AWS::FMS::Policy IEMap

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in or exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

This is used for the policy's IncludeMap and ExcludeMap.

You can specify account IDs, OUs, or a combination:

Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
Specify OUs by setting the key to ORGUNIT. For example, the following is a valid map: {“ORGUNIT” : [“ouid111”, “ouid112”]}.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "ACCOUNT" : [ String, ... ],
  "ORGUNIT" : [ String, ... ]
}

YAML


  ACCOUNT: 
    - String
  ORGUNIT: 
    - String

Properties

ACCOUNT

The account list for the map.

Required: No

Type: Array of String

Update requires: No interruption

ORGUNIT

The organizational unit list for the map.

Required: No

Type: Array of String

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::FMS::Policy

NetworkFirewallPolicy