We've included a CloudFormation script that automatically configures the Organization and Member accounts with the required configuration.
Access Architecture (Background and Overview)
The above picture captures the Cross Account/Role pattern utilized to access multiple accounts.
OpenGovernance employs a structured approach to manage resources across multiple AWS accounts using IAM users and roles, coupled with CloudFormation for automated setup.
We'll deploy a CloudFormation template in a designated "organization" or "management" account within your organization:
IAM User Creation:Create an IAM user in the Organization Admin account within AWS to allow OpenGovernance to perform actions across the AWS environment.
Member Accounts Configuration:
Configure each member account with an IAM role that grants the OpenGovernance service account the necessary permissions to inventory and manage resources.
Prerequisites: #
OpenGovernance
AWS CLI V2 installed and configured
Admin access to the Root Account of your AWS Organization