Viewing docs for Datadog v5.4.0
published on Tuesday, Jun 2, 2026 by Pulumi
published on Tuesday, Jun 2, 2026 by Pulumi
Viewing docs for Datadog v5.4.0
published on Tuesday, Jun 2, 2026 by Pulumi
published on Tuesday, Jun 2, 2026 by Pulumi
Provides a Datadog Org Group Policy resource. This can be used to create and manage policies attached to an org group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";
const prod = new datadog.OrgGroup("prod", {name: "Production Environments"});
// Disables widget copy-paste for every member org of the prod group.
// enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
// use "GROUP_MANAGED" to make the value immutable for members.
const example = new datadog.OrgGroupPolicy("example", {
orgGroupId: prod.id,
policyName: "is_widget_copy_paste_enabled",
content: JSON.stringify({
org_config: false,
}),
enforcementTier: "OVERRIDE_ALLOWED",
});
import pulumi
import json
import pulumi_datadog as datadog
prod = datadog.OrgGroup("prod", name="Production Environments")
# Disables widget copy-paste for every member org of the prod group.
# enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
# use "GROUP_MANAGED" to make the value immutable for members.
example = datadog.OrgGroupPolicy("example",
org_group_id=prod.id,
policy_name="is_widget_copy_paste_enabled",
content=json.dumps({
"org_config": False,
}),
enforcement_tier="OVERRIDE_ALLOWED")
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-datadog/sdk/v5/go/datadog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
prod, err := datadog.NewOrgGroup(ctx, "prod", &datadog.OrgGroupArgs{
Name: pulumi.String("Production Environments"),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"org_config": false,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// Disables widget copy-paste for every member org of the prod group.
// enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
// use "GROUP_MANAGED" to make the value immutable for members.
_, err = datadog.NewOrgGroupPolicy(ctx, "example", &datadog.OrgGroupPolicyArgs{
OrgGroupId: prod.ID(),
PolicyName: pulumi.String("is_widget_copy_paste_enabled"),
Content: pulumi.String(pulumi.String(json0)),
EnforcementTier: pulumi.String("OVERRIDE_ALLOWED"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Datadog = Pulumi.Datadog;
return await Deployment.RunAsync(() =>
{
var prod = new Datadog.OrgGroup("prod", new()
{
Name = "Production Environments",
});
// Disables widget copy-paste for every member org of the prod group.
// enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
// use "GROUP_MANAGED" to make the value immutable for members.
var example = new Datadog.OrgGroupPolicy("example", new()
{
OrgGroupId = prod.Id,
PolicyName = "is_widget_copy_paste_enabled",
Content = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["org_config"] = false,
}),
EnforcementTier = "OVERRIDE_ALLOWED",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.datadog.OrgGroup;
import com.pulumi.datadog.OrgGroupArgs;
import com.pulumi.datadog.OrgGroupPolicy;
import com.pulumi.datadog.OrgGroupPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var prod = new OrgGroup("prod", OrgGroupArgs.builder()
.name("Production Environments")
.build());
// Disables widget copy-paste for every member org of the prod group.
// enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
// use "GROUP_MANAGED" to make the value immutable for members.
var example = new OrgGroupPolicy("example", OrgGroupPolicyArgs.builder()
.orgGroupId(prod.id())
.policyName("is_widget_copy_paste_enabled")
.content(serializeJson(
jsonObject(
jsonProperty("org_config", false)
)))
.enforcementTier("OVERRIDE_ALLOWED")
.build());
}
}
resources:
prod:
type: datadog:OrgGroup
properties:
name: Production Environments
# Disables widget copy-paste for every member org of the prod group.
# enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
# use "GROUP_MANAGED" to make the value immutable for members.
example:
type: datadog:OrgGroupPolicy
properties:
orgGroupId: ${prod.id}
policyName: is_widget_copy_paste_enabled
content:
fn::toJSON:
org_config: false
enforcementTier: OVERRIDE_ALLOWED
pulumi {
required_providers {
datadog = {
source = "pulumi/datadog"
}
}
}
resource "datadog_orggroup" "prod" {
name = "Production Environments"
}
# Disables widget copy-paste for every member org of the prod group.
# enforcement_tier = "OVERRIDE_ALLOWED" means member orgs can still override the value;
# use "GROUP_MANAGED" to make the value immutable for members.
resource "datadog_orggrouppolicy" "example" {
org_group_id = datadog_orggroup.prod.id
policy_name = "is_widget_copy_paste_enabled"
content = jsonencode({
"org_config" = false
})
enforcement_tier = "OVERRIDE_ALLOWED"
}
Behavior notes
Side effects on member orgs
Creating or updating a policy with a non-GROUP_MANAGED tier (OVERRIDE_ALLOWED or DELEGATE) triggers propagation across every member org in the group. For each member, the server compares the org’s current config value to the policy value:
- Match: No action.
- Mismatch: The server auto-creates a
datadog.OrgGroupPolicyOverridefor that org, recording its existing value so the org is exempted from the new policy.
Auto-created overrides show up in the datadog.getOrgGroupPolicyOverrides data source and can be adopted into Terraform via import. See the override resource documentation for the full lifecycle.
Transitioning to GROUP_MANAGED
Changing enforcementTier to "GROUP_MANAGED" automatically deletes every override associated with this policy server-side. Any datadog.OrgGroupPolicyOverride resources pointing at this policy must be removed from configuration in the same commit. Otherwise, Terraform’s next apply will try to recreate the server-deleted overrides and fail with a FailedPrecondition error.
Create OrgGroupPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrgGroupPolicy(name: string, args: OrgGroupPolicyArgs, opts?: CustomResourceOptions);@overload
def OrgGroupPolicy(resource_name: str,
args: OrgGroupPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrgGroupPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
content: Optional[str] = None,
org_group_id: Optional[str] = None,
policy_name: Optional[str] = None,
enforcement_tier: Optional[str] = None,
policy_type: Optional[str] = None)func NewOrgGroupPolicy(ctx *Context, name string, args OrgGroupPolicyArgs, opts ...ResourceOption) (*OrgGroupPolicy, error)public OrgGroupPolicy(string name, OrgGroupPolicyArgs args, CustomResourceOptions? opts = null)
public OrgGroupPolicy(String name, OrgGroupPolicyArgs args)
public OrgGroupPolicy(String name, OrgGroupPolicyArgs args, CustomResourceOptions options)
type: datadog:OrgGroupPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "datadog_orggrouppolicy" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args OrgGroupPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrgGroupPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrgGroupPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrgGroupPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrgGroupPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var orgGroupPolicyResource = new Datadog.OrgGroupPolicy("orgGroupPolicyResource", new()
{
Content = "string",
OrgGroupId = "string",
PolicyName = "string",
EnforcementTier = "string",
PolicyType = "string",
});
example, err := datadog.NewOrgGroupPolicy(ctx, "orgGroupPolicyResource", &datadog.OrgGroupPolicyArgs{
Content: pulumi.String("string"),
OrgGroupId: pulumi.String("string"),
PolicyName: pulumi.String("string"),
EnforcementTier: pulumi.String("string"),
PolicyType: pulumi.String("string"),
})
resource "datadog_orggrouppolicy" "orgGroupPolicyResource" {
content = "string"
org_group_id = "string"
policy_name = "string"
enforcement_tier = "string"
policy_type = "string"
}
var orgGroupPolicyResource = new OrgGroupPolicy("orgGroupPolicyResource", OrgGroupPolicyArgs.builder()
.content("string")
.orgGroupId("string")
.policyName("string")
.enforcementTier("string")
.policyType("string")
.build());
org_group_policy_resource = datadog.OrgGroupPolicy("orgGroupPolicyResource",
content="string",
org_group_id="string",
policy_name="string",
enforcement_tier="string",
policy_type="string")
const orgGroupPolicyResource = new datadog.OrgGroupPolicy("orgGroupPolicyResource", {
content: "string",
orgGroupId: "string",
policyName: "string",
enforcementTier: "string",
policyType: "string",
});
type: datadog:OrgGroupPolicy
properties:
content: string
enforcementTier: string
orgGroupId: string
policyName: string
policyType: string
OrgGroupPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrgGroupPolicy resource accepts the following input properties:
- Content string
- The policy content as a JSON-encoded string.
- Org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- Policy
Name string - The name of the policy. String length must be at least 1.
- Enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - Policy
Type string - The type of the policy. Valid values are
orgConfig.
- Content string
- The policy content as a JSON-encoded string.
- Org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- Policy
Name string - The name of the policy. String length must be at least 1.
- Enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - Policy
Type string - The type of the policy. Valid values are
orgConfig.
- content string
- The policy content as a JSON-encoded string.
- org_
group_ stringid - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy_
name string - The name of the policy. String length must be at least 1.
- enforcement_
tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - policy_
type string - The type of the policy. Valid values are
orgConfig.
- content String
- The policy content as a JSON-encoded string.
- org
Group StringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name String - The name of the policy. String length must be at least 1.
- enforcement
Tier String - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - policy
Type String - The type of the policy. Valid values are
orgConfig.
- content string
- The policy content as a JSON-encoded string.
- org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name string - The name of the policy. String length must be at least 1.
- enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - policy
Type string - The type of the policy. Valid values are
orgConfig.
- content str
- The policy content as a JSON-encoded string.
- org_
group_ strid - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy_
name str - The name of the policy. String length must be at least 1.
- enforcement_
tier str - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - policy_
type str - The type of the policy. Valid values are
orgConfig.
- content String
- The policy content as a JSON-encoded string.
- org
Group StringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name String - The name of the policy. String length must be at least 1.
- enforcement
Tier String - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - policy
Type String - The type of the policy. Valid values are
orgConfig.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrgGroupPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrgGroupPolicy Resource
Get an existing OrgGroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrgGroupPolicyState, opts?: CustomResourceOptions): OrgGroupPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
content: Optional[str] = None,
enforcement_tier: Optional[str] = None,
org_group_id: Optional[str] = None,
policy_name: Optional[str] = None,
policy_type: Optional[str] = None) -> OrgGroupPolicyfunc GetOrgGroupPolicy(ctx *Context, name string, id IDInput, state *OrgGroupPolicyState, opts ...ResourceOption) (*OrgGroupPolicy, error)public static OrgGroupPolicy Get(string name, Input<string> id, OrgGroupPolicyState? state, CustomResourceOptions? opts = null)public static OrgGroupPolicy get(String name, Output<String> id, OrgGroupPolicyState state, CustomResourceOptions options)resources: _: type: datadog:OrgGroupPolicy get: id: ${id}import {
to = datadog_orggrouppolicy.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Content string
- The policy content as a JSON-encoded string.
- Enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - Org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- Policy
Name string - The name of the policy. String length must be at least 1.
- Policy
Type string - The type of the policy. Valid values are
orgConfig.
- Content string
- The policy content as a JSON-encoded string.
- Enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - Org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- Policy
Name string - The name of the policy. String length must be at least 1.
- Policy
Type string - The type of the policy. Valid values are
orgConfig.
- content string
- The policy content as a JSON-encoded string.
- enforcement_
tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - org_
group_ stringid - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy_
name string - The name of the policy. String length must be at least 1.
- policy_
type string - The type of the policy. Valid values are
orgConfig.
- content String
- The policy content as a JSON-encoded string.
- enforcement
Tier String - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - org
Group StringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name String - The name of the policy. String length must be at least 1.
- policy
Type String - The type of the policy. Valid values are
orgConfig.
- content string
- The policy content as a JSON-encoded string.
- enforcement
Tier string - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - org
Group stringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name string - The name of the policy. String length must be at least 1.
- policy
Type string - The type of the policy. Valid values are
orgConfig.
- content str
- The policy content as a JSON-encoded string.
- enforcement_
tier str - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - org_
group_ strid - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy_
name str - The name of the policy. String length must be at least 1.
- policy_
type str - The type of the policy. Valid values are
orgConfig.
- content String
- The policy content as a JSON-encoded string.
- enforcement
Tier String - The enforcement tier of the policy.
OVERRIDE_ALLOWEDmeans the policy is set but member orgs may mutate it.GROUP_MANAGEDmeans the policy is strictly controlled and mutations are blocked for affected orgs.DELEGATEmeans each member org controls its own value. Valid values areOVERRIDE_ALLOWED,GROUP_MANAGED,DELEGATE. - org
Group StringId - The UUID of the org group this policy belongs to. Must be a valid UUID.
- policy
Name String - The name of the policy. String length must be at least 1.
- policy
Type String - The type of the policy. Valid values are
orgConfig.
Import
$ pulumi import datadog:index/orgGroupPolicy:OrgGroupPolicy example <policy_uuid>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Datadog pulumi/pulumi-datadog
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
datadogTerraform Provider.
Viewing docs for Datadog v5.4.0
published on Tuesday, Jun 2, 2026 by Pulumi
published on Tuesday, Jun 2, 2026 by Pulumi