Getting information about your organization's policies
AWS Organizations is introducing a new version of the Organizations management console. You can switch between the old console and the new console by choosing the link in the notice boxes at the top of the console. We encourage you to try the new version and let us know what you think. We want your feedback and read each submission.
This section describes various ways to get details about the policies in your organization. These procedures apply to all policy types. You must enable a policy type on the organization root before you can attach policies of that type to any entities in that organization root.
Listing all policies
To list the policies within your organization, you must have the following permission:
-
organizations:ListPolicies
You can view the policies in your organization in the AWS Management Console or by using an AWS Command Line Interface (AWS CLI) command or an AWS SDK operation.
Listing the policies attached to a root, OU, or account
To list the policies that are attached to a root, organizational unit (OU), or account within your organization, you must have the following permission:
-
organizations:ListPoliciesForTarget
with aResource
element in the same policy statement that includes the Amazon Resource Name (ARN) of the specified target (or "*")
Listing all roots, OUs, and accounts that a policy is attached to
To list the entities that a policy is attached to, you must have the following permission:
-
organizations:ListTargetsForPolicy
with aResource
element in the same policy statement that includes the ARN of the specified policy (or "*")
Getting details about a policy
To display the details of a policy, you must have the following permission:
-
organizations:DescribePolicy
with aResource
element in the same policy statement that includes the ARN of the specified policy (or "*")