organizational_units
Creates, updates, deletes or gets an organizational_unit resource or lists organizational_units in a region
Overview
| Name | organizational_units |
| Type | Resource |
| Description | You can use organizational units (OUs) to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts. For example, you can attach a policy-based control to an OU, and all accounts within the OU automatically inherit the policy. You can create multiple OUs within a single organization, and you can create OUs within other OUs. Each OU can contain multiple accounts, and you can move accounts from one OU to another. However, OU names must be unique within a parent OU or root. |
| Id | aws.organizations.organizational_units |
Fields
| Name | Datatype | Description |
|---|---|---|
arn | string | The Amazon Resource Name (ARN) of this OU. |
id | string | The unique identifier (ID) associated with this OU. |
name | string | The friendly name of this OU. |
parent_id | string | The unique identifier (ID) of the parent root or OU that you want to create the new OU in. |
tags | array | A list of tags that you want to attach to the newly created OU. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Name, ParentId, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all organizational_units in a region.
SELECT
region,
arn,
id,
name,
parent_id,
tags
FROM aws.organizations.organizational_units
WHERE region = 'us-east-1';
Gets all properties from an individual organizational_unit.
SELECT
region,
arn,
id,
name,
parent_id,
tags
FROM aws.organizations.organizational_units
WHERE region = 'us-east-1' AND data__Identifier = '<Id>';
INSERT example
Use the following StackQL query and manifest file to create a new organizational_unit resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.organizations.organizational_units (
Name,
ParentId,
region
)
SELECT
'{{ Name }}',
'{{ ParentId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.organizations.organizational_units (
Name,
ParentId,
Tags,
region
)
SELECT
'{{ Name }}',
'{{ ParentId }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: organizational_unit
props:
- name: Name
value: '{{ Name }}'
- name: ParentId
value: '{{ ParentId }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.organizations.organizational_units
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';
Permissions
To operate on the organizational_units resource, the following permissions are required:
Create
organizations:CreateOrganizationalUnit,
organizations:DescribeOrganizationalUnit,
organizations:ListParents,
organizations:ListTagsForResource,
organizations:TagResource
Read
organizations:DescribeOrganizationalUnit,
organizations:ListParents,
organizations:ListTagsForResource
Update
organizations:DescribeOrganizationalUnit,
organizations:ListParents,
organizations:ListTagsForResource,
organizations:TagResource,
organizations:UntagResource,
organizations:UpdateOrganizationalUnit
Delete
organizations:DeleteOrganizationalUnit
List
organizations:ListOrganizationalUnitsForParent