organizations

class pulumi_aws.organizations.Account(resource_name, opts=None, email=None, iam_user_access_to_billing=None, name=None, parent_id=None, role_name=None, __name__=None, __opts__=None)

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization’s master account.

!> WARNING: Deleting this Terraform resource will only remove an AWS account from an organization. Terraform will not close the account. The member account must be prepared to be a standalone account beforehand. See the AWS Organizations documentation for more information.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • email (pulumi.Input[str]) – The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
  • iam_user_access_to_billing (pulumi.Input[str]) – If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
  • name (pulumi.Input[str]) – A friendly name for the member account.
  • parent_id (pulumi.Input[str]) – Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
  • role_name (pulumi.Input[str]) – The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.
arn = None

The ARN for this account.

email = None

The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

iam_user_access_to_billing = None

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.

name = None

A friendly name for the member account.

parent_id = None

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

role_name = None

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.Organization(resource_name, opts=None, aws_service_access_principals=None, enabled_policy_types=None, feature_set=None, __name__=None, __opts__=None)

Provides a resource to create an organization.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • aws_service_access_principals (pulumi.Input[list]) – List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
  • enabled_policy_types (pulumi.Input[list]) – List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
  • feature_set (pulumi.Input[str]) – Specify “ALL” (default) or “CONSOLIDATED_BILLING”.
accounts = None

List of organization accounts (including the master account). All elements have these attributes:

arn = None

ARN of the root

aws_service_access_principals = None

List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.

enabled_policy_types = None

List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.

feature_set = None

Specify “ALL” (default) or “CONSOLIDATED_BILLING”.

master_account_arn = None

ARN of the master account

master_account_email = None

Email address of the master account

master_account_id = None

Identifier of the master account

roots = None

List of organization roots. All elements have these attributes:

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.OrganizationalUnit(resource_name, opts=None, name=None, parent_id=None, __name__=None, __opts__=None)

Provides a resource to create an organizational unit.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • name (pulumi.Input[str]) – The name for the organizational unit
  • parent_id (pulumi.Input[str]) – ID of the parent organizational unit, which may be the root
accounts = None

List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:

arn = None

ARN of the organizational unit

name = None

The name for the organizational unit

parent_id = None

ID of the parent organizational unit, which may be the root

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.Policy(resource_name, opts=None, content=None, description=None, name=None, type=None, __name__=None, __opts__=None)

Provides a resource to manage an AWS Organizations policy.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • content (pulumi.Input[str]) – The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.
  • description (pulumi.Input[str]) – A description to assign to the policy.
  • name (pulumi.Input[str]) – The friendly name to assign to the policy.
  • type (pulumi.Input[str]) – The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).
arn = None

Amazon Resource Name (ARN) of the policy.

content = None

The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation.

description = None

A description to assign to the policy.

name = None

The friendly name to assign to the policy.

type = None

The type of policy to create. Currently, the only valid value is SERVICE_CONTROL_POLICY (SCP).

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.organizations.PolicyAttachment(resource_name, opts=None, policy_id=None, target_id=None, __name__=None, __opts__=None)

Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • policy_id (pulumi.Input[str]) – The unique identifier (ID) of the policy that you want to attach to the target.
  • target_id (pulumi.Input[str]) – The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.
policy_id = None

The unique identifier (ID) of the policy that you want to attach to the target.

target_id = None

The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str