---
|
- when: rootid is not defined
|
block:
|
- name: Get the Root OU id
|
command: >-
|
aws --profile {{ aws_master_profile }}
|
organizations list-roots
|
--query 'Roots[0].[Id]'
|
--output text
|
register: _getrootid
|
changed_when: false
|
|
- set_fact:
|
rootid: "{{ _getrootid.stdout }}"
|
|
|
- name: Get Destination OU id
|
command: >-
|
aws --profile {{ aws_master_profile }}
|
organizations list-organizational-units-for-parent
|
--parent-id {{ rootid }}
|
--query 'OrganizationalUnits[?Name==`'{{ account_destination_ou }}'`].[Id]'
|
--output text
|
register: _getdestouid
|
changed_when: false
|
|
- set_fact:
|
destouid: "{{ _getdestouid.stdout }}"
|
|
|
- when: accounts_in_ou is not defined
|
block:
|
- name: List the accounts in the destination OU
|
command: >-
|
aws --profile {{ aws_master_profile }}
|
organizations list-accounts-for-parent
|
--parent-id {{ destouid }}
|
--query 'Accounts[].Id'
|
--output json
|
register: _listaccounts_in_ou
|
changed_when: false
|
|
- name: Save organization OU
|
set_fact:
|
accounts_in_ou: "{{ _listaccounts_in_ou.stdout | from_json | list }}"
|
|
- when: account_id not in accounts_in_ou
|
name: Move account to destination OU
|
command: >-
|
aws --profile {{ aws_master_profile }}
|
organizations move-account
|
--account-id {{ account_id }}
|
--source-parent-id {{ rootid }}
|
--destination-parent-id {{ destouid }}
|
