Resource: awsOrganizationsPolicy
Provides a resource to manage an AWS Organizations policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
statement: [
{
actions: ["*"],
effect: "Allow",
resources: ["*"],
},
],
});
const awsOrganizationsPolicyExample =
new aws.organizationsPolicy.OrganizationsPolicy(this, "example_1", {
content: dataAwsIamPolicyDocumentExample.json,
name: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOrganizationsPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
content
- (Required) The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation and for more information on the Tag Policy syntax, see the Tag Policy Syntax documentation.name
- (Required) The friendly name to assign to the policy.description
- (Optional) A description to assign to the policy.skipDestroy
- (Optional) If set totrue
, destroy will not delete the policy and instead just remove the resource from state. This can be useful in situations where the policies (and the associated attachment) must be preserved to meet the AWS minimum requirement of 1 attached policy.type
- (Optional) The type of policy to create. Valid values areAISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
(SCP), andTAG_POLICY
. Defaults toSERVICE_CONTROL_POLICY
.tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The unique identifier (ID) of the policy.arn
- Amazon Resource Name (ARN) of the policy.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
awsOrganizationsPolicy
can be imported by using the policy ID, e.g.,