1. Answers
  2. How do I build an AWS organizations account with Pulumi?

How Do I Build an AWS Organizations Account With Pulumi?

Introduction

Creating an AWS Organizations account with Pulumi is a powerful way to manage and govern your AWS environment as it expands. AWS Organizations allows you to centrally control your AWS resources, making it easier to enforce policies, manage billing, and streamline operations across multiple AWS accounts. This guide will walk you through the process of setting up an AWS Organization, creating an Organizational Unit (OU), and adding an account to that OU using Pulumi.

Steps

  1. Provider Configuration: Begin by defining the AWS provider, which is essential for interacting with the AWS API. This configuration establishes the necessary credentials and permissions to manage AWS resources through Pulumi.

  2. Create AWS Organization: Establish the AWS Organization, which serves as the root entity for your account structure. This step is crucial as it lays the foundation for organizing and managing multiple AWS accounts under a single umbrella.

  3. Create Organizational Unit (OU): Within the AWS Organization, create an Organizational Unit (OU). OUs help you group accounts to apply policies and streamline management. This hierarchical structure allows for more granular control and organization of your AWS resources.

  4. Create AWS Account: Finally, add a new AWS account to the created OU. This account will inherit the policies and permissions set at the OU level, ensuring consistent governance across your AWS environment.

Below is the full example.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create the main AWS Organization
const main = new aws.organizations.Organization("main", {
    awsServiceAccessPrincipals: [
        "cloudtrail.amazonaws.com",
        "config.amazonaws.com",
    ],
    featureSet: "ALL",
});
// Create an Organizational Unit (OU)
const exampleOu = new aws.organizations.OrganizationalUnit("example_ou", {
    name: "ExampleOU",
    parentId: main.roots.apply(roots => roots[0].id),
});
// Create a new AWS Account
const exampleAccount = new aws.organizations.Account("example_account", {
    name: "example-account",
    email: "example@example.com",
    roleName: "OrganizationAccountAccessRole",
    parentId: exampleOu.id,
});
export const organizationId = main.id;
export const accountId = exampleAccount.id;

Key Points

  • Centralized Management: AWS Organizations provides a centralized platform to manage multiple AWS accounts efficiently.
  • Organizational Units: OUs allow for structured organization and policy enforcement across accounts.
  • Scalability: This setup supports growth by allowing you to easily add and manage new accounts.

Conclusion

In summary, setting up an AWS Organization with Pulumi enables effective management and governance of your AWS resources as your environment scales. By creating an Organizational Unit and adding accounts, you ensure a structured and policy-compliant AWS infrastructure. This approach not only simplifies account management but also enhances security and operational efficiency across your AWS ecosystem.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up