Docs
PackagesTry AWS Native preview for resources not in the classic version.
aws.organizations.getOrganization
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Get information about the organization that the user’s account belongs to
Example Usage
List all account IDs for the organization
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
return new Dictionary<string, object?>
{
["accountIds"] = example.Apply(getOrganizationResult => getOrganizationResult.Accounts).Select(__item => __item.Id).ToList(),
};
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, nil, nil)
if err != nil {
return err
}
var splat0 []*string
for _, val0 := range example.Accounts {
splat0 = append(splat0, val0.Id)
}
ctx.Export("accountIds", splat0)
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
ctx.export("accountIds", example.applyValue(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
}
}
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in example.accounts])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
export const accountIds = example.then(example => example.accounts.map(__item => __item.id));
Coming soon!
SNS topic that can be interacted by the organization only
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
var snsTopic = new Aws.Sns.Topic("snsTopic");
var snsTopicPolicyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "aws:PrincipalOrgID",
Values = new[]
{
example.Apply(getOrganizationResult => getOrganizationResult.Id),
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"*",
},
},
},
Resources = new[]
{
snsTopic.Arn,
},
},
},
});
var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("snsTopicPolicyTopicPolicy", new()
{
Arn = snsTopic.Arn,
Policy = snsTopicPolicyPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, nil, nil);
if err != nil {
return err
}
snsTopic, err := sns.NewTopic(ctx, "snsTopic", nil)
if err != nil {
return err
}
snsTopicPolicyPolicyDocument := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Actions: []string{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "aws:PrincipalOrgID",
Values: interface{}{
example.Id,
},
},
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"*",
},
},
},
Resources: interface{}{
arn,
},
},
},
}, nil), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = sns.NewTopicPolicy(ctx, "snsTopicPolicyTopicPolicy", &sns.TopicPolicyArgs{
Arn: snsTopic.Arn,
Policy: snsTopicPolicyPolicyDocument.ApplyT(func(snsTopicPolicyPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {
return &snsTopicPolicyPolicyDocument.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sns.TopicPolicy;
import com.pulumi.aws.sns.TopicPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
var snsTopic = new Topic("snsTopic");
final var snsTopicPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"SNS:Subscribe",
"SNS:Publish")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:PrincipalOrgID")
.values(example.applyValue(getOrganizationResult -> getOrganizationResult.id()))
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("*")
.build())
.resources(snsTopic.arn())
.build())
.build());
var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()
.arn(snsTopic.arn())
.policy(snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(snsTopicPolicyPolicyDocument -> snsTopicPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("snsTopic")
sns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"SNS:Subscribe",
"SNS:Publish",
],
conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="aws:PrincipalOrgID",
values=[example.id],
)],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=["*"],
)],
resources=[arn],
)]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy",
arn=sns_topic.arn,
policy=sns_topic_policy_policy_document.json)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("snsTopic", {});
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: [
"SNS:Subscribe",
"SNS:Publish",
],
conditions: [{
test: "StringEquals",
variable: "aws:PrincipalOrgID",
values: [example.id],
}],
principals: [{
type: "AWS",
identifiers: ["*"],
}],
resources: [arn],
}],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy", {
arn: snsTopic.arn,
policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.json),
});
resources:
snsTopic:
type: aws:sns:Topic
snsTopicPolicyTopicPolicy:
type: aws:sns:TopicPolicy
properties:
arn: ${snsTopic.arn}
policy: ${snsTopicPolicyPolicyDocument.json}
variables:
example:
fn::invoke:
Function: aws:organizations:getOrganization
Arguments: {}
snsTopicPolicyPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- SNS:Subscribe
- SNS:Publish
conditions:
- test: StringEquals
variable: aws:PrincipalOrgID
values:
- ${example.id}
principals:
- type: AWS
identifiers:
- '*'
resources:
- ${snsTopic.arn}
Using getOrganization
function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResultfunc LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)> Note: This function is named LookupOrganization in the Go SDK.
public static class GetOrganization
{
public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
}public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws:organizations/getOrganization:getOrganization
arguments:
# arguments dictionarygetOrganization Result
The following output properties are available:
- Accounts
List<Get
Organization Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service List<string>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy List<string>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId Unique identifier (ID) of the master account of an organization.
- Non
Master List<GetAccounts Organization Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
List<Get
Organization Root> List of organization roots. All elements have these attributes:
- Accounts
[]Get
Organization Account List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service []stringAccess Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy []stringTypes A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId Unique identifier (ID) of the master account of an organization.
- Non
Master []GetAccounts Organization Non Master Account List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
[]Get
Organization Root List of organization roots. All elements have these attributes:
- accounts
List<Get
Organization Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy List<String>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set String FeatureSet of the organization.
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId Unique identifier (ID) of the master account of an organization.
- non
Master List<GetAccounts Organization Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
List<Get
Organization Root> List of organization roots. All elements have these attributes:
- accounts
Get
Organization Account[] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn string
ARN of the root
- aws
Service string[]Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy string[]Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set string FeatureSet of the organization.
- id string
The provider-assigned unique ID for this managed resource.
- master
Account stringArn ARN of the account that is designated as the master account for the organization.
- master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account stringId Unique identifier (ID) of the master account of an organization.
- non
Master GetAccounts Organization Non Master Account[] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
Get
Organization Root[] List of organization roots. All elements have these attributes:
- accounts
Sequence[Get
Organization Account] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn str
ARN of the root
- aws_
service_ Sequence[str]access_ principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled_
policy_ Sequence[str]types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature_
set str FeatureSet of the organization.
- id str
The provider-assigned unique ID for this managed resource.
- master_
account_ strarn ARN of the account that is designated as the master account for the organization.
- master_
account_ stremail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master_
account_ strid Unique identifier (ID) of the master account of an organization.
- non_
master_ Sequence[Getaccounts Organization Non Master Account] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
Sequence[Get
Organization Root] List of organization roots. All elements have these attributes:
- accounts List<Property Map>
List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy List<String>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set String FeatureSet of the organization.
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId Unique identifier (ID) of the master account of an organization.
- non
Master List<Property Map>Accounts List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots List<Property Map>
List of organization roots. All elements have these attributes:
Supporting Types
GetOrganizationAccount
GetOrganizationNonMasterAccount
GetOrganizationRoot
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types List<GetOrganization Root Policy Type> List of policy types enabled for this root. All elements have these attributes:
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types []GetOrganization Root Policy Type List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<GetOrganization Root Policy Type> List of policy types enabled for this root. All elements have these attributes:
- arn string
ARN of the root
- id string
Identifier of the root
- name string
The name of the policy type
- policy
Types GetOrganization Root Policy Type[] List of policy types enabled for this root. All elements have these attributes:
- arn str
ARN of the root
- id str
Identifier of the root
- name str
The name of the policy type
- policy_
types Sequence[GetOrganization Root Policy Type] List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<Property Map> List of policy types enabled for this root. All elements have these attributes:
GetOrganizationRootPolicyType
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.