Module organizations

@pulumi/aws > organizations

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class Account

extends CustomResource

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization’s master account.

!> WARNING: Deleting this resource will only remove an AWS account from an organization. This provider will not close the account. The member account must be prepared to be a standalone account beforehand. See the AWS Organizations documentation for more information.

Example Usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.organizations.Account("account", {
    email: "john@doe.org",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/organizations_account.html.markdown.

constructor

new Account(name: string, args: AccountArgs, opts?: pulumi.CustomResourceOptions)

Create a Account resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountState, opts?: pulumi.CustomResourceOptions): Account

Get an existing Account resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Account. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN for this account.

property email

public email: pulumi.Output<string>;

The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

property iamUserAccessToBilling

public iamUserAccessToBilling: pulumi.Output<string | undefined>;

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property joinedMethod

public joinedMethod: pulumi.Output<string>;

property joinedTimestamp

public joinedTimestamp: pulumi.Output<string>;

property name

public name: pulumi.Output<string>;

A friendly name for the member account.

property parentId

public parentId: pulumi.Output<string>;

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

property roleName

public roleName: pulumi.Output<string | undefined>;

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.

property status

public status: pulumi.Output<string>;

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value mapping of resource tags.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Organization

extends CustomResource

Provides a resource to create an organization.

Example Usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const org = new aws.organizations.Organization("org", {
    awsServiceAccessPrincipals: [
        "cloudtrail.amazonaws.com",
        "config.amazonaws.com",
    ],
    featureSet: "ALL",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/organizations_organization.html.markdown.

constructor

new Organization(name: string, args?: OrganizationArgs, opts?: pulumi.CustomResourceOptions)

Create a Organization resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationState, opts?: pulumi.CustomResourceOptions): Organization

Get an existing Organization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Organization. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accounts

public accounts: pulumi.Output<{
    arn: string;
    email: string;
    id: string;
    name: string;
}[]>;

List of organization accounts including the master account. For a list excluding the master account, see the nonMasterAccounts attribute. All elements have these attributes:

property arn

public arn: pulumi.Output<string>;

ARN of the root

property awsServiceAccessPrincipals

public awsServiceAccessPrincipals: pulumi.Output<string[] | undefined>;

List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have featureSet set to ALL. For additional information, see the AWS Organizations User Guide.

property enabledPolicyTypes

public enabledPolicyTypes: pulumi.Output<string[] | undefined>;

List of Organizations policy types to enable in the Organization Root. Organization must have featureSet set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

property featureSet

public featureSet: pulumi.Output<string | undefined>;

Specify “ALL” (default) or “CONSOLIDATED_BILLING”.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property masterAccountArn

public masterAccountArn: pulumi.Output<string>;

ARN of the master account

property masterAccountEmail

public masterAccountEmail: pulumi.Output<string>;

Email address of the master account

property masterAccountId

public masterAccountId: pulumi.Output<string>;

Identifier of the master account

property nonMasterAccounts

public nonMasterAccounts: pulumi.Output<{
    arn: string;
    email: string;
    id: string;
    name: string;
}[]>;

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

property roots

public roots: pulumi.Output<{
    arn: string;
    id: string;
    name: string;
    policyTypes: {
        status: string;
        type: string;
    }[];
}[]>;

List of organization roots. All elements have these attributes:

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class OrganizationalUnit

extends CustomResource

Provides a resource to create an organizational unit.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.organizations.OrganizationalUnit("example", {
    parentId: aws_organizations_organization_example.roots.0.id,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/organizations_organizational_unit.html.markdown.

constructor

new OrganizationalUnit(name: string, args: OrganizationalUnitArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationalUnit resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationalUnitState, opts?: pulumi.CustomResourceOptions): OrganizationalUnit

Get an existing OrganizationalUnit resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of OrganizationalUnit. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accounts

public accounts: pulumi.Output<{
    arn: string;
    email: string;
    id: string;
    name: string;
}[]>;

List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:

property arn

public arn: pulumi.Output<string>;

ARN of the organizational unit

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name for the organizational unit

property parentId

public parentId: pulumi.Output<string>;

ID of the parent organizational unit, which may be the root

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Policy

extends CustomResource

Provides a resource to manage an AWS Organizations policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.organizations.Policy("example", {
    content: `{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "*",
    "Resource": "*"
  }
}
`,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/organizations_policy.html.markdown.

constructor

new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the policy.

property content

public content: pulumi.Output<string>;

The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.

property description

public description: pulumi.Output<string | undefined>;

A description to assign to the policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The friendly name to assign to the policy.

property type

public type: pulumi.Output<string | undefined>;

The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class PolicyAttachment

extends CustomResource

Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.

Example Usage

Organization Account

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.organizations.PolicyAttachment("account", {
    policyId: aws_organizations_policy_example.id,
    targetId: "123456789012",
});

Organization Root

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const root = new aws.organizations.PolicyAttachment("root", {
    policyId: aws_organizations_policy_example.id,
    targetId: aws_organizations_organization_example.roots.0.id,
});

Organization Unit

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const unit = new aws.organizations.PolicyAttachment("unit", {
    policyId: aws_organizations_policy_example.id,
    targetId: aws_organizations_organizational_unit_example.id,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/organizations_policy_attachment.html.markdown.

constructor

new PolicyAttachment(name: string, args: PolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a PolicyAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyAttachmentState, opts?: pulumi.CustomResourceOptions): PolicyAttachment

Get an existing PolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of PolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyId

public policyId: pulumi.Output<string>;

The unique identifier (ID) of the policy that you want to attach to the target.

property targetId

public targetId: pulumi.Output<string>;

The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getOrganization

getOrganization(opts?: pulumi.InvokeOptions): Promise<GetOrganizationResult> & GetOrganizationResult

Get information about the organization that the user’s account belongs to

Example Usage

SNS topic that can be interacted by the organization only

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const snsTopic = new aws.sns.Topic("snsTopic", {});
const example = pulumi.output(aws.organizations.getOrganization({}));
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocument({
    statements: [{
        actions: [
            "SNS:Subscribe",
            "SNS:Publish",
        ],
        conditions: [{
            test: "StringEquals",
            values: [example.id],
            variable: "aws:PrincipalOrgID",
        }],
        effect: "Allow",
        principals: [{
            identifiers: ["*"],
            type: "AWS",
        }],
        resources: [arn],
    }],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("snsTopicPolicy", {
    arn: snsTopic.arn,
    policy: snsTopicPolicyPolicyDocument.json,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/organizations_organization.html.markdown.

interface AccountArgs

The set of arguments for constructing a Account resource.

property email

email: pulumi.Input<string>;

The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

property iamUserAccessToBilling

iamUserAccessToBilling?: pulumi.Input<string>;

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.

property name

name?: pulumi.Input<string>;

A friendly name for the member account.

property parentId

parentId?: pulumi.Input<string>;

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

property roleName

roleName?: pulumi.Input<string>;

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value mapping of resource tags.

interface AccountState

Input properties used for looking up and filtering Account resources.

property arn

arn?: pulumi.Input<string>;

The ARN for this account.

property email

email?: pulumi.Input<string>;

The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

property iamUserAccessToBilling

iamUserAccessToBilling?: pulumi.Input<string>;

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.

property joinedMethod

joinedMethod?: pulumi.Input<string>;

property joinedTimestamp

joinedTimestamp?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

A friendly name for the member account.

property parentId

parentId?: pulumi.Input<string>;

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

property roleName

roleName?: pulumi.Input<string>;

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.

property status

status?: pulumi.Input<string>;

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value mapping of resource tags.

interface GetOrganizationResult

A collection of values returned by getOrganization.

property accounts

accounts: {
    arn: string;
    email: string;
    id: string;
    name: string;
}[];

List of organization accounts including the master account. For a list excluding the master account, see the nonMasterAccounts attribute. All elements have these attributes:

property arn

arn: string;

ARN of the root

property awsServiceAccessPrincipals

awsServiceAccessPrincipals: string[];

A list of AWS service principal names that have integration enabled with your organization. Organization must have featureSet set to ALL. For additional information, see the AWS Organizations User Guide.

property enabledPolicyTypes

enabledPolicyTypes: string[];

A list of Organizations policy types that are enabled in the Organization Root. Organization must have featureSet set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

property featureSet

featureSet: string;

The FeatureSet of the organization.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property masterAccountArn

masterAccountArn: string;

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

property masterAccountEmail

masterAccountEmail: string;

The email address that is associated with the AWS account that is designated as the master account for the organization.

property masterAccountId

masterAccountId: string;

The unique identifier (ID) of the master account of an organization.

property nonMasterAccounts

nonMasterAccounts: {
    arn: string;
    email: string;
    id: string;
    name: string;
}[];

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

property roots

roots: {
    arn: string;
    id: string;
    name: string;
    policyTypes: {
        status: string;
        type: string;
    }[];
}[];

List of organization roots. All elements have these attributes:

interface OrganizationArgs

The set of arguments for constructing a Organization resource.

property awsServiceAccessPrincipals

awsServiceAccessPrincipals?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have featureSet set to ALL. For additional information, see the AWS Organizations User Guide.

property enabledPolicyTypes

enabledPolicyTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of Organizations policy types to enable in the Organization Root. Organization must have featureSet set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

property featureSet

featureSet?: pulumi.Input<string>;

Specify “ALL” (default) or “CONSOLIDATED_BILLING”.

interface OrganizationState

Input properties used for looking up and filtering Organization resources.

property accounts

accounts?: pulumi.Input<pulumi.Input<{
    arn: pulumi.Input<string>;
    email: pulumi.Input<string>;
    id: pulumi.Input<string>;
    name: pulumi.Input<string>;
}>[]>;

List of organization accounts including the master account. For a list excluding the master account, see the nonMasterAccounts attribute. All elements have these attributes:

property arn

arn?: pulumi.Input<string>;

ARN of the root

property awsServiceAccessPrincipals

awsServiceAccessPrincipals?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have featureSet set to ALL. For additional information, see the AWS Organizations User Guide.

property enabledPolicyTypes

enabledPolicyTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of Organizations policy types to enable in the Organization Root. Organization must have featureSet set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

property featureSet

featureSet?: pulumi.Input<string>;

Specify “ALL” (default) or “CONSOLIDATED_BILLING”.

property masterAccountArn

masterAccountArn?: pulumi.Input<string>;

ARN of the master account

property masterAccountEmail

masterAccountEmail?: pulumi.Input<string>;

Email address of the master account

property masterAccountId

masterAccountId?: pulumi.Input<string>;

Identifier of the master account

property nonMasterAccounts

nonMasterAccounts?: pulumi.Input<pulumi.Input<{
    arn: pulumi.Input<string>;
    email: pulumi.Input<string>;
    id: pulumi.Input<string>;
    name: pulumi.Input<string>;
}>[]>;

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

property roots

roots?: pulumi.Input<pulumi.Input<{
    arn: pulumi.Input<string>;
    id: pulumi.Input<string>;
    name: pulumi.Input<string>;
    policyTypes: pulumi.Input<pulumi.Input<{
        status: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
}>[]>;

List of organization roots. All elements have these attributes:

interface OrganizationalUnitArgs

The set of arguments for constructing a OrganizationalUnit resource.

property name

name?: pulumi.Input<string>;

The name for the organizational unit

property parentId

parentId: pulumi.Input<string>;

ID of the parent organizational unit, which may be the root

interface OrganizationalUnitState

Input properties used for looking up and filtering OrganizationalUnit resources.

property accounts

accounts?: pulumi.Input<pulumi.Input<{
    arn: pulumi.Input<string>;
    email: pulumi.Input<string>;
    id: pulumi.Input<string>;
    name: pulumi.Input<string>;
}>[]>;

List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:

property arn

arn?: pulumi.Input<string>;

ARN of the organizational unit

property name

name?: pulumi.Input<string>;

The name for the organizational unit

property parentId

parentId?: pulumi.Input<string>;

ID of the parent organizational unit, which may be the root

interface PolicyArgs

The set of arguments for constructing a Policy resource.

property content

content: pulumi.Input<string>;

The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.

property description

description?: pulumi.Input<string>;

A description to assign to the policy.

property name

name?: pulumi.Input<string>;

The friendly name to assign to the policy.

property type

type?: pulumi.Input<string>;

The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).

interface PolicyAttachmentArgs

The set of arguments for constructing a PolicyAttachment resource.

property policyId

policyId: pulumi.Input<string>;

The unique identifier (ID) of the policy that you want to attach to the target.

property targetId

targetId: pulumi.Input<string>;

The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

interface PolicyAttachmentState

Input properties used for looking up and filtering PolicyAttachment resources.

property policyId

policyId?: pulumi.Input<string>;

The unique identifier (ID) of the policy that you want to attach to the target.

property targetId

targetId?: pulumi.Input<string>;

The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

interface PolicyState

Input properties used for looking up and filtering Policy resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the policy.

property content

content?: pulumi.Input<string>;

The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.

property description

description?: pulumi.Input<string>;

A description to assign to the policy.

property name

name?: pulumi.Input<string>;

The friendly name to assign to the policy.

property type

type?: pulumi.Input<string>;

The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).