We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.51.0 published on Monday, Feb 2, 2026 by Pulumi
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.51.0 published on Monday, Feb 2, 2026 by Pulumi
Policies in AWS Organizations enable you to manage different features of the AWS accounts in your organization. You can use policies when all features are enabled in your organization.
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
content: Optional[Any] = None,
type: Optional[PolicyType] = None,
description: Optional[str] = None,
name: Optional[str] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
target_ids: Optional[Sequence[str]] = None)func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: aws-native:organizations:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Content object
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- Type
Pulumi.
Aws Native. Organizations. Policy Type - The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- Description string
- Human readable description of the policy
- Name string
- Name of the Policy
-
List<Pulumi.
Aws Native. Inputs. Tag> - A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- Target
Ids List<string> - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
- Content interface{}
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- Type
Policy
Type - The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- Description string
- Human readable description of the policy
- Name string
- Name of the Policy
-
Tag
Args - A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- Target
Ids []string - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
- content Object
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- type
Policy
Type - The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- description String
- Human readable description of the policy
- name String
- Name of the Policy
- List<Tag>
- A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- target
Ids List<String> - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
- content any
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- type
Policy
Type - The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- description string
- Human readable description of the policy
- name string
- Name of the Policy
- Tag[]
- A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- target
Ids string[] - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
- content Any
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- type
Policy
Type - The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- description str
- Human readable description of the policy
- name str
- Name of the Policy
-
Sequence[Tag
Args] - A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- target_
ids Sequence[str] - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
- content Any
The Policy text content. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it.
Search the CloudFormation User Guide for
AWS::Organizations::Policyfor more information about the expected schema for this property.- type "AISERVICES_OPT_OUT_POLICY" | "BACKUP_POLICY" | "BEDROCK_POLICY" | "CHATBOT_POLICY" | "DECLARATIVE_POLICY_EC2" | "INSPECTOR_POLICY" | "NETWORK_SECURITY_DIRECTOR_POLICY" | "RESOURCE_CONTROL_POLICY" | "S3_POLICY" | "SECURITYHUB_POLICY" | "SERVICE_CONTROL_POLICY" | "TAG_POLICY" | "UPGRADE_ROLLOUT_POLICY"
- The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, BEDROCK_POLICY, CHATBOT_POLICY, DECLARATIVE_POLICY_EC2, INSPECTOR_POLICY, NETWORK_SECURITY_DIRECTOR_POLICY, RESOURCE_CONTROL_POLICY, S3_POLICY, SECURITYHUB_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, UPGRADE_ROLLOUT_POLICY
- description String
- Human readable description of the policy
- name String
- Name of the Policy
- List<Property Map>
- A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
- target
Ids List<String> - List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Arn string
- ARN of the Policy
- Aws
Id string - Id of the Policy
- Aws
Managed bool - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- Id string
- The provider-assigned unique ID for this managed resource.
- Arn string
- ARN of the Policy
- Aws
Id string - Id of the Policy
- Aws
Managed bool - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- Id string
- The provider-assigned unique ID for this managed resource.
- arn String
- ARN of the Policy
- aws
Id String - Id of the Policy
- aws
Managed Boolean - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- id String
- The provider-assigned unique ID for this managed resource.
- arn string
- ARN of the Policy
- aws
Id string - Id of the Policy
- aws
Managed boolean - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- id string
- The provider-assigned unique ID for this managed resource.
- arn str
- ARN of the Policy
- aws_
id str - Id of the Policy
- aws_
managed bool - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- id str
- The provider-assigned unique ID for this managed resource.
- arn String
- ARN of the Policy
- aws
Id String - Id of the Policy
- aws
Managed Boolean - A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
PolicyType, PolicyTypeArgs
- Aiservices
Opt Out Policy AISERVICES_OPT_OUT_POLICY- Backup
Policy BACKUP_POLICY- Bedrock
Policy BEDROCK_POLICY- Chatbot
Policy CHATBOT_POLICY- Declarative
Policy Ec2 DECLARATIVE_POLICY_EC2- Inspector
Policy INSPECTOR_POLICY- Network
Security Director Policy NETWORK_SECURITY_DIRECTOR_POLICY- Resource
Control Policy RESOURCE_CONTROL_POLICY- S3Policy
S3_POLICY- Securityhub
Policy SECURITYHUB_POLICY- Service
Control Policy SERVICE_CONTROL_POLICY- Tag
Policy TAG_POLICY- Upgrade
Rollout Policy UPGRADE_ROLLOUT_POLICY
- Policy
Type Aiservices Opt Out Policy AISERVICES_OPT_OUT_POLICY- Policy
Type Backup Policy BACKUP_POLICY- Policy
Type Bedrock Policy BEDROCK_POLICY- Policy
Type Chatbot Policy CHATBOT_POLICY- Policy
Type Declarative Policy Ec2 DECLARATIVE_POLICY_EC2- Policy
Type Inspector Policy INSPECTOR_POLICY- Policy
Type Network Security Director Policy NETWORK_SECURITY_DIRECTOR_POLICY- Policy
Type Resource Control Policy RESOURCE_CONTROL_POLICY- Policy
Type S3Policy S3_POLICY- Policy
Type Securityhub Policy SECURITYHUB_POLICY- Policy
Type Service Control Policy SERVICE_CONTROL_POLICY- Policy
Type Tag Policy TAG_POLICY- Policy
Type Upgrade Rollout Policy UPGRADE_ROLLOUT_POLICY
- Aiservices
Opt Out Policy AISERVICES_OPT_OUT_POLICY- Backup
Policy BACKUP_POLICY- Bedrock
Policy BEDROCK_POLICY- Chatbot
Policy CHATBOT_POLICY- Declarative
Policy Ec2 DECLARATIVE_POLICY_EC2- Inspector
Policy INSPECTOR_POLICY- Network
Security Director Policy NETWORK_SECURITY_DIRECTOR_POLICY- Resource
Control Policy RESOURCE_CONTROL_POLICY- S3Policy
S3_POLICY- Securityhub
Policy SECURITYHUB_POLICY- Service
Control Policy SERVICE_CONTROL_POLICY- Tag
Policy TAG_POLICY- Upgrade
Rollout Policy UPGRADE_ROLLOUT_POLICY
- Aiservices
Opt Out Policy AISERVICES_OPT_OUT_POLICY- Backup
Policy BACKUP_POLICY- Bedrock
Policy BEDROCK_POLICY- Chatbot
Policy CHATBOT_POLICY- Declarative
Policy Ec2 DECLARATIVE_POLICY_EC2- Inspector
Policy INSPECTOR_POLICY- Network
Security Director Policy NETWORK_SECURITY_DIRECTOR_POLICY- Resource
Control Policy RESOURCE_CONTROL_POLICY- S3Policy
S3_POLICY- Securityhub
Policy SECURITYHUB_POLICY- Service
Control Policy SERVICE_CONTROL_POLICY- Tag
Policy TAG_POLICY- Upgrade
Rollout Policy UPGRADE_ROLLOUT_POLICY
- AISERVICES_OPT_OUT_POLICY
AISERVICES_OPT_OUT_POLICY- BACKUP_POLICY
BACKUP_POLICY- BEDROCK_POLICY
BEDROCK_POLICY- CHATBOT_POLICY
CHATBOT_POLICY- DECLARATIVE_POLICY_EC2
DECLARATIVE_POLICY_EC2- INSPECTOR_POLICY
INSPECTOR_POLICY- NETWORK_SECURITY_DIRECTOR_POLICY
NETWORK_SECURITY_DIRECTOR_POLICY- RESOURCE_CONTROL_POLICY
RESOURCE_CONTROL_POLICY- S3_POLICY
S3_POLICY- SECURITYHUB_POLICY
SECURITYHUB_POLICY- SERVICE_CONTROL_POLICY
SERVICE_CONTROL_POLICY- TAG_POLICY
TAG_POLICY- UPGRADE_ROLLOUT_POLICY
UPGRADE_ROLLOUT_POLICY
- "AISERVICES_OPT_OUT_POLICY"
AISERVICES_OPT_OUT_POLICY- "BACKUP_POLICY"
BACKUP_POLICY- "BEDROCK_POLICY"
BEDROCK_POLICY- "CHATBOT_POLICY"
CHATBOT_POLICY- "DECLARATIVE_POLICY_EC2"
DECLARATIVE_POLICY_EC2- "INSPECTOR_POLICY"
INSPECTOR_POLICY- "NETWORK_SECURITY_DIRECTOR_POLICY"
NETWORK_SECURITY_DIRECTOR_POLICY- "RESOURCE_CONTROL_POLICY"
RESOURCE_CONTROL_POLICY- "S3_POLICY"
S3_POLICY- "SECURITYHUB_POLICY"
SECURITYHUB_POLICY- "SERVICE_CONTROL_POLICY"
SERVICE_CONTROL_POLICY- "TAG_POLICY"
TAG_POLICY- "UPGRADE_ROLLOUT_POLICY"
UPGRADE_ROLLOUT_POLICY
Tag, TagArgs
A set of tags to apply to the resource.Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.51.0 published on Monday, Feb 2, 2026 by Pulumi
