pepperize / cdk-organizations

Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).
MIT License
172 stars 16 forks source link

Creating OUs under current organization in Python #745

Open nerdlem opened 2 years ago

nerdlem commented 2 years ago

Hi there,

Thanks for this library!

I am having issues with code like the following:

from constructs import Construct
from aws_cdk import (
    Stack,
    RemovalPolicy,
)
import pepperize_cdk_organizations as orgs

class MyRootStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        self.environments = ["foo", "bar", "baz"]

        for env in self.environments:
            ou = orgs.OrganizationalUnit(self, env,
                organizational_unit_name=env,
                import_on_duplicate=True,
                removal_policy=RemovalPolicy.DESTROY,
                parent=Stack.of(self).account,                         # HERE
            )

Namely, I would like to create OUs under the current account—i.e.: the account to which the AWS credentials used to run cdk belong to. I'm missing a way to specify "this account" for the parent parameter. cdk deploy returns the following error:

Key 'parent': Unable to deserialize value as @pepperize/cdk-organizations.IParent

If I specify a string constant with the ARN or ID of the organization where I want the OUs to be created, I get the following error:

Key 'parent': Unable to deserialize value as @pepperize/cdk-organizations.IParent

I feel like this use case is frequent enough, that saying parent=None should do the trick, but would settle for a method returning the IAccount for the current account—perhaps it is there and I haven't been able to find it?

Thanks in advance.

-lem

pflorek commented 2 years ago

Hey @nerdlem ,

in your mangement account obtain the Organization.root to use as the parent for the first OUs

https://github.com/pepperize/cdk-organizations#organization

nerdlem commented 2 years ago

Thank you. This was what I needed.

Best regards

-lem