Resource
data class ResourcePolicyArgs(val content: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ResourcePolicyArgs>
Provides a resource to manage a resource-based delegation policy that can be used to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account. See the AWS Organizations User Guide for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.organizations.ResourcePolicy("example", {content: `{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegatingNecessaryDescribeListActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListRoots",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListTagsForResource"
],
"Resource": "*"
}
]
}
`});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.organizations.ResourcePolicy("example", content="""{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegatingNecessaryDescribeListActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListRoots",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListTagsForResource"
],
"Resource": "*"
}
]
}
""")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Organizations.ResourcePolicy("example", new()
{
Content = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": ""DelegatingNecessaryDescribeListActions"",
""Effect"": ""Allow"",
""Principal"": {
""AWS"": ""arn:aws:iam::123456789012:root""
},
""Action"": [
""organizations:DescribeOrganization"",
""organizations:DescribeOrganizationalUnit"",
""organizations:DescribeAccount"",
""organizations:DescribePolicy"",
""organizations:DescribeEffectivePolicy"",
""organizations:ListRoots"",
""organizations:ListOrganizationalUnitsForParent"",
""organizations:ListParents"",
""organizations:ListChildren"",
""organizations:ListAccounts"",
""organizations:ListAccountsForParent"",
""organizations:ListPolicies"",
""organizations:ListPoliciesForTarget"",
""organizations:ListTargetsForPolicy"",
""organizations:ListTagsForResource""
],
""Resource"": ""*""
}
]
}
",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewResourcePolicy(ctx, "example", &organizations.ResourcePolicyArgs{
Content: pulumi.String(`{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegatingNecessaryDescribeListActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListRoots",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListTagsForResource"
],
"Resource": "*"
}
]
}
`),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.ResourcePolicy;
import com.pulumi.aws.organizations.ResourcePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourcePolicy("example", ResourcePolicyArgs.builder()
.content("""
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegatingNecessaryDescribeListActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListRoots",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListTagsForResource"
],
"Resource": "*"
}
]
}
""")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:organizations:ResourcePolicy
properties:
content: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegatingNecessaryDescribeListActions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListRoots",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListPolicies",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListTagsForResource"
],
"Resource": "*"
}
]
}Content copied to clipboard
Import
Using pulumi import, import aws_organizations_resource_policy using the resource policy ID. For example:
$ pulumi import aws:organizations/resourcePolicy:ResourcePolicy example rp-12345678Content copied to clipboard
Properties
Link copied to clipboard
Content for the resource policy. The text must be correctly formatted JSON that complies with the syntax for the resource policy's type. See the AWS Organizations User Guide for examples.