-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Organizations L2 Construct #465
Comments
poc: how to transition to aws cdk native cfn organizations support - aws/aws-cdk#23001 - aws/aws-cdk-rfcs#465 - aws/aws-cdk#22876 - aws/aws-cdk#22971
any update on this? 👀 |
What is needed to get some movement on this RFC? Can someone please provide either approval or feedback about what needs to be improved? The original PFR can be considered as starting from the time aws/aws-cdk#2877 was opened in July 2019. It appears @Naumel self-unassigned in July of this year. If you were impacted by layoffs or PIP, sorry for that... but is there anyone we can escalate this to? @TheRealAmazonKendra ? re: aws/aws-cdk#23001 (review) |
Closing this ticket. We believe the functionality is beneficial, but does not intersect with the core framework and should be vended and maintained separately. |
Description
I would like to have AWS Organization L2 constructs implemented.
We are looking for an API Bar Raiser 🚀
It would be really great to have CDK support to manage the Organization hierarchy like
The L2 constructs may also help a lot to maintain the sequential dependency chain. Either by
Aspect
cdk-organizations or explicit in the L2 constructs.There are already two custom AWS construct libraries to manage AWS Organizations with the CDK:
Here is a draft PR aws/aws-cdk#23001
There are some design decision to be discussed like inversion of parentship
vs.
Writing integ.tests wouldn't be easy, since closing an account underlies some limitations.
To get a first working increment it's enough to get the organization root and postpone
Organization
,EnablePolicyType
,DelegateAdministrator
,EnableAwsServiceAccess
into a follow-up. Also later on we can easily add L2 constructs for AI, Backup, Tag and Service Control Policies.This topic has a lot of votes aws/aws-cdk#2877
I strongly believe having this in the CDK is more valuable instead of a custom construct library, so we can focus in the construct libraries on opionated constructs, while having the same interfaces shared by the aws-cdk-lib.
Ideas 💡
AwsCustomResource
'cx-api
IAccount
intocore
useful for SSO, IAM, ...Aspect
node.addDependency
Account
,OrganizationalUnit
,Policy
standaloneAiPolicy
,TagPolicy
,BackupPolicy
,ScpPolicy
ScpPolicy
may leverageiam.PolicyDocument
(SCP is more restrictive)See aws/aws-cdk#23001 (comment)
Roles
Workflow
status/proposed
)status/review
)api-approved
applied to pull request)status/final-comments-period
)status/approved
)status/planning
)status/implementing
)status/done
)The text was updated successfully, but these errors were encountered: