Skip to content

Resource: awsOrganizationsPolicy

Provides a resource to manage an AWS Organizations policy.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
    statement: [
      {
        actions: ["*"],
        effect: "Allow",
        resources: ["*"],
      },
    ],
  });
const awsOrganizationsPolicyExample =
  new aws.organizationsPolicy.OrganizationsPolicy(this, "example_1", {
    content: dataAwsIamPolicyDocumentExample.json,
    name: "example",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOrganizationsPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • content - (Required) The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation and for more information on the Tag Policy syntax, see the Tag Policy Syntax documentation.
  • name - (Required) The friendly name to assign to the policy.
  • description - (Optional) A description to assign to the policy.
  • skipDestroy - (Optional) If set to true, destroy will not delete the policy and instead just remove the resource from state. This can be useful in situations where the policies (and the associated attachment) must be preserved to meet the AWS minimum requirement of 1 attached policy.
  • type - (Optional) The type of policy to create. Valid values are AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY (SCP), and TAG_POLICY. Defaults to SERVICE_CONTROL_POLICY.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The unique identifier (ID) of the policy.
  • arn - Amazon Resource Name (ARN) of the policy.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

awsOrganizationsPolicy can be imported by using the policy ID, e.g.,

$ terraform import aws_organizations_policy.example p-12345678