Stack Overflow
Stack Overflow

Questions tagged [aws-organizations]

AWS Organizations is an AWS account management service you can use to consolidate multiple accounts into an organization that you create and centrally manage. You can create accounts in your organization and invite existing accounts to join the organization.

187 questions
32
votes
8 answers

How do you use "NextToken" in AWS API calls

I've run into a little issue that I am really struggling to understand how it works. I have a tool I am writing that basically does a describe-organization to collect all the accounts in our AWS organization. Per the documentation here it says it…
Geoff Sweet
  • 603
  • 2
  • 6
  • 12
10
votes
3 answers

The differences between IAM and AWS Organization

I'm reading about AWS Identity and Access Management (IAM) and AWS Organizations. Both of them give us the new account & applied policy: AWS Organization: Apply policies to accounts. IAM: Enables you to securely control access to AWS services and…
Nguyễn Văn Phong
  • 13,506
  • 17
  • 39
  • 56
8
votes
4 answers

You cannot add accounts to your organization while it is initializing. Try again later

I am trying to linked account within AWS. But the AWS organisation throws the below error while inviting the user " You cannot add accounts to your organization while it is initializing. Try again later"
vishnukumar
  • 365
  • 4
  • 17
7
votes
2 answers

Multiple Root accounts in single AWS organization: IAM admin can't see all EC2 instances in specified region

This question may seem noobish, but I am pulling my hair out with our AWS organization. We have 3 separate root accounts connected in a single organization with IAM accounts and policies. We can only see instances from the default root account in…
vizon
  • 343
  • 4
  • 19
6
votes
0 answers

Unable to register domain on child account - AWS Organizations

I've created a new AWS account from my already existing master account using AWS Organizations. Now, I would like to purchase a domain using Route 53 from the new account using the credit card which is already linked to the master account. However,…
PKV
  • 167
  • 3
  • 13
5
votes
1 answer

Unable to attach ACM Public certificate with ALB Listener using Lambda across account

I am creating ACM public certificate in AWS organization account using lambda function from master account, code to create ACM Cert and attach with listener is: resp_acm = client_acm.request_certificate( DomainName='test.example.com', …
Naeem
  • 227
  • 3
  • 12
5
votes
3 answers

Create / Destroy AWS account using Terraform?

I am trying to create a tool to easily create and destroy AWS accounts in my AWS organization (or at least remove them from the organisation if they can not be deleted). Those accounts are going to be sandbox with a small budget and destroyed after…
Pierre-Alexandre
  • 543
  • 1
  • 10
  • 31
5
votes
2 answers

Remove enrolled account from AWS Control Tower

How can I remove an enrolled account from AWS Control Tower? After removing a member account from AWS organization (in the master account), it still appears in Control Tower as "not found". Removed member account listed as not found in Control Tower…
mulles3008
  • 553
  • 5
  • 12
5
votes
3 answers

Best way to separate live and test environemnts in aws

I want to provide test and live environment in AWS. My environment contains AWS services like Lambda, API-Gateway etc. for testing purposes and live usage. What is the best way to separate test and live environments in AWS? Is it a good idea to…
Apophis
  • 273
  • 1
  • 9
4
votes
0 answers

How to view AWS organisation's CloudTrail logs in the security account's CloudWatch?

The AWS CloudTrail logs are being stored into an S3 bucket in the Logs Account. The trail that generates these logs is in the Management Account. I would like the CloudTrail logs to be visible in CloudWatch in my Security Account. I am (mostly)…
cfogelberg
  • 1,468
  • 19
  • 26
4
votes
1 answer

boto3 list all accounts in an organization

I have a requirement that I want to list all the accounts and then write all the credentials in my ~/.aws/credentials file. Fir this I am using boto3 in the following way import boto3 client = boto3.client('organizations') response =…
user_mda
  • 18,148
  • 27
  • 82
  • 145
4
votes
1 answer

boto3 how to upload dict / json output to s3 bucket?

I have troubles to upload my output which is dict from organizations describe_policy to s3. here is my code paginator = org.get_paginator('list_policies') page_iterator = paginator.paginate(Filter='SERVICE_CONTROL_POLICY',…
githubnoobieme
  • 87
  • 2
  • 7
3
votes
1 answer

AWS Organizations "You have exceeded the allowed number of AWS accounts"

When trying to create a new account in my Organization, I get the following message: I have a total of 3 accounts under my Organization, including the Management Account. $ aws organizations list-accounts | jq '.Accounts | length' 3 Organizations…
Evandro Pomatti
  • 13,341
  • 16
  • 97
  • 165
3
votes
1 answer

Cannot remove deleted account from AWS Organisation

I have created an Organisation with the following set up:- - Root -- Acc1 (Management Account) -- Acc2 -- Acc3 -- Acc4 I have deleted Acc2, Acc3, and Acc4 over a week ago. However, I still cannot remove them from my Organisaton. I get a…
baynezy
  • 6,493
  • 10
  • 48
  • 73
3
votes
1 answer

Why does `aws organizations list-roots` return a list instead of a single value?

The AWS CLI aws organizations list-roots returns a list. But given an AWS Account/login, it can only belong to 0 or 1 AWS Organization, right? Why did it return a list then (is there ever going be 2 or more items)?
Vincent Yin
  • 1,196
  • 5
  • 13
1
2 3
12 13