← All packages

AWS Classic

Pulumi Official

Package maintained by Pulumi

v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

Source code

getOrganization

Get information about the organization that the user’s account belongs to

Example Usage

List all account IDs for the organization

using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
        this.AccountIds = 
        {
            example.Apply(example => example.Accounts),
        }.Select(__item => __item?.Id).ToList();
    }

    [Output("accountIds")]
    public Output<string> AccountIds { get; set; }
}

Coming soon!

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = Output.of(OrganizationsFunctions.getOrganization());

        ctx.export("accountIds", example.apply(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
    }
}

import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in [example.accounts]])

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
export const accountIds = [example.then(example => example.accounts)].map(__item => __item?.id);

Coming soon!

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
        var snsTopic = new Aws.Sns.Topic("snsTopic", new Aws.Sns.TopicArgs
        {
        });
        var snsTopicPolicyPolicyDocument = Output.Tuple(example, snsTopic.Arn).Apply(values =>
        {
            var example = values.Item1;
            var arn = values.Item2;
            return Aws.Iam.GetPolicyDocument.Invoke(new Aws.Iam.GetPolicyDocumentInvokeArgs
            {
                Statements = 
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                    {
                        Effect = "Allow",
                        Actions = 
                        {
                            "SNS:Subscribe",
                            "SNS:Publish",
                        },
                        Conditions = 
                        {
                            new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                            {
                                Test = "StringEquals",
                                Variable = "aws:PrincipalOrgID",
                                Values = 
                                {
                                    example.Id,
                                },
                            },
                        },
                        Principals = 
                        {
                            new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                            {
                                Type = "AWS",
                                Identifiers = 
                                {
                                    "*",
                                },
                            },
                        },
                        Resources = 
                        {
                            arn,
                        },
                    },
                },
            });
        });
        var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("snsTopicPolicyTopicPolicy", new Aws.Sns.TopicPolicyArgs
        {
            Arn = snsTopic.Arn,
            Policy = snsTopicPolicyPolicyDocument.Apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.Json),
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/organizations"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/sns"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := organizations.LookupOrganization(ctx, nil, nil)
		if err != nil {
			return err
		}
		snsTopic, err := sns.NewTopic(ctx, "snsTopic", nil)
		if err != nil {
			return err
		}
		_, err = sns.NewTopicPolicy(ctx, "snsTopicPolicyTopicPolicy", &sns.TopicPolicyArgs{
			Arn: snsTopic.Arn,
			Policy: snsTopicPolicyPolicyDocument.ApplyT(func(snsTopicPolicyPolicyDocument iam.GetPolicyDocumentResult) (string, error) {
				return snsTopicPolicyPolicyDocument.Json, nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = Output.of(OrganizationsFunctions.getOrganization());

        var snsTopic = new Topic("snsTopic");

        final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(                
                    "SNS:Subscribe",
                    "SNS:Publish")
                .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                    .test("StringEquals")
                    .variable("aws:PrincipalOrgID")
                    .values(example.apply(getOrganizationResult -> getOrganizationResult.id()))
                    .build())
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("*")
                    .build())
                .resources(snsTopic.arn())
                .build())
            .build());

        var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()        
            .arn(snsTopic.arn())
            .policy(snsTopicPolicyPolicyDocument.apply(getPolicyDocumentResult -> getPolicyDocumentResult).apply(snsTopicPolicyPolicyDocument -> snsTopicPolicyPolicyDocument.apply(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("snsTopic")
sns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    actions=[
        "SNS:Subscribe",
        "SNS:Publish",
    ],
    conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
        test="StringEquals",
        variable="aws:PrincipalOrgID",
        values=[example.id],
    )],
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="AWS",
        identifiers=["*"],
    )],
    resources=[arn],
)]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy",
    arn=sns_topic.arn,
    policy=sns_topic_policy_policy_document.json)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("snsTopic", {});
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        actions: [
            "SNS:Subscribe",
            "SNS:Publish",
        ],
        conditions: [{
            test: "StringEquals",
            variable: "aws:PrincipalOrgID",
            values: [example.id],
        }],
        principals: [{
            type: "AWS",
            identifiers: ["*"],
        }],
        resources: [arn],
    }],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy", {
    arn: snsTopic.arn,
    policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.json),
});

resources:
  snsTopic:
    type: aws:sns:Topic
  snsTopicPolicyTopicPolicy:
    type: aws:sns:TopicPolicy
    properties:
      arn: ${snsTopic.arn}
      policy: ${snsTopicPolicyPolicyDocument.json}
variables:
  example:
    Fn::Invoke:
      Function: aws:organizations:getOrganization
      Arguments: {}
  snsTopicPolicyPolicyDocument:
    Fn::Invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            actions:
              - SNS:Subscribe
              - SNS:Publish
            conditions:
              - test: StringEquals
                variable: aws:PrincipalOrgID
                values:
                  - ${example.id}
            principals:
              - type: AWS
                identifiers:
                  - '*'
            resources:
              - ${snsTopic.arn}

Using getOrganization

function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>

def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResult

func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)

> Note: This function is named LookupOrganization in the Go SDK.

public static class GetOrganization 
{
    public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
}

public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
// Output-based functions aren't available in Java yet

Fn::Invoke:
  Function: aws:organizations/getOrganization:getOrganization
  Arguments:
    # Arguments dictionary

getOrganization Result

The following output properties are available:

Accounts List<GetOrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root
AwsServiceAccessPrincipals List<string>: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
EnabledPolicyTypes List<string>: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
FeatureSet string: The FeatureSet of the organization.
Id string: The provider-assigned unique ID for this managed resource.
MasterAccountArn string: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
MasterAccountEmail string: The email address that is associated with the AWS account that is designated as the master account for the organization.
MasterAccountId string: The unique identifier (ID) of the master account of an organization.
NonMasterAccounts List<GetOrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots List<GetOrganizationRoot>: List of organization roots. All elements have these attributes:

Accounts []GetOrganizationAccount: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root
AwsServiceAccessPrincipals []string: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
EnabledPolicyTypes []string: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
FeatureSet string: The FeatureSet of the organization.
Id string: The provider-assigned unique ID for this managed resource.
MasterAccountArn string: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
MasterAccountEmail string: The email address that is associated with the AWS account that is designated as the master account for the organization.
MasterAccountId string: The unique identifier (ID) of the master account of an organization.
NonMasterAccounts []GetOrganizationNonMasterAccount: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots []GetOrganizationRoot: List of organization roots. All elements have these attributes:

accounts List<GetOrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root
awsServiceAccessPrincipals List<String>: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes List<String>: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet String: The FeatureSet of the organization.
id String: The provider-assigned unique ID for this managed resource.
masterAccountArn String: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
masterAccountEmail String: The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId String: The unique identifier (ID) of the master account of an organization.
nonMasterAccounts List<GetOrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<GetOrganizationRoot>: List of organization roots. All elements have these attributes:

accounts GetOrganizationAccount[]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn string: ARN of the root
awsServiceAccessPrincipals string[]: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes string[]: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet string: The FeatureSet of the organization.
id string: The provider-assigned unique ID for this managed resource.
masterAccountArn string: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
masterAccountEmail string: The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId string: The unique identifier (ID) of the master account of an organization.
nonMasterAccounts GetOrganizationNonMasterAccount[]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots GetOrganizationRoot[]: List of organization roots. All elements have these attributes:

accounts Sequence[GetOrganizationAccount]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn str: ARN of the root
aws_service_access_principals Sequence[str]: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabled_policy_types Sequence[str]: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
feature_set str: The FeatureSet of the organization.
id str: The provider-assigned unique ID for this managed resource.
master_account_arn str: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
master_account_email str: The email address that is associated with the AWS account that is designated as the master account for the organization.
master_account_id str: The unique identifier (ID) of the master account of an organization.
non_master_accounts Sequence[GetOrganizationNonMasterAccount]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots Sequence[GetOrganizationRoot]: List of organization roots. All elements have these attributes:

accounts List<Property Map>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root
awsServiceAccessPrincipals List<String>: A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes List<String>: A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet String: The FeatureSet of the organization.
id String: The provider-assigned unique ID for this managed resource.
masterAccountArn String: The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
masterAccountEmail String: The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId String: The unique identifier (ID) of the master account of an organization.
nonMasterAccounts List<Property Map>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<Property Map>: List of organization roots. All elements have these attributes:

Supporting Types

GetOrganizationAccount

Arn string: ARN of the root
Email string: Email of the account
Id string: Identifier of the root
Name string: The name of the policy type
Status string: The status of the policy type as it relates to the associated root

Arn string: ARN of the root
Email string: Email of the account
Id string: Identifier of the root
Name string: The name of the policy type
Status string: The status of the policy type as it relates to the associated root

arn String: ARN of the root
email String: Email of the account
id String: Identifier of the root
name String: The name of the policy type
status String: The status of the policy type as it relates to the associated root

arn string: ARN of the root
email string: Email of the account
id string: Identifier of the root
name string: The name of the policy type
status string: The status of the policy type as it relates to the associated root

arn str: ARN of the root
email str: Email of the account
id str: Identifier of the root
name str: The name of the policy type
status str: The status of the policy type as it relates to the associated root

arn String: ARN of the root
email String: Email of the account
id String: Identifier of the root
name String: The name of the policy type
status String: The status of the policy type as it relates to the associated root

GetOrganizationNonMasterAccount

Arn string: ARN of the root
Email string: Email of the account
Id string: Identifier of the root
Name string: The name of the policy type
Status string: The status of the policy type as it relates to the associated root

Arn string: ARN of the root
Email string: Email of the account
Id string: Identifier of the root
Name string: The name of the policy type
Status string: The status of the policy type as it relates to the associated root

arn String: ARN of the root
email String: Email of the account
id String: Identifier of the root
name String: The name of the policy type
status String: The status of the policy type as it relates to the associated root

arn string: ARN of the root
email string: Email of the account
id string: Identifier of the root
name string: The name of the policy type
status string: The status of the policy type as it relates to the associated root

arn str: ARN of the root
email str: Email of the account
id str: Identifier of the root
name str: The name of the policy type
status str: The status of the policy type as it relates to the associated root

arn String: ARN of the root
email String: Email of the account
id String: Identifier of the root
name String: The name of the policy type
status String: The status of the policy type as it relates to the associated root

GetOrganizationRoot

Arn string: ARN of the root
Id string: Identifier of the root
Name string: The name of the policy type
PolicyTypes List<GetOrganizationRootPolicyType>: List of policy types enabled for this root. All elements have these attributes:

Arn string: ARN of the root
Id string: Identifier of the root
Name string: The name of the policy type
PolicyTypes []GetOrganizationRootPolicyType: List of policy types enabled for this root. All elements have these attributes:

arn String: ARN of the root
id String: Identifier of the root
name String: The name of the policy type
policyTypes List<GetOrganizationRootPolicyType>: List of policy types enabled for this root. All elements have these attributes:

arn string: ARN of the root
id string: Identifier of the root
name string: The name of the policy type
policyTypes GetOrganizationRootPolicyType[]: List of policy types enabled for this root. All elements have these attributes:

arn str: ARN of the root
id str: Identifier of the root
name str: The name of the policy type
policy_types Sequence[GetOrganizationRootPolicyType]: List of policy types enabled for this root. All elements have these attributes:

arn String: ARN of the root
id String: Identifier of the root
name String: The name of the policy type
policyTypes List<Property Map>: List of policy types enabled for this root. All elements have these attributes:

GetOrganizationRootPolicyType

Status string: The status of the policy type as it relates to the associated root
Type string

Status string: The status of the policy type as it relates to the associated root
Type string

status String: The status of the policy type as it relates to the associated root
type String

status string: The status of the policy type as it relates to the associated root
type string

status str: The status of the policy type as it relates to the associated root
type str

status String: The status of the policy type as it relates to the associated root
type String

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.