policy#

State module for managing Amazon Organizations Policies.

async idem_aws.states.aws.organizations.policy.present(hub, ctx, name: str, resource_id: str = None, description: str = None, policy_type: str = None, content: str = None, tags: List[Dict[str, Any]] = None) Dict[str, Any][source]#

Creates Organization Policy.

Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account.

Parameters:

  • name (str) – The name of the policy.

  • resource_id (str, Optional) – The ID of the policy in Amazon Web Services.

  • description (str, Optional) – A description to assign to the policy.

  • policy_type (str, Optional) – The type of policy to create. Only supported values are SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY and AISERVICES_OPT_OUT_POLICY.

  • content (str, Optional) – The policy text content to add to the new policy. The text that you supply must adhere to the rules of the policy type.

  • tags (dict or list, Optional) –

    Dict in the format of {tag-key: tag-value} or List of tags in the format of [{“Key”: tag-key, “Value”: tag-value}] to associate with the policy.

    • Key (str, Optional): The key identifier, or name, of the tag.

    • Value (str, Optional): The string value that’s associated with the key of the tag.

Request syntax:
[idem_test_aws_organizations_policy]:
  aws.organizations.policy.present:
    - name: 'string'
    - resource_id: 'string'
    - description: 'string'
    - policy_type: 'SERVICE_CONTROL_POLICY|TAG_POLICY|BACKUP_POLICY|AISERVICES_OPT_OUT_POLICY'
    - content: 'string'
    - tags:
        'string': 'string'
Returns:

Dict[str, Any]

Examples

idem_test_aws_organizations_policy:
  aws.organizations.policy.present:
    - name: 'idem_test_policy'
    - description: 'Enables admins of attached accounts to delegate all S3 permissions'
    - policy_type: 'SERVICE_CONTROL_POLICY'
    - content:
        Version: '2012-10-17'
        Statement:
          - Sid: 'AllowAllS3Actions'
            Effect: 'Allow'
            Action: ['s3:*']
    - tags:
        provider: idem
async idem_aws.states.aws.organizations.policy.absent(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#

Deletes the specified policy from your organization.

Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts. This operation can be called only from the organization’s management account.

Parameters:

  • name (str) – The name of the policy.

  • resource_id (str, Optional) – The ID of the policy in Amazon Web Services.

Request syntax:
[idem_test_aws_organizations_policy]:
  aws.organizations.policy.absent:
    - name: 'string'
    - resource_id: 'string'
Returns:

Dict[str, Any]

Examples

idem_test_aws_organizations_policy:
  aws.organizations.policy.absent:
    - name: 'idem_test_policy'
    - resource_id: 'p-123456789012'
async idem_aws.states.aws.organizations.policy.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Gets information about the Organization Policy.

Describes AWS Organization Policies in a way that can be recreated/managed with the corresponding present function.

Returns:

Dict[str, Dict[str, Any]

Examples

$ idem describe aws.organizations.policy