AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi
aws.organizations.getOrganization
Get information about the organization that the users account belongs to.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
export const accountIds = example.then(example => example.accounts.map(__item => __item.id));
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in example.accounts])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
ctx.Export("accountIds", pulumi.StringArray(%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:3,11-33)))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
return new Dictionary<string, object?>
{
["accountIds"] = example.Apply(getOrganizationResult => getOrganizationResult.Accounts).Select(__item => __item.Id).ToList(),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
ctx.export("accountIds", example.accounts().stream().map(element -> element.id()).collect(toList()));
}
}
Example coming soon!
Limit SNS Topic Access to an Organization
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("sns_topic", {name: "my-sns-topic"});
const snsTopicPolicy = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: [
"SNS:Subscribe",
"SNS:Publish",
],
conditions: [{
test: "StringEquals",
variable: "aws:PrincipalOrgID",
values: [example.id],
}],
principals: [{
type: "AWS",
identifiers: ["*"],
}],
resources: [arn],
}],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("sns_topic_policy", {
arn: snsTopic.arn,
policy: snsTopicPolicy.apply(snsTopicPolicy => snsTopicPolicy.json),
});
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("sns_topic", name="my-sns-topic")
sns_topic_policy = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"actions": [
"SNS:Subscribe",
"SNS:Publish",
],
"conditions": [{
"test": "StringEquals",
"variable": "aws:PrincipalOrgID",
"values": [example.id],
}],
"principals": [{
"type": "AWS",
"identifiers": ["*"],
}],
"resources": [arn],
}]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("sns_topic_policy",
arn=sns_topic.arn,
policy=sns_topic_policy.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
snsTopic, err := sns.NewTopic(ctx, "sns_topic", &sns.TopicArgs{
Name: pulumi.String("my-sns-topic"),
})
if err != nil {
return err
}
snsTopicPolicy := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef(pulumi.String(pulumi.StringRef("Allow"))),
Actions: []string{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "aws:PrincipalOrgID",
Values: interface{}{
example.Id,
},
},
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"*",
},
},
},
Resources: []string{
arn,
},
},
},
}, nil)), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = sns.NewTopicPolicy(ctx, "sns_topic_policy", &sns.TopicPolicyArgs{
Arn: snsTopic.Arn,
Policy: pulumi.String(snsTopicPolicy.Json),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
var snsTopic = new Aws.Sns.Topic("sns_topic", new()
{
Name = "my-sns-topic",
});
var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "aws:PrincipalOrgID",
Values = new[]
{
example.Apply(getOrganizationResult => getOrganizationResult.Id),
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"*",
},
},
},
Resources = new[]
{
snsTopic.Arn,
},
},
},
});
var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("sns_topic_policy", new()
{
Arn = snsTopic.Arn,
Policy = snsTopicPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.sns.TopicArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sns.TopicPolicy;
import com.pulumi.aws.sns.TopicPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var snsTopic = new Topic("snsTopic", TopicArgs.builder()
.name("my-sns-topic")
.build());
final var snsTopicPolicy = snsTopic.arn().applyValue(_arn -> IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"SNS:Subscribe",
"SNS:Publish")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:PrincipalOrgID")
.values(example.id())
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("*")
.build())
.resources(_arn)
.build())
.build()));
var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()
.arn(snsTopic.arn())
.policy(snsTopicPolicy.json())
.build());
}
}
resources:
snsTopic:
type: aws:sns:Topic
name: sns_topic
properties:
name: my-sns-topic
snsTopicPolicyTopicPolicy:
type: aws:sns:TopicPolicy
name: sns_topic_policy
properties:
arn: ${snsTopic.arn}
policy: ${snsTopicPolicy.json}
variables:
example:
fn::invoke:
function: aws:organizations:getOrganization
arguments: {}
snsTopicPolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
actions:
- SNS:Subscribe
- SNS:Publish
conditions:
- test: StringEquals
variable: aws:PrincipalOrgID
values:
- ${example.id}
principals:
- type: AWS
identifiers:
- '*'
resources:
- ${snsTopic.arn}
Using getOrganization
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>
function getOrganizationOutput(opts?: InvokeOptions): Output<GetOrganizationResult>def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResult
def get_organization_output(opts: Optional[InvokeOptions] = None) -> Output[GetOrganizationResult]func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)
func LookupOrganizationOutput(ctx *Context, opts ...InvokeOption) LookupOrganizationResultOutput> Note: This function is named LookupOrganization in the Go SDK.
public static class GetOrganization
{
public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
public static Output<GetOrganizationResult> Invoke(InvokeOptions? opts = null)
}public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
public static Output<GetOrganizationResult> getOrganization(InvokeOptions options)
fn::invoke:
function: aws:organizations/getOrganization:getOrganization
arguments:
# arguments dictionarygetOrganization Result
The following output properties are available:
- Accounts
List<Get
Organization Account> - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - Arn string
- ARN of the root.
- Aws
Service List<string>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - Enabled
Policy List<string>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - Feature
Set string - FeatureSet of the organization.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId - Unique identifier (ID) of the master account of an organization.
- Master
Account stringName - Name of the master account of an organization.
- Non
Master List<GetAccounts Organization Non Master Account> - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - Roots
List<Get
Organization Root> - List of organization roots. All elements have these attributes:
- Accounts
[]Get
Organization Account - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - Arn string
- ARN of the root.
- Aws
Service []stringAccess Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - Enabled
Policy []stringTypes - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - Feature
Set string - FeatureSet of the organization.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId - Unique identifier (ID) of the master account of an organization.
- Master
Account stringName - Name of the master account of an organization.
- Non
Master []GetAccounts Organization Non Master Account - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - Roots
[]Get
Organization Root - List of organization roots. All elements have these attributes:
- accounts
List<Get
Organization Account> - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn String
- ARN of the root.
- aws
Service List<String>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy List<String>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set String - FeatureSet of the organization.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Account StringArn - ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId - Unique identifier (ID) of the master account of an organization.
- master
Account StringName - Name of the master account of an organization.
- non
Master List<GetAccounts Organization Non Master Account> - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
List<Get
Organization Root> - List of organization roots. All elements have these attributes:
- accounts
Get
Organization Account[] - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn string
- ARN of the root.
- aws
Service string[]Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy string[]Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set string - FeatureSet of the organization.
- id string
- The provider-assigned unique ID for this managed resource.
- master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account stringId - Unique identifier (ID) of the master account of an organization.
- master
Account stringName - Name of the master account of an organization.
- non
Master GetAccounts Organization Non Master Account[] - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
Get
Organization Root[] - List of organization roots. All elements have these attributes:
- accounts
Sequence[Get
Organization Account] - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn str
- ARN of the root.
- aws_
service_ Sequence[str]access_ principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled_
policy_ Sequence[str]types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature_
set str - FeatureSet of the organization.
- id str
- The provider-assigned unique ID for this managed resource.
- master_
account_ strarn - ARN of the account that is designated as the master account for the organization.
- master_
account_ stremail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master_
account_ strid - Unique identifier (ID) of the master account of an organization.
- master_
account_ strname - Name of the master account of an organization.
- non_
master_ Sequence[Getaccounts Organization Non Master Account] - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
Sequence[Get
Organization Root] - List of organization roots. All elements have these attributes:
- accounts List<Property Map>
- List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn String
- ARN of the root.
- aws
Service List<String>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy List<String>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set String - FeatureSet of the organization.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Account StringArn - ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId - Unique identifier (ID) of the master account of an organization.
- master
Account StringName - Name of the master account of an organization.
- non
Master List<Property Map>Accounts - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots List<Property Map>
- List of organization roots. All elements have these attributes:
Supporting Types
GetOrganizationAccount
- Arn string
- ARN of the root.
- Email string
- Email of the account.
- Id string
- Identifier of the root.
- Joined
Method string - Method by which the account joined the organization.
- Joined
Timestamp string - Date the account became a part of the organization.
- Name string
- Name of the policy type.
- State string
- State of the account.
- Status string
- Status of the policy type as it relates to the associated root.
- Arn string
- ARN of the root.
- Email string
- Email of the account.
- Id string
- Identifier of the root.
- Joined
Method string - Method by which the account joined the organization.
- Joined
Timestamp string - Date the account became a part of the organization.
- Name string
- Name of the policy type.
- State string
- State of the account.
- Status string
- Status of the policy type as it relates to the associated root.
- arn String
- ARN of the root.
- email String
- Email of the account.
- id String
- Identifier of the root.
- joined
Method String - Method by which the account joined the organization.
- joined
Timestamp String - Date the account became a part of the organization.
- name String
- Name of the policy type.
- state String
- State of the account.
- status String
- Status of the policy type as it relates to the associated root.
- arn string
- ARN of the root.
- email string
- Email of the account.
- id string
- Identifier of the root.
- joined
Method string - Method by which the account joined the organization.
- joined
Timestamp string - Date the account became a part of the organization.
- name string
- Name of the policy type.
- state string
- State of the account.
- status string
- Status of the policy type as it relates to the associated root.
- arn str
- ARN of the root.
- email str
- Email of the account.
- id str
- Identifier of the root.
- joined_
method str - Method by which the account joined the organization.
- joined_
timestamp str - Date the account became a part of the organization.
- name str
- Name of the policy type.
- state str
- State of the account.
- status str
- Status of the policy type as it relates to the associated root.
- arn String
- ARN of the root.
- email String
- Email of the account.
- id String
- Identifier of the root.
- joined
Method String - Method by which the account joined the organization.
- joined
Timestamp String - Date the account became a part of the organization.
- name String
- Name of the policy type.
- state String
- State of the account.
- status String
- Status of the policy type as it relates to the associated root.
GetOrganizationNonMasterAccount
- Arn string
- ARN of the root.
- Email string
- Email of the account.
- Id string
- Identifier of the root.
- Joined
Method string - Method by which the account joined the organization.
- Joined
Timestamp string - Date the account became a part of the organization.
- Name string
- Name of the policy type.
- State string
- State of the account.
- Status string
- Status of the policy type as it relates to the associated root.
- Arn string
- ARN of the root.
- Email string
- Email of the account.
- Id string
- Identifier of the root.
- Joined
Method string - Method by which the account joined the organization.
- Joined
Timestamp string - Date the account became a part of the organization.
- Name string
- Name of the policy type.
- State string
- State of the account.
- Status string
- Status of the policy type as it relates to the associated root.
- arn String
- ARN of the root.
- email String
- Email of the account.
- id String
- Identifier of the root.
- joined
Method String - Method by which the account joined the organization.
- joined
Timestamp String - Date the account became a part of the organization.
- name String
- Name of the policy type.
- state String
- State of the account.
- status String
- Status of the policy type as it relates to the associated root.
- arn string
- ARN of the root.
- email string
- Email of the account.
- id string
- Identifier of the root.
- joined
Method string - Method by which the account joined the organization.
- joined
Timestamp string - Date the account became a part of the organization.
- name string
- Name of the policy type.
- state string
- State of the account.
- status string
- Status of the policy type as it relates to the associated root.
- arn str
- ARN of the root.
- email str
- Email of the account.
- id str
- Identifier of the root.
- joined_
method str - Method by which the account joined the organization.
- joined_
timestamp str - Date the account became a part of the organization.
- name str
- Name of the policy type.
- state str
- State of the account.
- status str
- Status of the policy type as it relates to the associated root.
- arn String
- ARN of the root.
- email String
- Email of the account.
- id String
- Identifier of the root.
- joined
Method String - Method by which the account joined the organization.
- joined
Timestamp String - Date the account became a part of the organization.
- name String
- Name of the policy type.
- state String
- State of the account.
- status String
- Status of the policy type as it relates to the associated root.
GetOrganizationRoot
- Arn string
- ARN of the root.
- Id string
- Identifier of the root.
- Name string
- Name of the policy type.
- Policy
Types List<GetOrganization Root Policy Type> - List of policy types enabled for this root. All elements have these attributes:
- Arn string
- ARN of the root.
- Id string
- Identifier of the root.
- Name string
- Name of the policy type.
- Policy
Types []GetOrganization Root Policy Type - List of policy types enabled for this root. All elements have these attributes:
- arn String
- ARN of the root.
- id String
- Identifier of the root.
- name String
- Name of the policy type.
- policy
Types List<GetOrganization Root Policy Type> - List of policy types enabled for this root. All elements have these attributes:
- arn string
- ARN of the root.
- id string
- Identifier of the root.
- name string
- Name of the policy type.
- policy
Types GetOrganization Root Policy Type[] - List of policy types enabled for this root. All elements have these attributes:
- arn str
- ARN of the root.
- id str
- Identifier of the root.
- name str
- Name of the policy type.
- policy_
types Sequence[GetOrganization Root Policy Type] - List of policy types enabled for this root. All elements have these attributes:
- arn String
- ARN of the root.
- id String
- Identifier of the root.
- name String
- Name of the policy type.
- policy
Types List<Property Map> - List of policy types enabled for this root. All elements have these attributes:
GetOrganizationRootPolicyType
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
