In this repository, we share code for batch management of contacts from your AWS accounts in an AWS Organizations.
This solution was developed thanks to these announcements:
- Posted on: Jun 07, 2024 - Centrally manage member account root email addresses across your AWS Organization
- Posted on: Oct 25, 2022 - AWS Organizations console now allows users to centrally manage primary contact information on AWS accounts
- Posted on: Feb 09, 2022 - AWS Organizations console now lets users centrally manage alternate contacts on AWS accounts
Why this solution was created?
Keeping your contacts updated in your AWS accounts is important for compliance and ensuring that notifications sent by AWS are being sent to the correct recipients. There are 3 main types of contacts to be registered in an AWS account: primary contacts, alternate contacts and the email address of the account's root user.
Alternate contacts for an AWS account allow AWS to contact up to three additional points of contact associated with the account for billing, operations, and security issues. They are in addition to the primary email address associated with the AWS account (root user email). Ensuring they are up to date and properly configured is part of managing a mature AWS environment.
Customers with large numbers of AWS accounts have the challenge to ensure that these contacts are set correctly and not altered. This solution aims to resolve this with automation for managing these different types of contacts in bulk.
- Your organization must enable all features to manage settings on your member accounts. This allows admin control over the member accounts. This is set by default when you create your organization. If your organization is set to consolidated billing only, and you want to enable all features, see Enabling all features in your organization.
- You need to enable trusted access for AWS Account Management service. To set this up, see Enabling trusted access for AWS Account Management.
- You need the necessary IAM permissions to run the tool. Please, refer to IAM Policy file.
⚠️ Note: Make sure you will sign-in at the management account of the AWS Organizations or the delegated administrator member account for AWS Organizations.
-
Choose where you want to run it (CloudShell or Local terminal):
-
CloudShell
-
Sign-in to you AWS account.
-
Open CloudShell.
-
When CloudShell opens, you will run the following command:
-
Clone the repository.
git clone https://github.com/aws-samples/contacts-manager.git
-
Make a clean install.
python3 -m venv .venv source .venv/bin/activate
-
Install dependencies.
cd contacts-manager sh -e requirements.txt
-
-
-
Local terminal (recommended if you will run the Generate contacts report)
-
Open you local terminal.
-
Make sure to have AWS CLI and Python3 installed.
-
Checking AWS CLI version (latest version).
aws --version
-
Checking Python version
python -V
or
python3 -V
-
-
Clone the repository.
git clone https://github.com/aws-samples/contacts-manager.git
-
Make a clean install.
python3 -m venv .venv source .venv/bin/activate
-
Install dependencies.
cd contacts-manager sh -e requirements.txt
-
Sign-in to you AWS account in the local terminal.
-
-
-
Run the script.
python3 script.py
-
The first step is to choose which contact options you want to interact.
-
Alternate contacts
-
When selected, choose one of the 3 action options.
-
Input a list of AWS account IDs separated by comma, the Organization unit ID or all. For the Delete action, for security reasons, it is only allowed to run one AWS account ID at a time. Below are some input examples:
- all
- 000000000000,111111111111,222222222222,333333333333
- 000000000000, 111111111111, 222222222222, 333333333333
- ou-a0aa-abcdef0g
- 012345678910 (valid for Delete action)
-
Choose which type of alternate contact.
-
List action
-
Update action
-
For Update action, it will be required to fill in all the contact fields, you must pay attention to the right pattern. Below are some input examples:
-
Email: example@mail.com
-
Name: My Name
-
Phone number: +5511900002222
-
Title: Technical Account Manager
-
-
-
Delete action
-
-
Primary contacts information
-
When selected, choose one of the 2 action options
-
Input a list of AWS account IDs separated by comma, the Organization unit ID or all. For the Delete action, for security reasons, it is only allowed to run one AWS account ID at a time. Below are some input examples:
- all
- 000000000000,111111111111,222222222222,333333333333
- 000000000000, 111111111111, 222222222222, 333333333333
- ou-a0aa-abcdef0g
- 012345678910 (valid for Delete action)
-
List action
-
Update action
-
-
Root email addresses
-
When selected, choose one of the 2 action options
-
Input a list of AWS account IDs separated by comma, the Organization unit ID or all. For the Delete action, for security reasons, it is only allowed to run one AWS account ID at a time. Below are some input examples:
- all
- 000000000000,111111111111,222222222222,333333333333
- 000000000000, 111111111111, 222222222222, 333333333333
- ou-a0aa-abcdef0g
- 012345678910 (valid for Delete action)
-
List action
-
Update action
-
For Update action, it will be required to fill in all the contact fields. A status prefix of "⟳" (pending) and "✔" (done) will be shown to monitor the status of AWS account changes.
-
When you select an account, you must add the OTP (One-Time Password). This must be done one account at a time.
-
Once you update the root email address, the status will be changed to "✔" (done). When all statuses are “checked”, the function will be completed.
-
-
-
[Optional] Remove the tool.
cd .. rm aws-contacts-manager
Feedback is always welcome! Please, share you experience, thoughts, feature request: Feedback Survey.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.