Resource: awsOrganizationsPolicyAttachment
Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.
Example Usage
Organization Account
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.organizationsPolicyAttachment.OrganizationsPolicyAttachment(
this,
"account",
{
policyId: "${aws_organizations_policy.example.id}",
targetId: "123456789012",
}
);
Organization Root
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.organizationsPolicyAttachment.OrganizationsPolicyAttachment(
this,
"root",
{
policyId: "${aws_organizations_policy.example.id}",
targetId: "${aws_organizations_organization.example.roots[0].id}",
}
);
Organization Unit
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.organizationsPolicyAttachment.OrganizationsPolicyAttachment(
this,
"unit",
{
policyId: "${aws_organizations_policy.example.id}",
targetId: "${aws_organizations_organizational_unit.example.id}",
}
);
Argument Reference
The following arguments are supported:
policyId
- (Required) The unique identifier (ID) of the policy that you want to attach to the target.targetId
- (Required) The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.skipDestroy
- (Optional) If set totrue
, destroy will not detach the policy and instead just remove the resource from state. This can be useful in situations where the attachment must be preserved to meet the AWS minimum requirement of 1 attached policy.
Attributes Reference
No additional attributes are exported.
Import
awsOrganizationsPolicyAttachment
can be imported by using the target ID and policy ID, e.g., with an account target