Package software.amazon.awscdk.services.organizations

Class CfnPolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.organizations.CfnPolicy
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:00.674Z") @Stability(Stable) public class CfnPolicy extends CfnResource implements IInspectable
A CloudFormation AWS::Organizations::Policy.

Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account .

For more information about policies and their use, see Managing Organization Policies .

If the request includes tags, then the requester must have the organizations:TagResource permission.

This operation can be called only from the organization's management account.

Before you can create a policy of a given type, you must first enable that policy type in your organization.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.organizations.*;
 Object content;
 CfnPolicy cfnPolicy = CfnPolicy.Builder.create(this, "MyCfnPolicy")
         .content(content)
         .name("name")
         .type("type")
         // the properties below are optional
         .description("description")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .targetIds(List.of("targetIds"))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnPolicy

      protected CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnPolicy

      protected CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnPolicy

      @Stability(Stable) public CfnPolicy(@NotNull Construct scope, @NotNull String id, @NotNull CfnPolicyProps props)
      Create a new AWS::Organizations::Policy.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      Returns the Amazon Resource Name (ARN) of the policy.

      For example: arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111 .

    • getAttrAwsManaged

      @Stability(Stable) @NotNull public IResolvable getAttrAwsManaged()
      Returns a boolean value that indicates whether the specified policy is an AWS managed policy.

      If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it. For example: true | false .

    • getAttrId

      @Stability(Stable) @NotNull public String getAttrId()
      Returns the unique identifier (ID) of the policy.

      For example: p-examplepolicyid111 .

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      A list of tags that you want to attach to the newly created policy.

      For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null . For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.

      If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.

    • getContent

      @Stability(Stable) @NotNull public Object getContent()
      The policy text content. You can specify the policy content as a JSON object or a JSON string.

      When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.

      The text that you supply must adhere to the rules of the policy type you specify in the Type parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:

      • Service control policies: 5,120 bytes (not characters)
      • AI services opt-out policies: 2,500 characters
      • Backup policies: 10,000 characters
      • Tag policies: 10,000 characters

      For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .

    • setContent

      @Stability(Stable) public void setContent(@NotNull Object value)
      The policy text content. You can specify the policy content as a JSON object or a JSON string.

      When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.

      The text that you supply must adhere to the rules of the policy type you specify in the Type parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:

      • Service control policies: 5,120 bytes (not characters)
      • AI services opt-out policies: 2,500 characters
      • Backup policies: 10,000 characters
      • Tag policies: 10,000 characters

      For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .

    • getName

      @Stability(Stable) @NotNull public String getName()
      Name of the policy.

      The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

    • setName

      @Stability(Stable) public void setName(@NotNull String value)
      Name of the policy.

      The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

    • getType

      @Stability(Stable) @NotNull public String getType()
      The type of policy to create.

    • setType

      @Stability(Stable) public void setType(@NotNull String value)
      The type of policy to create.

    • getDescription

      @Stability(Stable) @Nullable public String getDescription()
      Human readable description of the policy.

    • setDescription

      @Stability(Stable) public void setDescription(@Nullable String value)
      Human readable description of the policy.

    • getTargetIds

      @Stability(Stable) @Nullable public List<String> getTargetIds()
      List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

      You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.

      The regex pattern for a target ID string requires one of the following:

      • Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
      • Account - A string that consists of exactly 12 digits.
      • Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

    • setTargetIds

      @Stability(Stable) public void setTargetIds(@Nullable List<String> value)
      List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

      You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.

      The regex pattern for a target ID string requires one of the following:

      • Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
      • Account - A string that consists of exactly 12 digits.
      • Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.