AWS Classic v5.41.0, May 15 23
AWS Classic v5.41.0, May 15 23
aws.organizations.Organization
Explore with Pulumi AI
Provides a resource to create an organization.
!> WARNING: When migrating from a feature_set
of CONSOLIDATED_BILLING
to ALL
, the Organization account owner will received an email stating the following: “You started the process to enable all features for your AWS organization. As part of that process, all member accounts that joined your organization by invitation must approve the change. You don’t need approval from member accounts that you directly created from within your AWS organization.” After all member accounts have accepted the invitation, the Organization account owner must then finalize the changes via the AWS Console. Until these steps are performed, the provider will perpetually show a difference, and the DescribeOrganization
API will continue to show the FeatureSet
as CONSOLIDATED_BILLING
. See the AWS Organizations documentation for more information.
!> WARNING: Warning from the AWS Docs: “We recommend that you enable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization’s accounts depends on that service. For more information, see the documentation for the other AWS service.”
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var org = new Aws.Organizations.Organization("org", new()
{
AwsServiceAccessPrincipals = new[]
{
"cloudtrail.amazonaws.com",
"config.amazonaws.com",
},
FeatureSet = "ALL",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewOrganization(ctx, "org", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("cloudtrail.amazonaws.com"),
pulumi.String("config.amazonaws.com"),
},
FeatureSet: pulumi.String("ALL"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var org = new Organization("org", OrganizationArgs.builder()
.awsServiceAccessPrincipals(
"cloudtrail.amazonaws.com",
"config.amazonaws.com")
.featureSet("ALL")
.build());
}
}
import pulumi
import pulumi_aws as aws
org = aws.organizations.Organization("org",
aws_service_access_principals=[
"cloudtrail.amazonaws.com",
"config.amazonaws.com",
],
feature_set="ALL")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const org = new aws.organizations.Organization("org", {
awsServiceAccessPrincipals: [
"cloudtrail.amazonaws.com",
"config.amazonaws.com",
],
featureSet: "ALL",
});
resources:
org:
type: aws:organizations:Organization
properties:
awsServiceAccessPrincipals:
- cloudtrail.amazonaws.com
- config.amazonaws.com
featureSet: ALL
Create Organization Resource
new Organization(name: string, args?: OrganizationArgs, opts?: CustomResourceOptions);
@overload
def Organization(resource_name: str,
opts: Optional[ResourceOptions] = None,
aws_service_access_principals: Optional[Sequence[str]] = None,
enabled_policy_types: Optional[Sequence[str]] = None,
feature_set: Optional[str] = None)
@overload
def Organization(resource_name: str,
args: Optional[OrganizationArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewOrganization(ctx *Context, name string, args *OrganizationArgs, opts ...ResourceOption) (*Organization, error)
public Organization(string name, OrganizationArgs? args = null, CustomResourceOptions? opts = null)
public Organization(String name, OrganizationArgs args)
public Organization(String name, OrganizationArgs args, CustomResourceOptions options)
type: aws:organizations:Organization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Organization Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Organization resource accepts the following input properties:
- Aws
Service List<string>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- Enabled
Policy List<string>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- Feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- Aws
Service []stringAccess Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- Enabled
Policy []stringTypes List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- Feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- aws
Service List<String>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy List<String>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set String Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- aws
Service string[]Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy string[]Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- aws_
service_ Sequence[str]access_ principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled_
policy_ Sequence[str]types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature_
set str Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- aws
Service List<String>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy List<String>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set String Specify "ALL" (default) or "CONSOLIDATED_BILLING".
Outputs
All input properties are implicitly available as output properties. Additionally, the Organization resource produces the following output properties:
- Accounts
List<Organization
Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- Arn string
ARN of the root
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the master account
- Master
Account stringEmail Email address of the master account
- Master
Account stringId Identifier of the master account
- Non
Master List<OrganizationAccounts Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- Roots
List<Organization
Root> List of organization roots. All elements have these attributes:
- Accounts
[]Organization
Account List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- Arn string
ARN of the root
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn ARN of the master account
- Master
Account stringEmail Email address of the master account
- Master
Account stringId Identifier of the master account
- Non
Master []OrganizationAccounts Non Master Account List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- Roots
[]Organization
Root List of organization roots. All elements have these attributes:
- accounts
List<Organization
Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn String
ARN of the root
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the master account
- master
Account StringEmail Email address of the master account
- master
Account StringId Identifier of the master account
- non
Master List<OrganizationAccounts Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
List<Organization
Root> List of organization roots. All elements have these attributes:
- accounts
Organization
Account[] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn string
ARN of the root
- id string
The provider-assigned unique ID for this managed resource.
- master
Account stringArn ARN of the master account
- master
Account stringEmail Email address of the master account
- master
Account stringId Identifier of the master account
- non
Master OrganizationAccounts Non Master Account[] List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
Organization
Root[] List of organization roots. All elements have these attributes:
- accounts
Sequence[Organization
Account] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn str
ARN of the root
- id str
The provider-assigned unique ID for this managed resource.
- master_
account_ strarn ARN of the master account
- master_
account_ stremail Email address of the master account
- master_
account_ strid Identifier of the master account
- non_
master_ Sequence[Organizationaccounts Non Master Account] List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
Sequence[Organization
Root] List of organization roots. All elements have these attributes:
- accounts List<Property Map>
List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn String
ARN of the root
- id String
The provider-assigned unique ID for this managed resource.
- master
Account StringArn ARN of the master account
- master
Account StringEmail Email address of the master account
- master
Account StringId Identifier of the master account
- non
Master List<Property Map>Accounts List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots List<Property Map>
List of organization roots. All elements have these attributes:
Look up Existing Organization Resource
Get an existing Organization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationState, opts?: CustomResourceOptions): Organization
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
accounts: Optional[Sequence[OrganizationAccountArgs]] = None,
arn: Optional[str] = None,
aws_service_access_principals: Optional[Sequence[str]] = None,
enabled_policy_types: Optional[Sequence[str]] = None,
feature_set: Optional[str] = None,
master_account_arn: Optional[str] = None,
master_account_email: Optional[str] = None,
master_account_id: Optional[str] = None,
non_master_accounts: Optional[Sequence[OrganizationNonMasterAccountArgs]] = None,
roots: Optional[Sequence[OrganizationRootArgs]] = None) -> Organization
func GetOrganization(ctx *Context, name string, id IDInput, state *OrganizationState, opts ...ResourceOption) (*Organization, error)
public static Organization Get(string name, Input<string> id, OrganizationState? state, CustomResourceOptions? opts = null)
public static Organization get(String name, Output<String> id, OrganizationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Accounts
List<Organization
Account Args> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service List<string>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- Enabled
Policy List<string>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- Feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- Master
Account stringArn ARN of the master account
- Master
Account stringEmail Email address of the master account
- Master
Account stringId Identifier of the master account
- Non
Master List<OrganizationAccounts Non Master Account Args> List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- Roots
List<Organization
Root Args> List of organization roots. All elements have these attributes:
- Accounts
[]Organization
Account Args List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service []stringAccess Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- Enabled
Policy []stringTypes List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- Feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- Master
Account stringArn ARN of the master account
- Master
Account stringEmail Email address of the master account
- Master
Account stringId Identifier of the master account
- Non
Master []OrganizationAccounts Non Master Account Args List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- Roots
[]Organization
Root Args List of organization roots. All elements have these attributes:
- accounts
List<Organization
Account Args> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy List<String>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set String Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- master
Account StringArn ARN of the master account
- master
Account StringEmail Email address of the master account
- master
Account StringId Identifier of the master account
- non
Master List<OrganizationAccounts Non Master Account Args> List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
List<Organization
Root Args> List of organization roots. All elements have these attributes:
- accounts
Organization
Account Args[] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn string
ARN of the root
- aws
Service string[]Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy string[]Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set string Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- master
Account stringArn ARN of the master account
- master
Account stringEmail Email address of the master account
- master
Account stringId Identifier of the master account
- non
Master OrganizationAccounts Non Master Account Args[] List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
Organization
Root Args[] List of organization roots. All elements have these attributes:
- accounts
Sequence[Organization
Account Args] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn str
ARN of the root
- aws_
service_ Sequence[str]access_ principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled_
policy_ Sequence[str]types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature_
set str Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- master_
account_ strarn ARN of the master account
- master_
account_ stremail Email address of the master account
- master_
account_ strid Identifier of the master account
- non_
master_ Sequence[Organizationaccounts Non Master Account Args] List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots
Sequence[Organization
Root Args] List of organization roots. All elements have these attributes:
- accounts List<Property Map>
List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accounts
attribute. All elements have these attributes:- arn String
ARN of the root
- aws
Service List<String>Access Principals List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have
feature_set
set toALL
. Some services do not support enablement via this endpoint, see warning in aws docs.- enabled
Policy List<String>Types List of Organizations policy types to enable in the Organization Root. Organization must have
feature_set
set toALL
. For additional information about valid policy types (e.g.,AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
, andTAG_POLICY
), see the AWS Organizations API Reference.- feature
Set String Specify "ALL" (default) or "CONSOLIDATED_BILLING".
- master
Account StringArn ARN of the master account
- master
Account StringEmail Email address of the master account
- master
Account StringId Identifier of the master account
- non
Master List<Property Map>Accounts List of organization accounts excluding the master account. For a list including the master account, see the
accounts
attribute. All elements have these attributes:- roots List<Property Map>
List of organization roots. All elements have these attributes:
Supporting Types
OrganizationAccount
OrganizationNonMasterAccount
OrganizationRoot
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types List<OrganizationRoot Policy Type> List of policy types enabled for this root. All elements have these attributes:
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types []OrganizationRoot Policy Type List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<OrganizationRoot Policy Type> List of policy types enabled for this root. All elements have these attributes:
- arn string
ARN of the root
- id string
Identifier of the root
- name string
The name of the policy type
- policy
Types OrganizationRoot Policy Type[] List of policy types enabled for this root. All elements have these attributes:
- arn str
ARN of the root
- id str
Identifier of the root
- name str
The name of the policy type
- policy_
types Sequence[OrganizationRoot Policy Type] List of policy types enabled for this root. All elements have these attributes:
- arn String
ARN of the root
- id String
Identifier of the root
- name String
The name of the policy type
- policy
Types List<Property Map> List of policy types enabled for this root. All elements have these attributes:
OrganizationRootPolicyType
Import
The AWS organization can be imported by using the id
, e.g.,
$ pulumi import aws:organizations/organization:Organization my_org o-1234567
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.