Académique Documents
Professionnel Documents
Culture Documents
import boto3
import traceback
import sys
import time
import json
#import pdb
AccountId = 802169185211
#AccountId = event['AccountId']
region = 'us-east-1'
user = 'test'
client = boto3.client('sts')
role = 'arn:aws:iam::'+str(AccountId)+':role/OrganizationAccountAccessRole'
print (role)
res = client.assume_role(
RoleArn=role,
RoleSessionName=user
acc_key = res['Credentials']['AccessKeyId']
sec_key = res['Credentials']['SecretAccessKey']
token = res['Credentials']['SessionToken']
print (acc_key)
#create session to user account to create new role
session =
boto3.Session(aws_access_key_id=acc_key,aws_secret_access_key=sec_key,aws_session_to
ken=token,region_name=region)
Servicecatalog_conn_client1 = session.client('servicecatalog')
service_type = 'servicecatalog'
#source_region is the region for Source AWS account and destination_region is the region
for destination AWS account
source_region = 'us-east-1'
destination_region = 'us-east-1'
#access_key = ''
#secret_key = ''
response = Servicecatalog_conn_client.list_portfolios()
portfolio_list = []
portfolio_list.append(ids["Id"])
portfoliolist = portfolio_list
response = Servicecatalog_conn_client.create_portfolio_share(
PortfolioId=portid,
AccountId="802169185211"
response = Servicecatalog_conn_client1.create_portfolio(
DisplayName="InnovationLab",
ProviderName="Capgemini"
response = Servicecatalog_conn_client1.create_portfolio(
DisplayName="ProfessionalLab",
Description="This Portfolio will hold hold products for Professional Lab Users",
ProviderName="Capgemini"
response = Servicecatalog_conn_client1.create_portfolio(
DisplayName="PartnerLab",
Description="This Portfolio will hold hold products for Partner Sandbox Lab Users.",
ProviderName="Capgemini"
# Copy service catalog Products from Source Account to destination AWS account"
paginator = Servicecatalog_conn_client.get_paginator('search_products_as_admin')
response = paginator.paginate(
PaginationConfig={
'MaxItems': 3000
out = []
for j in (ids["ProductViewDetails"]):
out.append(j['ProductARN'])
arn = out
print productarn
response = Servicecatalog_conn_client1.copy_product(
SourceProductArn=productarn,
time.sleep(150)
# Now remove Portfolios share
response = Servicecatalog_conn_client.list_portfolios()
portfolio_list = []
portfolio_list.append(ids["Id"])
portfoliolist = portfolio_list
response = Servicecatalog_conn_client.delete_portfolio_share(
PortfolioId=portid,
AccountId="802169185211"
paginator1 = Servicecatalog_conn_client1.get_paginator('search_products_as_admin')
response = paginator1.paginate(
Filters={'Owner': ['InnoProLab']},
PaginationConfig={
'MaxItems': 3000
)
product_id = []
for j in (ids["ProductViewDetails"]):
product_id.append(j['ProductViewSummary']['ProductId'])
prodid = product_id
paginator2 = Servicecatalog_conn_client1.get_paginator('search_products_as_admin')
response = paginator2.paginate(
Filters={'Owner': ['InnovationLab']},
PaginationConfig={
'MaxItems': 3000
product_id1 = []
for j in (ids["ProductViewDetails"]):
product_id1.append(j['ProductViewSummary']['ProductId'])
prodid1 = product_id1
response = paginator3.paginate(
PaginationConfig={
'MaxItems': 3000
product_id2 = []
for j in (ids["ProductViewDetails"]):
product_id2.append(j['ProductViewSummary']['ProductId'])
prodid2 = product_id2
# Find out the Portfolio ID of portfolios from Destination AWS account and Associate
products with portfolios"
response = Servicecatalog_conn_client1.list_portfolios()
portfolio_list = []
portfolio_list1 = []
portfolio_list2 = []
portfolio_list.append(ids["Id"])
portfoliolist = portfolio_list
else:
if (ids["DisplayName"]) == "InnovationLab":
portfolio_list1.append(ids["Id"])
portfoliolist1 = portfolio_list1
else:
(ids["DisplayName"]) == "PartnerLab"
portfolio_list2.append(ids["Id"])
portfoliolist2 = portfolio_list2
response = Servicecatalog_conn_client1.associate_product_with_portfolio(
ProductId=productid,
PortfolioId=portid
response = Servicecatalog_conn_client1.associate_product_with_portfolio(
ProductId=productid,
PortfolioId=portid1
response = Servicecatalog_conn_client1.associate_product_with_portfolio(
ProductId=productid1,
PortfolioId=portid1
response = Servicecatalog_conn_client1.associate_product_with_portfolio(
ProductId=productid2,
PortfolioId=portid2
)
session =
boto3.Session(aws_access_key_id=acc_key,aws_secret_access_key=sec_key,aws_session_to
ken=token)
iam = session.client('iam')
my_managed_policy = {
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"catalog-user:*",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"cloudformation:UpdateStack",
"cloudformation:ListStacks",
"cloudformation:*",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListLaunchPaths",
"servicecatalog:ProvisionProduct",
"servicecatalog:SearchProducts",
"s3:*",
"ec2:*",
"rds:*",
"ecs:*",
"es:*",
"kinesis:*",
"firehose:*",
"elasticache:*",
"dynamodb:*",
"elasticmapreduce:*",
"application-autoscaling:*",
"autoscaling:*",
"cloudwatch:*",
"logs:*",
"iam:*",
"elasticloadbalancing:*",
"SNS:*"
],
"Resource": "*"
},
"Effect": "Allow",
"Action": [
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListRecordHistory",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
trust_policy = {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": ["ec2.amazonaws.com", "servicecatalog.amazonaws.com"],
"AWS": ["arn:aws:iam::293952640683:role/Portal",
"arn:aws:iam::293952640683:root"
},
"Action": "sts:AssumeRole"
policy = iam.create_policy(
PolicyName='ServiceCatalogPolicy',
PolicyDocument=json.dumps(my_managed_policy),
create_role = iam.create_role(
RoleName='ServiceCatalogRole',
AssumeRolePolicyDocument=json.dumps(trust_policy)
#print create_role
rolearn = create_role["Role"]["Arn"]
#print (rolearn)
ServiceCatalogRole=iam.attach_role_policy(
PolicyArn='arn:aws:iam::'+str(AccountId)+':policy/ServiceCatalogPolicy',
RoleName='ServiceCatalogRole'
)
# Findout the Portfolio ID of portfolios from Destination AWS account
response = Servicecatalog_conn_client1.list_portfolios()
portfolio_list = []
portfolio_list.append(ids["Id"])
portfoliolist = portfolio_list
response = Servicecatalog_conn_client1.associate_principal_with_portfolio(
PortfolioId=portid,
PrincipalARN=rolearn,
PrincipalType='IAM'