org-formation-cli
aws-control-tower-customizations
org-formation-cli | aws-control-tower-customizations | |
---|---|---|
27 | 3 | |
1,341 | 346 | |
0.5% | 0.9% | |
6.2 | 2.8 | |
27 days ago | about 2 months ago | |
TypeScript | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
org-formation-cli
- Show HN: An Infrastructure as Code (IaC) Tool for AWS Organizations
-
No, you don’t need to test every line of your CDK application
And these guardrails are usually owned by platform teams. One downside to doing all these with AWS Organizations is that it involves a lot of clickops… This is where I would turn to org-formation, an open-source tool that gives you infrastructure-as-code for AWS Organizations. It’s a really powerful tool and I strongly recommend that you check it out if you haven’t already.
-
AWS simple multi account setup
If you don’t like control tower, try org formation. https://github.com/org-formation/org-formation-cli
- AWS Organization Formation
-
How to structure the common setup for multiple account in an organization
I found myself bootstrapping a new AWS Organization. I am using org-formation to define the basic account structure, an OIDC IdP for Github Actions and the essential roles for Terraform to do its job.
-
Is a well-designed security group and instance profile enough to limit tenants to their VM in a single VPC
an AWS account is free, so if you're planning basically reselling AWS, an account per tenant is a nobrainer. There are a few ways to create loads of accounts, org-formation is my favorite
-
EXPERIENCE WITH AWS CONTROL TOWER
We use https://github.com/org-formation/org-formation-cli for most of our work, though just vanilla Terraform can work reasonably well for most of the things.
-
CloudFormation deploying cross-account resources
By the way, if you like the "deploy this stack to multiple accounts"-feature of Stacksets, you're going to lovveee org-formation.
-
Leveraging CodePipeline to deploy Terraform
This led me to two problems. The first was the perennial issue I've had with Terraform from day one: "How do I manage state?". The second issue was how do I leverage some form of CI/CD tooling to allow me to leverage one of Terraform's biggest strengths - the terraform plan capability. Since Fooli is an AWS product, I figured that I should be able to use AWS native tools for this. I've used CodePipeline in the past to preview change-sets with aws-org-formation, so I thought it would be easy to find a well-worn pattern from AWS on doing it.
-
Top 12 Serverless Announcements from re:Invent 2022
You can now manage your AWS Organization through CloudFormation, including creating accounts, organizational units, and policies. It's one of those things you are surprised were not already possible. However, I will stick to the OrgFormation for my own accounts, as it offers additional features like deploying stacks and performing custom logic across the organization.
aws-control-tower-customizations
-
Setting up my own landing zone on AWS
For my landing zone I used the Customizations for AWS Control Tower (CfCt) project. When I created my landing zone the Landing Zone Accelerator was not yet available. I still need to evaluate if I can switch, but my initial concerns are the cost of running it. CfCt has low costs and depending on your usage it might even fit in the free tier. The Landing Zone Accelerator comes with VPCs and transit gateways and some other services that will generate costs regardless of what you are doing with the landing zone.
-
Customising AWS Control Tower with CfCT
The team at AWS that have developed the SRA utilised Customisations for Control Tower (CfCT) as the delivery mechanism for there customisations but since they don't maintain that solution itself, it's strongly recommended to check the current version of CfCT here prior to launching the CloudFormation Template.
- Cloudformation Multiple SCP's to different OU's
What are some alternatives?
superwerker - superwerker can help you get started with the AWS Cloud quickly without investing in consultants or devoting time to extensive research. superwerker is a free, open-source solution that lets you quickly set up an AWS Cloud environment following best practices for security and efficiency so you can focus on your core business.
terraform-aws-control_tower_account_factory - AWS Control Tower Account Factory
serverless - This is intended to be a repo containing all of the official AWS Serverless architecture patterns built with CDK for developers to use. All patterns come in Typescript and Python with the exported CloudFormation also included.
aws-deployment-framework - The AWS Deployment Framework (ADF) is an extensive and flexible framework to manage and deploy resources across multiple AWS accounts and regions based on AWS Organizations.
cloudformation-aws-landing-zone - AWS Landing Zone Template v2.4.6(Latest)
aws-security-reference-architecture-examples - Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
terragrunt-atlantis-config - Generate Atlantis config for Terragrunt projects.
mutato - Repo formerly known as mu-cdk. A.K.A Mu2. Pronounced: mew-tah-toe
aws-export-credentials - Get AWS credentials from a profile to inject into other programs
aws-cdk - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
cross-account-eventbridge - Sample application for cross-domain, cross-account events with EventBridge
aws-resource-providers - A community driven repository where you can find AWS Resource Type Providers for different purposes (including org-formation ones).