1. Packages
  2. AWS
  3. API Docs
  4. organizations
  5. getOrganization
AWS v6.75.0 published on Wednesday, Apr 2, 2025 by Pulumi

aws.organizations.getOrganization

Explore with Pulumi AI

Get information about the organization that the user’s account belongs to

Example Usage

List all account IDs for the organization

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
export const accountIds = example.then(example => example.accounts.map(__item => __item.id));
Copy
import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
pulumi.export("accountIds", [__item.id for __item in example.accounts])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
ctx.Export("accountIds", pulumi.StringArray(%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:3,11-33)))
return nil
})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.Organizations.GetOrganization.Invoke();

    return new Dictionary<string, object?>
    {
        ["accountIds"] = example.Apply(getOrganizationResult => getOrganizationResult.Accounts).Select(__item => __item.Id).ToList(),
    };
});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = OrganizationsFunctions.getOrganization();

        ctx.export("accountIds", example.applyValue(getOrganizationResult -> getOrganizationResult.accounts()).stream().map(element -> element.id()).collect(toList()));
    }
}
Copy
Coming soon!

SNS topic that can be interacted by the organization only

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.organizations.getOrganization({});
const snsTopic = new aws.sns.Topic("sns_topic", {name: "my-sns-topic"});
const snsTopicPolicy = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        actions: [
            "SNS:Subscribe",
            "SNS:Publish",
        ],
        conditions: [{
            test: "StringEquals",
            variable: "aws:PrincipalOrgID",
            values: [example.id],
        }],
        principals: [{
            type: "AWS",
            identifiers: ["*"],
        }],
        resources: [arn],
    }],
}));
const snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy("sns_topic_policy", {
    arn: snsTopic.arn,
    policy: snsTopicPolicy.apply(snsTopicPolicy => snsTopicPolicy.json),
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.organizations.get_organization()
sns_topic = aws.sns.Topic("sns_topic", name="my-sns-topic")
sns_topic_policy = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[{
    "effect": "Allow",
    "actions": [
        "SNS:Subscribe",
        "SNS:Publish",
    ],
    "conditions": [{
        "test": "StringEquals",
        "variable": "aws:PrincipalOrgID",
        "values": [example.id],
    }],
    "principals": [{
        "type": "AWS",
        "identifiers": ["*"],
    }],
    "resources": [arn],
}]))
sns_topic_policy_topic_policy = aws.sns.TopicPolicy("sns_topic_policy",
    arn=sns_topic.arn,
    policy=sns_topic_policy.json)
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.LookupOrganization(ctx, map[string]interface{}{
}, nil);
if err != nil {
return err
}
snsTopic, err := sns.NewTopic(ctx, "sns_topic", &sns.TopicArgs{
Name: pulumi.String("my-sns-topic"),
})
if err != nil {
return err
}
snsTopicPolicy := snsTopic.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Actions: []string{
"SNS:Subscribe",
"SNS:Publish",
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "StringEquals",
Variable: "aws:PrincipalOrgID",
Values: interface{}{
example.Id,
},
},
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
"*",
},
},
},
Resources: interface{}{
arn,
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = sns.NewTopicPolicy(ctx, "sns_topic_policy", &sns.TopicPolicyArgs{
Arn: snsTopic.Arn,
Policy: pulumi.String(snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (*string, error) {
return &snsTopicPolicy.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.Organizations.GetOrganization.Invoke();

    var snsTopic = new Aws.Sns.Topic("sns_topic", new()
    {
        Name = "my-sns-topic",
    });

    var snsTopicPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "SNS:Subscribe",
                    "SNS:Publish",
                },
                Conditions = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                    {
                        Test = "StringEquals",
                        Variable = "aws:PrincipalOrgID",
                        Values = new[]
                        {
                            example.Apply(getOrganizationResult => getOrganizationResult.Id),
                        },
                    },
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "AWS",
                        Identifiers = new[]
                        {
                            "*",
                        },
                    },
                },
                Resources = new[]
                {
                    snsTopic.Arn,
                },
            },
        },
    });

    var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy("sns_topic_policy", new()
    {
        Arn = snsTopic.Arn,
        Policy = snsTopicPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.sns.Topic;
import com.pulumi.aws.sns.TopicArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sns.TopicPolicy;
import com.pulumi.aws.sns.TopicPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = OrganizationsFunctions.getOrganization();

        var snsTopic = new Topic("snsTopic", TopicArgs.builder()
            .name("my-sns-topic")
            .build());

        final var snsTopicPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(                
                    "SNS:Subscribe",
                    "SNS:Publish")
                .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                    .test("StringEquals")
                    .variable("aws:PrincipalOrgID")
                    .values(example.applyValue(getOrganizationResult -> getOrganizationResult.id()))
                    .build())
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("*")
                    .build())
                .resources(snsTopic.arn())
                .build())
            .build());

        var snsTopicPolicyTopicPolicy = new TopicPolicy("snsTopicPolicyTopicPolicy", TopicPolicyArgs.builder()
            .arn(snsTopic.arn())
            .policy(snsTopicPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(snsTopicPolicy -> snsTopicPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

    }
}
Copy
resources:
  snsTopic:
    type: aws:sns:Topic
    name: sns_topic
    properties:
      name: my-sns-topic
  snsTopicPolicyTopicPolicy:
    type: aws:sns:TopicPolicy
    name: sns_topic_policy
    properties:
      arn: ${snsTopic.arn}
      policy: ${snsTopicPolicy.json}
variables:
  example:
    fn::invoke:
      function: aws:organizations:getOrganization
      arguments: {}
  snsTopicPolicy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            actions:
              - SNS:Subscribe
              - SNS:Publish
            conditions:
              - test: StringEquals
                variable: aws:PrincipalOrgID
                values:
                  - ${example.id}
            principals:
              - type: AWS
                identifiers:
                  - '*'
            resources:
              - ${snsTopic.arn}
Copy

Using getOrganization

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getOrganization(opts?: InvokeOptions): Promise<GetOrganizationResult>
function getOrganizationOutput(opts?: InvokeOptions): Output<GetOrganizationResult>
Copy
def get_organization(opts: Optional[InvokeOptions] = None) -> GetOrganizationResult
def get_organization_output(opts: Optional[InvokeOptions] = None) -> Output[GetOrganizationResult]
Copy
func LookupOrganization(ctx *Context, opts ...InvokeOption) (*LookupOrganizationResult, error)
func LookupOrganizationOutput(ctx *Context, opts ...InvokeOption) LookupOrganizationResultOutput
Copy

> Note: This function is named LookupOrganization in the Go SDK.

public static class GetOrganization 
{
    public static Task<GetOrganizationResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetOrganizationResult> Invoke(InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetOrganizationResult> getOrganization(InvokeOptions options)
public static Output<GetOrganizationResult> getOrganization(InvokeOptions options)
Copy
fn::invoke:
  function: aws:organizations/getOrganization:getOrganization
  arguments:
    # arguments dictionary
Copy

getOrganization Result

The following output properties are available:

Accounts List<GetOrganizationAccount>
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string
ARN of the root
AwsServiceAccessPrincipals List<string>
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
EnabledPolicyTypes List<string>
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
FeatureSet string
FeatureSet of the organization.
Id string
The provider-assigned unique ID for this managed resource.
MasterAccountArn string
ARN of the account that is designated as the master account for the organization.
MasterAccountEmail string
The email address that is associated with the AWS account that is designated as the master account for the organization.
MasterAccountId string
Unique identifier (ID) of the master account of an organization.
MasterAccountName string
Name of the master account of an organization.
NonMasterAccounts List<GetOrganizationNonMasterAccount>
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots List<GetOrganizationRoot>
List of organization roots. All elements have these attributes:
Accounts []GetOrganizationAccount
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
Arn string
ARN of the root
AwsServiceAccessPrincipals []string
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
EnabledPolicyTypes []string
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
FeatureSet string
FeatureSet of the organization.
Id string
The provider-assigned unique ID for this managed resource.
MasterAccountArn string
ARN of the account that is designated as the master account for the organization.
MasterAccountEmail string
The email address that is associated with the AWS account that is designated as the master account for the organization.
MasterAccountId string
Unique identifier (ID) of the master account of an organization.
MasterAccountName string
Name of the master account of an organization.
NonMasterAccounts []GetOrganizationNonMasterAccount
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
Roots []GetOrganizationRoot
List of organization roots. All elements have these attributes:
accounts List<GetOrganizationAccount>
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String
ARN of the root
awsServiceAccessPrincipals List<String>
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes List<String>
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet String
FeatureSet of the organization.
id String
The provider-assigned unique ID for this managed resource.
masterAccountArn String
ARN of the account that is designated as the master account for the organization.
masterAccountEmail String
The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId String
Unique identifier (ID) of the master account of an organization.
masterAccountName String
Name of the master account of an organization.
nonMasterAccounts List<GetOrganizationNonMasterAccount>
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<GetOrganizationRoot>
List of organization roots. All elements have these attributes:
accounts GetOrganizationAccount[]
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn string
ARN of the root
awsServiceAccessPrincipals string[]
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes string[]
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet string
FeatureSet of the organization.
id string
The provider-assigned unique ID for this managed resource.
masterAccountArn string
ARN of the account that is designated as the master account for the organization.
masterAccountEmail string
The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId string
Unique identifier (ID) of the master account of an organization.
masterAccountName string
Name of the master account of an organization.
nonMasterAccounts GetOrganizationNonMasterAccount[]
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots GetOrganizationRoot[]
List of organization roots. All elements have these attributes:
accounts Sequence[GetOrganizationAccount]
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn str
ARN of the root
aws_service_access_principals Sequence[str]
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabled_policy_types Sequence[str]
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
feature_set str
FeatureSet of the organization.
id str
The provider-assigned unique ID for this managed resource.
master_account_arn str
ARN of the account that is designated as the master account for the organization.
master_account_email str
The email address that is associated with the AWS account that is designated as the master account for the organization.
master_account_id str
Unique identifier (ID) of the master account of an organization.
master_account_name str
Name of the master account of an organization.
non_master_accounts Sequence[GetOrganizationNonMasterAccount]
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots Sequence[GetOrganizationRoot]
List of organization roots. All elements have these attributes:
accounts List<Property Map>
List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:
arn String
ARN of the root
awsServiceAccessPrincipals List<String>
A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.
enabledPolicyTypes List<String>
A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY), see the AWS Organizations API Reference.
featureSet String
FeatureSet of the organization.
id String
The provider-assigned unique ID for this managed resource.
masterAccountArn String
ARN of the account that is designated as the master account for the organization.
masterAccountEmail String
The email address that is associated with the AWS account that is designated as the master account for the organization.
masterAccountId String
Unique identifier (ID) of the master account of an organization.
masterAccountName String
Name of the master account of an organization.
nonMasterAccounts List<Property Map>
List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:
roots List<Property Map>
List of organization roots. All elements have these attributes:

Supporting Types

GetOrganizationAccount

Arn This property is required. string
ARN of the root
Email This property is required. string
Email of the account
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
Status This property is required. string
The status of the policy type as it relates to the associated root
Arn This property is required. string
ARN of the root
Email This property is required. string
Email of the account
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
Status This property is required. string
The status of the policy type as it relates to the associated root
arn This property is required. String
ARN of the root
email This property is required. String
Email of the account
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
status This property is required. String
The status of the policy type as it relates to the associated root
arn This property is required. string
ARN of the root
email This property is required. string
Email of the account
id This property is required. string
Identifier of the root
name This property is required. string
The name of the policy type
status This property is required. string
The status of the policy type as it relates to the associated root
arn This property is required. str
ARN of the root
email This property is required. str
Email of the account
id This property is required. str
Identifier of the root
name This property is required. str
The name of the policy type
status This property is required. str
The status of the policy type as it relates to the associated root
arn This property is required. String
ARN of the root
email This property is required. String
Email of the account
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
status This property is required. String
The status of the policy type as it relates to the associated root

GetOrganizationNonMasterAccount

Arn This property is required. string
ARN of the root
Email This property is required. string
Email of the account
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
Status This property is required. string
The status of the policy type as it relates to the associated root
Arn This property is required. string
ARN of the root
Email This property is required. string
Email of the account
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
Status This property is required. string
The status of the policy type as it relates to the associated root
arn This property is required. String
ARN of the root
email This property is required. String
Email of the account
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
status This property is required. String
The status of the policy type as it relates to the associated root
arn This property is required. string
ARN of the root
email This property is required. string
Email of the account
id This property is required. string
Identifier of the root
name This property is required. string
The name of the policy type
status This property is required. string
The status of the policy type as it relates to the associated root
arn This property is required. str
ARN of the root
email This property is required. str
Email of the account
id This property is required. str
Identifier of the root
name This property is required. str
The name of the policy type
status This property is required. str
The status of the policy type as it relates to the associated root
arn This property is required. String
ARN of the root
email This property is required. String
Email of the account
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
status This property is required. String
The status of the policy type as it relates to the associated root

GetOrganizationRoot

Arn This property is required. string
ARN of the root
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
PolicyTypes This property is required. List<GetOrganizationRootPolicyType>
List of policy types enabled for this root. All elements have these attributes:
Arn This property is required. string
ARN of the root
Id This property is required. string
Identifier of the root
Name This property is required. string
The name of the policy type
PolicyTypes This property is required. []GetOrganizationRootPolicyType
List of policy types enabled for this root. All elements have these attributes:
arn This property is required. String
ARN of the root
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
policyTypes This property is required. List<GetOrganizationRootPolicyType>
List of policy types enabled for this root. All elements have these attributes:
arn This property is required. string
ARN of the root
id This property is required. string
Identifier of the root
name This property is required. string
The name of the policy type
policyTypes This property is required. GetOrganizationRootPolicyType[]
List of policy types enabled for this root. All elements have these attributes:
arn This property is required. str
ARN of the root
id This property is required. str
Identifier of the root
name This property is required. str
The name of the policy type
policy_types This property is required. Sequence[GetOrganizationRootPolicyType]
List of policy types enabled for this root. All elements have these attributes:
arn This property is required. String
ARN of the root
id This property is required. String
Identifier of the root
name This property is required. String
The name of the policy type
policyTypes This property is required. List<Property Map>
List of policy types enabled for this root. All elements have these attributes:

GetOrganizationRootPolicyType

Status This property is required. string
The status of the policy type as it relates to the associated root
Type This property is required. string
Status This property is required. string
The status of the policy type as it relates to the associated root
Type This property is required. string
status This property is required. String
The status of the policy type as it relates to the associated root
type This property is required. String
status This property is required. string
The status of the policy type as it relates to the associated root
type This property is required. string
status This property is required. str
The status of the policy type as it relates to the associated root
type This property is required. str
status This property is required. String
The status of the policy type as it relates to the associated root
type This property is required. String

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.