Class CfnPolicy
- All Implemented Interfaces:
IConstruct
,IDependable
,IInspectable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
AWS::Organizations::Policy
.
Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account .
For more information about policies and their use, see Managing Organization Policies .
If the request includes tags, then the requester must have the organizations:TagResource
permission.
This operation can be called only from the organization's management account.
Before you can create a policy of a given type, you must first enable that policy type in your organization.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.organizations.*; Object content; CfnPolicy cfnPolicy = CfnPolicy.Builder.create(this, "MyCfnPolicy") .content(content) .name("name") .type("type") // the properties below are optional .description("description") .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .targetIds(List.of("targetIds")) .build();
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionReturns the Amazon Resource Name (ARN) of the policy.Returns a boolean value that indicates whether the specified policy is an AWS managed policy.Returns the unique identifier (ID) of the policy.The policy text content.Human readable description of the policy.getName()
Name of the policy.getTags()
A list of tags that you want to attach to the newly created policy.List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.getType()
The type of policy to create.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setContent
(Object value) The policy text content.void
setDescription
(String value) Human readable description of the policy.void
Name of the policy.void
setTargetIds
(List<String> value) List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.void
The type of policy to create.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.core.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnPolicy
protected CfnPolicy(software.amazon.jsii.JsiiObjectRef objRef) -
CfnPolicy
protected CfnPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnPolicy
@Stability(Stable) public CfnPolicy(@NotNull Construct scope, @NotNull String id, @NotNull CfnPolicyProps props) Create a newAWS::Organizations::Policy
.- Parameters:
scope
-- scope in which this resource is defined.
id
-- scoped id of the resource.
props
-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrArn
Returns the Amazon Resource Name (ARN) of the policy.For example:
arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111
. -
getAttrAwsManaged
Returns a boolean value that indicates whether the specified policy is an AWS managed policy.If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it. For example:
true | false
. -
getAttrId
Returns the unique identifier (ID) of the policy.For example:
p-examplepolicyid111
. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getTags
A list of tags that you want to attach to the newly created policy.For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to
null
. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.
-
getContent
The policy text content. You can specify the policy content as a JSON object or a JSON string.When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.
The text that you supply must adhere to the rules of the policy type you specify in the
Type
parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:- Service control policies: 5,120 bytes (not characters)
- AI services opt-out policies: 2,500 characters
- Backup policies: 10,000 characters
- Tag policies: 10,000 characters
For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .
-
setContent
The policy text content. You can specify the policy content as a JSON object or a JSON string.When you specify the policy content as a JSON string, you can't perform drift detection on the CloudFormation stack. For this reason, we recommend specifying the policy content as a JSON object instead.
The text that you supply must adhere to the rules of the policy type you specify in the
Type
parameter. The following AWS Organizations quotas are enforced for the maximum size of a policy document:- Service control policies: 5,120 bytes (not characters)
- AI services opt-out policies: 2,500 characters
- Backup policies: 10,000 characters
- Tag policies: 10,000 characters
For more information about Organizations service quotas, see Quotas for AWS Organizations in the AWS Organizations User Guide .
-
getName
Name of the policy.The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
-
setName
Name of the policy.The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
-
getType
The type of policy to create. -
setType
The type of policy to create. -
getDescription
Human readable description of the policy. -
setDescription
Human readable description of the policy. -
getTargetIds
List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.
The regex pattern for a target ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
-
setTargetIds
List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.You can get the ID by calling the ListRoots , ListOrganizationalUnitsForParent , or ListAccounts operations. If you don't specify this parameter, the policy is created but not attached to any organization resource.
The regex pattern for a target ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
-