AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

getOrganization

Get information about the organization that the user’s account belongs to

Example Usage

List all account IDs for the organization

using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
        this.AccountIds = 
        {
            example.Apply(example => example.Accounts),
        }.Select(__item => __item?.Id).ToList();
    }

    [Output("accountIds")]
    public Output<string> AccountIds { get; set; }
}

Coming soon!

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = Output.of(OrganizationsFunctions.getOrganization());

        ctx.export("accountIds", example.apply(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
    }
}
import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in [example.accounts]])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
export const accountIds = [example.then(example => example.accounts)].map(__item => __item?.id);

Coming soon!

SNS topic that can be interacted by the organization only

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
        var snsTopic = new Aws.Sns.Topic("snsTopic", new Aws.Sns.TopicArgs
        {
        });
        var snsTopicPolicyPolicyDocument = Output.Tuple(example, snsTopic.Arn).Apply(values =>
        {
            var example = values.Item1;
            var arn = values.Item2;
            return Aws.Iam.GetPolicyDocument.Invoke(new Aws.Iam.GetPolicyDocumentInvokeArgs
            {
                Statements = 
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                    {
                        Effect = "Allow",
                        Actions = 
                        {
                            "SNS:Subscribe",
                            "SNS:Publish",
                        },
                        Conditions = 
                        {
                            new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                            {
                                Test = "StringEquals",
                                Variable = "aws:PrincipalOrgID",
                                Values = 
                                {
                                    example.Id,
                                },
                            },
                        },
                        Principals = 
                        {
                            new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                            {
                                Type = "AWS",
                                Identifiers = 
                                {
                                    "*",
                                },
                            },
                        },
                        Resources = 
                        {
                            arn,
                        },
                    },
                },
            });
        });
        var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("snsTopicPolicyTopicPolicy", new Aws.Sns.TopicPolicyArgs
        {
            Arn = snsTopic.Arn,
            Policy = snsTopicPolicyPolicyDocument.Apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.Json),
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/organizations"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/sns"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := organizations.LookupOrganization(ctx, nil, nil)
		if err != nil {
			return err
		}
		snsTopic, err := sns.NewTopic(ctx, "snsTopic", nil)
		if err != nil {
			return err
		}
		_, err = sns.NewTopicPolicy(ctx, "snsTopicPolicyTopicPolicy", &sns.TopicPolicyArgs{
			Arn: snsTopic.Arn,
			Policy: snsTopicPolicyPolicyDocument.ApplyT(func(snsTopicPolicyPolicyDocument iam.GetPolicyDocumentResult) (string, error) {
				return snsTopicPolicyPolicyDocument.Json, nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = Output.of(OrganizationsFunctions.getOrganization());

        var snsTopic = new Topic("snsTopic");

        final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(                
                    "SNS:Subscribe",
                    "SNS:Publish")
                .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                    .test("StringEquals")
                    .variable("aws:PrincipalOrgID")
                    .values(example.apply(getOrganizationResult -> getOrganizationResult.id()))
                    .build())
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("*")
                    .build())
                .resources(snsTopic.arn())
                .build())
            .build());

        var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()        
            .arn(snsTopic.arn())
            .policy(snsTopicPolicyPolicyDocument.apply(getPolicyDocumentResult -> getPolicyDocumentResult).apply(snsTopicPolicyPolicyDocument -> snsTopicPolicyPolicyDocument.apply(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("snsTopic")
sns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    actions=[
        "SNS:Subscribe",
        "SNS:Publish",
    ],
    conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
        test="StringEquals",
        variable="aws:PrincipalOrgID",
        values=[example.id],
    )],
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="AWS",
        identifiers=["*"],
    )],
    resources=[arn],
)]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy",
    arn=sns_topic.arn,
    policy=sns_topic_policy_policy_document.json)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("snsTopic", {});
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        actions: [
            "SNS:Subscribe",
            "SNS:Publish",
        ],
        conditions: [{
            test: "StringEquals",
            variable: "aws:PrincipalOrgID",
            values: [example.id],
        }],
        principals: [{
            type: "AWS",
            identifiers: ["*"],
        }],
        resources: [arn],
    }],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy", {
    arn: snsTopic.arn,
    policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.json),
});
resources:
  snsTopic:
    type: aws:sns:Topic
  snsTopicPolicyTopicPolicy:
    type: aws:sns:TopicPolicy
    properties:
      arn: ${snsTopic.arn}
      policy: ${snsTopicPolicyPolicyDocument.json}
variables:
  example:
    Fn::Invoke:
      Function: aws:organizations:getOrganization
      Arguments: {}
  snsTopicPolicyPolicyDocument:
    Fn::Invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            actions:
              - SNS:Subscribe
              - SNS:Publish
            conditions:
              - test: StringEquals
                variable: aws:PrincipalOrgID
                values:
                  - ${example.id}
            principals:
              - type: AWS
                identifiers:
                  - '*'
            resources:
              - ${snsTopic.arn}

Using getOrganization

function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>
def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResult
func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)

> Note: This function is named LookupOrganization in the Go SDK.

public static class GetOrganization 
{
    public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
}
public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: aws:organizations/getOrganization:getOrganization
  Arguments:
    # Arguments dictionary

getOrganization Result

The following output properties are available:

Accounts List<GetOrganizationAccount>

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

Arn string

ARN of the root

AwsServiceAccessPrincipals List<string>

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

EnabledPolicyTypes List<string>

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

FeatureSet string

The FeatureSet of the organization.

Id string

The provider-assigned unique ID for this managed resource.

MasterAccountArn string

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

MasterAccountEmail string

The email address that is associated with the AWS account that is designated as the master account for the organization.

MasterAccountId string

The unique identifier (ID) of the master account of an organization.

NonMasterAccounts List<GetOrganizationNonMasterAccount>

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

Roots List<GetOrganizationRoot>

List of organization roots. All elements have these attributes:

Accounts []GetOrganizationAccount

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

Arn string

ARN of the root

AwsServiceAccessPrincipals []string

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

EnabledPolicyTypes []string

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

FeatureSet string

The FeatureSet of the organization.

Id string

The provider-assigned unique ID for this managed resource.

MasterAccountArn string

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

MasterAccountEmail string

The email address that is associated with the AWS account that is designated as the master account for the organization.

MasterAccountId string

The unique identifier (ID) of the master account of an organization.

NonMasterAccounts []GetOrganizationNonMasterAccount

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

Roots []GetOrganizationRoot

List of organization roots. All elements have these attributes:

accounts List<GetOrganizationAccount>

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn String

ARN of the root

awsServiceAccessPrincipals List<String>

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabledPolicyTypes List<String>

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

featureSet String

The FeatureSet of the organization.

id String

The provider-assigned unique ID for this managed resource.

masterAccountArn String

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

masterAccountEmail String

The email address that is associated with the AWS account that is designated as the master account for the organization.

masterAccountId String

The unique identifier (ID) of the master account of an organization.

nonMasterAccounts List<GetOrganizationNonMasterAccount>

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots List<GetOrganizationRoot>

List of organization roots. All elements have these attributes:

accounts GetOrganizationAccount[]

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn string

ARN of the root

awsServiceAccessPrincipals string[]

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabledPolicyTypes string[]

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

featureSet string

The FeatureSet of the organization.

id string

The provider-assigned unique ID for this managed resource.

masterAccountArn string

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

masterAccountEmail string

The email address that is associated with the AWS account that is designated as the master account for the organization.

masterAccountId string

The unique identifier (ID) of the master account of an organization.

nonMasterAccounts GetOrganizationNonMasterAccount[]

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots GetOrganizationRoot[]

List of organization roots. All elements have these attributes:

accounts Sequence[GetOrganizationAccount]

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn str

ARN of the root

aws_service_access_principals Sequence[str]

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabled_policy_types Sequence[str]

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

feature_set str

The FeatureSet of the organization.

id str

The provider-assigned unique ID for this managed resource.

master_account_arn str

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

master_account_email str

The email address that is associated with the AWS account that is designated as the master account for the organization.

master_account_id str

The unique identifier (ID) of the master account of an organization.

non_master_accounts Sequence[GetOrganizationNonMasterAccount]

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots Sequence[GetOrganizationRoot]

List of organization roots. All elements have these attributes:

accounts List<Property Map>

List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:

arn String

ARN of the root

awsServiceAccessPrincipals List<String>

A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabledPolicyTypes List<String>

A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

featureSet String

The FeatureSet of the organization.

id String

The provider-assigned unique ID for this managed resource.

masterAccountArn String

The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.

masterAccountEmail String

The email address that is associated with the AWS account that is designated as the master account for the organization.

masterAccountId String

The unique identifier (ID) of the master account of an organization.

nonMasterAccounts List<Property Map>

List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:

roots List<Property Map>

List of organization roots. All elements have these attributes:

Supporting Types

GetOrganizationAccount

Arn string

ARN of the root

Email string

Email of the account

Id string

Identifier of the root

Name string

The name of the policy type

Status string

The status of the policy type as it relates to the associated root

Arn string

ARN of the root

Email string

Email of the account

Id string

Identifier of the root

Name string

The name of the policy type

Status string

The status of the policy type as it relates to the associated root

arn String

ARN of the root

email String

Email of the account

id String

Identifier of the root

name String

The name of the policy type

status String

The status of the policy type as it relates to the associated root

arn string

ARN of the root

email string

Email of the account

id string

Identifier of the root

name string

The name of the policy type

status string

The status of the policy type as it relates to the associated root

arn str

ARN of the root

email str

Email of the account

id str

Identifier of the root

name str

The name of the policy type

status str

The status of the policy type as it relates to the associated root

arn String

ARN of the root

email String

Email of the account

id String

Identifier of the root

name String

The name of the policy type

status String

The status of the policy type as it relates to the associated root

GetOrganizationNonMasterAccount

Arn string

ARN of the root

Email string

Email of the account

Id string

Identifier of the root

Name string

The name of the policy type

Status string

The status of the policy type as it relates to the associated root

Arn string

ARN of the root

Email string

Email of the account

Id string

Identifier of the root

Name string

The name of the policy type

Status string

The status of the policy type as it relates to the associated root

arn String

ARN of the root

email String

Email of the account

id String

Identifier of the root

name String

The name of the policy type

status String

The status of the policy type as it relates to the associated root

arn string

ARN of the root

email string

Email of the account

id string

Identifier of the root

name string

The name of the policy type

status string

The status of the policy type as it relates to the associated root

arn str

ARN of the root

email str

Email of the account

id str

Identifier of the root

name str

The name of the policy type

status str

The status of the policy type as it relates to the associated root

arn String

ARN of the root

email String

Email of the account

id String

Identifier of the root

name String

The name of the policy type

status String

The status of the policy type as it relates to the associated root

GetOrganizationRoot

Arn string

ARN of the root

Id string

Identifier of the root

Name string

The name of the policy type

PolicyTypes List<GetOrganizationRootPolicyType>

List of policy types enabled for this root. All elements have these attributes:

Arn string

ARN of the root

Id string

Identifier of the root

Name string

The name of the policy type

PolicyTypes []GetOrganizationRootPolicyType

List of policy types enabled for this root. All elements have these attributes:

arn String

ARN of the root

id String

Identifier of the root

name String

The name of the policy type

policyTypes List<GetOrganizationRootPolicyType>

List of policy types enabled for this root. All elements have these attributes:

arn string

ARN of the root

id string

Identifier of the root

name string

The name of the policy type

policyTypes GetOrganizationRootPolicyType[]

List of policy types enabled for this root. All elements have these attributes:

arn str

ARN of the root

id str

Identifier of the root

name str

The name of the policy type

policy_types Sequence[GetOrganizationRootPolicyType]

List of policy types enabled for this root. All elements have these attributes:

arn String

ARN of the root

id String

Identifier of the root

name String

The name of the policy type

policyTypes List<Property Map>

List of policy types enabled for this root. All elements have these attributes:

GetOrganizationRootPolicyType

Status string

The status of the policy type as it relates to the associated root

Type string
Status string

The status of the policy type as it relates to the associated root

Type string
status String

The status of the policy type as it relates to the associated root

type String
status string

The status of the policy type as it relates to the associated root

type string
status str

The status of the policy type as it relates to the associated root

type str
status String

The status of the policy type as it relates to the associated root

type String

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.