Automate AWS Enterprise Support Activation for Member Accounts
Why do we need automation?
Member accounts added to AWS Organizations after subscribing to Enterprise Support are not enrolled in Enterprise Support.
To register a new member account with Enterprise Support, you must open a support case in the management account.
Example
This example is a simple workflow that executes case creation, close confirmation, and notification with AWS Step Functions.
Input
You can use Amazon EventBrige to trigger the CreateAccount event in AWS Organizations or the CreateManagedAccount event in AWS Control Tower to launch the state machine.
Therefore, the input for the state machine is a single account as follows.
{
"AccountId": "<Account ID>"
}
State machine definition
The process flow is as follows. Creating cases and checking status uses AWS SDK service integrations.
In the CeateCase state, create a support case with the account ID received from the state machine startup input as the activation target
Execute the DescribeCases state based on the Case ID returned as the result of the CreateCase state task.
DescribeCases API requires passing a list of case IDs, so use the built-in function States.Array.
Since the task result is also a list, specify
$.Cases[0]
in OutputPath.
In the Choice state, check the status of support cases from the DescirbeCases output
If
resolved
, proceed to SNS Pulibsh state.Otherwise, wait for a specified time in the Wait state and execute DescribeCases again.
In the SNS Publish state, publish a message to the specified SNS Topic
{
"Comment": "A description of your state machine",
"StartAt": "CreateCase",
"States": {
"CreateCase": {
"Type": "Task",
"Parameters": {
"Subject": "Enterprise Activation Request for Linked account",
"ServiceCode": "customer-account",
"SeverityCode": "low",
"CategoryCode": "other-account-issues",
"CommunicationBody.$": "States.Format('Please enable Enterprise support for following account ID:\n{}\n', $.AccountId)",
"Language": "en",
"IssueType": "customer-service"
},
"Resource": "arn:aws:states:::aws-sdk:support:createCase",
"Next": "DescribeCases"
},
"DescribeCases": {
"Type": "Task",
"Parameters": {
"CaseIdList.$": "States.Array($.CaseId)",
"IncludeResolvedCases": true
},
"Resource": "arn:aws:states:::aws-sdk:support:describeCases",
"Next": "Choice",
"OutputPath": "$.Cases[0]"
},
"Choice": {
"Type": "Choice",
"Choices": [
{
"Variable": "$.Status",
"StringEquals": "resolved",
"Next": "SNS Publish"
}
],
"Default": "Wait"
},
"SNS Publish": {
"Type": "Task",
"Resource": "arn:aws:states:::sns:publish",
"Parameters": {
"Message.$": "$",
"TopicArn": "arn:aws:sns:us-east-1:123456789012:your-sns-topic"
},
"End": true
},
"Wait": {
"Type": "Wait",
"Seconds": 30,
"Next": "DescribeCases"
}
}
}
On Workflow Studio, it is displayed as follows.
Execution example
I hope this will be of help to someone else.