GetOrganization
Get information about the organization that the user’s account belongs to
Example Usage
List all account IDs for the organization
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
this.AccountIds = example.Apply(example => example.Accounts.Select(__item => __item.Id).ToList());
}
[Output("accountIds")]
public Output<string> AccountIds { get; set; }
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, nil, nil)
if err != nil {
return err
}
var splat0 []string
for _, val0 := range example.Accounts {
splat0 = append(splat0, val0.Id)
}
ctx.Export("accountIds", splat0)
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item["id"] for __item in example.accounts])import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
export const accountIds = example.then(example => example.accounts.map(__item => __item.id));SNS topic that can be interacted by the organization only
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());
var snsTopic = new Aws.Sns.Topic("snsTopic", new Aws.Sns.TopicArgs
{
});
var snsTopicPolicyPolicyDocument = Output.Tuple(example, snsTopic.Arn).Apply(values =>
{
var example = values.Item1;
var arn = values.Item2;
return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs
{
Test = "StringEquals",
Values =
{
example.Id,
},
Variable = "aws:PrincipalOrgID",
},
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"*",
},
Type = "AWS",
},
},
Resources =
{
arn,
},
},
},
});
});
var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("snsTopicPolicyTopicPolicy", new Aws.Sns.TopicPolicyArgs
{
Arn = snsTopic.Arn,
Policy = snsTopicPolicyPolicyDocument.Apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.Json),
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/organizations"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/sns"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, nil, nil)
if err != nil {
return err
}
snsTopic, err := sns.NewTopic(ctx, "snsTopic", nil)
if err != nil {
return err
}
_, err = sns.NewTopicPolicy(ctx, "snsTopicPolicyTopicPolicy", &sns.TopicPolicyArgs{
Arn: snsTopic.Arn,
Policy: pulumi.String(snsTopicPolicyPolicyDocument.Json),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("snsTopic")
sns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[{
"actions": [
"SNS:Subscribe",
"SNS:Publish",
],
"conditions": [{
"test": "StringEquals",
"values": [example.id],
"variable": "aws:PrincipalOrgID",
}],
"effect": "Allow",
"principals": [{
"identifiers": ["*"],
"type": "AWS",
}],
"resources": [arn],
}]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("snsTopicPolicyTopicPolicy",
arn=sns_topic.arn,
policy=sns_topic_policy_policy_document.json)import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.organizations.getOrganization({ async: true }));
const snsTopic = new aws.sns.Topic("sns_topic", {});
const snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocument({
statements: [{
actions: [
"SNS:Subscribe",
"SNS:Publish",
],
conditions: [{
test: "StringEquals",
values: [example.id],
variable: "aws:PrincipalOrgID",
}],
effect: "Allow",
principals: [{
identifiers: ["*"],
type: "AWS",
}],
resources: [arn],
}],
}, { async: true }));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("sns_topic_policy", {
arn: snsTopic.arn,
policy: snsTopicPolicyPolicyDocument.json,
});Using GetOrganization
function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>function get_organization(opts=None)func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)Note: This function is named
LookupOrganizationin the Go SDK.
public static class GetOrganization {
public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
}GetOrganization Result
The following output properties are available:
- Accounts
List<Get
Organization Account> List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service List<string>Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy List<string>Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string The FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId The unique identifier (ID) of the master account of an organization.
- Non
Master List<GetAccounts Organization Non Master Account> List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
List<Get
Organization Root> List of organization roots. All elements have these attributes:
- Accounts
[]Get
Organization Account List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- Arn string
ARN of the root
- Aws
Service []stringAccess Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- Enabled
Policy []stringTypes A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- Feature
Set string The FeatureSet of the organization.
- Id string
The provider-assigned unique ID for this managed resource.
- Master
Account stringArn The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
- Master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId The unique identifier (ID) of the master account of an organization.
- Non
Master []GetAccounts Organization Non Master Account List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- Roots
[]Get
Organization Root List of organization roots. All elements have these attributes:
- accounts
Get
Organization Account[] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn string
ARN of the root
- aws
Service string[]Access Principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled
Policy string[]Types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature
Set string The FeatureSet of the organization.
- id string
The provider-assigned unique ID for this managed resource.
- master
Account stringArn The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
- master
Account stringEmail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account stringId The unique identifier (ID) of the master account of an organization.
- non
Master GetAccounts Organization Non Master Account[] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
Get
Organization Root[] List of organization roots. All elements have these attributes:
- accounts
List[Get
Organization Account] List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes:- arn str
ARN of the root
- aws_
service_ List[str]access_ principals A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide.- enabled_
policy_ List[str]types A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.- feature_
set str The FeatureSet of the organization.
- id str
The provider-assigned unique ID for this managed resource.
- master_
account_ strarn The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.
- master_
account_ stremail The email address that is associated with the AWS account that is designated as the master account for the organization.
- master_
account_ strid The unique identifier (ID) of the master account of an organization.
- non_
master_ List[Getaccounts Organization Non Master Account] List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes:- roots
List[Get
Organization Root] List of organization roots. All elements have these attributes:
Supporting Types
GetOrganizationAccount
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
GetOrganizationNonMasterAccount
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
GetOrganizationRoot
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types List<GetOrganization Root Policy Type Args> List of policy types enabled for this root. All elements have these attributes:
- Arn string
ARN of the root
- Id string
Identifier of the root
- Name string
The name of the policy type
- Policy
Types []GetOrganization Root Policy Type List of policy types enabled for this root. All elements have these attributes:
- arn string
ARN of the root
- id string
Identifier of the root
- name string
The name of the policy type
- policy
Types GetOrganization Root Policy Type[] List of policy types enabled for this root. All elements have these attributes:
- arn str
ARN of the root
- id str
Identifier of the root
- name str
The name of the policy type
- policy
Types List[GetOrganization Root Policy Type] List of policy types enabled for this root. All elements have these attributes:
GetOrganizationRootPolicyType
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.