State Machines to Manage Onboarding Process for New AWS Accounts
Input Parameter Values
-
CloudformationLambdaExecutionRoleArn:
Enter
ARN of IAM Role for Cloudformation to create changesets and target stack
. If you already created one or more CodePipeline that uses Cloudformation, this role should have been created already, so you can use the same role, 'cloudformation-lambda-execution-role'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here. -
CodePipelineServiceRoleArn:
Enter
ARN of IAM Role for CodePipeline to be executed
. If you already created one or more CodePipeline, this role should have been created already, so you can use the same role, 'AWS-CodePipeline-Service'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here. -
CustomAuthorizerIAMRoleName:
Enter the
NAME (not ARN) of IAM Role that has the permission for API Gateway to invoke custom authorizer Lambda Function
. (See here for Trust Relationships and Policy Document). -
CustomAuthorizerLambdaName:
Enter the
NAME (not ARN) of custom authorizer Lambda Function
. (See here for the Lambda Function Project for Custom Authorizer using SSO Server). -
EncryptionLambdaName:
-
GitHubPersonalAccessToken:
Access Token
for CodeBuild to access to the this Github repository. (See here to find how to generate the access token). -
GitHubSourceRepositoryBranch:
master
-
GitHubSourceRepositoryName:
aws-services-onboarding
-
GitHubSourceRepositoryOwner:
SungardAS
-
ParameterOverrides:
{ "AccountLogGroupName": "/SungardAS/Alerts/Account", "SubscriptionFilterDestinationArn": "arn:aws:logs:<region>:<account>:destination:<destination_name>" }
-
ProjectImage:
aws/codebuild/nodejs:8.11.0
This project is maintained by the Labs group at Sungard Availability Services
GitHub: https://sungardas.github.io