hoegertn · September 14, 2020 09:04
diff --git a/init.py b/init.py
 import json

 import inquirer
 import boto3
 import os
 import sys
 import subprocess


 def select_account():
    orga_client = boto3.client('organizations')
    accounts = []
    paginator = orga_client.get_paginator('list_accounts')
    page_iterator = paginator.paginate()
    for page in page_iterator:
        for account in page['Accounts']:
            accounts.append(account)

    choice = inquirer.list_input(
        "Select AWS Account",
        choices=list(map(lambda acc: (acc['Name'], acc['Id']), accounts))
    )

    return choice


 def select_region(account_id):
    # Jump into selected account
    rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
    assumed_role_object = boto3.client('sts').assume_role(
        RoleArn=rolearn, RoleSessionName="selectRegion")
    client = boto3.client(
        'ec2',
        aws_access_key_id=assumed_role_object['Credentials']['AccessKeyId'],
        aws_secret_access_key=assumed_role_object['Credentials']['SecretAccessKey'],
        aws_session_token=assumed_role_object['Credentials']['SessionToken']
    )

    # List all regions and let user select one
    regions = [region['RegionName'] for region in client.describe_regions()['Regions']]
    choice = inquirer.list_input(
        "Select AWS Region",
        choices=regions, default="eu-central-1"
    )

    return choice

 def deploy_cdk(account_id, aws_region):
    # Jump into selected account
    print(" > Accessing account %s ..." % account_id)
    rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
    assumed_role_object = boto3.client('sts').assume_role(
        RoleArn=rolearn, RoleSessionName="createVpc")

    print(" > Initialize CDK in account '%s' and region '%s'" % (account_id, aws_region))
    my_env = os.environ.copy()
    my_env["AWS_ACCESS_KEY_ID"] = assumed_role_object['Credentials']['AccessKeyId']
    my_env["AWS_SECRET_ACCESS_KEY"] = assumed_role_object['Credentials']['SecretAccessKey']
    my_env["AWS_SESSION_TOKEN"] = assumed_role_object['Credentials']['SessionToken']
    my_env["CDK_NEW_BOOTSTRAP"] = '1'

    process = subprocess.run([
        'cdk', 
        'bootstrap',
        '--cloudformation-execution-policies',
        'arn:aws:iam::aws:policy/AdministratorAccess',
        '--trust',
        '<PUT YOUR CI/CD account here>',
        'aws://%s/%s' % (account_id, aws_region),
        ], 
        stdout=sys.stdout,
        stderr=sys.stderr,
        stdin=subprocess.DEVNULL,
        env=my_env,
        universal_newlines=True
    )

    print("DONE")
    print("")
    

 account_id = select_account()
 aws_region = select_region(account_id)

 deploy_cdk(account_id, aws_region)
	import json

	import inquirer
	import boto3
	import os
	import sys
	import subprocess


	def select_account():
	orga_client = boto3.client('organizations')
	accounts = []
	paginator = orga_client.get_paginator('list_accounts')
	page_iterator = paginator.paginate()
	for page in page_iterator:
	for account in page['Accounts']:
	accounts.append(account)

	choice = inquirer.list_input(
	"Select AWS Account",
	choices=list(map(lambda acc: (acc['Name'], acc['Id']), accounts))
	)

	return choice


	def select_region(account_id):
	# Jump into selected account
	rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
	assumed_role_object = boto3.client('sts').assume_role(
	RoleArn=rolearn, RoleSessionName="selectRegion")
	client = boto3.client(
	'ec2',
	aws_access_key_id=assumed_role_object['Credentials']['AccessKeyId'],
	aws_secret_access_key=assumed_role_object['Credentials']['SecretAccessKey'],
	aws_session_token=assumed_role_object['Credentials']['SessionToken']
	)

	# List all regions and let user select one
	regions = [region['RegionName'] for region in client.describe_regions()['Regions']]
	choice = inquirer.list_input(
	"Select AWS Region",
	choices=regions, default="eu-central-1"
	)

	return choice

	def deploy_cdk(account_id, aws_region):
	# Jump into selected account
	print(" > Accessing account %s ..." % account_id)
	rolearn = "arn:aws:iam::%s:role/OrganizationAccountAccessRole" % account_id
	assumed_role_object = boto3.client('sts').assume_role(
	RoleArn=rolearn, RoleSessionName="createVpc")

	print(" > Initialize CDK in account '%s' and region '%s'" % (account_id, aws_region))
	my_env = os.environ.copy()
	my_env["AWS_ACCESS_KEY_ID"] = assumed_role_object['Credentials']['AccessKeyId']
	my_env["AWS_SECRET_ACCESS_KEY"] = assumed_role_object['Credentials']['SecretAccessKey']
	my_env["AWS_SESSION_TOKEN"] = assumed_role_object['Credentials']['SessionToken']
	my_env["CDK_NEW_BOOTSTRAP"] = '1'

	process = subprocess.run([
	'cdk',
	'bootstrap',
	'--cloudformation-execution-policies',
	'arn:aws:iam::aws:policy/AdministratorAccess',
	'--trust',
	'<PUT YOUR CI/CD account here>',
	'aws://%s/%s' % (account_id, aws_region),
	],
	stdout=sys.stdout,
	stderr=sys.stderr,
	stdin=subprocess.DEVNULL,
	env=my_env,
	universal_newlines=True
	)

	print("DONE")
	print("")


	account_id = select_account()
	aws_region = select_region(account_id)

	deploy_cdk(account_id, aws_region)