account#
State module for managing Amazon Organizations Accounts.
- async idem_aws.states.aws.organizations.account.present(hub, ctx, name: str, email: str, role_name: str = None, iam_user_access_to_billing: str = 'ALLOW', resource_id: str = None, parent_id: str = None, tags: List[Dict[str, Any]] = None) Dict[str, Any][source]#
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
- Parameters:
name (str) – The name of the member account.
email (str) – The email address of the owner to assign to the new member account. This email address must not already be associated with another Amazon Web Services account. You must use a valid email address to complete account creation.
role_name (str, Optional) – The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account. If you don’t specify this parameter, the role name defaults to
OrganizationAccountAccessRole.iam_user_access_to_billing (str, Optional) – If set to
ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set toDENY, only the root user of the new account can access account billing information. If you don’t specify this parameter, the value defaults toALLOW.resource_id (str, Optional) – The ID of the member account in Amazon Web Services.
parent_id (str, Optional) – Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID.
tags (dict or list, Optional) –
Dict in the format of
{tag-key: tag-value}or List of tags in the format of[{"Key": tag-key, "Value": tag-value}]to associate with the member account.- Key (str):
The key identifier, or name, of the tag.
- Value (str):
The string value that’s associated with the key of the tag.
- Request Syntax:
[idem_test_aws_organizations_account]: aws.organizations.account.present: - name: 'string' - resource_id: 'string' - email: 'string' - role_name: 'string' - iam_user_access_to_billing: 'ALLOW|DENY' - parent_id: 'string' - tags: - Key: 'string' Value: 'string
- Returns:
Dict[str, Any]
Examples
idem_test_aws_organizations_account: aws.organizations.account.present: - name: 'idem_test_account' - email: 'xyz@email.com' - role_name: 'idem_test_role' - iam_user_access_to_billing: 'ALLOW' - parent_id: 'o-parent-id' - tags: - Key: 'provider' Value: 'idem'
- async idem_aws.states.aws.organizations.account.absent(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#
Removes the specified account from the organization.
The removed account becomes a standalone account that isn’t a member of any organization. It’s no longer subject to any policies and is responsible for its own bill payments. The organization’s management account is no longer charged for any expenses accrued by the member account after it’s removed from the organization. This operation can be called only from the organization’s management account.
- Parameters:
- Request syntax:
[idem_test_aws_organizations_account]: aws.organizations.account.absent: - name: 'string' - resource_id: 'string'
- Returns:
Dict[str, Any]
Examples
idem_test_aws_organizations_account: aws.organizations.account.absent: - name: 'idem_test_account' - resource_id: '123456789012'
- async idem_aws.states.aws.organizations.account.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#
Describes AWS Organizations Accounts in a way that can be recreated/managed with the corresponding “present” function.
- Returns:
Dict[str, Dict[str, Any]
Examples
$ idem describe aws.organizations.account