AttachAdminUserPolicy attaches the AdministratorAccess policy to a target user Takes a logger, an AWS client for the target account, and the target IAM user's username.

CreateAccount creates an AWS account for the specified accountName and accountEmail in the organization.

CreateEC2Instance creates ec2 instance and returns its instance ID.

CreateIAMUser creates a new IAM user in the target AWS account Takes a logger, an AWS client for the target account, and the desired IAM username.

CreateRole creates the role with the correct assume policy for BYOC for a given roleName.

CreateSecret takes in a secret name, the namespace to store the secret, and a map of string: bytearray and gives you a corev1.Secret to store.

CreateUserAccessKey creates a new IAM Access Key in AWS and returns aws.CreateAccessKeyOutput struct containing access key and secret.

DeleteRole deletes an existing role from AWS and handles the error.

DescribeEC2Instances returns the InstanceState code.

DetachPolicyFromRole detaches a given AttachedPolicy from a role.

GenerateAccountCR returns new account CR struct.

GenerateAccountCRName return a formatted Account CR name.

GetAttachedPolicies gets a list of policies attached to a role.

GetExistingRole checks to see if a given role exists in the AWS account already.

RetrieveAvailableMicroInstanceType finds the EC2 free tier instance type for a given region.

This function takes any service quotas defined in the account CR spec and builds them out in the status.

TerminateEC2Instance terminates the ec2 instance from the instanceID provided.

AccountCreating indicates an account is being created.

AccountFailed indicates account creation has failed.

AccountInitializingRegions indicates we've kicked off the process of creating and terminating instances in all supported regions.

AccountOptingInRegions indicates region enablement for supported Opt-In regions is in progress.

AccountOptInRegionEnabled indicates that supported Opt-In regions have been enabled.

AccountPending indicates an account is pending.

AccountPendingVerification indicates verification (of AWS limits and Enterprise Support) is pending.

AccountReady indicates account creation is ready.

Constants used to retrieve instance types and AMIs: AMIs we use should be executable by everyone.

MaxAccountRegionEnablement maximum number of AWS accounts allowed to enable all regions simultaneously.

number of service quota requests we are allowed to open concurrently in AWS.

MaxOptInRegionRequest maximum number of regions that AWS allows to be concurrently enabled.

T3 and T2 micro instanes are free to start.

AccountReconciler reconciles a Account object.

PolicyDocument represents JSON object of an AWS Policy Document.

StatementEntry represents JSON of a statement in a policy doc.