Many enterprises in AWS are leveraging AWS Organizations and AWS SSO for central management of accounts and access.
In larger organizations with many accounts, it can require a lot of clicking to figure out what the applied SCPs and permission sets are for a given account.
Enter aws-org-mapper.
This simple python script collects information from both the Organization and SSO services and produces an HTML document that contains a diagram for each account. Each account diagram shows the associated OUs, SCPs, and permission sets.
Diagraming courtesy of Mermaid JS
To get started,
- clone down the repo
- ensure you have python 3.8+ and boto3 installed
- ensure aws credentials are available
- execute the script
python aws-org-mapper.py
- open
aws-org-mapper.html
file generated in directory
Thanks for reading. Peace!
Top comments (0)