AWS::Organizations::Policy

Organizations Policy

Policies in AWS Organizations enable you to manage different features of the AWS accounts in your organization. You can use policies when all features are enabled in your organization.

Properties

6 configurable properties. 3 required. Click a row to see details.

Filter:

Property	Type	Flags
`Content`	`objectstring`	Required
`Name`	`string`	Required
`Type`	`string`	RequiredCreate-only
`Description`	`string`
`Tags`	`Array<Tag>`
`TargetIds`	`Array<string>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Arn`	`string`	ARN of the Policy
`AwsManaged`	`boolean`	A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
`Id`	`string`	Id of the Policy

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Organizations::Policy

Resources:
  MyResource:
    Type: AWS::Organizations::Policy
    Properties:
      Name: "my-name"
      Type: "AISERVICES_OPT_OUT_POLICY"
      Content: "value"
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

organizations:CreatePolicyorganizations:DescribePolicyorganizations:AttachPolicyorganizations:ListPoliciesorganizations:ListTagsForResourceorganizations:ListTargetsForPolicyorganizations:TagResource

read

organizations:DescribePolicyorganizations:ListTargetsForPolicyorganizations:ListTagsForResource

update

organizations:AttachPolicyorganizations:DetachPolicyorganizations:UpdatePolicyorganizations:ListTagsForResourceorganizations:ListTargetsForPolicyorganizations:TagResourceorganizations:UntagResourceorganizations:DescribePolicy

delete

organizations:DetachPolicyorganizations:DeletePolicy

list

organizations:ListPolicies

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceOrganizations

Properties9

Required3

TaggingSupported

Primary IDId

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

Type

Related Resources

External Links

AWS Documentation