{"id":18811734,"url":"https://github.com/logicmonitor/aws-account-onboarding-lambda","last_synced_at":"2026-01-11T14:30:19.583Z","repository":{"id":216465412,"uuid":"607808089","full_name":"logicmonitor/aws-account-onboarding-lambda","owner":"logicmonitor","description":"IT-32414","archived":false,"fork":false,"pushed_at":"2025-01-31T13:23:18.000Z","size":183,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-31T13:25:27.317Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/logicmonitor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-28T18:06:16.000Z","updated_at":"2025-01-31T13:23:21.000Z","dependencies_parsed_at":"2024-01-10T11:51:18.612Z","dependency_job_id":"08b918ec-54b0-4c3c-bf40-169325e40456","html_url":"https://github.com/logicmonitor/aws-account-onboarding-lambda","commit_stats":null,"previous_names":["logicmonitor/aws-account-onboarding-lambda"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logicmonitor%2Faws-account-onboarding-lambda","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logicmonitor%2Faws-account-onboarding-lambda/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logicmonitor%2Faws-account-onboarding-lambda/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/logicmonitor%2Faws-account-onboarding-lambda/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/logicmonitor","download_url":"https://codeload.github.com/logicmonitor/aws-account-onboarding-lambda/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239748248,"owners_count":19690232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T23:27:28.803Z","updated_at":"2026-01-11T14:30:19.528Z","avatar_url":"https://github.com/logicmonitor.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lambda function to create AWS role \u0026 policy, then attach policy to role\n\nThis project provides a sample lambda function which creates an AWS role and policy, then attaches the\ncreated policy to the role.\n\n## Motivation\n\nThis is an alternative method of creating roles and policies through the AWS console. It is most\nsuitable when\nmultiple roles and policies need to be created in succession.\n\n# Requirements\n\n* Java 11 runtime environment\n* Gradle 7\n* Bash shell/zsh (optional if you want to run the aws commands yourself)\n* aws cli v1.17 or newer\n    + If using v2, add `cli_binary_format=raw-in-base64-out` to your `~/.aws/config`\n\n# Setting up locally\n\n`$ git clone https://github.com/logicmonitor/aws-account-onboarding-lambda.git`\n\n`$ cd aws-account-onboarding-lambda`\n\n# Changing standard policy json\n\nThe default policy json for the role is in path `src/main/resources/policy.json`. If you wish to\nedit that, please do so before proceeding further.\n\n# s3 bucket creation\n\nThis step is needed to deploy artifacts related to the lambda function. We need to create an s3 bucket to\nstore the artifacts. Run the following command from the root level `aws-account-onboarding-lambda`:\n\n`$ ./create_aws_s3_bucket.sh \u003center-a-bucket-name-to-create\u003e \u003caws-profile-name\u003e \u003caws-region\u003e`\n\nwhere \u003caws-profile-name\u003e is the profile configured in `~/.aws/config`.\n\nIf you have your aws-cli setup with a single profile, you could also directly create a s3 bucket:\n\n`$ aws s3 mb s3://\u003center-a-bucket-name\u003e`\n\nAdd `--region` option if you want it in a particular region. If you get any authentication error,\nadd `--profile \u003cyour-aws-profile-name\u003e` in the command.\n\n# Generate the artifacts\n\nLet's package our java code as a zip. Run the following command from the root level of\nproject `aws-account-onboarding-lambda`:\n\n`./gradlew buildZip`\n\nGradle will generate the zip under the project in the path `build/distributions/aws-account-onboarding-lambda.zip`.\n\n# Deploy artifacts and lambda function - One time process\n\nNow that you have created a s3 bucket and our lambda function artifact, let's deploy our lambda\nfunction using the configuration file `template.yml`\n\nThe deploy script uses aws cloudformation to package the artifacts and create the lambda function.\n\n`$ ./deploy.sh \u003caws-profile-name\u003e \u003caws-region\u003e \u003center-a-lambda-function-name\u003e`\n\nAlternatively, you can run the following commands if your profile is already setup:\n\n`$ aws --profile \u003cyour-profile-name\u003e --region \u003cregion-in-which-you-want-this-created\u003e cloudformation package --template-file template.yml --s3-bucket \u003cyour-s3-bucket-name-from-step-1\u003e --output-template-file out.yml`\n\nMake sure you have an out.yml file generated.\n\n`$ aws --profile \u003cyour-profile-name\u003e --region \u003cregion-in-which-you-want-this-created\u003e cloudformation deploy --template-file out.yml --stack-name \u003center-a-lambda-function-name\u003e --capabilities CAPABILITY_NAMED_IAM`\n\nYou should see a successfully created stack message.\n\n# Running the lambda function\n\nNow, you can trigger the lambda function using events from aws console. This will create the role,\nthe policy, and will attach the policy to the role.\n\nNavigate to aws console -\u003e Lambda -\u003e \u003cyour-lambda-function-name-with-an-identifier\u003e\n\nThere should be a Test tab in your function.\n\n![test-tab](images/test-tab-in-function.png \"Test tab in lambda function\")\n\nUnder the Event Json, supply your input for role and policy creation,\n\nEg.,\n\n```json\n{\n  \"principalAccountId\": \"123456789\",\n  \"policyName\": \"my-policy-name\",\n  \"externalId\": \"my-external-id-from-lm\",\n  \"roleName\": \"my-role-name\"\n}\n```\n\nTest and Save this event if you are going to edit and use it for multiple role, policy creations.\n\nThis should have created your role with the proper trust entity (external-id), the policy, and attached the\npolicy to role.\n\n# Reporting bugs\n\nIf there are any issues or security vulnerabilities you want to report, please add them to\nthe Issues section. The\nmaintainers of this project will review.\n  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogicmonitor%2Faws-account-onboarding-lambda","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flogicmonitor%2Faws-account-onboarding-lambda","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flogicmonitor%2Faws-account-onboarding-lambda/lists"}