AccountsConfig | Landing Zone Accelerator on AWS

Hierarchy

AccountsConfig

Implements

TypeOf<typeof accountsConfig>

Constructors

constructor

new AccountsConfig(props: { auditAccountEmail: string; logArchiveAccountEmail: string; managementAccountEmail: string }, values?: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }, configDir?: string, validateConfig?: boolean): AccountsConfig

Parameters
- props: { auditAccountEmail: string; logArchiveAccountEmail: string; managementAccountEmail: string }
  - auditAccountEmail: string
  - logArchiveAccountEmail: string
  - managementAccountEmail: string
- Optional values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }
  - accountIds: undefined | { email: string; accountId: string; }[]
  - mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
  - workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
- Optional configDir: string
- Optional validateConfig: boolean
Returns AccountsConfig

Properties

accountIds

accountIds: undefined | AccountIdConfig[] = undefined

Optionally provide a list of AWS Account IDs to bypass the usage of the AWS Organizations Client lookup. This is not a readonly member since we will initialize it with values if it is not provided

Readonly mandatoryAccounts

mandatoryAccounts: AccountConfig[] | GovCloudAccountConfig[] = []

Readonly workloadAccounts

workloadAccounts: AccountConfig[] | GovCloudAccountConfig[] = []

Static Readonly AUDIT_ACCOUNT

AUDIT_ACCOUNT: "Audit" = 'Audit'

Static Readonly FILENAME

FILENAME: "accounts-config.yaml" = 'accounts-config.yaml'

Static Readonly LOG_ARCHIVE_ACCOUNT

LOG_ARCHIVE_ACCOUNT: "LogArchive" = 'LogArchive'

Static Readonly MANAGEMENT_ACCOUNT

MANAGEMENT_ACCOUNT: "Management" = 'Management'

Methods

anyGovCloudAccounts

anyGovCloudAccounts(): boolean

Returns boolean

containsAccount

containsAccount(name: string): boolean

Parameters
- name: string
Returns boolean

getAccount

getAccount(name: string): AccountConfig

Parameters
- name: string
Returns AccountConfig

getAccountId

getAccountId(name: string): string

Parameters
- name: string
Returns string

getAccountIds

getAccountIds(): string[]

Returns string[]

getAuditAccount

getAuditAccount(): AccountConfig

Returns AccountConfig

getAuditAccountId

getAuditAccountId(): string

Returns string

getLogArchiveAccount

getLogArchiveAccount(): AccountConfig

Returns AccountConfig

getLogArchiveAccountId

getLogArchiveAccountId(): string

Returns string

getManagementAccount

getManagementAccount(): AccountConfig

Returns AccountConfig

getManagementAccountId

getManagementAccountId(): string

Returns string

Private getOuIdNames

getOuIdNames(configDir: string, ouIdNames: string[]): void

Prepare list of OU ids from organization config file

Parameters
- configDir: string
- ouIdNames: string[]
Returns void

isGovCloudAccount

isGovCloudAccount(account: AccountConfig | GovCloudAccountConfig): boolean

Parameters
- account: AccountConfig | GovCloudAccountConfig
Returns boolean

isGovCloudEnabled

isGovCloudEnabled(account: AccountConfig | GovCloudAccountConfig): undefined | boolean

Parameters
- account: AccountConfig | GovCloudAccountConfig
Returns undefined | boolean

loadAccountIds

loadAccountIds(partition: string): Promise<void>

Loads account ids by utilizing the organizations client if account ids are not provided in the config.

Parameters
- partition: string
Returns Promise<void>

Private validateAccountNames

validateAccountNames(values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }, errors: string[]): void

Function to verify account names are unique and name without space

Parameters
- values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }
  - accountIds: undefined | { email: string; accountId: string; }[]
  - mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
  - workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
- errors: string[]
Returns void

Private validateAccountOrganizationalUnit

validateAccountOrganizationalUnit(values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }, ouIdNames: string[], errors: string[]): void

Function to validate existence of account deployment target OUs Make sure deployment target OUs are part of Organization config file

Parameters
- values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }
  - accountIds: undefined | { email: string; accountId: string; }[]
  - mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
  - workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
- ouIdNames: string[]
- errors: string[]
Returns void

Private validateEmails

validateEmails(values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }, errors: string[]): void

Function to validate email formats, default and duplicate email checks

Parameters
- values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }
  - accountIds: undefined | { email: string; accountId: string; }[]
  - mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
  - workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
- errors: string[]
Returns void

Private validateMandatoryAccountNames

validateMandatoryAccountNames(values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }, errors: string[]): void

Function to verify mandatory account names did not change

Parameters
- values: { accountIds: undefined | { email: string; accountId: string; }[]; mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]; workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[] }
  - accountIds: undefined | { email: string; accountId: string; }[]
  - mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
  - workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]
- errors: string[]
Returns void

Static load

load(dir: string, validateConfig?: boolean): AccountsConfig

Parameters
- dir: string
- Optional validateConfig: boolean
Returns AccountsConfig

Hierarchy

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

props: { auditAccountEmail: string; logArchiveAccountEmail: string; managementAccountEmail: string }

auditAccountEmail: string

logArchiveAccountEmail: string

managementAccountEmail: string

accountIds: undefined | { email: string; accountId: string; }[]

mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]

workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]

Optional configDir: string

Optional validateConfig: boolean

Returns AccountsConfig

Properties

accountIds

Readonly mandatoryAccounts

Readonly workloadAccounts

Static Readonly AUDIT_ACCOUNT

Static Readonly FILENAME

Static Readonly LOG_ARCHIVE_ACCOUNT

Static Readonly MANAGEMENT_ACCOUNT

Methods

anyGovCloudAccounts

Returns boolean

containsAccount

Parameters

name: string

Returns boolean

getAccount

Parameters

name: string

Returns AccountConfig

getAccountId

Parameters

name: string

Returns string

getAccountIds

Returns string[]

getAuditAccount

Returns AccountConfig

getAuditAccountId

Returns string

getLogArchiveAccount

Returns AccountConfig

getLogArchiveAccountId

Returns string

getManagementAccount

Returns AccountConfig

getManagementAccountId

Returns string

Private getOuIdNames

Parameters

configDir: string

ouIdNames: string[]

Returns void

isGovCloudAccount

Parameters

account: AccountConfig | GovCloudAccountConfig

Returns boolean

isGovCloudEnabled

Parameters

account: AccountConfig | GovCloudAccountConfig

Returns undefined | boolean

loadAccountIds

Parameters

partition: string

Returns Promise<void>

Private validateAccountNames

Parameters

accountIds: undefined | { email: string; accountId: string; }[]

mandatoryAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]

workloadAccounts: ({ name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; } | { name: string; description: string | undefined; email: string; organizationalUnit: string | undefined; enableGovCloud: boolean | undefined; })[]

errors: string[]

Returns void