Pipeline should be fired when we move accounts between OUs

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.

https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html

Apache License 2.0

360 stars 205 forks source link

Pipeline should be fired when we move accounts between OUs #90

Open rmsilva1973 opened 2 years ago

rmsilva1973 commented 2 years ago

Since we can target differente stacksets to different OUs, I think it would be reasonable that the pipeline gets fired whenever we move accounts between OUs

cabjas01 commented 2 years ago

Add UpdateManagedAccount to the CustomControlTowerLECWEventRule Resource EventPattern:

https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/deployment/custom-control-tower-initiation.template#L3009

"eventName": [ "CreateManagedAccount", "UpdateManagedAccount" ],

rmsilva1973 commented 2 years ago

@cabjas01 the event source is not "aws.controltower" I think it's "organizations.amazonaws.com" as can be seen in eventSource. Also, lifecycle_event_handler.py expects messages from aws.controltower only.

A little bit more tweaking, but still seems doable...

rakshb commented 2 years ago

Thanks @rmsilva1973 we have added this to our backlog.