Reputation: 477
boto3 EC2 client for each sub account
I am trying to use the python boto3 AWS SDK to loop through sub accounts to determine in-use CIDR ranges for VPCs. From the root account I can see all the sub accounts using the following:
organizations = boto3.client('organizations')
response = organizations.list_accounts_for_parent(
ParentId='FOO'
)
I would then like to use the EC2 -> describe_vpcs to identify in-use CIDR ranges. Can someone give me some advice on connecting these two pieces?
Upvotes: 1
Views: 591
Answers (1)
Reputation: 269666
Your code would need to assume a role in each sub-account. This will then provide temporary credentials that can be used to make API calls in the sub-account.
From Accessing and Administering the Member Accounts in Your Organization - AWS Organizations:
When you create an account in your organization, AWS Organizations automatically creates a root user and an IAM role for the account. ... If you create an account in your organization, you can access the account by using the preconfigured role that exists in all new accounts that are created this way.
...
When you create a member account using the AWS Organizations console, AWS Organizations automatically creates an IAM role in the account. This role has full administrative permissions in the member account. The role is also configured to grant that access to the organization's master account.
Upvotes: 2
Related Questions
- Get multiple aws account ec2 inventory using boto3
- get list of all sub-accounts from given organization in aws
- Programmatically establish boto3 sessions with AWS SSO
- How generate EC2 inventory from multiple AWS Account using python boto3
- Get AWS Account ID from Boto
- Accessing multiple AWS accounts using boto3 without secret key?
- boto3 to automate getting info from all AWS account
- Switching AWS Accounts in Python
- Starting multiple EC2 instances using Boto3
- How can I access a low-level client from a Boto 3 resource instance?