Tom Rosenfeld AstroTom

## create-account-README.md

      
              2 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                AstroTom
                / create-account-README.md
            
            
              Last active
              March 9, 2026 15:35
            
              
                create and optionally close an AWS Organizations account in one flow
              
          
    create-account.sh

A script to create, move to OU, and optionally close an AWS Organizations account in one flow.
Prerequisites


AWS CLI installed and configured with a default profile that has Organizations admin permissions

Configuration


## rds.sh
##
## some useful RDS CLI
##

# RDS events
# Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups,
# DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days

# e.g. See changes to Parameter groups
aws rds describe-events --source-identifier your_parameter_group_name --source-type db-parameter-group

## zfs-sg.sh
#!/bin/bash

#
# Create AWS Security Group ZFS security group named "zfs-sg"
#
#   sets ports as per https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/limit-access-security-groups.html
#
# Variables - set your VPC_ID
#

## fsx-sg.sh
#!/bin/bash

#
# Create AWS Security Group for FSx named "fsx-sg"
#   sets ports as per https://docs.aws.amazon.com/fsx/latest/WindowsGuide/limit-access-security-groups.html
#
# Variables - set your VPC_ID
#

VPC_ID=""

## aws-trail-by-region.sh
#
# This only collecting the non read-only actions. This will save a lot of time and space. If you want all events simple remove the --lookup-attributes and the arg.
#

CMD='cloudtrail lookup-events --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false  --start-time "2022-03-31, 00:00" --end-time "2022-04-03, 23:59" '

for region in $(aws ec2 describe-regions  --output text | awk {'print $4'})
do

    echo $region && eval aws --region $region "$CMD"  |tee trail.$region.json.log

## aws-list-by-region.sh
CMD="eks list-clusters"
CMD="ec2 describe-volumes"

for item in $(aws ec2 describe-regions  --output text | awk {'print $4'})
do
    echo $item && aws --region $item $CMD
done

## ami-clean.sh
#!/bin/bash

# This script cleans up your EC2 instance before baking a new AMI.
# this works on Ubuntu (18+)
# Run the following command in a root shell:
#
# bash <(curl -s https://gist.githubusercontent.com/AstroTom/fb0f54d125d38574eae76f57c188c4f0/raw/ami-clean.sh)

function print_green {
  echo -e "\e[32m${1}\e[0m"

## send-slow-q.sh
#
# send to q a few treks at a time, then wait till Q is empty to send again
#

AWSACCNT=123456789012

Q=https://sqs.eu-west-1.amazonaws.com/$AWSACCNT/prd_navigation_q
Q=https://sqs.eu-west-1.amazonaws.com/$AWSACCNT/stg_navigation_q

QMAX=29   # do not fill Q with more than these

## aws-assume-exp.sh
#!/bin/bash

# Tom R.
# based on  https://gist.github.com/dukejones/36128decdb1e003ac5d77f5c4523f1f5
# Changed to use ~/.aws/config instead
#

set -e

usage () {

## credentials.sh
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   You must use 'source' to run this file, otherwise it has no effect
#   Alternately, you can put it in .bashrc
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   e.g.
#   $ source credentials.sh
#

#
	##
	## some useful RDS CLI
	##

	# RDS events
	# Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups,
	# DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days

	# e.g. See changes to Parameter groups
	aws rds describe-events --source-identifier your_parameter_group_name --source-type db-parameter-group
	#!/bin/bash

	#
	# Create AWS Security Group ZFS security group named "zfs-sg"
	#
	# sets ports as per https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/limit-access-security-groups.html
	#
	# Variables - set your VPC_ID
	#
	#!/bin/bash

	#
	# Create AWS Security Group for FSx named "fsx-sg"
	# sets ports as per https://docs.aws.amazon.com/fsx/latest/WindowsGuide/limit-access-security-groups.html
	#
	# Variables - set your VPC_ID
	#

	VPC_ID=""
	#
	# This only collecting the non read-only actions. This will save a lot of time and space. If you want all events simple remove the --lookup-attributes and the arg.
	#

	CMD='cloudtrail lookup-events --lookup-attributes AttributeKey=ReadOnly,AttributeValue=false --start-time "2022-03-31, 00:00" --end-time "2022-04-03, 23:59" '

	for region in $(aws ec2 describe-regions --output text \| awk {'print $4'})
	do

	echo $region && eval aws --region $region "$CMD" \|tee trail.$region.json.log
	CMD="eks list-clusters"
	CMD="ec2 describe-volumes"

	for item in $(aws ec2 describe-regions --output text \| awk {'print $4'})
	do
	echo $item && aws --region $item $CMD
	done
	#!/bin/bash

	# This script cleans up your EC2 instance before baking a new AMI.
	# this works on Ubuntu (18+)
	# Run the following command in a root shell:
	#
	# bash <(curl -s https://gist.githubusercontent.com/AstroTom/fb0f54d125d38574eae76f57c188c4f0/raw/ami-clean.sh)

	function print_green {
	echo -e "\e[32m${1}\e[0m"
	#
	# send to q a few treks at a time, then wait till Q is empty to send again
	#

	AWSACCNT=123456789012

	Q=https://sqs.eu-west-1.amazonaws.com/$AWSACCNT/prd_navigation_q
	Q=https://sqs.eu-west-1.amazonaws.com/$AWSACCNT/stg_navigation_q

	QMAX=29 # do not fill Q with more than these
	#!/bin/bash

	# Tom R.
	# based on https://gist.github.com/dukejones/36128decdb1e003ac5d77f5c4523f1f5
	# Changed to use ~/.aws/config instead
	#

	set -e

	usage () {
	#
	# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
	# You must use 'source' to run this file, otherwise it has no effect
	# Alternately, you can put it in .bashrc
	# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
	# e.g.
	# $ source credentials.sh
	#

	#