Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardcoded GhostbusterTargetAccountRole makes it difficult for Control Tower users #14

Open
nmasur opened this issue Nov 16, 2023 · 0 comments · May be fixed by #15
Open

Hardcoded GhostbusterTargetAccountRole makes it difficult for Control Tower users #14

nmasur opened this issue Nov 16, 2023 · 0 comments · May be fixed by #15

Comments

@nmasur
Copy link

nmasur commented Nov 16, 2023

Hey, thanks for this great project! I want to use this tool with AWS Control Tower with all the accounts in the organization. One of the features of Control Tower is that every account gets an aws-controltower-ReadOnlyExecutionRole which can be assumed by Lambda functions in the Audit account.

There is an option for setting the name of the role to assume in a CSV file, but I won't have that in a Lambda function, and we want to use the autorole. Currently, when using the autorole, the name of the role assumed in each account is hardcoded to GhostbusterTargetAccountRole.

Ideally, we would make this an input option so that we could use aws-controltower-ReadOnlyExecutionRole or any other role that sits in each of the accounts. Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Introduce autorolestargetname to allow for custom target IAM roles nmasur/ghostbuster
1 participant
@nmasur