aws.organizations.getOrganization
Get information about the organization that the user’s account belongs to
Example Usage
List all account IDs for the organization
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
return new Dictionary<string, object?>
{
["accountIds"] = new[]
{
example.Apply(getOrganizationResult => getOrganizationResult.Accounts),
}.Select(__item => __item?.Id).ToList(),
};
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
ctx.export("accountIds", example.applyValue(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
}
}
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in [example.accounts]])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
export const accountIds = [example.then(example => example.accounts)].map(__item => __item?.id);
Coming soon!
SNS topic that can be interacted by the organization only
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
var snsTopic = new Aws.Sns.Topic("snsTopic");
var snsTopicPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "aws:PrincipalOrgID",
Values = new[]
{
example.Apply(getOrganizationResult => getOrganizationResult.Id),
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"*",
},
},
},
Resources = new[]
{
snsTopic.Arn,
},
},
},
});
var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("snsTopicPolicyTopicPolicy", new()
{
Arn = snsTopic.Arn,
Policy = snsTopicPolicyPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sns.TopicPolicy;
import com.pulumi.aws.sns.TopicPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
var snsTopic = new Topic("snsTopic");
final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"SNS:Subscribe",
"SNS:Publish")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:PrincipalOrgID")
.values(example.applyValue(getOrganizationResult -> getOrganizationResult.id()))
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("*")
.build())
.resources(snsTopic.arn())
.build())
.build());
var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()
.arn(snsTopic.arn())
.policy(snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(snsTopicPolicyPolicyDocument -> snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("snsTopic")
sns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"SNS:Subscribe",
"SNS:Publish",
],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="aws:PrincipalOrgID",
values=[example.id],
)],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=["*"],
)],
resources=[arn],
)]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy",
arn=sns_topic.arn,
policy=sns_topic_policy_policy_document.json)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("snsTopic", {});
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: [
"SNS:Subscribe",
"SNS:Publish",
],
conditions: [{
test: "StringEquals",
variable: "aws:PrincipalOrgID",
values: [example.id],
}],
principals: [{
type: "AWS",
identifiers: ["*"],
}],
resources: [arn],
}],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy", {
arn: snsTopic.arn,
policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.json),
});
resources:
snsTopic:
type: aws:sns:Topic
snsTopicPolicyTopicPolicy:
type: aws:sns:TopicPolicy
properties:
arn: ${snsTopic.arn}
policy: ${snsTopicPolicyPolicyDocument.json}
variables:
example:
fn::invoke:
Function: aws:organizations:getOrganization
Arguments: {}
snsTopicPolicyPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- SNS:Subscribe
- SNS:Publish
conditions:
- test: StringEquals
variable: aws:PrincipalOrgID
values:
- ${example.id}
principals:
- type: AWS
identifiers:
- '*'
resources:
- ${snsTopic.arn}
Using getOrganization
function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResultfunc LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)> Note: This function is named LookupOrganization in the Go SDK.
public static class GetOrganization
{
public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
}public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws:organizations/getOrganization:getOrganization
arguments:
# arguments dictionarygetOrganization Result
The following output properties are available:
- Accounts
List<Get
Organization Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service List<string>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy List<string>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId Unique identifier (ID) of the master account of an organization.
- Non
Master List<GetAccounts Organization Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
List<Get
Organization Root> List of organization roots. All elements have these attributes:
- Accounts
[]Get
Organization Account List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service []stringAccess Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy []stringTypes A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId Unique identifier (ID) of the master account of an organization.
- Non
Master []GetAccounts Organization Non Master Account List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
[]Get
Organization Root List of organization roots. All elements have these attributes:
- accounts
List<Get
Organization Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy List<String>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set String FeatureSet of the organization.
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId Unique identifier (ID) of the master account of an organization.
- non
Master List<GetAccounts Organization Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
List<Get
Organization Root> List of organization roots. All elements have these attributes:
- accounts
Get
Organization Account[] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn string
ARN of the root
- aws
Service string[]Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy string[]Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set string FeatureSet of the organization.
- id string
The provider-assigned unique ID for this managed resource.
- master
Account stringArn ARN of the account that is designated as the master account for the organization.
- master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account stringId Unique identifier (ID) of the master account of an organization.
- non
Master GetAccounts Organization Non Master Account[] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
Get
Organization Root[] List of organization roots. All elements have these attributes:
- accounts
Sequence[Get
Organization Account] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn str
ARN of the root
- aws_
service_ Sequence[str]access_ principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled_
policy_ Sequence[str]types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature_
set str FeatureSet of the organization.
- id str
The provider-assigned unique ID for this managed resource.
- master_
account_ strarn ARN of the account that is designated as the master account for the organization.
- master_
account_ stremail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master_
account_ strid Unique identifier (ID) of the master account of an organization.
- non_
master_ Sequence[Getaccounts Organization Non Master Account] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
Sequence[Get
Organization Root] List of organization roots. All elements have these attributes:
- accounts List<Property Map>
List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy List<String>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set String FeatureSet of the organization.
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId Unique identifier (ID) of the master account of an organization.
- non
Master List<Property Map>Accounts List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots List<Property Map>
List of organization roots. All elements have these attributes:
Supporting Types
GetOrganizationAccount
GetOrganizationNonMasterAccount
GetOrganizationRoot
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types List<GetOrganization Root Policy Type> List of policy types enabled for this root. All elements have these attributes:
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types []GetOrganization Root Policy Type List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<GetOrganization Root Policy Type> List of policy types enabled for this root. All elements have these attributes:
- arn string
ARN of the root
- id string
Identifier of the root
- name string
The name of the policy type
- policy
Types GetOrganization Root Policy Type[] List of policy types enabled for this root. All elements have these attributes:
- arn str
ARN of the root
- id str
Identifier of the root
- name str
The name of the policy type
- policy_
types Sequence[GetOrganization Root Policy Type] List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<Property Map> List of policy types enabled for this root. All elements have these attributes:
GetOrganizationRootPolicyType
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.