CfnPolicyProps
- class aws_cdk.aws_organizations.CfnPolicyProps(*, content, name, type, description=None, tags=None, target_ids=None)
Bases:
objectProperties for defining a
CfnPolicy.- Parameters:
content (
Any) – The policy text content. You can specify the policy content as a JSON object or a JSON string. .. epigraph:: When you specify the policy content as a JSON string, you can’t perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead. The text that you supply must adhere to the rules of the policy type you specify in theTypeparameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document: - Service control policies: 5,120 bytes (not characters) - AI services opt-out policies: 2,500 characters - Backup policies: 10,000 characters - Tag policies: 10,000 characters For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .name (
str) – Name of the policy. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.type (
str) – The type of policy to create.description (
Optional[str]) – Human readable description of the policy.tags (
Optional[Sequence[Union[CfnTag,Dict[str,Any]]]]) – A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can’t set it tonull. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide. .. epigraph:: If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.target_ids (
Optional[Sequence[str]]) –List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to. You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don’t specify this parameter, the policy is created but not attached to any organization resource. The regex pattern for a target ID string requires one of the following: - Root - A string that begins with “r-” followed by from 4 to 32 lowercase letters or digits. - Account - A string that consists of exactly 12 digits. - Organizational unit (OU) - A string that begins with “ou-” followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second “-” dash and from 8 to 32 additional lowercase letters or digits.
- Link:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-organizations-policy.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_organizations as organizations # content: Any cfn_policy_props = organizations.CfnPolicyProps( content=content, name="name", type="type", # the properties below are optional description="description", tags=[CfnTag( key="key", value="value" )], target_ids=["targetIds"] )
Attributes
- content
The policy text content. You can specify the policy content as a JSON object or a JSON string.
When you specify the policy content as a JSON string, you can’t perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.
The text that you supply must adhere to the rules of the policy type you specify in the
Typeparameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:Service control policies: 5,120 bytes (not characters)
AI services opt-out policies: 2,500 characters
Backup policies: 10,000 characters
Tag policies: 10,000 characters
For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .
- description
Human readable description of the policy.
- name
Name of the policy.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
- tags
A list of tags that you want to attach to the newly created policy.
For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can’t set it to
null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide. .. epigraph:If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.
- target_ids
List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don’t specify this parameter, the policy is created but not attached to any organization resource.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with “r-” followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with “ou-” followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second “-” dash and from 8 to 32 additional lowercase letters or digits.
- type
The type of policy to create.