +881,7 @@ p6_lz_util_bootstrap_trust() {
local region="$3"
local management_account_id="$4"

p6_lz_util_execute "$action" "" "$account_id" "$region" --trust $management_account_id --trust-for-lookup $management_account_id --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess
p6_lz_util_cdk_execute "$action" "" "$account_id" "$region" --trust $management_account_id --trust-for-lookup $management_account_id --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess

p6_return_void
}
Expand Down
18 changes: 9 additions & 9 deletions src/deploy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,15 @@ const env = {
const app = new cdk.App()

const accounts = app.node.tryGetContext('Accounts') as Array<{ Name: string, AccountId: string }> ?? []
const auditAccountId = accounts.find(account => account.Name === 'audit')?.AccountId ?? '12345678912'
const devAccountId = accounts.find(account => account.Name === 'dev')?.AccountId ?? '12345678912'
const logarchiveAccountId = accounts.find(account => account.Name === 'logarchive')?.AccountId ?? '12345678912'
const managementAccountId = accounts.find(account => account.Name === 'management')?.AccountId ?? '12345678912'
const networkAccountId = accounts.find(account => account.Name === 'network')?.AccountId ?? '12345678912'
const prodAccountId = accounts.find(account => account.Name === 'prod')?.AccountId ?? '12345678912'
const qaAccountId = accounts.find(account => account.Name === 'qa')?.AccountId ?? '12345678912'
const sharedAccountId = accounts.find(account => account.Name === 'shared')?.AccountId ?? '12345678912'
const sandboxAccountId = accounts.find(account => account.Name === 'sandbox')?.AccountId ?? '12345678912'
const auditAccountId = accounts.find(account => account.Name === 'audit')?.AccountId ?? '012345678912'
const devAccountId = accounts.find(account => account.Name === 'dev')?.AccountId ?? '012345678912'
const logarchiveAccountId = accounts.find(account => account.Name === 'logarchive')?.AccountId ?? '012345678912'
const managementAccountId = accounts.find(account => account.Name === 'management')?.AccountId ?? '012345678912'
const networkAccountId = accounts.find(account => account.Name === 'network')?.AccountId ?? '012345678912'
const prodAccountId = accounts.find(account => account.Name === 'prod')?.AccountId ?? '0123456789012'
const qaAccountId = accounts.find(account => account.Name === 'qa')?.AccountId ?? '012345678912'
const sharedAccountId = accounts.find(account => account.Name === 'shared')?.AccountId ?? '012345678912'
const sandboxAccountId = accounts.find(account => account.Name === 'sandbox')?.AccountId ?? '012345678912'

const principals: string[] = [
auditAccountId,
Expand Down

0 comments on commit 37260dd

Please sign in to comment.