@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Provides a resource to create an organization. * * !> **WARNING:** When migrating from a `featureSet` of `CONSOLIDATED_BILLING` to `ALL`, the Organization account owner will received an email stating the following: "You started the process to enable all features for your AWS organization. As part of that process, all member accounts that joined your organization by invitation must approve the change. You don’t need approval from member accounts that you directly created from within your AWS organization." After all member accounts have accepted the invitation, the Organization account owner must then finalize the changes via the [AWS Console](https://console.aws.amazon.com/organizations/home#/organization/settings/migration-progress). Until these steps are performed, the provider will perpetually show a difference, and the `DescribeOrganization` API will continue to show the `FeatureSet` as `CONSOLIDATED_BILLING`. See the [AWS Organizations documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) for more information. * * !> **WARNING:** [Warning from the AWS Docs](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html): "We recommend that you enable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service." * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const org = new aws.organizations.Organization("org", { * awsServiceAccessPrincipals: [ * "cloudtrail.amazonaws.com", * "config.amazonaws.com", * ], * featureSet: "ALL", * }); * ``` * * ## Import * * ### Identity Schema * * #### Required * * * `id` (String) ID of the AWS Organizations organization. * * #### Optional * * * `account_id` (String) AWS Account where this resource is managed. * * Using `pulumi import`, import the AWS organization using the `id`. For example: * * console * * % pulumi import aws_organizations_organization.example o-1234567 */ export declare class Organization extends pulumi.CustomResource { /** * Get an existing Organization resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationState, opts?: pulumi.CustomResourceOptions): Organization; /** * Returns true if the given object is an instance of Organization. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Organization; /** * List of organization accounts including the master account. For a list excluding the master account, see the `nonMasterAccounts` attribute. All elements have these attributes: */ readonly accounts: pulumi.Output<outputs.organizations.OrganizationAccount[]>; /** * ARN of the root. */ readonly arn: pulumi.Output<string>; /** * List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `featureSet` set to `ALL`. Some services do not support enablement via this endpoint, see [warning in aws docs](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html). */ readonly awsServiceAccessPrincipals: pulumi.Output<string[] | undefined>; /** * List of Organizations policy types to enable in the Organization Root. Organization must have `featureSet` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `CHATBOT_POLICY`, `DECLARATIVE_POLICY_EC2`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html). */ readonly enabledPolicyTypes: pulumi.Output<string[] | undefined>; /** * Specify `ALL` (default) or `CONSOLIDATED_BILLING`. */ readonly featureSet: pulumi.Output<string | undefined>; /** * ARN of the master account. */ readonly masterAccountArn: pulumi.Output<string>; /** * Email address of the master account. */ readonly masterAccountEmail: pulumi.Output<string>; /** * Identifier of the master account. */ readonly masterAccountId: pulumi.Output<string>; /** * Name of the master account. */ readonly masterAccountName: pulumi.Output<string>; /** * List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes: */ readonly nonMasterAccounts: pulumi.Output<outputs.organizations.OrganizationNonMasterAccount[]>; /** * List of organization roots. All elements have these attributes: */ readonly roots: pulumi.Output<outputs.organizations.OrganizationRoot[]>; /** * Create a Organization resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: OrganizationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Organization resources. */ export interface OrganizationState { /** * List of organization accounts including the master account. For a list excluding the master account, see the `nonMasterAccounts` attribute. All elements have these attributes: */ accounts?: pulumi.Input<pulumi.Input<inputs.organizations.OrganizationAccount>[]>; /** * ARN of the root. */ arn?: pulumi.Input<string>; /** * List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `featureSet` set to `ALL`. Some services do not support enablement via this endpoint, see [warning in aws docs](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html). */ awsServiceAccessPrincipals?: pulumi.Input<pulumi.Input<string>[]>; /** * List of Organizations policy types to enable in the Organization Root. Organization must have `featureSet` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `CHATBOT_POLICY`, `DECLARATIVE_POLICY_EC2`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html). */ enabledPolicyTypes?: pulumi.Input<pulumi.Input<string>[]>; /** * Specify `ALL` (default) or `CONSOLIDATED_BILLING`. */ featureSet?: pulumi.Input<string>; /** * ARN of the master account. */ masterAccountArn?: pulumi.Input<string>; /** * Email address of the master account. */ masterAccountEmail?: pulumi.Input<string>; /** * Identifier of the master account. */ masterAccountId?: pulumi.Input<string>; /** * Name of the master account. */ masterAccountName?: pulumi.Input<string>; /** * List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes: */ nonMasterAccounts?: pulumi.Input<pulumi.Input<inputs.organizations.OrganizationNonMasterAccount>[]>; /** * List of organization roots. All elements have these attributes: */ roots?: pulumi.Input<pulumi.Input<inputs.organizations.OrganizationRoot>[]>; } /** * The set of arguments for constructing a Organization resource. */ export interface OrganizationArgs { /** * List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `featureSet` set to `ALL`. Some services do not support enablement via this endpoint, see [warning in aws docs](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html). */ awsServiceAccessPrincipals?: pulumi.Input<pulumi.Input<string>[]>; /** * List of Organizations policy types to enable in the Organization Root. Organization must have `featureSet` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `CHATBOT_POLICY`, `DECLARATIVE_POLICY_EC2`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html). */ enabledPolicyTypes?: pulumi.Input<pulumi.Input<string>[]>; /** * Specify `ALL` (default) or `CONSOLIDATED_BILLING`. */ featureSet?: pulumi.Input<string>; }