AWS CloudShell Steampipe config generator for AWS Orgs

generate.sh

#!/bin/bash

# Ensure Steampipe is installed
if ! command -v steampipe >/dev/null; then
  sudo /bin/sh -c "$(curl -fsSL https://steampipe.io/install/steampipe.sh)"
  steampipe plugin install steampipe
  steampipe plugin install aws
  steampipe plugin update --all
fi

# Ensure AWS CLI is configured with appropriate permissions

# Get list of account IDs in the organization
account_ids=$(aws organizations list-accounts --query 'Accounts[*].Id' --output text)

# Create ~/.steampipe/config directory if it doesn't exist
mkdir -p ~/.steampipe/config

# Generate aws.spc file
cat << EOF > ~/.steampipe/config/aws.spc
connection "aws_org" {
  plugin = "aws"
  type   = "aggregator"
  connections = [
EOF

# Add each account as a connection
for account_id in $account_ids; do
  echo "    \"aws_${account_id}\"," >> ~/.steampipe/config/aws.spc
done

# Close the connections list and connection block
echo "  ]
}" >> ~/.steampipe/config/aws.spc

# Add individual account connections
for account_id in $account_ids; do
  cat << EOF >> ~/.steampipe/config/aws.spc

connection "aws_${account_id}" {
  plugin = "aws"
  regions = ["*"]
  profile = "aws_${account_id}"
}
EOF
done

# Create ~/.aws if it doesn't exist
mkdir ~/.aws

# Create the default section in config
cat << EOF > ~/.aws/config
[default]
output = json

EOF


for account_id in $account_ids; do
  cat << EOF >> ~/.aws/config

[profile aws_${account_id}]
role_arn = arn:aws:iam::${account_id}:role/OrganizationAccountAccessRole
credential_source = EcsContainer

EOF
done

echo "AWS Steampipe configuration file and aws config is generated"