Get the ARN of an organization or organizational unit

The organization and the organizational unit ARNs contain the 12-digit management account number. If you don't know the management account number, you can describe the organization and the organizational unit to get the ARN for each. In the following examples, 123456789012 is the management account number.

Before you can get the ARNs, you must have the permission to describe organizations and organizational units. The following policy provides the necessary permission.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "organizations:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

To get the ARN of an organization

Use the describe-organization command and the --query parameter set to 'Organization.Arn' to return only the organization ARN.


aws organizations describe-organization --query 'Organization.Arn'

Example response


"arn:aws:organizations::123456789012:organization/o-123example"

To get the ARN of an organizational unit

Use the describe-organizational-unit command, specify the OU ID, and set the --query parameter to 'OrganizationalUnit.Arn' to return only the organizational unit ARN.


aws organizations describe-organizational-unit --organizational-unit-id ou-1234-5example --query 'OrganizationalUnit.Arn'

Example response


"arn:aws:organizations::123456789012:ou/o-123example/ou-1234-5example"

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Shared AMI use with organizations and OUs

Allow organizations and OUs to use a KMS key