Examples

March 4, 2023 · View on GitHub

organization
organization tasks
budget alarms
cloudtrail
guardduty
subdomains
cross account bucket
cross account role
cross account role with alarm
cross account secret
cross account lambda
wildcard certs (2 regions)
custom account creation workflow
Terraform

organization

Basic organization that demonstrates most of the IaC features for AWS Organizations: organization.yml

organization tasks

Basic taskfile that contains all examples below: organization-tasks.yml. Includes another taskfile organization-iam-tasks.yml which contains roles.

budget alarms

Note: This feature needs Billing Alerts and Access to the Billing and Cost Management console enabled in the Organizations Root Account. It might need up to 24 hours until these changes are propagated and a deployment of this example is possible.

Basic example on how to create budget alarms based on tags that are defined on the account.

budget alarms

templates/budget-alarms.yml

cloudtrail

Example on how to do a basic cloud trail implementation. Demonstrates cross account references

cloudtrail

templates/cloudtrail.yml

guardduty

Example on how to do a basic guardduty implementation. Demonstrates cross account references / ForeachElement / DependsOnAccount

guardduty

templates/guardduty.yml

subdomains

Example on how to provision route 53 subdomains for all accounts within your organization based on a tag and including a root hosted zone in the organization master account.

subdomains

templates/subdomains.yml

cross account bucket

Reusable template to do cross account access to S3 bucket.

cross-account-bucket

templates/cross-account-bucket.yml

cross account role

Reusable template to do cross account IAM roles.

cross-account-role

templates/cross-account-role.yml

cross account role with alarm

Reusable template to do cross account IAM roles with an alarm (based on CloudTrail)

cross-account-role-with-alarm

templates/cross-account-role-with-alarm.yml

cross account secret

Reusable template to do cross account secretsmanager secrets.

cross-account-secret

templates/cross-account-secret.yml

cross account lambda

Reusable template to do cross account lambdas. Assumes the lambda is deployed by another means (serverless? SAM?)

cross-account-lambda

templates/cross-account-lambda.yml

wildcard certs (2 regions)

Template that demonstrates provisioning wildcard certificates in both us-east-1 and another region while having the ARNs to these certicates stored locally in SSM.

wildcard-certs

templates/wildcard-certs.yml

custom account creation workflow

Serverless project that demonstrate how to customize and extern the account creation process using CloudWatch/ EventBridge event rules and StepFunctions

account-creation

automation/create-account

Terraform

Example implementation for deploying infrastructure using Terraform with an S3 Bucket as backend.

terraform