Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.organizations.getOrganization
Explore with Pulumi AI
Get information about the organization that the user’s account belongs to
Example Usage
List all account IDs for the organization
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
export const accountIds = example.then(example => example.accounts.map(__item => __item.id));
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in example.accounts])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
ctx.Export("accountIds", pulumi.StringArray(%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:3,11-33)))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
return new Dictionary<string, object?>
{
["accountIds"] = example.Apply(getOrganizationResult => getOrganizationResult.Accounts).Select(__item => __item.Id).ToList(),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
ctx.export("accountIds", example.applyValue(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
}
}
Coming soon!
SNS topic that can be interacted by the organization only
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("sns_topic", {name: "my-sns-topic"});
const snsTopicPolicy = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: [
"SNS:Subscribe",
"SNS:Publish",
],
conditions: [{
test: "StringEquals",
variable: "aws:PrincipalOrgID",
values: [example.id],
}],
principals: [{
type: "AWS",
identifiers: ["*"],
}],
resources: [arn],
}],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("sns_topic_policy", {
arn: snsTopic.arn,
policy: snsTopicPolicy.apply(snsTopicPolicy => snsTopicPolicy.json),
});
import pulumi
import pulumi_aws as aws
example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("sns_topic", name="my-sns-topic")
sns_topic_policy = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[{
"effect": "Allow",
"actions": [
"SNS:Subscribe",
"SNS:Publish",
],
"conditions": [{
"test": "StringEquals",
"variable": "aws:PrincipalOrgID",
"values": [example.id],
}],
"principals": [{
"type": "AWS",
"identifiers": ["*"],
}],
"resources": [arn],
}]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("sns_topic_policy",
arn=sns_topic.arn,
policy=sns_topic_policy.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
snsTopic, err := sns.NewTopic(ctx, "sns_topic", &sns.TopicArgs{
Name: pulumi.String("my-sns-topic"),
})
if err != nil {
return err
}
snsTopicPolicy := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Actions: []string{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "aws:PrincipalOrgID",
Values: interface{}{
example.Id,
},
},
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"*",
},
},
},
Resources: interface{}{
arn,
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = sns.NewTopicPolicy(ctx, "sns_topic_policy", &sns.TopicPolicyArgs{
Arn: snsTopic.Arn,
Policy: pulumi.String(snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {
return &snsTopicPolicy.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Organizations.GetOrganization.Invoke();
var snsTopic = new Aws.Sns.Topic("sns_topic", new()
{
Name = "my-sns-topic",
});
var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "StringEquals",
Variable = "aws:PrincipalOrgID",
Values = new[]
{
example.Apply(getOrganizationResult => getOrganizationResult.Id),
},
},
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
"*",
},
},
},
Resources = new[]
{
snsTopic.Arn,
},
},
},
});
var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("sns_topic_policy", new()
{
Arn = snsTopic.Arn,
Policy = snsTopicPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.sns.TopicArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sns.TopicPolicy;
import com.pulumi.aws.sns.TopicPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OrganizationsFunctions.getOrganization();
var snsTopic = new Topic("snsTopic", TopicArgs.builder()
.name("my-sns-topic")
.build());
final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"SNS:Subscribe",
"SNS:Publish")
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:PrincipalOrgID")
.values(example.applyValue(getOrganizationResult -> getOrganizationResult.id()))
.build())
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers("*")
.build())
.resources(snsTopic.arn())
.build())
.build());
var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()
.arn(snsTopic.arn())
.policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(snsTopicPolicy -> snsTopicPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}
resources:
snsTopic:
type: aws:sns:Topic
name: sns_topic
properties:
name: my-sns-topic
snsTopicPolicyTopicPolicy:
type: aws:sns:TopicPolicy
name: sns_topic_policy
properties:
arn: ${snsTopic.arn}
policy: ${snsTopicPolicy.json}
variables:
example:
fn::invoke:
function: aws:organizations:getOrganization
arguments: {}
snsTopicPolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
actions:
- SNS:Subscribe
- SNS:Publish
conditions:
- test: StringEquals
variable: aws:PrincipalOrgID
values:
- ${example.id}
principals:
- type: AWS
identifiers:
- '*'
resources:
- ${snsTopic.arn}
Using getOrganization
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>
function getOrganizationOutput(opts?: InvokeOptions): Output<GetOrganizationResult>def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResult
def get_organization_output(opts: Optional[InvokeOptions] = None) -> Output[GetOrganizationResult]func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)
func LookupOrganizationOutput(ctx *Context, opts ...InvokeOption) LookupOrganizationResultOutput> Note: This function is named LookupOrganization in the Go SDK.
public static class GetOrganization
{
public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
public static Output<GetOrganizationResult> Invoke(InvokeOptions? opts = null)
}public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
public static Output<GetOrganizationResult> getOrganization(InvokeOptions options)
fn::invoke:
function: aws:organizations/getOrganization:getOrganization
arguments:
# arguments dictionarygetOrganization Result
The following output properties are available:
- Accounts
List<Get
Organization Account> - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - Arn string
- ARN of the root
- Aws
Service List<string>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - Enabled
Policy List<string>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - Feature
Set string - FeatureSet of the organization.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId - Unique identifier (ID) of the master account of an organization.
- Master
Account stringName - Name of the master account of an organization.
- Non
Master List<GetAccounts Organization Non Master Account> - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - Roots
List<Get
Organization Root> - List of organization roots. All elements have these attributes:
- Accounts
[]Get
Organization Account - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - Arn string
- ARN of the root
- Aws
Service []stringAccess Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - Enabled
Policy []stringTypes - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - Feature
Set string - FeatureSet of the organization.
- Id string
- The provider-assigned unique ID for this managed resource.
- Master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- Master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- Master
Account stringId - Unique identifier (ID) of the master account of an organization.
- Master
Account stringName - Name of the master account of an organization.
- Non
Master []GetAccounts Organization Non Master Account - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - Roots
[]Get
Organization Root - List of organization roots. All elements have these attributes:
- accounts
List<Get
Organization Account> - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn String
- ARN of the root
- aws
Service List<String>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy List<String>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set String - FeatureSet of the organization.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Account StringArn - ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId - Unique identifier (ID) of the master account of an organization.
- master
Account StringName - Name of the master account of an organization.
- non
Master List<GetAccounts Organization Non Master Account> - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
List<Get
Organization Root> - List of organization roots. All elements have these attributes:
- accounts
Get
Organization Account[] - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn string
- ARN of the root
- aws
Service string[]Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy string[]Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set string - FeatureSet of the organization.
- id string
- The provider-assigned unique ID for this managed resource.
- master
Account stringArn - ARN of the account that is designated as the master account for the organization.
- master
Account stringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account stringId - Unique identifier (ID) of the master account of an organization.
- master
Account stringName - Name of the master account of an organization.
- non
Master GetAccounts Organization Non Master Account[] - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
Get
Organization Root[] - List of organization roots. All elements have these attributes:
- accounts
Sequence[Get
Organization Account] - List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn str
- ARN of the root
- aws_
service_ Sequence[str]access_ principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled_
policy_ Sequence[str]types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature_
set str - FeatureSet of the organization.
- id str
- The provider-assigned unique ID for this managed resource.
- master_
account_ strarn - ARN of the account that is designated as the master account for the organization.
- master_
account_ stremail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master_
account_ strid - Unique identifier (ID) of the master account of an organization.
- master_
account_ strname - Name of the master account of an organization.
- non_
master_ Sequence[Getaccounts Organization Non Master Account] - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots
Sequence[Get
Organization Root] - List of organization roots. All elements have these attributes:
- accounts List<Property Map>
- List of organization accounts including the master account. For a list excluding the master account, see the
non_master_accountsattribute. All elements have these attributes: - arn String
- ARN of the root
- aws
Service List<String>Access Principals - A list of AWS service principal names that have integration enabled with your organization. Organization must have
feature_setset toALL. For additional information, see the AWS Organizations User Guide. - enabled
Policy List<String>Types - A list of Organizations policy types that are enabled in the Organization Root. Organization must have
feature_setset toALL. For additional information about valid policy types (e.g.,SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference. - feature
Set String - FeatureSet of the organization.
- id String
- The provider-assigned unique ID for this managed resource.
- master
Account StringArn - ARN of the account that is designated as the master account for the organization.
- master
Account StringEmail - The email address that is associated with the AWS account that is designated as the master account for the organization.
- master
Account StringId - Unique identifier (ID) of the master account of an organization.
- master
Account StringName - Name of the master account of an organization.
- non
Master List<Property Map>Accounts - List of organization accounts excluding the master account. For a list including the master account, see the
accountsattribute. All elements have these attributes: - roots List<Property Map>
- List of organization roots. All elements have these attributes:
Supporting Types
GetOrganizationAccount
GetOrganizationNonMasterAccount
GetOrganizationRoot
- Arn string
- ARN of the root
- Id string
- Identifier of the root
- Name string
- The name of the policy type
- Policy
Types List<GetOrganization Root Policy Type> - List of policy types enabled for this root. All elements have these attributes:
- Arn string
- ARN of the root
- Id string
- Identifier of the root
- Name string
- The name of the policy type
- Policy
Types []GetOrganization Root Policy Type - List of policy types enabled for this root. All elements have these attributes:
- arn String
- ARN of the root
- id String
- Identifier of the root
- name String
- The name of the policy type
- policy
Types List<GetOrganization Root Policy Type> - List of policy types enabled for this root. All elements have these attributes:
- arn string
- ARN of the root
- id string
- Identifier of the root
- name string
- The name of the policy type
- policy
Types GetOrganization Root Policy Type[] - List of policy types enabled for this root. All elements have these attributes:
- arn str
- ARN of the root
- id str
- Identifier of the root
- name str
- The name of the policy type
- policy_
types Sequence[GetOrganization Root Policy Type] - List of policy types enabled for this root. All elements have these attributes:
- arn String
- ARN of the root
- id String
- Identifier of the root
- name String
- The name of the policy type
- policy
Types List<Property Map> - List of policy types enabled for this root. All elements have these attributes:
GetOrganizationRootPolicyType
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.