Shows how to use the AWS SDK for Python (Boto3) to create and manage AWS Organizations policies.
AWS Organizations lets you consolidate multiple AWS accounts into an organization that you create and centrally manage.
- Attach a policy to a target
(
AttachPolicy) - Create a policy
(
CreatePolicy) - Delete a policy
(
DeletePolicy) - Describe a policy
(
DescribePolicy) - Detach a policy from a target
(
DetachPolicy) - List policies
(
ListPolicies)
- As an AWS best practice, grant this code least privilege, or only the permissions required to perform a task. For more information, see Grant Least Privilege in the AWS Identity and Access Management User Guide.
- This code has not been tested in all AWS Regions. Some AWS services are available only in specific Regions. For more information, see the AWS Region Table on the AWS website.
- Running this code might result in charges to your AWS account.
- You must have an AWS account, and have your default credentials and AWS Region configured as described in the AWS Tools and SDKs Shared Configuration and Credentials Reference Guide.
- Python 3.7 or later
- Boto3 1.14.47 or later
- PyTest 5.3.5 or later (to run unit tests)
Run this example at a command prompt with the following command.
python organizations_policies.py [--target TARGET]
This example optionally attaches and detaches the demo policy to an AWS Organizations
resource, such as a root organization or account. If you want to include this in the
demo, replace TARGET in the command with the ID of the resource.
The example contains one file.
organizations_policies.py
Shows how to create and manage AWS Organizations policies.
The unit tests in this module use the botocore Stubber. This captures requests before they are sent to AWS, and returns a mocked response. To run all of the tests, run the following in your [GitHub root]/python/example_code/organizations folder.
python -m pytest
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0