AWS v6.54.0, Sep 27 24

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

aws.organizations.Account

Explore with Pulumi AI

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

Note: By default, deleting this resource will only remove an AWS account from an organization. You must set the close_on_deletion flag to true to close the account. It is worth noting that quotas are enforced when using the close_on_deletion argument, which can produce a CLOSE_ACCOUNT_QUOTA_EXCEEDED error, and require you to close the account manually.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.organizations.Account("account", {
    name: "my_new_account",
    email: "john@doe.org",
});

import pulumi
import pulumi_aws as aws

account = aws.organizations.Account("account",
    name="my_new_account",
    email="john@doe.org")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewAccount(ctx, "account", &organizations.AccountArgs{
			Name:  pulumi.String("my_new_account"),
			Email: pulumi.String("john@doe.org"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var account = new Aws.Organizations.Account("account", new()
    {
        Name = "my_new_account",
        Email = "john@doe.org",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Account;
import com.pulumi.aws.organizations.AccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var account = new Account("account", AccountArgs.builder()
            .name("my_new_account")
            .email("john@doe.org")
            .build());

    }
}

resources:
  account:
    type: aws:organizations:Account
    properties:
      name: my_new_account
      email: john@doe.org

Create Account Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Account(name: string, args: AccountArgs, opts?: CustomResourceOptions);

@overload
def Account(resource_name: str,
            args: AccountArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def Account(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            email: Optional[str] = None,
            close_on_deletion: Optional[bool] = None,
            create_govcloud: Optional[bool] = None,
            iam_user_access_to_billing: Optional[str] = None,
            name: Optional[str] = None,
            parent_id: Optional[str] = None,
            role_name: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None)

func NewAccount(ctx *Context, name string, args AccountArgs, opts ...ResourceOption) (*Account, error)

public Account(string name, AccountArgs args, CustomResourceOptions? opts = null)

public Account(String name, AccountArgs args)
public Account(String name, AccountArgs args, CustomResourceOptions options)

type: aws:organizations:Account
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var exampleaccountResourceResourceFromOrganizationsaccount = new Aws.Organizations.Account("exampleaccountResourceResourceFromOrganizationsaccount", new()
{
    Email = "string",
    CloseOnDeletion = false,
    CreateGovcloud = false,
    IamUserAccessToBilling = "string",
    Name = "string",
    ParentId = "string",
    RoleName = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := organizations.NewAccount(ctx, "exampleaccountResourceResourceFromOrganizationsaccount", &organizations.AccountArgs{
	Email:                  pulumi.String("string"),
	CloseOnDeletion:        pulumi.Bool(false),
	CreateGovcloud:         pulumi.Bool(false),
	IamUserAccessToBilling: pulumi.String("string"),
	Name:                   pulumi.String("string"),
	ParentId:               pulumi.String("string"),
	RoleName:               pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var exampleaccountResourceResourceFromOrganizationsaccount = new Account("exampleaccountResourceResourceFromOrganizationsaccount", AccountArgs.builder()
    .email("string")
    .closeOnDeletion(false)
    .createGovcloud(false)
    .iamUserAccessToBilling("string")
    .name("string")
    .parentId("string")
    .roleName("string")
    .tags(Map.of("string", "string"))
    .build());

exampleaccount_resource_resource_from_organizationsaccount = aws.organizations.Account("exampleaccountResourceResourceFromOrganizationsaccount",
    email="string",
    close_on_deletion=False,
    create_govcloud=False,
    iam_user_access_to_billing="string",
    name="string",
    parent_id="string",
    role_name="string",
    tags={
        "string": "string",
    })

const exampleaccountResourceResourceFromOrganizationsaccount = new aws.organizations.Account("exampleaccountResourceResourceFromOrganizationsaccount", {
    email: "string",
    closeOnDeletion: false,
    createGovcloud: false,
    iamUserAccessToBilling: "string",
    name: "string",
    parentId: "string",
    roleName: "string",
    tags: {
        string: "string",
    },
});

type: aws:organizations:Account
properties:
    closeOnDeletion: false
    createGovcloud: false
    email: string
    iamUserAccessToBilling: string
    name: string
    parentId: string
    roleName: string
    tags:
        string: string

Account Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Account resource accepts the following input properties:

Email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

CloseOnDeletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

CreateGovcloud bool

Whether to also create a GovCloud account. The GovCloud account is tied to the main (commercial) account this resource creates. If true, the GovCloud account ID is available in the govcloud_id attribute. The only way to manage the GovCloud account with the provider is to subsequently import the account using this resource.

IamUserAccessToBilling string

If set to ALLOW, the new account enables IAM users and roles to access account billing information if they have the required permissions. If set to DENY, then only the root user (and no roles) of the new account can access account billing information. If this is unset, the AWS API will default this to ALLOW. If the resource is created and this option is changed, it will try to recreate the account.

Name string

Friendly name for the member account.

The following arguments are optional:

ParentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

RoleName string

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the root account, allowing users in the root account to assume the role, as permitted by the root account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so the provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.

Tags Dictionary<string, string>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

CloseOnDeletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

CreateGovcloud bool

IamUserAccessToBilling string

Name string

Friendly name for the member account.

The following arguments are optional:

ParentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

RoleName string

Tags map[string]string

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

email String

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

closeOnDeletion Boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud Boolean

iamUserAccessToBilling String

name String

Friendly name for the member account.

The following arguments are optional:

parentId String

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName String

tags Map<String,String>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

closeOnDeletion boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud boolean

iamUserAccessToBilling string

name string

Friendly name for the member account.

The following arguments are optional:

parentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName string

tags {[key: string]: string}

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

email str

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

close_on_deletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

create_govcloud bool

iam_user_access_to_billing str

name str

Friendly name for the member account.

The following arguments are optional:

parent_id str

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

role_name str

tags Mapping[str, str]

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

email String

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

closeOnDeletion Boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud Boolean

iamUserAccessToBilling String

name String

Friendly name for the member account.

The following arguments are optional:

parentId String

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName String

tags Map<String>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Account resource produces the following output properties:

Arn string: The ARN for this account.
GovcloudId string: ID for a GovCloud account created with the account.
Id string: The provider-assigned unique ID for this managed resource.
JoinedMethod string
JoinedTimestamp string
Status string: The status of the account in the organization.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: The ARN for this account.
GovcloudId string: ID for a GovCloud account created with the account.
Id string: The provider-assigned unique ID for this managed resource.
JoinedMethod string
JoinedTimestamp string
Status string: The status of the account in the organization.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN for this account.
govcloudId String: ID for a GovCloud account created with the account.
id String: The provider-assigned unique ID for this managed resource.
joinedMethod String
joinedTimestamp String
status String: The status of the account in the organization.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: The ARN for this account.
govcloudId string: ID for a GovCloud account created with the account.
id string: The provider-assigned unique ID for this managed resource.
joinedMethod string
joinedTimestamp string
status string: The status of the account in the organization.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: The ARN for this account.
govcloud_id str: ID for a GovCloud account created with the account.
id str: The provider-assigned unique ID for this managed resource.
joined_method str
joined_timestamp str
status str: The status of the account in the organization.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: The ARN for this account.
govcloudId String: ID for a GovCloud account created with the account.
id String: The provider-assigned unique ID for this managed resource.
joinedMethod String
joinedTimestamp String
status String: The status of the account in the organization.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing Account Resource

Get an existing Account resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccountState, opts?: CustomResourceOptions): Account

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        close_on_deletion: Optional[bool] = None,
        create_govcloud: Optional[bool] = None,
        email: Optional[str] = None,
        govcloud_id: Optional[str] = None,
        iam_user_access_to_billing: Optional[str] = None,
        joined_method: Optional[str] = None,
        joined_timestamp: Optional[str] = None,
        name: Optional[str] = None,
        parent_id: Optional[str] = None,
        role_name: Optional[str] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Account

func GetAccount(ctx *Context, name string, id IDInput, state *AccountState, opts ...ResourceOption) (*Account, error)

public static Account Get(string name, Input<string> id, AccountState? state, CustomResourceOptions? opts = null)

public static Account get(String name, Output<String> id, AccountState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

The ARN for this account.

CloseOnDeletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

CreateGovcloud bool

Email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

GovcloudId string

ID for a GovCloud account created with the account.

IamUserAccessToBilling string

JoinedMethod string

JoinedTimestamp string

Name string

Friendly name for the member account.

The following arguments are optional:

ParentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

RoleName string

Status string

The status of the account in the organization.

Tags Dictionary<string, string>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Arn string

The ARN for this account.

CloseOnDeletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

CreateGovcloud bool

Email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

GovcloudId string

ID for a GovCloud account created with the account.

IamUserAccessToBilling string

JoinedMethod string

JoinedTimestamp string

Name string

Friendly name for the member account.

The following arguments are optional:

ParentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

RoleName string

Status string

The status of the account in the organization.

Tags map[string]string

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String

The ARN for this account.

closeOnDeletion Boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud Boolean

email String

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

govcloudId String

ID for a GovCloud account created with the account.

iamUserAccessToBilling String

joinedMethod String

joinedTimestamp String

name String

Friendly name for the member account.

The following arguments are optional:

parentId String

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName String

status String

The status of the account in the organization.

tags Map<String,String>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn string

The ARN for this account.

closeOnDeletion boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud boolean

email string

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

govcloudId string

ID for a GovCloud account created with the account.

iamUserAccessToBilling string

joinedMethod string

joinedTimestamp string

name string

Friendly name for the member account.

The following arguments are optional:

parentId string

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName string

status string

The status of the account in the organization.

tags {[key: string]: string}

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn str

The ARN for this account.

close_on_deletion bool

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

create_govcloud bool

email str

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

govcloud_id str

ID for a GovCloud account created with the account.

iam_user_access_to_billing str

joined_method str

joined_timestamp str

name str

Friendly name for the member account.

The following arguments are optional:

parent_id str

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

role_name str

status str

The status of the account in the organization.

tags Mapping[str, str]

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String

The ARN for this account.

closeOnDeletion Boolean

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

createGovcloud Boolean

email String

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

govcloudId String

ID for a GovCloud account created with the account.

iamUserAccessToBilling String

joinedMethod String

joinedTimestamp String

name String

Friendly name for the member account.

The following arguments are optional:

parentId String

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

roleName String

status String

The status of the account in the organization.

tags Map<String>

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Import

Using pulumi import, import the AWS member account using the account_id. For example:

$ pulumi import aws:organizations/account:Account my_account 111111111111

To import accounts that have set iam_user_access_to_billing, use the following:

$ pulumi import aws:organizations/account:Account my_account 111111111111_ALLOW

Certain resource arguments, like role_name, do not have an Organizations API method for reading the information after account creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use ignore_changes to hide the difference. For example:

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-aws

aws.organizations.Account

On this page

On this page

Example Usage

Create Account Resource

Constructor syntax

Parameters

Constructor example

Account Resource Properties

Inputs

Outputs

Look up Existing Account Resource

Import

Package Details

On this page

On this page