Skip to content

Latest commit

 

History

History
3162 lines (1857 loc) · 116 KB

API.md

File metadata and controls

3162 lines (1857 loc) · 116 KB
Raw

API Reference

Constructs

Account

Creates or imports an AWS account that is automatically a member of the organization whose credentials made the request.

AWS Organizations automatically copies the information from the management account to the new member account

Initializers 

import { Account } from '@pepperize/cdk-organizations'

new Account(scope: Construct, id: string, props: AccountProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props AccountProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
attachPolicy Attach a policy.
delegateAdministrator Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
toString 
public toString(): string

Returns a string representation of this construct.

attachPolicy 
public attachPolicy(policy: IPolicy): void

Attach a policy.

Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html

policyRequired
delegateAdministrator 
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void

Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.

servicePrincipalRequired
  • Type: string

The supported AWS service that you specify.

regionOptional
  • Type: string

The region to delegate in.

propsOptional
  • Type: {[ key: string ]: any}

additional DelegatedAdministrator props.

identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { Account } from '@pepperize/cdk-organizations'

Account.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
accountArn string The Amazon Resource Name (ARN) of the account.
accountId string If the account was created successfully, the unique identifier (ID) of the new account.
accountName string The friendly name of the account.
email string The email address of the owner to assign to the new member account.
tags aws-cdk-lib.TagManager TagManager to set, remove and format tags.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

accountArnRequired 
public readonly accountArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the account.

accountIdRequired 
public readonly accountId: string;
  • Type: string

If the account was created successfully, the unique identifier (ID) of the new account.

Exactly 12 digits.

accountNameRequired 
public readonly accountName: string;
  • Type: string

The friendly name of the account.

emailRequired 
public readonly email: string;
  • Type: string

The email address of the owner to assign to the new member account.

This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.

tagsRequired 
public readonly tags: TagManager;
  • Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

DelegatedAdministrator

Enables the specified member account to administer the Organizations features of the specified AWS service.

It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the AWS Organizations User Guide.

https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html

Initializers 

import { DelegatedAdministrator } from '@pepperize/cdk-organizations'

new DelegatedAdministrator(scope: Construct, id: string, props: DelegatedAdministratorProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props DelegatedAdministratorProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { DelegatedAdministrator } from '@pepperize/cdk-organizations'

DelegatedAdministrator.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

EnableAwsServiceAccess

Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations.

When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.

This operation can be called only from the organization's management account and only if the organization has enabled all features.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms

Initializers 

import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'

new EnableAwsServiceAccess(scope: Construct, id: string, props: EnableAwsServiceAccessProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props EnableAwsServiceAccessProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'

EnableAwsServiceAccess.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

EnablePolicyType

Enables and disables Enables a policy type in a root.

After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html

Initializers 

import { EnablePolicyType } from '@pepperize/cdk-organizations'

new EnablePolicyType(scope: Construct, id: string, props: EnablePolicyTypeProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props EnablePolicyTypeProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { EnablePolicyType } from '@pepperize/cdk-organizations'

EnablePolicyType.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

Organization

Initializers 

import { Organization } from '@pepperize/cdk-organizations'

new Organization(scope: Construct, id: string, props?: OrganizationProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props OrganizationProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional

Methods

Name Description
toString Returns a string representation of this construct.
attachPolicy Attach a policy.
enableAwsServiceAccess Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf.
enablePolicyType Enables policy types in the following two broad categories: Authorization policies and Management policies.
toString 
public toString(): string

Returns a string representation of this construct.

attachPolicy 
public attachPolicy(policy: IPolicy): void

Attach a policy.

Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html

policyRequired
enableAwsServiceAccess 
public enableAwsServiceAccess(servicePrincipal: string): void

Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html

servicePrincipalRequired
  • Type: string

The supported AWS service that you specify.

enablePolicyType 
public enablePolicyType(policyType: PolicyType): void

Enables policy types in the following two broad categories: Authorization policies and Management policies.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types

policyTypeRequired

: the type of the policy that you specify.

Static Functions

Name Description
isConstruct Checks if x is a construct.
of Describe the organization that the current account belongs to.
isConstruct 
import { Organization } from '@pepperize/cdk-organizations'

Organization.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

of 
import { Organization } from '@pepperize/cdk-organizations'

Organization.of(scope: Construct, id: string)

Describe the organization that the current account belongs to.

https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html

scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string

Properties

Name Type Description
node constructs.Node The tree node.
featureSet FeatureSet Specifies the functionality that currently is available to the organization.
managementAccountArn string The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
managementAccountEmail string The email address that is associated with the AWS account that is designated as the management account for the organization.
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationArn string The Amazon Resource Name (ARN) of an organization.
organizationId string The unique identifier (ID) of an organization.
principal aws-cdk-lib.aws_iam.IPrincipal The principal that represents this AWS Organization.
root Root The root of the current organization, which is automatically created.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

featureSetRequired 
public readonly featureSet: FeatureSet;

Specifies the functionality that currently is available to the organization.

If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.

managementAccountArnRequired 
public readonly managementAccountArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

managementAccountEmailRequired 
public readonly managementAccountEmail: string;
  • Type: string

The email address that is associated with the AWS account that is designated as the management account for the organization.

managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationArnRequired 
public readonly organizationArn: string;
  • Type: string

The Amazon Resource Name (ARN) of an organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of an organization.

The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.

principalRequired 
public readonly principal: IPrincipal;
  • Type: aws-cdk-lib.aws_iam.IPrincipal

The principal that represents this AWS Organization.

rootRequired 
public readonly root: Root;

The root of the current organization, which is automatically created.

OrganizationalUnit

Initializers 

import { OrganizationalUnit } from '@pepperize/cdk-organizations'

new OrganizationalUnit(scope: Construct, id: string, props: OrganizationalUnitProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props OrganizationalUnitProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
attachPolicy Attach a policy.
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
toString 
public toString(): string

Returns a string representation of this construct.

attachPolicy 
public attachPolicy(policy: IPolicy): void

Attach a policy.

Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html

policyRequired
identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { OrganizationalUnit } from '@pepperize/cdk-organizations'

OrganizationalUnit.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
organizationalUnitArn string The Amazon Resource Name (ARN) of this OU.
organizationalUnitId string The unique identifier (ID) associated with this OU.
organizationalUnitName string The friendly name of this OU.
tags aws-cdk-lib.TagManager TagManager to set, remove and format tags.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

organizationalUnitArnRequired 
public readonly organizationalUnitArn: string;
  • Type: string

The Amazon Resource Name (ARN) of this OU.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

organizationalUnitIdRequired 
public readonly organizationalUnitId: string;
  • Type: string

The unique identifier (ID) associated with this OU.

The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

organizationalUnitNameRequired 
public readonly organizationalUnitName: string;
  • Type: string

The friendly name of this OU.

tagsRequired 
public readonly tags: TagManager;
  • Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

Parent

Initializers 

import { Parent } from '@pepperize/cdk-organizations'

new Parent(scope: Construct, id: string, props: ParentProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props ParentProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
toString 
public toString(): string

Returns a string representation of this construct.

identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

Static Functions

Name Description
isConstruct Checks if x is a construct.
fromChildId No description.
isConstruct 
import { Parent } from '@pepperize/cdk-organizations'

Parent.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

fromChildId 
import { Parent } from '@pepperize/cdk-organizations'

Parent.fromChildId(scope: Construct, id: string, childId: string)
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
childIdRequired
  • Type: string

Properties

Name Type Description
node constructs.Node The tree node.
parentId string No description.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

parentIdRequired 
public readonly parentId: string;
  • Type: string

ParentBase

Initializers 

import { ParentBase } from '@pepperize/cdk-organizations'

new ParentBase(scope: Construct, id: string, props: ParentBaseProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props ParentBaseProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
toString 
public toString(): string

Returns a string representation of this construct.

identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { ParentBase } from '@pepperize/cdk-organizations'

ParentBase.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
parentId string No description.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

parentIdRequired 
public readonly parentId: string;
  • Type: string

Policy

Initializers 

import { Policy } from '@pepperize/cdk-organizations'

new Policy(scope: Construct, id: string, props: PolicyProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props PolicyProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
identifier No description.
toString 
public toString(): string

Returns a string representation of this construct.

identifier 
public identifier(): string

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { Policy } from '@pepperize/cdk-organizations'

Policy.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
policyId string The unique identifier (ID) of the policy.
tags aws-cdk-lib.TagManager TagManager to set, remove and format tags.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

policyIdRequired 
public readonly policyId: string;
  • Type: string

The unique identifier (ID) of the policy.

The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

tagsRequired 
public readonly tags: TagManager;
  • Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

PolicyAttachment

Attaches a policy to a root, an organizational unit (OU), or an individual account.

How the policy affects accounts depends on the type of policy. Refer to the AWS Organizations User Guide for information about each policy type:

Initializers 

import { PolicyAttachment } from '@pepperize/cdk-organizations'

new PolicyAttachment(scope: Construct, id: string, props: PolicyAttachmentProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props PolicyAttachmentProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { PolicyAttachment } from '@pepperize/cdk-organizations'

PolicyAttachment.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

Root

The parent container for all the accounts for your organization.

If you apply a policy to the root, it applies to all organizational units (OUs) and accounts in the organization. Currently, you can have only one root. AWS Organizations automatically creates it for you when you create an organization.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html

Initializers 

import { Root } from '@pepperize/cdk-organizations'

new Root(scope: Construct, id: string)
Name Type Description
scope constructs.Construct No description.
id string No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string

Methods

Name Description
toString Returns a string representation of this construct.
attachPolicy Attach a policy.
enablePolicyType Enables and disables Enables a policy type.
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
toString 
public toString(): string

Returns a string representation of this construct.

attachPolicy 
public attachPolicy(policy: IPolicy): void

Attach a policy.

Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html

policyRequired
enablePolicyType 
public enablePolicyType(policyType: PolicyType): void

Enables and disables Enables a policy type.

After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html

policyTypeRequired
identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { Root } from '@pepperize/cdk-organizations'

Root.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
rootId string The unique identifier (ID) for the root.
tags aws-cdk-lib.TagManager TagManager to set, remove and format tags.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

rootIdRequired 
public readonly rootId: string;
  • Type: string

The unique identifier (ID) for the root.

The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lowercase letters or digits.

tagsRequired 
public readonly tags: TagManager;
  • Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

TagResource

Add tags to an AWS Organizations resource to make it easier to identify, organize, and search.

https://docs.aws.amazon.com/ARG/latest/APIReference/API_Tag.html

Initializers 

import { TagResource } from '@pepperize/cdk-organizations'

new TagResource(scope: Construct, id: string, props: TagResourceProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props TagResourceProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { TagResource } from '@pepperize/cdk-organizations'

TagResource.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

Structs

AccountProps

Initializer 

import { AccountProps } from '@pepperize/cdk-organizations'

const accountProps: AccountProps = { ... }

Properties

Name Type Description
accountName string The friendly name of the member account.
email string The email address of the owner to assign to the new member account.
iamUserAccessToBilling IamUserAccessToBilling If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions.
importOnDuplicate boolean Whether to import, if a duplicate account with same name and email already exists.
parent IParent The parent root or OU that you want to create the new Account in.
removalPolicy aws-cdk-lib.RemovalPolicy If set to RemovalPolicy.DESTROY, the account will be moved to the root.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
accountNameRequired 
public readonly accountName: string;
  • Type: string

The friendly name of the member account.

emailRequired 
public readonly email: string;
  • Type: string

The email address of the owner to assign to the new member account.

This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.

iamUserAccessToBillingOptional 
public readonly iamUserAccessToBilling: IamUserAccessToBilling;

If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions.

If set to DENY , only the root user of the new account can access account billing information.

importOnDuplicateOptional 
public readonly importOnDuplicate: boolean;
  • Type: boolean
  • Default: true

Whether to import, if a duplicate account with same name and email already exists.

parentOptional 
public readonly parent: IParent;

The parent root or OU that you want to create the new Account in.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;
  • Type: aws-cdk-lib.RemovalPolicy
  • Default: RemovalPolicy.Retain

If set to RemovalPolicy.DESTROY, the account will be moved to the root.

roleNameOptional 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.

If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.

DelegatedAdministratorProps

Initializer 

import { DelegatedAdministratorProps } from '@pepperize/cdk-organizations'

const delegatedAdministratorProps: DelegatedAdministratorProps = { ... }

Properties

Name Type Description
account IAccount The member account in the organization to register as a delegated administrator.
servicePrincipal string The service principal of the AWS service for which you want to make the member account a delegated administrator.
region string The region to delegate the administrator in.
removalPolicy aws-cdk-lib.RemovalPolicy If set to RemovalPolicy.RETAIN, the delegation will not be removed.
accountRequired 
public readonly account: IAccount;

The member account in the organization to register as a delegated administrator.

servicePrincipalRequired 
public readonly servicePrincipal: string;
  • Type: string

The service principal of the AWS service for which you want to make the member account a delegated administrator.

regionOptional 
public readonly region: string;
  • Type: string

The region to delegate the administrator in.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;
  • Type: aws-cdk-lib.RemovalPolicy
  • Default: RemovalPolicy.DESTROY

If set to RemovalPolicy.RETAIN, the delegation will not be removed.

EnableAwsServiceAccessProps

Initializer 

import { EnableAwsServiceAccessProps } from '@pepperize/cdk-organizations'

const enableAwsServiceAccessProps: EnableAwsServiceAccessProps = { ... }

Properties

Name Type Description
servicePrincipal string The service principal name of the AWS service for which you want to enable integration with your organization.
servicePrincipalRequired 
public readonly servicePrincipal: string;
  • Type: string

The service principal name of the AWS service for which you want to enable integration with your organization.

This is typically in the form of a URL, such as service-abbreviation.amazonaws.com.

EnablePolicyTypeProps

Initializer 

import { EnablePolicyTypeProps } from '@pepperize/cdk-organizations'

const enablePolicyTypeProps: EnablePolicyTypeProps = { ... }

Properties

Name Type Description
policyType PolicyType No description.
root Root No description.
policyTypeRequired 
public readonly policyType: PolicyType;
rootRequired 
public readonly root: Root;

OrganizationalUnitProps

Initializer 

import { OrganizationalUnitProps } from '@pepperize/cdk-organizations'

const organizationalUnitProps: OrganizationalUnitProps = { ... }

Properties

Name Type Description
organizationalUnitName string The friendly name to assign to the new OU.
parent IParent The parent root or OU that you want to create the new OrganizationalUnit in.
importOnDuplicate boolean Whether to import, if a duplicate organizational unit with same name exists in the parent exists.
removalPolicy aws-cdk-lib.RemovalPolicy If set to RemovalPolicy.DESTROY, the organizational unit will be deleted.
organizationalUnitNameRequired 
public readonly organizationalUnitName: string;
  • Type: string

The friendly name to assign to the new OU.

parentRequired 
public readonly parent: IParent;

The parent root or OU that you want to create the new OrganizationalUnit in.

importOnDuplicateOptional 
public readonly importOnDuplicate: boolean;
  • Type: boolean
  • Default: true

Whether to import, if a duplicate organizational unit with same name exists in the parent exists.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;
  • Type: aws-cdk-lib.RemovalPolicy
  • Default: RemovalPolicy.Retain

If set to RemovalPolicy.DESTROY, the organizational unit will be deleted.

OrganizationProps

Initializer 

import { OrganizationProps } from '@pepperize/cdk-organizations'

const organizationProps: OrganizationProps = { ... }

Properties

Name Type Description
featureSet FeatureSet Enabling features in your organization.
featureSetOptional 
public readonly featureSet: FeatureSet;

Enabling features in your organization.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html

ParentBaseProps

Initializer 

import { ParentBaseProps } from '@pepperize/cdk-organizations'

const parentBaseProps: ParentBaseProps = { ... }

Properties

Name Type Description
childId string No description.
childIdRequired 
public readonly childId: string;
  • Type: string

ParentProps

Initializer 

import { ParentProps } from '@pepperize/cdk-organizations'

const parentProps: ParentProps = { ... }

Properties

Name Type Description
child IChild No description.
childRequired 
public readonly child: IChild;

PolicyAttachmentProps

Initializer 

import { PolicyAttachmentProps } from '@pepperize/cdk-organizations'

const policyAttachmentProps: PolicyAttachmentProps = { ... }

Properties

Name Type Description
policy IPolicy The policy that you want to attach to the target.
target IPolicyAttachmentTarget The root, OU, or account that you want to attach the policy to.
policyRequired 
public readonly policy: IPolicy;

The policy that you want to attach to the target.

targetRequired 
public readonly target: IPolicyAttachmentTarget;

The root, OU, or account that you want to attach the policy to.

PolicyProps

Initializer 

import { PolicyProps } from '@pepperize/cdk-organizations'

const policyProps: PolicyProps = { ... }

Properties

Name Type Description
content string The policy text content to add to the new policy.
policyName string The friendly name to assign to the policy.
policyType PolicyType The type of policy to create.
description string An optional description to assign to the policy.
contentRequired 
public readonly content: string;
  • Type: string

The policy text content to add to the new policy.

The text that you supply must adhere to the rules of the policy type you specify in the Type parameter.

policyNameRequired 
public readonly policyName: string;
  • Type: string

The friendly name to assign to the policy.

policyTypeRequired 
public readonly policyType: PolicyType;

The type of policy to create.

You can specify one of the following values:

descriptionOptional 
public readonly description: string;
  • Type: string

An optional description to assign to the policy.

TagResourceProps

Initializer 

import { TagResourceProps } from '@pepperize/cdk-organizations'

const tagResourceProps: TagResourceProps = { ... }

Properties

Name Type Description
resourceId string No description.
tags aws-cdk-lib.IResolvable No description.
resourceIdRequired 
public readonly resourceId: string;
  • Type: string
tagsRequired 
public readonly tags: IResolvable;
  • Type: aws-cdk-lib.IResolvable

Classes

DependencyChain

  • Implements: aws-cdk-lib.IAspect

Aspect to create dependency chain of organization resource that needs to be deployed sequentially.

Initializers 

import { DependencyChain } from '@pepperize/cdk-organizations'

new DependencyChain()
Name Type Description

Methods

Name Description
visit All aspects can visit an IConstruct.
visit 
public visit(current: IConstruct): void

All aspects can visit an IConstruct.

currentRequired
  • Type: constructs.IConstruct

Validators

Initializers 

import { Validators } from '@pepperize/cdk-organizations'

new Validators()
Name Type Description

Methods

Name Description
accountId No description.
accountName No description.
email No description.
organizationalUnitName No description.
policyContent No description.
servicePrincipal No description.
accountId 
public accountId(id: string): boolean
idRequired
  • Type: string
accountName 
public accountName(name: string): boolean
nameRequired
  • Type: string
email 
public email(email: string): boolean
emailRequired
  • Type: string
organizationalUnitName 
public organizationalUnitName(name: string): boolean
nameRequired
  • Type: string
policyContent 
public policyContent(content: string): boolean
contentRequired
  • Type: string
servicePrincipal 
public servicePrincipal(servicePrincipal: string): boolean
servicePrincipalRequired
  • Type: string

Static Functions

Name Description
of No description.
of 
import { Validators } from '@pepperize/cdk-organizations'

Validators.of()

Protocols

IAccount

Methods

Name Description
delegateAdministrator Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.
delegateAdministrator 
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void

Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.

servicePrincipalRequired
  • Type: string

The supported AWS service that you specify.

regionOptional
  • Type: string

The region to delegate in.

propsOptional
  • Type: {[ key: string ]: any}

additional DelegatedAdministrator props.

Properties

Name Type Description
node constructs.Node The tree node.
accountArn string The Amazon Resource Name (ARN) of the account.
accountId string If the account was created successfully, the unique identifier (ID) of the new account.
accountName string The friendly name of the account.
email string The email address of the owner to assign to the new member account.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

accountArnRequired 
public readonly accountArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the account.

accountIdRequired 
public readonly accountId: string;
  • Type: string

If the account was created successfully, the unique identifier (ID) of the new account.

Exactly 12 digits.

accountNameRequired 
public readonly accountName: string;
  • Type: string

The friendly name of the account.

emailRequired 
public readonly email: string;
  • Type: string

The email address of the owner to assign to the new member account.

This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.

IChild

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

IOrganization

Creates an organization to consolidate your AWS accounts so that you can administer them as a single unit.

An organization has one management account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. Each account can be directly in the root, or placed in one of the OUs in the hierarchy. An organization has the functionality that is determined by the feature set that you enable.

The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.

For deletion of an organization you must previously remove all the member accounts, OUs, and policies from the organization!

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org

Properties

Name Type Description
node constructs.Node The tree node.
featureSet FeatureSet Specifies the functionality that currently is available to the organization.
managementAccountArn string The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
managementAccountEmail string The email address that is associated with the AWS account that is designated as the management account for the organization.
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationArn string The Amazon Resource Name (ARN) of an organization.
organizationId string The unique identifier (ID) of an organization.
principal aws-cdk-lib.aws_iam.IPrincipal The principal that represents this AWS Organization.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

featureSetRequired 
public readonly featureSet: FeatureSet;

Specifies the functionality that currently is available to the organization.

If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.

managementAccountArnRequired 
public readonly managementAccountArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

managementAccountEmailRequired 
public readonly managementAccountEmail: string;
  • Type: string

The email address that is associated with the AWS account that is designated as the management account for the organization.

managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationArnRequired 
public readonly organizationArn: string;
  • Type: string

The Amazon Resource Name (ARN) of an organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of an organization.

The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.

principalRequired 
public readonly principal: IPrincipal;
  • Type: aws-cdk-lib.aws_iam.IPrincipal

The principal that represents this AWS Organization.

IOrganizationalUnit

A container for accounts within a root.

An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree. When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it. An OU can have exactly one parent, and currently each account can be a member of exactly one OU.

You must first move all accounts out of the OU and any child OUs, and then you can delete the child OUs.

Properties

Name Type Description
node constructs.Node The tree node.
organizationalUnitArn string The Amazon Resource Name (ARN) of this OU.
organizationalUnitId string The unique identifier (ID) associated with this OU.
organizationalUnitName string The friendly name of this OU.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

organizationalUnitArnRequired 
public readonly organizationalUnitArn: string;
  • Type: string

The Amazon Resource Name (ARN) of this OU.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

organizationalUnitIdRequired 
public readonly organizationalUnitId: string;
  • Type: string

The unique identifier (ID) associated with this OU.

The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

organizationalUnitNameRequired 
public readonly organizationalUnitName: string;
  • Type: string

The friendly name of this OU.

IParent

Properties

Name Type Description
node constructs.Node The tree node.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

IPolicy

Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization.

You can use policies when all features are enabled in your organization.

Before you can create and attach a policy to your organization, you must enable that policy type for use.

FeatureSet

Properties

Name Type Description
node constructs.Node The tree node.
policyId string The unique identifier (ID) of the policy.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

policyIdRequired 
public readonly policyId: string;
  • Type: string

The unique identifier (ID) of the policy.

The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

IPolicyAttachmentTarget

IResource

Interface for an AWS Organizations resource.

Methods

Name Description
identifier The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
identifier 
public identifier(): string

The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.

ITaggableResource

Properties

Name Type Description
tags aws-cdk-lib.TagManager TagManager to set, remove and format tags.
tagsRequired 
public readonly tags: TagManager;
  • Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

Enums

FeatureSet

Specifies the feature set supported by the new organization.

Each feature set supports different levels of functionality.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set

Members

Name Description
CONSOLIDATED_BILLING All member accounts have their bills consolidated to and paid by the management account.
ALL In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization.
CONSOLIDATED_BILLING

All member accounts have their bills consolidated to and paid by the management account.

For more information, see Consolidated billing in the AWS Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the AWS GovCloud (US) Region.

ALL

In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization.

For more information, see All features in the AWS Organizations User Guide.

IamUserAccessToBilling

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate

Members

Name Description
ALLOW If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions.
DENY If set to DENY, only the root user of the new account can access account billing information.
ALLOW

If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions.

DENY

If set to DENY, only the root user of the new account can access account billing information.

PolicyType

Organizations offers policy types in the following two broad categories:

  1. Authorization policies help you to centrally manage the security of the AWS accounts in your organization.
  2. Management policies enable you to centrally configure and manage AWS services and their features.
.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types

Members

Name Description
SERVICE_CONTROL_POLICY Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.
TAG_POLICY Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts.
BACKUP_POLICY Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts.
AISERVICES_OPT_OUT_POLICY Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts.
SERVICE_CONTROL_POLICY

Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.

TAG_POLICY

Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts.

BACKUP_POLICY

Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts.

AISERVICES_OPT_OUT_POLICY

Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts.