Module organizations

organizations

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.
class pulumi_aws.organizations.Account(resource_name, opts=None, email=None, iam_user_access_to_billing=None, name=None, parent_id=None, role_name=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization’s master account.

!> WARNING: Deleting this resource will only remove an AWS account from an organization. This provider will not close the account. The member account must be prepared to be a standalone account beforehand. See the AWS Organizations documentation for more information.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • email (pulumi.Input[str]) – The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
  • iam_user_access_to_billing (pulumi.Input[str]) – If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
  • name (pulumi.Input[str]) – A friendly name for the member account.
  • parent_id (pulumi.Input[str]) – Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
  • role_name (pulumi.Input[str]) – The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ``ignore_changes` <https://www.terraform.io/docs/configuration/resources.html#ignore_changes>`_ is used.
  • tags (pulumi.Input[dict]) – Key-value mapping of resource tags.
arn = None

The ARN for this account.

email = None

The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

iam_user_access_to_billing = None

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.

name = None

A friendly name for the member account.

parent_id = None

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

role_name = None

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ``ignore_changes` <https://www.terraform.io/docs/configuration/resources.html#ignore_changes>`_ is used.

tags = None

Key-value mapping of resource tags.

static get(resource_name, id, opts=None, arn=None, email=None, iam_user_access_to_billing=None, joined_method=None, joined_timestamp=None, name=None, parent_id=None, role_name=None, status=None, tags=None)

Get an existing Account resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] arn: The ARN for this account. :param pulumi.Input[str] email: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. :param pulumi.Input[str] iam_user_access_to_billing: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information. :param pulumi.Input[str] name: A friendly name for the member account. :param pulumi.Input[str] parent_id: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection. :param pulumi.Input[str] role_name: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ``ignore_changes` <https://www.terraform.io/docs/configuration/resources.html#ignore_changes>`_ is used. :param pulumi.Input[dict] tags: Key-value mapping of resource tags.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.AwaitableGetOrganizationResult(accounts=None, arn=None, aws_service_access_principals=None, enabled_policy_types=None, feature_set=None, master_account_arn=None, master_account_email=None, master_account_id=None, non_master_accounts=None, roots=None, id=None)
class pulumi_aws.organizations.GetOrganizationResult(accounts=None, arn=None, aws_service_access_principals=None, enabled_policy_types=None, feature_set=None, master_account_arn=None, master_account_email=None, master_account_id=None, non_master_accounts=None, roots=None, id=None)

A collection of values returned by getOrganization.

accounts = None

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn = None

ARN of the root

aws_service_access_principals = None

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabled_policy_types = None

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

feature_set = None

The FeatureSet of the organization.

master_account_arn = None

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

master_account_email = None

The email address that is associated with the AWS account that is designated as the master account for the organization.

master_account_id = None

The unique identifier (ID) of the master account of an organization.

non_master_accounts = None

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots = None

List of organization roots. All elements have these attributes:

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.organizations.Organization(resource_name, opts=None, aws_service_access_principals=None, enabled_policy_types=None, feature_set=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to create an organization.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • aws_service_access_principals (pulumi.Input[list]) –

    List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

  • enabled_policy_types (pulumi.Input[list]) –

    List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

  • feature_set (pulumi.Input[str]) – Specify “ALL” (default) or “CONSOLIDATED_BILLING”.
accounts = None

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn = None

ARN of the root

aws_service_access_principals = None

List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabled_policy_types = None

List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

feature_set = None

Specify “ALL” (default) or “CONSOLIDATED_BILLING”.

master_account_arn = None

ARN of the master account

master_account_email = None

Email address of the master account

master_account_id = None

Identifier of the master account

non_master_accounts = None

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots = None

List of organization roots. All elements have these attributes:

static get(resource_name, id, opts=None, accounts=None, arn=None, aws_service_access_principals=None, enabled_policy_types=None, feature_set=None, master_account_arn=None, master_account_email=None, master_account_id=None, non_master_accounts=None, roots=None)

Get an existing Organization resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] accounts: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes: :param pulumi.Input[str] arn: ARN of the root :param pulumi.Input[list] aws_service_access_principals: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide. :param pulumi.Input[list] enabled_policy_types: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. :param pulumi.Input[str] feature_set: Specify “ALL” (default) or “CONSOLIDATED_BILLING”. :param pulumi.Input[str] master_account_arn: ARN of the master account :param pulumi.Input[str] master_account_email: Email address of the master account :param pulumi.Input[str] master_account_id: Identifier of the master account :param pulumi.Input[list] non_master_accounts: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes: :param pulumi.Input[list] roots: List of organization roots. All elements have these attributes:

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.OrganizationalUnit(resource_name, opts=None, name=None, parent_id=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to create an organizational unit.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • name (pulumi.Input[str]) – The name for the organizational unit
  • parent_id (pulumi.Input[str]) – ID of the parent organizational unit, which may be the root
accounts = None

List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:

arn = None

ARN of the organizational unit

name = None

The name for the organizational unit

parent_id = None

ID of the parent organizational unit, which may be the root

static get(resource_name, id, opts=None, accounts=None, arn=None, name=None, parent_id=None)

Get an existing OrganizationalUnit resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[list] accounts: List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes: :param pulumi.Input[str] arn: ARN of the organizational unit :param pulumi.Input[str] name: The name for the organizational unit :param pulumi.Input[str] parent_id: ID of the parent organizational unit, which may be the root

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.Policy(resource_name, opts=None, content=None, description=None, name=None, type=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to manage an AWS Organizations policy.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • content (pulumi.Input[str]) – The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.
  • description (pulumi.Input[str]) – A description to assign to the policy.
  • name (pulumi.Input[str]) – The friendly name to assign to the policy.
  • type (pulumi.Input[str]) – The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).
arn = None

Amazon Resource Name (ARN) of the policy.

content = None

The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.

description = None

A description to assign to the policy.

name = None

The friendly name to assign to the policy.

type = None

The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).

static get(resource_name, id, opts=None, arn=None, content=None, description=None, name=None, type=None)

Get an existing Policy resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] arn: Amazon Resource Name (ARN) of the policy. :param pulumi.Input[str] content: The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation. :param pulumi.Input[str] description: A description to assign to the policy. :param pulumi.Input[str] name: The friendly name to assign to the policy. :param pulumi.Input[str] type: The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.PolicyAttachment(resource_name, opts=None, policy_id=None, target_id=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • policy_id (pulumi.Input[str]) – The unique identifier (ID) of the policy that you want to attach to the target.
  • target_id (pulumi.Input[str]) – The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.
policy_id = None

The unique identifier (ID) of the policy that you want to attach to the target.

target_id = None

The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

static get(resource_name, id, opts=None, policy_id=None, target_id=None)

Get an existing PolicyAttachment resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] policy_id: The unique identifier (ID) of the policy that you want to attach to the target. :param pulumi.Input[str] target_id: The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_aws.organizations.get_organization(opts=None)

Get information about the organization that the user’s account belongs to