There are more AWS SDK examples available in the [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub repo.

# Scenarios for Organizations using AWS SDKs
<a name="organizations_code_examples_scenarios"></a>

The following code examples show you how to implement common scenarios in Organizations with AWS SDKs. These scenarios show you how to accomplish specific tasks by calling multiple functions within Organizations or combined with other AWS services. Each scenario includes a link to the complete source code, where you can find instructions on how to set up and run the code. 

Scenarios target an intermediate level of experience to help you understand service actions in context.

**Topics**
+ [Permission policy allows AWS Compute Optimizer Automation to apply recommended actions](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.managed-policies.xml.10_section.md)
+ [Permission policy to enable Automation across your organization](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.2_section.md)
+ [Permission policy to enable Automation for your account](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.1_section.md)
+ [Permission policy to grant full access to Compute Optimizer Automation for a management account of an organization](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.5_section.md)
+ [Permission policy to grant full access to Compute Optimizer Automation for standalone AWS accounts](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.3_section.md)
+ [Permission policy to grant read-only access to Compute Optimizer Automation for a management account of an organization](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.6_section.md)
+ [Permission policy to grant read-only access to Compute Optimizer Automation for standalone AWS accounts](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.4_section.md)
+ [Permission policy to grant service-linked role permissions for Compute Optimization Automation](organizations_example_iam-policies.AWSMettleDocs.latest.userguide.slr-automation.xml.1_section.md)

# Allows the AWS Compute Optimizer Automation feature to apply recommended actions
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.managed-policies.xml.10_section"></a>

The following code example shows how to This permission-based policy allows the AWS Compute Optimizer Automation feature to apply recommended actions

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "aco-automation.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```

------

# Policy to enable Automation across your organization
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.2_section"></a>

The following code example shows how to This permission-based policy enables Automation across your organization

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation",
            "Condition": {"StringLike": {"iam:AWSServiceName": "aco-automation.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PutRolePolicy", 
                "iam:AttachRolePolicy"
            ],
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:UpdateEnrollmentConfiguration",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:AssociateAccounts",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:DisassociateAccounts",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:ListAccounts",
            "Resource": "*"
        }
    ]
}
```

------

# Policy to enable Automation for your account
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.1_section"></a>

The following code example shows how to This permission-based policy enablesAutomation for your account

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation",
            "Condition": {"StringLike": {"iam:AWSServiceName": "aco-automation.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PutRolePolicy", 
                "iam:AttachRolePolicy"
            ],
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation"
        },
        {
            "Effect": "Allow",
            "Action": "aco-automation:UpdateEnrollmentConfiguration",
            "Resource": "*"
        }
    ]
}
```

------

# Policy to grant full access to Compute Optimizer Automation for a management account of an organization
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.5_section"></a>

The following code example shows how to This permission-based policy grants full access to Compute Optimizer Automation for a management account of an organization

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:*",
               "ec2:DescribeVolumes",
               "organizations:ListAccounts",
               "organizations:DescribeOrganization",
               "organizations:DescribeAccount",
               "organizations:EnableAWSServiceAccess",
               "organizations:ListDelegatedAdministrators",
               "organizations:RegisterDelegatedAdministrator",
               "organizations:DeregisterDelegatedAdministrator"
            ],
            "Resource": "*"
        }
    ]
}
```

------

# Policy to grant full access to Compute Optimizer Automation for standalone AWS accounts
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.3_section"></a>

The following code example shows how to This permission-based policy grant full access to Compute Optimizer Automation for standalone AWS accounts

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:*",
            "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

------

# Policy to grant read-only access to Compute Optimizer Automation for a management account of an organization
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.6_section"></a>

The following code example shows how to This permission-based policy grants read-only access to Compute Optimizer Automation for a management account of an organization

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:GetEnrollmentConfiguration",
               "aco-automation:GetAutomationEvent",
               "aco-automation:GetAutomationRule",
               "aco-automation:ListAccounts",
               "aco-automation:ListAutomationEvents",
               "aco-automation:ListAutomationEventSteps",
               "aco-automation:ListAutomationEventSummaries",
               "aco-automation:ListAutomationRules",
               "aco-automation:ListAutomationRulePreview",
               "aco-automation:ListAutomationRulePreviewSummaries",
               "aco-automation:ListRecommendedActions",
               "aco-automation:ListRecommendedActionSummaries",
               "aco-automation:ListTagsForResource",
               "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

------

# Policy to grant read-only access to Compute Optimizer Automation for standalone AWS accounts
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.automation.xml.4_section"></a>

The following code example shows how to This permission-based policy grants read-only access to Compute Optimizer Automation for standalone AWS accounts

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "aco-automation:GetEnrollmentConfiguration",
               "aco-automation:GetAutomationEvent",
               "aco-automation:GetAutomationRule",
               "aco-automation:ListAutomationEvents",
               "aco-automation:ListAutomationEventSteps",
               "aco-automation:ListAutomationEventSummaries",
               "aco-automation:ListAutomationRules",
               "aco-automation:ListAutomationRulePreview",
               "aco-automation:ListAutomationRulePreviewSummaries",
               "aco-automation:ListRecommendedActions",
               "aco-automation:ListRecommendedActionSummaries",
               "aco-automation:ListTagsForResource",
               "ec2:DescribeVolumes"
            ],
            "Resource": "*"
        }
    ]
}
```

------

# Policy to grants service-linked role permissions for Compute Optimization Automation
<a name="organizations_example_iam-policies.AWSMettleDocs.latest.userguide.slr-automation.xml.1_section"></a>

The following code example shows how to This permission-based policy grants service-linked role permissions for Compute Optimization Automation

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	                    
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation",
            "Condition": {"StringLike": {"iam:AWSServiceName": "aco-automation.amazonaws.com"}}
        },
        {
            "Effect": "Allow",
            "Action": "iam:PutRolePolicy",
            "Resource": "arn:aws:iam::*:role/aws-service-role/aco-automation.amazonaws.com/AWSServiceRoleForComputeOptimizerAutomation"
        }
    ]
}
```

------