#!/usr/bin/env python3


import boto3

# Create a session using your AWS credentials
session = boto3.Session()

# Create an AWS client for organizations
client = session.client("organizations")

# Get the current AWS organization ID
org_id = client.describe_organization()["Organization"]["Id"]

# List all SCPs in the organization
scps = client.list_policies(Filter="SERVICE_CONTROL_POLICY")["Policies"]

# For each SCP, list the OUs it is attached to and the policy content
for scp in scps:
    scp_id = scp["Id"]
    print(f"SCP ID: {scp_id}")

    # Get and print the policy content and description
    policy = client.describe_policy(PolicyId=scp_id)["Policy"]
    policy_content = policy["Content"]
    policy_description = policy["PolicySummary"]["Description"]

    print(f"Policy Name: {policy['PolicySummary']['Name']}")
    print(f"Policy Content: {policy_content}")
    print(f"Policy Description: {policy_description}")

    print("Attached OUs:")

    # List all roots in the organization
    roots = client.list_roots()["Roots"]

    # For each root, list the OUs
    for root in roots:
        root_id = root["Id"]
        ous = client.list_organizational_units_for_parent(ParentId=root_id)[
            "OrganizationalUnits"
        ]

        # For each OU, check if the SCP is attached and print the OU description
        for ou in ous:
            ou_id = ou["Id"]
            attached_scps = client.list_policies_for_target(
                TargetId=ou_id, Filter="SERVICE_CONTROL_POLICY"
            )["Policies"]

            for attached_scp in attached_scps:
                if attached_scp["Id"] == scp_id:
                    ou_description = ou["Name"]
                    print(f"OU ID: {ou_id} Description: {ou_description} ")

    print("------\n")