Learn Idem

Learn Idem

Powered by Idem Project

aws.organizations.policy_attachment

**Autogenerated function**

Detaches a policy from a target root, organizational unit (OU), or account.
Every root, OU, and account must have at least one SCP attached. If you want
to replace the default FullAWSAccess policy with an SCP that limits the
permissions that can be delegated, you must attach the replacement SCP
before you can remove the default SCP. This is the authorization strategy
of an "allow list ". If you instead attach a second SCP and leave the FullAWSAccess
SCP still attached, and specify "Effect": "Deny" in the second SCP to override
the "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP),
you're using the authorization strategy of a "deny list ".

Args:
    name(Text): An ID to identify the resource.
    policy_id(str): The unique identifier (ID) of the policy that you want to attach to the target.
                You can get the ID for the policy by calling the ListPolicies operation.
    target_id(str): The unique identifier (ID) of the root, OU, or account that you want to detach the policy to.

Request Syntax:
    [policy-target-id_detach]:
      aws.organizations.policy_attachment.absent:
      - policy_id: 'string'
      - target_id: 'string'

Returns:
    Dict[str, Any]

Examples:

    .. code-block:: sls

        p-id-ou-bitz-1223:
          aws.organizations.policy_attachment.absent:
          - policy_id: p-id
          - target_id: ou-bitz-1223

**Autogenerated function**

Retrieves the list of all policies in an organization of a specified type.

This operation can be called only from the organization's management account
or by a member account that is a delegated administrator for an AWS service.

Currently Idem AWS supports only SERVICE_CONTROL_POLICY for a policy type.


Returns:
    Dict[str, Any]

Examples:

    .. code-block:: bash

        $ idem describe aws.organizations.policy_attachment

**Autogenerated function**

Attaches a policy to a root, an organizational unit (OU), or an individual account.
How the policy affects accounts depends on the type of policy. Supported policy type is :
SERVICE_CONTROL_POLICY

Args:
    name(Text): An ID to identify the resource.
    policy_id(str): The unique identifier (ID) of the policy that you want to attach to the target.
                You can get the ID for the policy by calling the ListPolicies operation.
    target_id(str): The unique identifier (ID) of the root, OU, or account that you want to attach the policy to.

Request Syntax:
    [policy_id-target_id]:
      aws.organizations.policy_attachment.present:
      - policy_id: 'string'
      - target_id: 'string'



Returns:
    Dict[str, Any]

Examples:

    .. code-block:: sls

        p-id-ou-bitz-1223:
          aws.organizations.policy_attachment.present:
          - policy_id: p-id
          - target_id: ou-bitz-1223

Full plugin documentation is available on the Idem documentation site - aws.organizations.policy_attachment .

Last updated on 20 Sep 2022
 Edit on GitHub