AWS v7.10.0, Oct 24 25

AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi

aws.organizations.Organization

AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi

!> WARNING: When migrating from a feature_set of CONSOLIDATED_BILLING to ALL, the Organization account owner will received an email stating the following: “You started the process to enable all features for your AWS organization. As part of that process, all member accounts that joined your organization by invitation must approve the change. You don’t need approval from member accounts that you directly created from within your AWS organization.” After all member accounts have accepted the invitation, the Organization account owner must then finalize the changes via the AWS Console. Until these steps are performed, the provider will perpetually show a difference, and the DescribeOrganization API will continue to show the FeatureSet as CONSOLIDATED_BILLING. See the AWS Organizations documentation for more information.

!> WARNING: Warning from the AWS Docs: “We recommend that you enable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization’s accounts depends on that service. For more information, see the documentation for the other AWS service.”

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const org = new aws.organizations.Organization("org", {
    awsServiceAccessPrincipals: [
        "cloudtrail.amazonaws.com",
        "config.amazonaws.com",
    ],
    featureSet: "ALL",
});

import pulumi
import pulumi_aws as aws

org = aws.organizations.Organization("org",
    aws_service_access_principals=[
        "cloudtrail.amazonaws.com",
        "config.amazonaws.com",
    ],
    feature_set="ALL")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewOrganization(ctx, "org", &organizations.OrganizationArgs{
			AwsServiceAccessPrincipals: pulumi.StringArray{
				pulumi.String("cloudtrail.amazonaws.com"),
				pulumi.String("config.amazonaws.com"),
			},
			FeatureSet: pulumi.String("ALL"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var org = new Aws.Organizations.Organization("org", new()
    {
        AwsServiceAccessPrincipals = new[]
        {
            "cloudtrail.amazonaws.com",
            "config.amazonaws.com",
        },
        FeatureSet = "ALL",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var org = new Organization("org", OrganizationArgs.builder()
            .awsServiceAccessPrincipals(            
                "cloudtrail.amazonaws.com",
                "config.amazonaws.com")
            .featureSet("ALL")
            .build());

    }
}

resources:
  org:
    type: aws:organizations:Organization
    properties:
      awsServiceAccessPrincipals:
        - cloudtrail.amazonaws.com
        - config.amazonaws.com
      featureSet: ALL

Create Organization Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Organization(name: string, args?: OrganizationArgs, opts?: CustomResourceOptions);

@overload
def Organization(resource_name: str,
                 args: Optional[OrganizationArgs] = None,
                 opts: Optional[ResourceOptions] = None)

@overload
def Organization(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 aws_service_access_principals: Optional[Sequence[str]] = None,
                 enabled_policy_types: Optional[Sequence[str]] = None,
                 feature_set: Optional[str] = None)

func NewOrganization(ctx *Context, name string, args *OrganizationArgs, opts ...ResourceOption) (*Organization, error)

public Organization(string name, OrganizationArgs? args = null, CustomResourceOptions? opts = null)

public Organization(String name, OrganizationArgs args)
public Organization(String name, OrganizationArgs args, CustomResourceOptions options)

type: aws:organizations:Organization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var organizationResource = new Aws.Organizations.Organization("organizationResource", new()
{
    AwsServiceAccessPrincipals = new[]
    {
        "string",
    },
    EnabledPolicyTypes = new[]
    {
        "string",
    },
    FeatureSet = "string",
});

example, err := organizations.NewOrganization(ctx, "organizationResource", &organizations.OrganizationArgs{
	AwsServiceAccessPrincipals: pulumi.StringArray{
		pulumi.String("string"),
	},
	EnabledPolicyTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	FeatureSet: pulumi.String("string"),
})

var organizationResource = new Organization("organizationResource", OrganizationArgs.builder()
    .awsServiceAccessPrincipals("string")
    .enabledPolicyTypes("string")
    .featureSet("string")
    .build());

organization_resource = aws.organizations.Organization("organizationResource",
    aws_service_access_principals=["string"],
    enabled_policy_types=["string"],
    feature_set="string")

const organizationResource = new aws.organizations.Organization("organizationResource", {
    awsServiceAccessPrincipals: ["string"],
    enabledPolicyTypes: ["string"],
    featureSet: "string",
});

type: aws:organizations:Organization
properties:
    awsServiceAccessPrincipals:
        - string
    enabledPolicyTypes:
        - string
    featureSet: string

Organization Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Organization resource accepts the following input properties:

AwsServiceAccessPrincipals List<string>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
EnabledPolicyTypes List<string>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
FeatureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.

AwsServiceAccessPrincipals []string: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
EnabledPolicyTypes []string: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
FeatureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.

awsServiceAccessPrincipals List<String>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes List<String>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet String: Specify ALL (default) or CONSOLIDATED_BILLING.

awsServiceAccessPrincipals string[]: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes string[]: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.

aws_service_access_principals Sequence[str]: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabled_policy_types Sequence[str]: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
feature_set str: Specify ALL (default) or CONSOLIDATED_BILLING.

awsServiceAccessPrincipals List<String>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes List<String>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet String: Specify ALL (default) or CONSOLIDATED_BILLING.

Outputs

All input properties are implicitly available as output properties. Additionally, the Organization resource produces the following output properties:

Accounts List<OrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root.
Id string: The provider-assigned unique ID for this managed resource.
MasterAccountArn string: ARN of the master account.
MasterAccountEmail string: Email address of the master account.
MasterAccountId string: Identifier of the master account.
MasterAccountName string: Name of the master account.
NonMasterAccounts List<OrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots List<OrganizationRoot>: List of organization roots. All elements have these attributes:

Accounts []OrganizationAccount: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root.
Id string: The provider-assigned unique ID for this managed resource.
MasterAccountArn string: ARN of the master account.
MasterAccountEmail string: Email address of the master account.
MasterAccountId string: Identifier of the master account.
MasterAccountName string: Name of the master account.
NonMasterAccounts []OrganizationNonMasterAccount: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots []OrganizationRoot: List of organization roots. All elements have these attributes:

accounts List<OrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root.
id String: The provider-assigned unique ID for this managed resource.
masterAccountArn String: ARN of the master account.
masterAccountEmail String: Email address of the master account.
masterAccountId String: Identifier of the master account.
masterAccountName String: Name of the master account.
nonMasterAccounts List<OrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<OrganizationRoot>: List of organization roots. All elements have these attributes:

accounts OrganizationAccount[]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn string: ARN of the root.
id string: The provider-assigned unique ID for this managed resource.
masterAccountArn string: ARN of the master account.
masterAccountEmail string: Email address of the master account.
masterAccountId string: Identifier of the master account.
masterAccountName string: Name of the master account.
nonMasterAccounts OrganizationNonMasterAccount[]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots OrganizationRoot[]: List of organization roots. All elements have these attributes:

accounts Sequence[OrganizationAccount]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn str: ARN of the root.
id str: The provider-assigned unique ID for this managed resource.
master_account_arn str: ARN of the master account.
master_account_email str: Email address of the master account.
master_account_id str: Identifier of the master account.
master_account_name str: Name of the master account.
non_master_accounts Sequence[OrganizationNonMasterAccount]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots Sequence[OrganizationRoot]: List of organization roots. All elements have these attributes:

accounts List<Property Map>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root.
id String: The provider-assigned unique ID for this managed resource.
masterAccountArn String: ARN of the master account.
masterAccountEmail String: Email address of the master account.
masterAccountId String: Identifier of the master account.
masterAccountName String: Name of the master account.
nonMasterAccounts List<Property Map>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<Property Map>: List of organization roots. All elements have these attributes:

Look up Existing Organization Resource

Get an existing Organization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OrganizationState, opts?: CustomResourceOptions): Organization

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        accounts: Optional[Sequence[OrganizationAccountArgs]] = None,
        arn: Optional[str] = None,
        aws_service_access_principals: Optional[Sequence[str]] = None,
        enabled_policy_types: Optional[Sequence[str]] = None,
        feature_set: Optional[str] = None,
        master_account_arn: Optional[str] = None,
        master_account_email: Optional[str] = None,
        master_account_id: Optional[str] = None,
        master_account_name: Optional[str] = None,
        non_master_accounts: Optional[Sequence[OrganizationNonMasterAccountArgs]] = None,
        roots: Optional[Sequence[OrganizationRootArgs]] = None) -> Organization

func GetOrganization(ctx *Context, name string, id IDInput, state *OrganizationState, opts ...ResourceOption) (*Organization, error)

public static Organization Get(string name, Input<string> id, OrganizationState? state, CustomResourceOptions? opts = null)

public static Organization get(String name, Output<String> id, OrganizationState state, CustomResourceOptions options)

resources:  _:    type: aws:organizations:Organization    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Accounts List<OrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root.
AwsServiceAccessPrincipals List<string>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
EnabledPolicyTypes List<string>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
FeatureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.
MasterAccountArn string: ARN of the master account.
MasterAccountEmail string: Email address of the master account.
MasterAccountId string: Identifier of the master account.
MasterAccountName string: Name of the master account.
NonMasterAccounts List<OrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots List<OrganizationRoot>: List of organization roots. All elements have these attributes:

Accounts []OrganizationAccountArgs: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string: ARN of the root.
AwsServiceAccessPrincipals []string: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
EnabledPolicyTypes []string: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
FeatureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.
MasterAccountArn string: ARN of the master account.
MasterAccountEmail string: Email address of the master account.
MasterAccountId string: Identifier of the master account.
MasterAccountName string: Name of the master account.
NonMasterAccounts []OrganizationNonMasterAccountArgs: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots []OrganizationRootArgs: List of organization roots. All elements have these attributes:

accounts List<OrganizationAccount>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root.
awsServiceAccessPrincipals List<String>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes List<String>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet String: Specify ALL (default) or CONSOLIDATED_BILLING.
masterAccountArn String: ARN of the master account.
masterAccountEmail String: Email address of the master account.
masterAccountId String: Identifier of the master account.
masterAccountName String: Name of the master account.
nonMasterAccounts List<OrganizationNonMasterAccount>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<OrganizationRoot>: List of organization roots. All elements have these attributes:

accounts OrganizationAccount[]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn string: ARN of the root.
awsServiceAccessPrincipals string[]: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes string[]: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet string: Specify ALL (default) or CONSOLIDATED_BILLING.
masterAccountArn string: ARN of the master account.
masterAccountEmail string: Email address of the master account.
masterAccountId string: Identifier of the master account.
masterAccountName string: Name of the master account.
nonMasterAccounts OrganizationNonMasterAccount[]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots OrganizationRoot[]: List of organization roots. All elements have these attributes:

accounts Sequence[OrganizationAccountArgs]: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn str: ARN of the root.
aws_service_access_principals Sequence[str]: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabled_policy_types Sequence[str]: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
feature_set str: Specify ALL (default) or CONSOLIDATED_BILLING.
master_account_arn str: ARN of the master account.
master_account_email str: Email address of the master account.
master_account_id str: Identifier of the master account.
master_account_name str: Name of the master account.
non_master_accounts Sequence[OrganizationNonMasterAccountArgs]: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots Sequence[OrganizationRootArgs]: List of organization roots. All elements have these attributes:

accounts List<Property Map>: List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String: ARN of the root.
awsServiceAccessPrincipals List<String>: List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. Some services do not support enablement via this endpoint, see warning in aws docs.
enabledPolicyTypes List<String>: List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, RESOURCE_CONTROL_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.
featureSet String: Specify ALL (default) or CONSOLIDATED_BILLING.
masterAccountArn String: ARN of the master account.
masterAccountEmail String: Email address of the master account.
masterAccountId String: Identifier of the master account.
masterAccountName String: Name of the master account.
nonMasterAccounts List<Property Map>: List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<Property Map>: List of organization roots. All elements have these attributes:

Supporting Types

OrganizationAccount, OrganizationAccountArgs

Arn string: ARN of the root.
Email string: Email of the account.
Id string: Identifier of the root.
JoinedMethod string: Method by which the account joined the organization.
JoinedTimestamp string: Date the account became a part of the organization.
Name string: Name of the policy type.
State string: State of the account.
Status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

Arn string: ARN of the root.
Email string: Email of the account.
Id string: Identifier of the root.
JoinedMethod string: Method by which the account joined the organization.
JoinedTimestamp string: Date the account became a part of the organization.
Name string: Name of the policy type.
State string: State of the account.
Status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn String: ARN of the root.
email String: Email of the account.
id String: Identifier of the root.
joinedMethod String: Method by which the account joined the organization.
joinedTimestamp String: Date the account became a part of the organization.
name String: Name of the policy type.
state String: State of the account.
status String: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn string: ARN of the root.
email string: Email of the account.
id string: Identifier of the root.
joinedMethod string: Method by which the account joined the organization.
joinedTimestamp string: Date the account became a part of the organization.
name string: Name of the policy type.
state string: State of the account.
status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn str: ARN of the root.
email str: Email of the account.
id str: Identifier of the root.
joined_method str: Method by which the account joined the organization.
joined_timestamp str: Date the account became a part of the organization.
name str: Name of the policy type.
state str: State of the account.
status str: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn String: ARN of the root.
email String: Email of the account.
id String: Identifier of the root.
joinedMethod String: Method by which the account joined the organization.
joinedTimestamp String: Date the account became a part of the organization.
name String: Name of the policy type.
state String: State of the account.
status String: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

OrganizationNonMasterAccount, OrganizationNonMasterAccountArgs

Arn string: ARN of the root.
Email string: Email of the account.
Id string: Identifier of the root.
JoinedMethod string: Method by which the account joined the organization.
JoinedTimestamp string: Date the account became a part of the organization.
Name string: Name of the policy type.
State string: State of the account.
Status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

Arn string: ARN of the root.
Email string: Email of the account.
Id string: Identifier of the root.
JoinedMethod string: Method by which the account joined the organization.
JoinedTimestamp string: Date the account became a part of the organization.
Name string: Name of the policy type.
State string: State of the account.
Status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn String: ARN of the root.
email String: Email of the account.
id String: Identifier of the root.
joinedMethod String: Method by which the account joined the organization.
joinedTimestamp String: Date the account became a part of the organization.
name String: Name of the policy type.
state String: State of the account.
status String: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn string: ARN of the root.
email string: Email of the account.
id string: Identifier of the root.
joinedMethod string: Method by which the account joined the organization.
joinedTimestamp string: Date the account became a part of the organization.
name string: Name of the policy type.
state string: State of the account.
status string: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn str: ARN of the root.
email str: Email of the account.
id str: Identifier of the root.
joined_method str: Method by which the account joined the organization.
joined_timestamp str: Date the account became a part of the organization.
name str: Name of the policy type.
state str: State of the account.
status str: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

arn String: ARN of the root.
email String: Email of the account.
id String: Identifier of the root.
joinedMethod String: Method by which the account joined the organization.
joinedTimestamp String: Date the account became a part of the organization.
name String: Name of the policy type.
state String: State of the account.
status String: Status of the policy type as it relates to the associated root.
Deprecated: status is deprecated. Use state instead.

OrganizationRoot, OrganizationRootArgs

Arn string: ARN of the root.
Id string: Identifier of the root.
Name string: Name of the policy type.
PolicyTypes List<OrganizationRootPolicyType>: List of policy types enabled for this root. All elements have these attributes:

Arn string: ARN of the root.
Id string: Identifier of the root.
Name string: Name of the policy type.
PolicyTypes []OrganizationRootPolicyType: List of policy types enabled for this root. All elements have these attributes:

arn String: ARN of the root.
id String: Identifier of the root.
name String: Name of the policy type.
policyTypes List<OrganizationRootPolicyType>: List of policy types enabled for this root. All elements have these attributes:

arn string: ARN of the root.
id string: Identifier of the root.
name string: Name of the policy type.
policyTypes OrganizationRootPolicyType[]: List of policy types enabled for this root. All elements have these attributes:

arn str: ARN of the root.
id str: Identifier of the root.
name str: Name of the policy type.
policy_types Sequence[OrganizationRootPolicyType]: List of policy types enabled for this root. All elements have these attributes:

arn String: ARN of the root.
id String: Identifier of the root.
name String: Name of the policy type.
policyTypes List<Property Map>: List of policy types enabled for this root. All elements have these attributes:

OrganizationRootPolicyType, OrganizationRootPolicyTypeArgs

Status string: Status of the policy type as it relates to the associated root.
Type string

Status string: Status of the policy type as it relates to the associated root.
Type string

status String: Status of the policy type as it relates to the associated root.
type String

status string: Status of the policy type as it relates to the associated root.
type string

status str: Status of the policy type as it relates to the associated root.
type str

status String: Status of the policy type as it relates to the associated root.
type String

Import

Identity Schema

Required

id (String) ID of the AWS Organizations organization.

Optional

account_id (String) AWS Account where this resource is managed.

Using pulumi import, import the AWS organization using the id. For example:

console

% pulumi import aws_organizations_organization.example o-1234567

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi

pulumi/pulumi-aws

aws.organizations.Organization

On this page

On this page

Example Usage

Create Organization Resource

Constructor syntax

Parameters

Constructor example

Organization Resource Properties

Inputs

Outputs

Look up Existing Organization Resource

Supporting Types

OrganizationAccount, OrganizationAccountArgs

OrganizationNonMasterAccount, OrganizationNonMasterAccountArgs

OrganizationRoot, OrganizationRootArgs

OrganizationRootPolicyType, OrganizationRootPolicyTypeArgs

Import

Identity Schema

Required

Optional

Package Details

On this page

On this page