The LzNewDevAcct.ps1 PowerShell script is run on the Management Workstation to create a new Developer AWS Sandbox Account belonging to your AWS organization and moves this account into the DevOU Organizational Unit. The AWS Account will have a IAM Policy Group called Developers. The Developers Group will have two policies: PowerUsersAccess and IAMUserCredsPolicy. PowerUsersAccess is an AWS Management Policy. IAMUserCredsPolicy is a customer managed IAM Policy created by this script from the provided LazyStackSMF\IAMUserCredsPolicy.json file or, if available, a IAMUserCredsPolicy.json file in your LazyStackSettings folder.
This policy grants the developer those permissions typically required to publish Serverless Stacks to their Sandbox Account. If you need to provide more permissions than this policy provides you can create a local version of the file in the LazyStackSettings folder. The script looks for a local version of the file before using the one in the LazyStackSMF folder. Use the LzUpdateDevCreds.ps1 script to update the policy for an existing developer's account.
Each AWS Account needs a unique email address or alias. Have this handy before you run the script.
..\LazyStackSMF\LzNewDevAccount.ps1