Substrate 2021.08 added
substrate-accounts which makes it easier to programmatically enumerate all your AWS accounts. You might want to integrate Substrate into your CI/CD system, implement a monitoring function, or something else entirely. The JSON output includes account numbers, ARNs, and tags, which should be enough to parameterize almost anything you might want to do to most or all of your AWS accounts.
The rest of this page considers how to run the appropriate Substrate command against every AWS account in your organization.
The special accounts are singletons and thus don’t need to be parameterized by the output of
substrate-bootstrap-management-account substrate-bootstrap-network-account # possibly with -no-nat-gateways substrate-bootstrap-deploy-account
But admin accounts and service accounts need to be identified by quality (for admin accounts) or domain, environment, and quality (for service accounts). You can pass these parameters from the output of
substrate-accounts -format=json | jq -e -r '..Tags | select(.Domain == "admin") | "substrate-create-admin-account -quality=\(.Quality)"' | sh -e -x substrate-accounts -format=json | jq -e -r '..Tags | select(.Domain and .Domain != "admin") | "substrate-create-account -domain=\(.Domain) -environment=\(.Environment) -quality=\(.Quality)"' | sh -e -x
You can process this JSON ahead of time to e.g. generate CI/CD configuration files or at runtime to e.g. propagate a Substrate upgrade to all your AWS accounts. No matter what, it’s a small matter of programming.