README
¶
AWS::Organizations Construct Library
This module is part of the AWS Cloud Development Kit project.
import organizations "github.com/aws/aws-cdk-go/awscdk"
There are no official hand-written (L2) constructs for this service yet. Here are some suggestions on how to proceed:
- Search Construct Hub for Organizations construct libraries
- Use the automatically generated L1 constructs, in the same way you would use the CloudFormation AWS::Organizations resources directly.
There are no hand-written (L2) constructs for this service yet. However, you can still use the automatically generated L1 constructs, and use this service exactly as you would using CloudFormation directly.
For more information on the resources and properties available for this service, see the CloudFormation documentation for AWS::Organizations.
(Read the CDK Contributing Guide and submit an RFC if you are interested in contributing to this construct library.)
Documentation
¶
Index ¶
- func CfnAccount_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAccount_IsCfnElement(x interface{}) *bool
- func CfnAccount_IsCfnResource(x interface{}) *bool
- func CfnAccount_IsConstruct(x interface{}) *bool
- func CfnOrganization_CFN_RESOURCE_TYPE_NAME() *string
- func CfnOrganization_IsCfnElement(x interface{}) *bool
- func CfnOrganization_IsCfnResource(x interface{}) *bool
- func CfnOrganization_IsConstruct(x interface{}) *bool
- func CfnOrganizationalUnit_CFN_RESOURCE_TYPE_NAME() *string
- func CfnOrganizationalUnit_IsCfnElement(x interface{}) *bool
- func CfnOrganizationalUnit_IsCfnResource(x interface{}) *bool
- func CfnOrganizationalUnit_IsConstruct(x interface{}) *bool
- func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPolicy_IsCfnElement(x interface{}) *bool
- func CfnPolicy_IsCfnResource(x interface{}) *bool
- func CfnPolicy_IsConstruct(x interface{}) *bool
- func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnResourcePolicy_IsCfnElement(x interface{}) *bool
- func CfnResourcePolicy_IsCfnResource(x interface{}) *bool
- func CfnResourcePolicy_IsConstruct(x interface{}) *bool
- func NewCfnAccount_Override(c CfnAccount, scope constructs.Construct, id *string, props *CfnAccountProps)
- func NewCfnOrganization_Override(c CfnOrganization, scope constructs.Construct, id *string, ...)
- func NewCfnOrganizationalUnit_Override(c CfnOrganizationalUnit, scope constructs.Construct, id *string, ...)
- func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
- func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope constructs.Construct, id *string, ...)
- type CfnAccount
- type CfnAccountProps
- type CfnOrganization
- type CfnOrganizationProps
- type CfnOrganizationalUnit
- type CfnOrganizationalUnitProps
- type CfnPolicy
- type CfnPolicyProps
- type CfnResourcePolicy
- type CfnResourcePolicyProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnAccount_CFN_RESOURCE_TYPE_NAME ¶
func CfnAccount_CFN_RESOURCE_TYPE_NAME() *string
func CfnAccount_IsCfnElement ¶
func CfnAccount_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAccount_IsCfnResource ¶
func CfnAccount_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnAccount_IsConstruct ¶
func CfnAccount_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnOrganization_CFN_RESOURCE_TYPE_NAME ¶ added in v2.86.0
func CfnOrganization_CFN_RESOURCE_TYPE_NAME() *string
func CfnOrganization_IsCfnElement ¶ added in v2.86.0
func CfnOrganization_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnOrganization_IsCfnResource ¶ added in v2.86.0
func CfnOrganization_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnOrganization_IsConstruct ¶ added in v2.86.0
func CfnOrganization_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnOrganizationalUnit_CFN_RESOURCE_TYPE_NAME ¶ added in v2.54.0
func CfnOrganizationalUnit_CFN_RESOURCE_TYPE_NAME() *string
func CfnOrganizationalUnit_IsCfnElement ¶ added in v2.54.0
func CfnOrganizationalUnit_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnOrganizationalUnit_IsCfnResource ¶ added in v2.54.0
func CfnOrganizationalUnit_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnOrganizationalUnit_IsConstruct ¶ added in v2.54.0
func CfnOrganizationalUnit_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnPolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnPolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnPolicy_IsCfnElement ¶
func CfnPolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPolicy_IsCfnResource ¶
func CfnPolicy_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnPolicy_IsConstruct ¶
func CfnPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME ¶ added in v2.70.0
func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnResourcePolicy_IsCfnElement ¶ added in v2.70.0
func CfnResourcePolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnResourcePolicy_IsCfnResource ¶ added in v2.70.0
func CfnResourcePolicy_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnResourcePolicy_IsConstruct ¶ added in v2.70.0
func CfnResourcePolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewCfnAccount_Override ¶
func NewCfnAccount_Override(c CfnAccount, scope constructs.Construct, id *string, props *CfnAccountProps)
func NewCfnOrganization_Override ¶ added in v2.86.0
func NewCfnOrganization_Override(c CfnOrganization, scope constructs.Construct, id *string, props *CfnOrganizationProps)
func NewCfnOrganizationalUnit_Override ¶ added in v2.54.0
func NewCfnOrganizationalUnit_Override(c CfnOrganizationalUnit, scope constructs.Construct, id *string, props *CfnOrganizationalUnitProps)
func NewCfnPolicy_Override ¶
func NewCfnPolicy_Override(c CfnPolicy, scope constructs.Construct, id *string, props *CfnPolicyProps)
func NewCfnResourcePolicy_Override ¶ added in v2.70.0
func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope constructs.Construct, id *string, props *CfnResourcePolicyProps)
Types ¶
type CfnAccount ¶
type CfnAccount interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// The account name given to the account when it was created.
AccountName() *string
SetAccountName(val *string)
// Returns the unique identifier (ID) of the account.
//
// For example: `123456789012` .
AttrAccountId() *string
// Returns the Amazon Resource Name (ARN) of the account.
//
// For example: `arn:aws:organizations::111111111111:account/o-exampleorgid/555555555555` .
AttrArn() *string
// Returns the method by which the account joined the organization.
//
// For example: `INVITED | CREATED` .
AttrJoinedMethod() *string
// Returns the date the account became a part of the organization.
//
// For example: `2016-11-24T11:11:48-08:00` .
AttrJoinedTimestamp() *string
// Returns the status of the account in the organization.
//
// For example: `ACTIVE | SUSPENDED | PENDING_CLOSURE` .
AttrStatus() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The email address associated with the AWS account.
Email() *string
SetEmail(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.
ParentIds() *[]*string
SetParentIds(val *[]*string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
RoleName() *string
SetRoleName(val *string)
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// A list of tags that you want to attach to the newly created account.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
AWS CloudFormation uses the [`CreateAccount`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateAccount.html) operation to create accounts. This is an asynchronous request that AWS performs in the background. Because `CreateAccount` operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
- Use the `Id` value of the `CreateAccountStatus` response element from the `CreateAccount` operation to provide as a parameter to the [`DescribeCreateAccountStatus`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeCreateAccountStatus.html) operation. - Check the CloudTrail log for the `CreateAccountResult` event. For information on using CloudTrail with AWS Organizations , see [Logging and monitoring in AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) in the *AWS Organizations User Guide* .
The user who calls the API to create an account must have the `organizations:CreateAccount` permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named `AWSServiceRoleForOrganizations` . For more information, see [AWS Organizations and service-linked roles](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) in the *AWS Organizations User Guide* .
If the request includes tags, then the requester must have the `organizations:TagResource` permission.
AWS Organizations preconfigures the new member account with a role (named `OrganizationAccountAccessRole` by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see [Creating a member account in your organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) in the *AWS Organizations User Guide* .
This operation can be called only from the organization's management account.
*Deleting Account resources*
The default `DeletionPolicy` for resource `AWS::Organizations::Account` is `Retain` . For more information about how AWS CloudFormation deletes resources, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
> - If you include multiple accounts in a single template, you must use the `DependsOn` attribute on each account resource type so that the accounts are created sequentially. If you create multiple accounts at the same time, Organizations returns an error and the stack operation fails. > - You can't modify the following list of `Account` resource parameters using AWS CloudFormation updates. > > - AccountName > - Email > - RoleName > > If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a [registered delegated administrator](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html) account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters `AccountName` and `Email` , you must sign in to the AWS Management Console as the AWS account root user. For more information, see [Update the AWS account name, email address, or password for the root user](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html) in the *AWS Account Management Reference Guide* . > - When you create an account in an organization using the AWS Organizations console, API, or AWS CLI commands, we don't automatically collect the information required for the account to operate as a standalone account. That includes collecting the payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see [Considerations before removing an account from an organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html) in the *AWS Organizations User Guide* . > - When you create an account in an organization using AWS CloudFormation , you can't specify a value for the `CreateAccount` operation parameter `IamUserAccessToBilling` . The default value for parameter `IamUserAccessToBilling` is `ALLOW` , and IAM users and roles with the required permissions can access billing information for the new account. > - If you get an exception that indicates `DescribeCreateAccountStatus returns IN_PROGRESS state before time out` . You must check the account creation status using the [`DescribeCreateAccountStatus`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeCreateAccountStatus.html) operation. If the account state returns as `SUCCEEDED` , you can import the account into AWS CloudFormation management using [`resource import`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import.html) . > - If you get an exception that indicates you have exceeded your account quota for the organization, you can request an increase by using the [Service Quotas console](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) . > - If you get an exception that indicates the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact [AWS Support](https://docs.aws.amazon.com/support/home#/) . > - We don't recommend that you use the `CreateAccount` operation to create multiple temporary accounts. You can close accounts using the [`CloseAccount`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CloseAccount.html) operation or from the AWS Organizations console in the organization's management account. For information on the requirements and process for closing an account, see [Closing a member account in your organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) in the *AWS Organizations User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAccount := awscdk.Aws_organizations.NewCfnAccount(this, jsii.String("MyCfnAccount"), &CfnAccountProps{
AccountName: jsii.String("accountName"),
Email: jsii.String("email"),
// the properties below are optional
ParentIds: []*string{
jsii.String("parentIds"),
},
RoleName: jsii.String("roleName"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnAccount ¶
func NewCfnAccount(scope constructs.Construct, id *string, props *CfnAccountProps) CfnAccount
type CfnAccountProps ¶
type CfnAccountProps struct {
// The account name given to the account when it was created.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-account.html#cfn-organizations-account-accountname
//
AccountName *string `field:"required" json:"accountName" yaml:"accountName"`
// The email address associated with the AWS account.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) for this parameter is a string of characters that represents a standard internet email address.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-account.html#cfn-organizations-account-email
//
Email *string `field:"required" json:"email" yaml:"email"`
// The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.
//
// If you don't specify this parameter, the `ParentId` defaults to the root ID.
//
// This parameter only accepts a string array with one string value.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) for a parent ID string requires one of the following:
//
// - *Root* - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
// - *Organizational unit (OU)* - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-account.html#cfn-organizations-account-parentids
//
ParentIds *[]*string `field:"optional" json:"parentIds" yaml:"parentIds"`
// The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
//
// This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.
//
// If you don't specify this parameter, the role name defaults to `OrganizationAccountAccessRole` .
//
// For more information about how to use this role to access the member account, see the following links:
//
// - [Creating the OrganizationAccountAccessRole in an invited member account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) in the *AWS Organizations User Guide*
// - Steps 2 and 3 in [IAM Tutorial: Delegate access across AWS accounts using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) in the *IAM User Guide*
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) that is used to validate this parameter. The pattern can include uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-account.html#cfn-organizations-account-rolename
//
// Default: - "OrganizationAccountAccessRole".
//
RoleName *string `field:"optional" json:"roleName" yaml:"roleName"`
// A list of tags that you want to attach to the newly created account.
//
// For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to `null` . For more information about tagging, see [Tagging AWS Organizations resources](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) in the AWS Organizations User Guide.
//
// > If any one of the tags is not valid or if you exceed the maximum allowed number of tags for an account, then the entire request fails and the account is not created.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-account.html#cfn-organizations-account-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnAccount`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAccountProps := &CfnAccountProps{
AccountName: jsii.String("accountName"),
Email: jsii.String("email"),
// the properties below are optional
ParentIds: []*string{
jsii.String("parentIds"),
},
RoleName: jsii.String("roleName"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnOrganization ¶ added in v2.86.0
type CfnOrganization interface {
awscdk.CfnResource
awscdk.IInspectable
// The Amazon Resource Name (ARN) of an organization.
AttrArn() *string
// The unique identifier (ID) of an organization.
AttrId() *string
// The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
AttrManagementAccountArn() *string
// The email address that is associated with the AWS account that is designated as the management account for the organization.
AttrManagementAccountEmail() *string
// The unique identifier (ID) of the management account of an organization.
AttrManagementAccountId() *string
// The unique identifier (ID) for the root.
AttrRootId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Specifies the feature set supported by the new organization.
//
// Each feature set supports different levels of functionality.
FeatureSet() *string
SetFeatureSet(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates an AWS organization.
The account whose user is calling the [`CreateOrganization`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganization.html) operation automatically becomes the [management account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) of the new organization.
This operation must be called using credentials from the account that is to become the new organization's management account. The principal must also have the [relevant IAM permissions](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html) .
> - If you delete an organization, you can't recover it. If you created any policies inside of the organization, they're also deleted and you can't recover them. > - You can delete an organization only after you remove all member accounts from the organization. If you created some of your member accounts using AWS Organizations , you might be blocked from removing those accounts. You can remove a member account only if it has all the information that's required to operate as a standalone AWS account. For more information about how to provide that information and then remove the account, see [Leave an organization from your member account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_leave-as-member.html) in the *AWS Organizations User Guide* . > - If you closed a member account before you remove it from the organization, it enters a 'suspended' state for a period of time and you can't remove the account from the organization until it is finally closed. This can take up to 90 days and can prevent you from deleting the organization until all member accounts are completely closed. > > For more information, see [Deleting an organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_delete.html) in the *AWS Organizations User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganization := awscdk.Aws_organizations.NewCfnOrganization(this, jsii.String("MyCfnOrganization"), &CfnOrganizationProps{
FeatureSet: jsii.String("featureSet"),
})
func NewCfnOrganization ¶ added in v2.86.0
func NewCfnOrganization(scope constructs.Construct, id *string, props *CfnOrganizationProps) CfnOrganization
type CfnOrganizationProps ¶ added in v2.86.0
type CfnOrganizationProps struct {
// Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.
//
// - `ALL` In addition to all the features supported by the consolidated billing feature set, the management account gains access to advanced features that give you more control over accounts in your organization. By default or if you set the `FeatureSet` property to `ALL` , the new organization is created with all features enabled and service control policies automatically enabled in the [root](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#root) . For more information, see [All features](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) in the *AWS Organizations User Guide* .
// - `CONSOLIDATED_BILLING` All member accounts have their bills consolidated to and paid by the management account. For more information, see [Consolidated billing](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) in the *AWS Organizations User Guide* .
//
// The consolidated billing feature subset isn't available for organizations in the AWS GovCloud (US) Region.
//
// Feature set `ALL` provides the following advanced features:
//
// - Apply any [policy type](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types) to any member account in the organization.
// - Apply [service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) to member accounts that restrict the services and actions that users (including the root user) and roles in an account can access. Using SCPs you can prevent member accounts from leaving the organization.
// - Enable [integration with supported AWS services](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) to let those services provide functionality across all of the accounts in your organization.
//
// If you don't specify this property, the default value is `ALL` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-organization.html#cfn-organizations-organization-featureset
//
// Default: - "ALL".
//
FeatureSet *string `field:"optional" json:"featureSet" yaml:"featureSet"`
}
Properties for defining a `CfnOrganization`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationProps := &CfnOrganizationProps{
FeatureSet: jsii.String("featureSet"),
}
type CfnOrganizationalUnit ¶ added in v2.54.0
type CfnOrganizationalUnit interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// The Amazon Resource Name (ARN) of this OU.
//
// For example: `arn:aws:organizations::111111111111:ou/o-exampleorgid/ou-examplerootid111-exampleouid111` .
AttrArn() *string
// The unique identifier (ID) associated with this OU.
//
// For example: `ou-examplerootid111-exampleouid111` .
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The friendly name of this OU.
Name() *string
SetName(val *string)
// The tree node.
Node() constructs.Node
// The unique identifier (ID) of the parent root or OU that you want to create the new OU in.
ParentId() *string
SetParentId(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// A list of tags that you want to attach to the newly created OU.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates an organizational unit (OU) within a root or parent OU.
An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see [Managing organizational units (OUs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) in the *AWS Organizations User Guide* .
If the request includes tags, then the requester must have the `organizations:TagResource` permission.
This operation can be called only from the organization's management account.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationalUnit := awscdk.Aws_organizations.NewCfnOrganizationalUnit(this, jsii.String("MyCfnOrganizationalUnit"), &CfnOrganizationalUnitProps{
Name: jsii.String("name"),
ParentId: jsii.String("parentId"),
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnOrganizationalUnit ¶ added in v2.54.0
func NewCfnOrganizationalUnit(scope constructs.Construct, id *string, props *CfnOrganizationalUnitProps) CfnOrganizationalUnit
type CfnOrganizationalUnitProps ¶ added in v2.54.0
type CfnOrganizationalUnitProps struct {
// The friendly name of this OU.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) that is used to validate this parameter is a string of any of the characters in the ASCII character range.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-organizationalunit.html#cfn-organizations-organizationalunit-name
//
Name *string `field:"required" json:"name" yaml:"name"`
// The unique identifier (ID) of the parent root or OU that you want to create the new OU in.
//
// > To update the `ParentId` parameter value, you must first remove all accounts attached to the organizational unit (OU). OUs can't be moved within the organization with accounts still attached.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) for a parent ID string requires one of the following:
//
// - *Root* - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
// - *Organizational unit (OU)* - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-organizationalunit.html#cfn-organizations-organizationalunit-parentid
//
ParentId *string `field:"required" json:"parentId" yaml:"parentId"`
// A list of tags that you want to attach to the newly created OU.
//
// For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to `null` . For more information about tagging, see [Tagging AWS Organizations resources](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) in the AWS Organizations User Guide.
//
// > If any one of the tags is not valid or if you exceed the allowed number of tags for an OU, then the entire request fails and the OU is not created.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-organizationalunit.html#cfn-organizations-organizationalunit-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnOrganizationalUnit`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationalUnitProps := &CfnOrganizationalUnitProps{
Name: jsii.String("name"),
ParentId: jsii.String("parentId"),
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnPolicy ¶
type CfnPolicy interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// Returns the Amazon Resource Name (ARN) of the policy.
//
// For example: `arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111` .
AttrArn() *string
// Returns a boolean value that indicates whether the specified policy is an AWS managed policy.
//
// If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it. For example: `true | false` .
AttrAwsManaged() awscdk.IResolvable
// Returns the unique identifier (ID) of the policy.
//
// For example: `p-examplepolicyid111` .
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// The policy text content.
//
// You can specify the policy content as a JSON object or a JSON string.
Content() interface{}
SetContent(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Human readable description of the policy.
Description() *string
SetDescription(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// Name of the policy.
Name() *string
SetName(val *string)
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// A list of tags that you want to attach to the newly created policy.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
TargetIds() *[]*string
SetTargetIds(val *[]*string)
// The type of policy to create.
Type() *string
SetType(val *string)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account .
For more information about policies and their use, see [Managing AWS Organizations policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html) .
If the request includes tags, then the requester must have the `organizations:TagResource` permission.
This operation can be called only from the organization's management account.
> Before you can create a policy of a given type, you must first [enable that policy type](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html) in your organization.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var content interface{}
cfnPolicy := awscdk.Aws_organizations.NewCfnPolicy(this, jsii.String("MyCfnPolicy"), &CfnPolicyProps{
Content: content,
Name: jsii.String("name"),
Type: jsii.String("type"),
// the properties below are optional
Description: jsii.String("description"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
TargetIds: []*string{
jsii.String("targetIds"),
},
})
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html
func NewCfnPolicy ¶
func NewCfnPolicy(scope constructs.Construct, id *string, props *CfnPolicyProps) CfnPolicy
type CfnPolicyProps ¶
type CfnPolicyProps struct {
// The policy text content. You can specify the policy content as a JSON object or a JSON string.
//
// > When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.
//
// The text that you supply must adhere to the rules of the policy type you specify in the `Type` parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:
//
// - Service control policies: 5,120 characters
// - AI services opt-out policies: 2,500 characters
// - Backup policies: 10,000 characters
// - Tag policies: 10,000 characters
//
// For more information about Organizations service quotas, see [Quotas for AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) in the *AWS Organizations User Guide* .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-content
//
Content interface{} `field:"required" json:"content" yaml:"content"`
// Name of the policy.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) that is used to validate this parameter is a string of any of the characters in the ASCII character range.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-name
//
Name *string `field:"required" json:"name" yaml:"name"`
// The type of policy to create.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-type
//
Type *string `field:"required" json:"type" yaml:"type"`
// Human readable description of the policy.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// A list of tags that you want to attach to the newly created policy.
//
// For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to `null` . For more information about tagging, see [Tagging AWS Organizations resources](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) in the AWS Organizations User Guide.
//
// > If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
// List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
//
// You can get the ID by calling the [ListRoots](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListRoots.html) , [ListOrganizationalUnitsForParent](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOrganizationalUnitsForParent.html) , or [ListAccounts](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccounts.html) operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.
//
// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) for a target ID string requires one of the following:
//
// - *Root* - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
// - *Account* - A string that consists of exactly 12 digits.
// - *Organizational unit (OU)* - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html#cfn-organizations-policy-targetids
//
TargetIds *[]*string `field:"optional" json:"targetIds" yaml:"targetIds"`
}
Properties for defining a `CfnPolicy`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var content interface{}
cfnPolicyProps := &CfnPolicyProps{
Content: content,
Name: jsii.String("name"),
Type: jsii.String("type"),
// the properties below are optional
Description: jsii.String("description"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
TargetIds: []*string{
jsii.String("targetIds"),
},
}
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html
type CfnResourcePolicy ¶ added in v2.70.0
type CfnResourcePolicy interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// Returns the Amazon Resource Name (ARN) of the policy.
//
// For example: `arn:aws:organizations::111111111111:resourcepolicy/o-exampleorgid/rp-examplepolicyid111` .
AttrArn() *string
// Returns the unique identifier (ID) of the resource policy.
//
// For example: `rp-examplepolicyid111` .
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// The policy text of the organization resource policy.
Content() interface{}
SetContent(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// A list of tags that you want to attach to the newly created resource policy.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates or updates a resource-based delegation policy that can be used to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account.
For more information about delegated policy management, see [Delegated administrator for AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_delegate_policies.html) in the *AWS Organizations User Guide* .
You can only call this operation from the organization's management account.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var content interface{}
cfnResourcePolicy := awscdk.Aws_organizations.NewCfnResourcePolicy(this, jsii.String("MyCfnResourcePolicy"), &CfnResourcePolicyProps{
Content: content,
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnResourcePolicy ¶ added in v2.70.0
func NewCfnResourcePolicy(scope constructs.Construct, id *string, props *CfnResourcePolicyProps) CfnResourcePolicy
type CfnResourcePolicyProps ¶ added in v2.70.0
type CfnResourcePolicyProps struct {
// The policy text of the organization resource policy.
//
// You can specify the resource policy content as a JSON object or a JSON string.
//
// > When you specify the resource policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the resource policy content as a JSON object instead.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-resourcepolicy.html#cfn-organizations-resourcepolicy-content
//
Content interface{} `field:"required" json:"content" yaml:"content"`
// A list of tags that you want to attach to the newly created resource policy.
//
// For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to `null` . For more information about tagging, see [Tagging AWS Organizations resources](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) in the *AWS Organizations User Guide* .
//
// > If any one of the tags is not valid or if you exceed the allowed number of tags for the resource policy, then the entire request fails and the resource policy is not created.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-resourcepolicy.html#cfn-organizations-resourcepolicy-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnResourcePolicy`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var content interface{}
cfnResourcePolicyProps := &CfnResourcePolicyProps{
Content: content,
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
Source Files
¶
- CfnAccount.go
- CfnAccountProps.go
- CfnAccount__checks.go
- CfnOrganization.go
- CfnOrganizationProps.go
- CfnOrganization__checks.go
- CfnOrganizationalUnit.go
- CfnOrganizationalUnitProps.go
- CfnOrganizationalUnit__checks.go
- CfnPolicy.go
- CfnPolicyProps.go
- CfnPolicy__checks.go
- CfnResourcePolicy.go
- CfnResourcePolicyProps.go
- CfnResourcePolicy__checks.go
- main.go
Directories