pulumi-aws-kotlin/com.pulumi.aws.organizations.kotlin/ResourcePolicyArgs

ResourcePolicyArgs

data class ResourcePolicyArgs(val content: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ResourcePolicyArgs>

Provides a resource to manage a resource-based delegation policy that can be used to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account. See the AWS Organizations User Guide for more information.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.ResourcePolicy;
import com.pulumi.aws.organizations.ResourcePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ResourcePolicy("example", ResourcePolicyArgs.builder()
            .content("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DelegatingNecessaryDescribeListActions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:root"
      },
      "Action": [
        "organizations:DescribeOrganization",
        "organizations:DescribeOrganizationalUnit",
        "organizations:DescribeAccount",
        "organizations:DescribePolicy",
        "organizations:DescribeEffectivePolicy",
        "organizations:ListRoots",
        "organizations:ListOrganizationalUnitsForParent",
        "organizations:ListParents",
        "organizations:ListChildren",
        "organizations:ListAccounts",
        "organizations:ListAccountsForParent",
        "organizations:ListPolicies",
        "organizations:ListPoliciesForTarget",
        "organizations:ListTargetsForPolicy",
        "organizations:ListTagsForResource"
      ],
      "Resource": "*"
    }
  ]
}
            """)
            .build());
    }
}
Content copied to clipboard

Import

Using pulumi import, import aws_organizations_resource_policy using the resource policy ID. For example:

$ pulumi import aws:organizations/resourcePolicy:ResourcePolicy example rp-12345678
Content copied to clipboard

Constructors

Link copied to clipboard
fun ResourcePolicyArgs(content: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): ResourcePolicyArgs

Properties

Link copied to clipboard
val content: Output<String>? = null

Content for the resource policy. The text must be correctly formatted JSON that complies with the syntax for the resource policy's type. See the AWS Organizations User Guide for examples.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.