software.amazon.awscdk.services.organizations

Class CfnPolicy

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.organizations.CfnPolicy

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:39.103Z")
public class CfnPolicy
extends CfnResource
implements IInspectable

A CloudFormation `AWS::Organizations::Policy`.

Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account .

For more information about policies and their use, see Managing Organization Policies .

If the request includes tags, then the requester must have the organizations:TagResource permission.

This operation can be called only from the organization's management account.

Before you can create a policy of a given type, you must first enable that policy type in your organization.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.organizations.*;
 Object content;
 CfnPolicy cfnPolicy = CfnPolicy.Builder.create(this, "MyCfnPolicy")
         .content(content)
         .name("name")
         .type("type")
         // the properties below are optional
         .description("description")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .targetIds(List.of("targetIds"))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnPolicy.Builder A fluent builder for CfnPolicy.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnPolicy(Construct scope, java.lang.String id, CfnPolicyProps props) Create a new `AWS::Organizations::Policy`.
protected	CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAttrArn() Returns the Amazon Resource Name (ARN) of the policy.
IResolvable	getAttrAwsManaged() Returns a boolean value that indicates whether the specified policy is an AWS managed policy.
java.lang.String	getAttrId() Returns the unique identifier (ID) of the policy.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.Object	getContent() The policy text content.
java.lang.String	getDescription() Human readable description of the policy.
java.lang.String	getName() Name of the policy.
TagManager	getTags() A list of tags that you want to attach to the newly created policy.
java.util.List<java.lang.String>	getTargetIds() List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
java.lang.String	getType() The type of policy to create.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setContent(java.lang.Object value) The policy text content.
void	setDescription(java.lang.String value) Human readable description of the policy.
void	setName(java.lang.String value) Name of the policy.
void	setTargetIds(java.util.List<java.lang.String> value) List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
void	setType(java.lang.String value) The type of policy to create.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnPolicy

protected CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef)

CfnPolicy

protected CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPolicy

public CfnPolicy(Construct scope,
                 java.lang.String id,
                 CfnPolicyProps props)

Create a new `AWS::Organizations::Policy`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrArn

public java.lang.String getAttrArn()

Returns the Amazon Resource Name (ARN) of the policy.

For example: arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111 .

getAttrAwsManaged

public IResolvable getAttrAwsManaged()

Returns a boolean value that indicates whether the specified policy is an AWS managed policy.

If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it. For example: true | false .

getAttrId

public java.lang.String getAttrId()

Returns the unique identifier (ID) of the policy.

For example: p-examplepolicyid111 .

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

A list of tags that you want to attach to the newly created policy.

For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null . For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.

If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.

getContent

public java.lang.Object getContent()

The policy text content. You can specify the policy content as a JSON object or a JSON string.

When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.

The text that you supply must adhere to the rules of the policy type you specify in the Type parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:

• Service control policies: 5,120 bytes (not characters)
• AI services opt-out policies: 2,500 characters
• Backup policies: 10,000 characters
• Tag policies: 10,000 characters

For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .

setContent

public void setContent(java.lang.Object value)

The policy text content. You can specify the policy content as a JSON object or a JSON string.

When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.

The text that you supply must adhere to the rules of the policy type you specify in the Type parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:

• Service control policies: 5,120 bytes (not characters)
• AI services opt-out policies: 2,500 characters
• Backup policies: 10,000 characters
• Tag policies: 10,000 characters

For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .

getName

public java.lang.String getName()

Name of the policy.

The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

setName

public void setName(java.lang.String value)

Name of the policy.

The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

getType

public java.lang.String getType()

The type of policy to create.

setType

public void setType(java.lang.String value)

The type of policy to create.

getDescription

public java.lang.String getDescription()

Human readable description of the policy.

setDescription

public void setDescription(java.lang.String value)

Human readable description of the policy.

getTargetIds

public java.util.List<java.lang.String> getTargetIds()

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.

The regex pattern for a target ID string requires one of the following:

• Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
• Account - A string that consists of exactly 12 digits.
• Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

setTargetIds

public void setTargetIds(java.util.List<java.lang.String> value)

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.

The regex pattern for a target ID string requires one of the following:

• Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
• Account - A string that consists of exactly 12 digits.
• Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.