in source/aws-bootstrap-kit/lib/dns/delegation-record-handler/index.ts [215:239]
async function resolveRoleArn(recordName: string, currentAccountId: string) {
try {
const orgClient = new AWS.Organizations({ region: "us-east-1" });
const listAccountsResults = await orgClient.listAccounts().promise();
let targetAccountId;
let targetRoleToAssume;
for (const account of listAccountsResults.Accounts
? listAccountsResults.Accounts
: []) {
// Indentify main account which is the one hosting DNS root domain
if (account.JoinedMethod === "INVITED") {
targetAccountId = account.Id;
} else if (account.Id == currentAccountId) {
targetRoleToAssume = getDNSUpdateRoleNameFromServiceRecordName(recordName);
}
}
const roleArn = `arn:aws:iam::${targetAccountId}:role/${targetRoleToAssume}`;
return roleArn;
} catch (error) {
console.error(`Failed to resolveRoleArn due to ${error}`);
throw error;
}
}