Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Enable All AWS Organization Features” for AWS using AWS console, follow these steps:
- Log in to your AWS Management Console.
- Navigate to the AWS Organizations service.
- Click on the “Settings” tab in the left navigation menu.
- Scroll down to the “Feature Configuration” section.
- Click on the “Enable All Features” button.
- Review the features that will be enabled and click “Confirm”.
- Wait for the process to complete.
Using CLI
Using CLI
To enable all AWS Organization features, you can follow these steps using AWS CLI:This should return a JSON object that includes information about your organization, including the status of all enabled features.
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to enable all AWS Organization features:
- If you receive an error message that says “You don’t have permissions to enable all features,” you need to ensure that you have the necessary permissions to perform this action. You can check your permissions by running the following command:
- If you do not have the necessary permissions, you can add them by creating a new policy. For example, you can create a new policy called “EnableAllOrgFeatures” with the following permissions:
- Once you have the necessary permissions, you can run the command again to enable all AWS Organization features:
- Wait for a few minutes for the changes to take effect.
- Verify that all AWS Organization features are enabled by running the following command:
Using Python
Using Python
To enable all AWS Organization features, you can use the AWS Organizations API in Python. Here are the steps to remediate this misconfiguration:
- First, you need to install the
boto3library in Python. You can install it using the following command:
-
Next, you need to set up your AWS credentials in your Python environment. You can do this by creating a new profile in your
~/.aws/credentialsfile or by setting theAWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYenvironment variables. - Once you have set up your credentials, you can use the following Python code to enable all AWS Organization features:
- Finally, you can run the Python script to enable all AWS Organization features. Once the script has completed, all features will be enabled for your AWS Organization.