Setup AWS Organization

If you already have a AWS organization for your company, and are using AWS Identity Center, you can skip this.

  1. Create an AWS account. This will be the “management” account of your organization, so use a generic company email address (not your own…but if you need to use your own for now, it can be changed later). You’ll likely need the company credit card to put on file during this setup. TODO: add more details

  2. Turn that account into an AWS Organization

  3. Note down the AWS Organization ID (e.g. o-2v54b6ap2r) and the Account ID of the management account (e.g. 123456789012); you’ll need these later.

  4. Enable AWS Identity Center by navigating here and clicking Enable. Then note down the application ID (e.g. d-9067c20053) listed as part of the AWS access portal URL, and also the full URL.

  5. Within Identity Center, go to Settings->Authentication. Click Configure on the Standard Authentication section, check the Send email OTP box and click Save (there’s no programmatic way to do this as of 2/5/25) if you are not using an External Identity Provider (and are creating users directly through the API).

  6. Enable IAM Access for viewing billing by following these instructions (there’s no programmatic way to do this as of 3/25/25)

  7. Create the Github Repository that will manage your AWS Organization.

    1. In your Github organization, click Create New Repository. Name it something like aws-organization

    2. Follow the steps in the AWS Organization template repository to set up your own repository.

    3. Do not merge the code to the main branch yet. You’ll need to deploy the Pulumi Bootstrap Cloudformation Stack first

  8. Deploy the Pulumi Bootstrap Cloudformation Stack

    1. Find the file within your AWS Organization repository called pulumi-bootstrap.yaml and download it.

    2. Go to the AWS Cloudformation Console, and click Create Stack.

    3. Under “Specify Template”, choose “Upload a template file”, and upload the pulumi-bootstrap.yaml file. Then click “Next”.

    4. You should now be at “Step 2: Specify Stack Details”. Enter something descriptive for the Stack Name (e.g. pulumi-bootstrap), fill in your AWS Organization ID, and the GitHub repository name you created to manage your AWS Organization. Click “Next”.

    5. You should now be at “Step 3: Configure Stack Options”. Scroll to the bottom and check “I acknowledge that AWS CloudFormation might create IAM resources with custom names.” then click “Next”.

    6. You should now be at “Step 4: Review and create”. Scroll to the bottom and click “Submit”.

    7. You should now see a Stack Info tab with the Status of “CREATE_IN_PROGRESS”. Wait for it to change to “CREATE_COMPLETE” before proceeding.

  9. Merge the code to the main branch of your Github repository (TODO: add more details on how to do this). This will trigger the initial creation of various baseline AWS accounts and resources.

  10. Create the Github Repository that will manage your Central Infrastructure (including users and permissions).

    1. In your Github organization, click Create New Repository. Use the name you provided in the questionnaire when instantiating the aws-organization code from the template (typically aws-central-infrastructure)

    2. Follow the steps in the AWS Central Infrastructure template repository to set up your own repository. (make sure to say initial deploy of IaC stack has not occurred yet)

    3. Merge the code to main to initially deploy the key portions of it.

    4. Create a new feature branch and update the questionnaire to say that IaC has been deployed.

    5. Merge the code to main to complete the initial deployment.