AWS::Organizations::ResourcePolicyOrganizations ResourcePolicy
You can use AWS::Organizations::ResourcePolicy to delegate policy management for AWS Organizations to specified member accounts to perform policy actions that are by default available only to the management account.
Properties
2 configurable properties. 1 required. Click a row to see details.
Filter:
| Property | Type | Flags |
|---|---|---|
Content | objectstring | Required |
Tags | Array<Tag> |
Return Values
Values returned after the resource is created. Access these with Fn::GetAtt.
| Attribute | Type | Description |
|---|---|---|
Arn | string | The Amazon Resource Name (ARN) of the resource policy. |
Id | string | The unique identifier (ID) associated with this resource policy. |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Organizations::ResourcePolicy
Resources:
MyResource:
Type: AWS::Organizations::ResourcePolicy
Properties:
Content: "value"
Tags:
- Key: Environment
Value: ProductionRequired IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
create
organizations:PutResourcePolicyorganizations:DescribeResourcePolicyorganizations:ListTagsForResourceorganizations:TagResourceread
organizations:DescribeResourcePolicyorganizations:ListTagsForResourceupdate
organizations:DescribeResourcePolicyorganizations:PutResourcePolicyorganizations:ListTagsForResourceorganizations:TagResourceorganizations:UntagResourcedelete
organizations:DeleteResourcePolicylist
organizations:DescribeResourcePolicyLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
ServiceOrganizations
Properties4
Required1
TaggingSupported
Primary ID
IdSupported Operations
CreateReadUpdateDeleteList