Creating a Project Account With Microtemplates on AWS
ACM.420 Creating a new account in a specific OU with the project ID in the name
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: AWS Organizations | IAM | Deploying a Static Website
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post, I created all my AWS accounts, in parallel as much as possible.
In this post, I’m going to set up a project account. Sometimes you need a segregated account for a specific purpose and that’s what I need right now. I’m going to use my microtemplates and container that requires MFA to execute deployment jobs to set that up.
First I need to create the account. I want to give each project account a unique name so I’m going to provide that name and pass it in as a parameter when I create the account. I showed how to use parameters in a prior post and how I added parameter names to my parameters here:
I added a new number for my project job. Note that I am setting the value of params to the project ID, which will also be used as my account name in conjunction with the environment to which it is deployed.
account name: [env]-[projectid]
I haven’t implemented all the individual account jobs yet as I haven’t needed them, so I’m skipping a few numbers in the options I display to the user for jobs they can run:
Passing the Project ID to be used as the account name
As you can see from the job name above the script that will run is:
organizations_account_nonprod_project.sh
Recall that I have a function for obtaining parameter values in deploy/shared/functions.sh passed to my script in this format:
[parameter1=value1,parameter2=value2]
I create a parameter list when I run the container and pass in the value of the $params variable with the name of $parameters to the container:
The container job/run.sh script that executes when the container runs sets the $parameters variable:
The parameters variable is the 4th argument passed into my script and may be empty or contain any parameters passed to the job. I may change this later to come from SSM Parameter store but I happen to be in a hurry at the moment to get something set up. 😊
The job/run.sh script calls the appropriate script which in this case is organizations_account_nonprod_project.sh as mentioned and passes in the value.
Creating the account
Now we can create the account using the same logic as all the other accounts in the last post but with the project ID in the account name and in the projects OU.
Now I can deploy my project account which I am naming testproject.
That works.
Now I have an AWS account for my testproject in the proper OU:
Now I want to configure my project account. That’s next.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab