in scripts/enableorgscp-customlambdaresource.py [0:0]
def create_endpoint(event, context):
responseData = {}
# Check if the account is part of an Organization. Only accounts within an Organization can receive a SCP
try:
response = org.describe_organization()
logger.info("Account is member of an existing Organization.")
try:
getRootId = org.list_roots()
rootId = getRootId['Roots'][0]['Id']
enableSCP = org.enable_policy_type(
RootId=rootId,
PolicyType='SERVICE_CONTROL_POLICY'
)
print("SCP has been enabled")
responseData['response'] = enableSCP
responseData['statusMessage'] = 'SCP Enabled'
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
return {
'body': 'Organization exists & SCP Policy Type is enabled.'
}
except:
print("SCP policies are already enabled")
responseData['response'] = "Success"
responseData['statusMessage'] = 'SCP Enabled'
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
return {
'body': 'Organization exists & SCP Policy Type is enabled.'
}
except:
print("Not part of an Organization. Organization will be created.")
# Create the Organization based on the current account
createOrganization = org.create_organization(
FeatureSet='ALL'
)
print("Organization created.")
print(createOrganization)
# Enable SCP
getRootId = org.list_roots()
rootId = getRootId['Roots'][0]['Id']
enableSCP = org.enable_policy_type(
RootId=rootId,
PolicyType='SERVICE_CONTROL_POLICY'
)
print("SCP has been enabled")
responseData['response'] = enableSCP
responseData['statusMessage'] = 'SCP Enabled'
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData)
return {
'body': 'Organization exists & SCP Policy Type is enabled.'
}