Occasionally we'll run into an environment that's structured with one main account, and a series (several dozen in some cases) sub-accounts. Doing each one by hand is incredibly tedious, and if the customer hasnt configured the ListAccounts permission, then the discover-organization-account command doesn't work.
Is there a technique or best practice for programatically stepping through all of the accounts in ~/.aws/credentials, and doing an exhaustive discovery and mapping of them?
One of the things we're trying to solve for is "can vpcs in other accounts or regions talk to other vpcs in different accounts or regions".
Occasionally we'll run into an environment that's structured with one main account, and a series (several dozen in some cases) sub-accounts. Doing each one by hand is incredibly tedious, and if the customer hasnt configured the ListAccounts permission, then the discover-organization-account command doesn't work.
Is there a technique or best practice for programatically stepping through all of the accounts in ~/.aws/credentials, and doing an exhaustive discovery and mapping of them?
One of the things we're trying to solve for is "can vpcs in other accounts or regions talk to other vpcs in different accounts or regions".
Thanks in advance!