resource_policies
Creates, updates, deletes or gets a resource_policy resource or lists resource_policies in a region
Overview
| Name | resource_policies |
| Type | Resource |
| Description | You can use AWS::Organizations::ResourcePolicy to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account. |
| Id | aws.organizations.resource_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier (ID) associated with this resource policy. |
arn | string | The Amazon Resource Name (ARN) of the resource policy. |
content | object | The policy document. For AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it. |
tags | array | A list of tags that you want to attach to the resource policy |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Content, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all resource_policies in a region.
SELECT
region,
id,
arn,
content,
tags
FROM aws.organizations.resource_policies
WHERE region = 'us-east-1';
Gets all properties from an individual resource_policy.
SELECT
region,
id,
arn,
content,
tags
FROM aws.organizations.resource_policies
WHERE region = 'us-east-1' AND data__Identifier = '<Id>';
INSERT example
Use the following StackQL query and manifest file to create a new resource_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.organizations.resource_policies (
Content,
region
)
SELECT
'{{ Content }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.organizations.resource_policies (
Content,
Tags,
region
)
SELECT
'{{ Content }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: resource_policy
props:
- name: Content
value: {}
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.organizations.resource_policies
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';
Permissions
To operate on the resource_policies resource, the following permissions are required:
Create
organizations:PutResourcePolicy,
organizations:DescribeResourcePolicy,
organizations:ListTagsForResource,
organizations:TagResource
Read
organizations:DescribeResourcePolicy,
organizations:ListTagsForResource
Update
organizations:DescribeResourcePolicy,
organizations:PutResourcePolicy,
organizations:ListTagsForResource,
organizations:TagResource,
organizations:UntagResource
Delete
organizations:DeleteResourcePolicy
List
organizations:DescribeResourcePolicy