Skip to content

Latest commit

 

History

History
3118 lines (1919 loc) · 111 KB

API.md

File metadata and controls

3118 lines (1919 loc) · 111 KB

API Reference

Constructs

Account

Create a new AWS Account.

Initializers 

import { Account } from '@jttc/aws-organizations'

new Account(scope: Construct, id: string, props: AccountProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props AccountProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromAccountAttributes Import a Organization.
isConstruct 
import { Account } from '@jttc/aws-organizations'

Account.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { Account } from '@jttc/aws-organizations'

Account.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { Account } from '@jttc/aws-organizations'

Account.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct
fromAccountAttributes 
import { Account } from '@jttc/aws-organizations'

Account.fromAccountAttributes(scope: Construct, id: string, attributes: AccountAttributes)

Import a Organization.

Example

   Organization.fromOrganizationAttributes(this, 'Organization', {
     organizationId: 'o-xxxx',
     organizationRootId: 'r-xxxx',
     managementAccountId: 'xxxx',
   });
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
attributesRequired

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
accountArn string The Arn of the created account.
accountId string The account id created.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

accountArnRequired 
public readonly accountArn: string;
  • Type: string

The Arn of the created account.

accountIdRequired 
public readonly accountId: string;
  • Type: string

The account id created.

roleNameRequired 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

AccountBase

Initializers 

import { AccountBase } from '@jttc/aws-organizations'

new AccountBase(scope: Construct, id: string, props?: ResourceProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props aws-cdk-lib.ResourceProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional
  • Type: aws-cdk-lib.ResourceProps

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
isConstruct 
import { AccountBase } from '@jttc/aws-organizations'

AccountBase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { AccountBase } from '@jttc/aws-organizations'

AccountBase.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { AccountBase } from '@jttc/aws-organizations'

AccountBase.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
accountArn string The Arn of the created account.
accountId string The account id created.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

accountArnRequired 
public readonly accountArn: string;
  • Type: string

The Arn of the created account.

accountIdRequired 
public readonly accountId: string;
  • Type: string

The account id created.

roleNameRequired 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

Organization

Create a new organization.

Example

   new Organization(this, 'Organization');

Initializers 

import { Organization } from '@jttc/aws-organizations'

new Organization(scope: Construct, id: string, props?: OrganizationProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props OrganizationProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromOrganizationArn Import a Organization from arn.
fromOrganizationAttributes Import a Organization from attributes.
isConstruct 
import { Organization } from '@jttc/aws-organizations'

Organization.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { Organization } from '@jttc/aws-organizations'

Organization.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { Organization } from '@jttc/aws-organizations'

Organization.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct
fromOrganizationArn 
import { Organization } from '@jttc/aws-organizations'

Organization.fromOrganizationArn(scope: Construct, id: string, organizationArn: string)

Import a Organization from arn.

Example

   Organization.fromOrganizationArn(this, 'Organization', 'arn:aws:organizations::123456789012:root/o-agnj84t7qk/r-m7g5');
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
organizationArnRequired
  • Type: string
fromOrganizationAttributes 
import { Organization } from '@jttc/aws-organizations'

Organization.fromOrganizationAttributes(scope: Construct, id: string, attributes: OrganizationAttributes)

Import a Organization from attributes.

Example

   Organization.fromOrganizationAttributes(this, 'Organization', {
     organizationId: 'o-xxxx',
     organizationRootId: 'r-xxxx',
     managementAccountId: 'xxxx',
   });
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
attributesRequired

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationArn string The Amazon Resource Name (ARN) of the organization.
organizationId string The unique identifier (ID) of the organization.
organizationRootId string The unique identifier (ID) of the organization root.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationArnRequired 
public readonly organizationArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of the organization.

organizationRootIdRequired 
public readonly organizationRootId: string;
  • Type: string

The unique identifier (ID) of the organization root.

OrganizationBase

Initializers 

import { OrganizationBase } from '@jttc/aws-organizations'

new OrganizationBase(scope: Construct, id: string, props?: ResourceProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props aws-cdk-lib.ResourceProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional
  • Type: aws-cdk-lib.ResourceProps

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
isConstruct 
import { OrganizationBase } from '@jttc/aws-organizations'

OrganizationBase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { OrganizationBase } from '@jttc/aws-organizations'

OrganizationBase.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { OrganizationBase } from '@jttc/aws-organizations'

OrganizationBase.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationArn string The Amazon Resource Name (ARN) of the organization.
organizationId string The unique identifier (ID) of the organization.
organizationRootId string The unique identifier (ID) of the organization root.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationArnRequired 
public readonly organizationArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of the organization.

organizationRootIdRequired 
public readonly organizationRootId: string;
  • Type: string

The unique identifier (ID) of the organization root.

OrganizationUnit

Create a new Organization Unit.

Example

new OrganizationUnit(this, 'OU', {
  organizationUnitName: 'OU',
  parent: 'r-123456789',
});

Initializers 

import { OrganizationUnit } from '@jttc/aws-organizations'

new OrganizationUnit(scope: Construct, id: string, props: IOrganizationUnitProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props IOrganizationUnitProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromOrganizationUnitAttributes No description.
isConstruct 
import { OrganizationUnit } from '@jttc/aws-organizations'

OrganizationUnit.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { OrganizationUnit } from '@jttc/aws-organizations'

OrganizationUnit.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { OrganizationUnit } from '@jttc/aws-organizations'

OrganizationUnit.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct
fromOrganizationUnitAttributes 
import { OrganizationUnit } from '@jttc/aws-organizations'

OrganizationUnit.fromOrganizationUnitAttributes(scope: Construct, id: string, attrs: OrganizationUnitAttributes)
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
attrsRequired

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationUnitArn string The ARN of the OU.
organizationUnitId string The ID of the OU.
organizationUnitName string The Organization Unit name.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationUnitArnRequired 
public readonly organizationUnitArn: string;
  • Type: string

The ARN of the OU.

organizationUnitIdRequired 
public readonly organizationUnitId: string;
  • Type: string

The ID of the OU.

organizationUnitNameRequired 
public readonly organizationUnitName: string;
  • Type: string

The Organization Unit name.

OrganizationUnitBase

Initializers 

import { OrganizationUnitBase } from '@jttc/aws-organizations'

new OrganizationUnitBase(scope: Construct, id: string, props?: ResourceProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props aws-cdk-lib.ResourceProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional
  • Type: aws-cdk-lib.ResourceProps

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
isConstruct 
import { OrganizationUnitBase } from '@jttc/aws-organizations'

OrganizationUnitBase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { OrganizationUnitBase } from '@jttc/aws-organizations'

OrganizationUnitBase.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { OrganizationUnitBase } from '@jttc/aws-organizations'

OrganizationUnitBase.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationUnitArn string The Amazon Resource Name (ARN) of this OU.
organizationUnitId string The unique identifier (ID) associated with this OU.
organizationUnitName string The name of the OU.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationUnitArnRequired 
public readonly organizationUnitArn: string;
  • Type: string

The Amazon Resource Name (ARN) of this OU.

organizationUnitIdRequired 
public readonly organizationUnitId: string;
  • Type: string

The unique identifier (ID) associated with this OU.

organizationUnitNameRequired 
public readonly organizationUnitName: string;
  • Type: string

The name of the OU.

OrganzationPolicyBase

Initializers 

import { OrganzationPolicyBase } from '@jttc/aws-organizations'

new OrganzationPolicyBase(scope: Construct, id: string, props?: ResourceProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props aws-cdk-lib.ResourceProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsOptional
  • Type: aws-cdk-lib.ResourceProps

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
isConstruct 
import { OrganzationPolicyBase } from '@jttc/aws-organizations'

OrganzationPolicyBase.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { OrganzationPolicyBase } from '@jttc/aws-organizations'

OrganzationPolicyBase.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { OrganzationPolicyBase } from '@jttc/aws-organizations'

OrganzationPolicyBase.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationPolicyArn string Returns the Amazon Resource Name (ARN) of the policy.
organizationPolicyId string Returns the unique identifier (ID) of the policy.
targetIds string[] List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationPolicyArnRequired 
public readonly organizationPolicyArn: string;
  • Type: string

Returns the Amazon Resource Name (ARN) of the policy.

organizationPolicyIdRequired 
public readonly organizationPolicyId: string;
  • Type: string

Returns the unique identifier (ID) of the policy.

targetIdsRequired 
public readonly targetIds: string[];
  • Type: string[]

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

ServiceControlPolicy

Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account.

Example

import { ServiceControlPolicy } from '@jttc/aws-organizations';

const serviceControlPolicy = new ServiceControlPolicy(this, 'ServiceControlPolicy', {
  name: 'ServiceControlPolicy',
  description: 'Service Control Policy',
  statements: [
    new PolicyStatement({
      actions: ['s3:*'],
      resources: ['*'],
    }),
  ],
  targetIds: ['o-12345678'],
});

Initializers 

import { ServiceControlPolicy } from '@jttc/aws-organizations'

new ServiceControlPolicy(scope: Construct, id: string, props: ServiceControlPolicyProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props ServiceControlPolicyProps No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addTarget Add a target which will be applied this Policy.
toString 
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy 
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy
addTarget 
public addTarget(target: string): void

Add a target which will be applied this Policy.

It must be a unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

targetRequired
  • Type: string

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
isConstruct 
import { ServiceControlPolicy } from '@jttc/aws-organizations'

ServiceControlPolicy.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.

isOwnedResource 
import { ServiceControlPolicy } from '@jttc/aws-organizations'

ServiceControlPolicy.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct
isResource 
import { ServiceControlPolicy } from '@jttc/aws-organizations'

ServiceControlPolicy.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationPolicyArn string Returns the Amazon Resource Name (ARN) of the policy.
organizationPolicyId string Returns the unique identifier (ID) of the policy.
targetIds string[] List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationPolicyArnRequired 
public readonly organizationPolicyArn: string;
  • Type: string

Returns the Amazon Resource Name (ARN) of the policy.

organizationPolicyIdRequired 
public readonly organizationPolicyId: string;
  • Type: string

Returns the unique identifier (ID) of the policy.

targetIdsRequired 
public readonly targetIds: string[];
  • Type: string[]

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

Structs

AccountAttributes

Initializer 

import { AccountAttributes } from '@jttc/aws-organizations'

const accountAttributes: AccountAttributes = { ... }

Properties

Name Type Description
accountId string The account id created.
organizationUnitId string The Organization Unit Id ou-xxxxxx.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
accountIdRequired 
public readonly accountId: string;
  • Type: string

The account id created.

organizationUnitIdRequired 
public readonly organizationUnitId: string;
  • Type: string

The Organization Unit Id ou-xxxxxx.

roleNameOptional 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

AccountProps

Initializer 

import { AccountProps } from '@jttc/aws-organizations'

const accountProps: AccountProps = { ... }

Properties

Name Type Description
accountName string The account name given to the account when it was created.
email string The email address associated with the AWS account.
parent string | OrganizationUnit The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
tags aws-cdk-lib.Tag[] A list of tags that you want to attach to the newly created account.
accountNameRequired 
public readonly accountName: string;
  • Type: string

The account name given to the account when it was created.

emailRequired 
public readonly email: string;
  • Type: string

The email address associated with the AWS account.

parentOptional 
public readonly parent: string | OrganizationUnit;

The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.

If you don't specify this parameter, the ParentId defaults to the root ID.

roleNameOptional 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator.

The role has administrator permissions in the new member account.

If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.

For more information about how to use this role to access the member account, see the following links:

  • Creating the OrganizationAccountAccessRole in an invited member account in the AWS Organizations User Guide

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

tagsOptional 
public readonly tags: Tag[];
  • Type: aws-cdk-lib.Tag[]

A list of tags that you want to attach to the newly created account.

For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null

OrganizationAttributes

Initializer 

import { OrganizationAttributes } from '@jttc/aws-organizations'

const organizationAttributes: OrganizationAttributes = { ... }

Properties

Name Type Description
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationId string The unique identifier (ID) of the organization.
organizationRootId string The unique identifier (ID) of the organization root.
managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of the organization.

organizationRootIdRequired 
public readonly organizationRootId: string;
  • Type: string

The unique identifier (ID) of the organization root.

OrganizationProps

Initializer 

import { OrganizationProps } from '@jttc/aws-organizations'

const organizationProps: OrganizationProps = { ... }

Properties

Name Type Description
featureSet OrganizationFeatureSet Specifies the feature set supported by the new organization.
featureSetOptional 
public readonly featureSet: OrganizationFeatureSet;

Specifies the feature set supported by the new organization.

OrganizationUnitAttributes

Initializer 

import { OrganizationUnitAttributes } from '@jttc/aws-organizations'

const organizationUnitAttributes: OrganizationUnitAttributes = { ... }

Properties

Name Type Description
organizationUnitArn string The Amazon Resource Name (ARN) of this OU.
organizationUnitId string The unique identifier (ID) associated with this OU.
organizationUnitName string The name of the OU.
organizationUnitArnRequired 
public readonly organizationUnitArn: string;
  • Type: string

The Amazon Resource Name (ARN) of this OU.

organizationUnitIdRequired 
public readonly organizationUnitId: string;
  • Type: string

The unique identifier (ID) associated with this OU.

organizationUnitNameRequired 
public readonly organizationUnitName: string;
  • Type: string

The name of the OU.

ServiceControlPolicyProps

Initializer 

import { ServiceControlPolicyProps } from '@jttc/aws-organizations'

const serviceControlPolicyProps: ServiceControlPolicyProps = { ... }

Properties

Name Type Description
description string The description of the policy.
name string The name of the policy.
statements aws-cdk-lib.aws_iam.PolicyStatement[] Represents a statement in an IAM policy document.
removalPolicy aws-cdk-lib.RemovalPolicy The policy to apply when the policy is removed from the organization.
tags aws-cdk-lib.CfnTag[] A list of tags that you want to attach to the newly created policy.
targetIds string[] List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
descriptionRequired 
public readonly description: string;
  • Type: string

The description of the policy.

nameRequired 
public readonly name: string;
  • Type: string

The name of the policy.

statementsRequired 
public readonly statements: PolicyStatement[];
  • Type: aws-cdk-lib.aws_iam.PolicyStatement[]

Represents a statement in an IAM policy document.

removalPolicyOptional 
public readonly removalPolicy: RemovalPolicy;
  • Type: aws-cdk-lib.RemovalPolicy
  • Default: RemovalPolicy.RETAIN

The policy to apply when the policy is removed from the organization.

tagsOptional 
public readonly tags: CfnTag[];
  • Type: aws-cdk-lib.CfnTag[]

A list of tags that you want to attach to the newly created policy.

targetIdsOptional 
public readonly targetIds: string[];
  • Type: string[]

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

Protocols

IAccount

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
accountArn string The Arn of the created account.
accountId string The account id created.
roleName string The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

accountArnRequired 
public readonly accountArn: string;
  • Type: string

The Arn of the created account.

accountIdRequired 
public readonly accountId: string;
  • Type: string

The account id created.

roleNameRequired 
public readonly roleName: string;
  • Type: string

The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.

IOrganization

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
managementAccountId string The unique identifier (ID) of the management account of an organization.
organizationArn string The Amazon Resource Name (ARN) of the organization.
organizationId string The unique identifier (ID) of the organization.
organizationRootId string The unique identifier (ID) of the organization root.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

managementAccountIdRequired 
public readonly managementAccountId: string;
  • Type: string

The unique identifier (ID) of the management account of an organization.

organizationArnRequired 
public readonly organizationArn: string;
  • Type: string

The Amazon Resource Name (ARN) of the organization.

organizationIdRequired 
public readonly organizationId: string;
  • Type: string

The unique identifier (ID) of the organization.

organizationRootIdRequired 
public readonly organizationRootId: string;
  • Type: string

The unique identifier (ID) of the organization root.

IOrganizationPolicy

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationPolicyArn string Returns the Amazon Resource Name (ARN) of the policy.
organizationPolicyId string Returns the unique identifier (ID) of the policy.
targetIds string[] List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationPolicyArnRequired 
public readonly organizationPolicyArn: string;
  • Type: string

Returns the Amazon Resource Name (ARN) of the policy.

organizationPolicyIdRequired 
public readonly organizationPolicyId: string;
  • Type: string

Returns the unique identifier (ID) of the policy.

targetIdsRequired 
public readonly targetIds: string[];
  • Type: string[]

List of unique identifiers (IDs) of the root, OU, or account that you want to attach the policy to.

IOrganizationUnitProps

Organization Unit Properties.

Properties

Name Type Description
organizationUnitName string The name of the OU.
parent string | IOrganization | OrganizationUnit The unique identifier (ID) of the parent root or OU that you want to create the new OU in.
organizationUnitNameRequired 
public readonly organizationUnitName: string;
  • Type: string

The name of the OU.

parentRequired 
public readonly parent: string | IOrganization | OrganizationUnit;

The unique identifier (ID) of the parent root or OU that you want to create the new OU in.

IOrganizationUnits

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
organizationUnitArn string The Amazon Resource Name (ARN) of this OU.
organizationUnitId string The unique identifier (ID) associated with this OU.
organizationUnitName string The name of the OU.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

envRequired 
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

stackRequired 
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

organizationUnitArnRequired 
public readonly organizationUnitArn: string;
  • Type: string

The Amazon Resource Name (ARN) of this OU.

organizationUnitIdRequired 
public readonly organizationUnitId: string;
  • Type: string

The unique identifier (ID) associated with this OU.

organizationUnitNameRequired 
public readonly organizationUnitName: string;
  • Type: string

The name of the OU.

Enums

OrganizationFeatureSet

Specifies the feature set supported by the new organization.

Each feature set supports different levels of functionality.

Members

Name Description
ALL In addition to all the features supported by the consolidated billing feature set, the management account gains access to advanced features that give you more control over accounts in your organization.
CONSOLIDATED_BILLING All member accounts have their bills consolidated to and paid by the management account.
ALL

In addition to all the features supported by the consolidated billing feature set, the management account gains access to advanced features that give you more control over accounts in your organization.

By default or if you set the FeatureSet property to ALL, the new organization is created with all features enabled and service control policies automatically enabled in the root.

CONSOLIDATED_BILLING

All member accounts have their bills consolidated to and paid by the management account.

OrganizationPolicyType

The type of policy to create.

Members

Name Description
SERVICE_CONTROL_POLICY Service control policies (SCPs) enable central administration over the maximum permissions that identities (users and roles) within accounts in your organization can have.
BACKUP_POLICY Backup policies enable you to deploy organization-wide backup plans to help ensure compliance across your organization's accounts.
TAG_POLICY Tag policies help you standardize tags on all tagged resources across your organization.
AISERVICES_OPT_OUT_POLICY Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content.
SERVICE_CONTROL_POLICY

Service control policies (SCPs) enable central administration over the maximum permissions that identities (users and roles) within accounts in your organization can have.

This helps ensure that your identities stay within your organization’s access control guidelines

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html?icmpid=docs_orgs_console

BACKUP_POLICY

Backup policies enable you to deploy organization-wide backup plans to help ensure compliance across your organization's accounts.

Using policies helps ensure consistency in how you implement your backup plans.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html?icmpid=docs_orgs_console

TAG_POLICY

Tag policies help you standardize tags on all tagged resources across your organization.

You can use tag policies to define tag keys (including how they should be capitalized) and their allowed values

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html

AISERVICES_OPT_OUT_POLICY

Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html?icmpid=docs_orgs_console