Pulling AWS accountID from CloudTrail to use in Lambda function

0
votes

I'm working to pull the accountID from a newly created AWS account within an organization. I'm using a CloudWatch rule that triggers the lambda function off of the CreateAccountResult event name. Within this event, it gives me the createAccountStatus of "SUCCEEDED" as well as the accountID of the new account.

I want to be able to pull JUST the accountID and insert it into a variable within my lambda function.

This lambda function is being used to create an AWS connector to link the account to Trend Micro. Essentially, what I'm using in this script is:

account = '**accountID**'

payload = "{\n   \"crossAccountRoleArn\": \"arn:aws:iam" + account + ":role/TrendMicroDSM\",\n   \"workspacesEnabled\": true\n}"

I want the account variable to automatically update with the newest account's accountID

Is this even possible?

1
amazon-web-servicesaws-lambdaamazon-cloudwatchamazon-cloudtraildeepsecurity
Sorry, but your question is confusing. Are you asking how to the data from the response from create_account()? - John Rotenstein
I guess I'm technically asking 2 questions. First, how can I create a cloudwatch rule that is triggered at the creation of a new account (i may have already accomplished this) that triggers a lambda function? Second, how can I pull the accountID from that new account to populate within my lambda function to link the account to trend? - Justin Lawhorne

1 Answers

0
votes

If you are using Python, the create_account() function returns:

{
    'CreateAccountStatus': {
        'Id': 'string',
        'AccountName': 'string',
        'State': 'IN_PROGRESS'|'SUCCEEDED'|'FAILED',
        'RequestedTimestamp': datetime(2015, 1, 1),
        'CompletedTimestamp': datetime(2015, 1, 1),
        'AccountId': 'string',
        'GovCloudAccountId': 'string',
        'FailureReason': 'ACCOUNT_LIMIT_EXCEEDED'|'EMAIL_ALREADY_EXISTS'|'INVALID_ADDRESS'|'INVALID_EMAIL'|'CONCURRENT_ACCOUNT_MODIFICATION'|'INTERNAL_FAILURE'|'GOVCLOUD_ACCOUNT_ALREADY_EXISTS'
    }
}

Therefore, you could simply use:

import boto3

client = boto3.client('organizations')

response = client.create_account(...)

account_id = response['CreateAccountStatus']['AccountId']