The aws-organizations mod contains resource, control and policy definitions for AWS Organizations service.

Resource Types

Resource types covered by this mod:

Permissions

Taking a look at permissions and associated grant levels for each permission for Organizations:

PermissionGrant LevelHelp
organizations:AcceptHandshakeNone
organizations:AttachPolicyNone
organizations:CancelHandshakeNone
organizations:CreateAccountNone
organizations:CreateGovCloudAccountNone
organizations:CreateOrganizationNone
organizations:CreateOrganizationalUnitNone
organizations:CreatePolicyNone
organizations:DeclineHandshakeNone
organizations:DeleteOrganizationNone
organizations:DeleteOrganizationalUnitNone
organizations:DeletePolicyNone
organizations:DeregisterDelegatedAdministratorNone
organizations:DescribeAccountMetadata
organizations:DescribeCreateAccountStatusMetadata
organizations:DescribeEffectivePolicyMetadata
organizations:DescribeHandshakeMetadata
organizations:DescribeOrganizationMetadata
organizations:DescribeOrganizationalUnitMetadata
organizations:DescribePolicyMetadata
organizations:DetachPolicyNone
organizations:DisableAWSServiceAccessNone
organizations:DisablePolicyTypeNone
organizations:EnableAllFeaturesNone
organizations:EnableAWSServiceAccessNone
organizations:EnablePolicyTypeNone
organizations:InviteAccountToOrganizationNone
organizations:ListAccountsMetadata
organizations:ListAccountsForParentMetadata
organizations:ListAWSServiceAccessForOrganizationMetadata
organizations:ListChildrenMetadata
organizations:ListCreateAccountStatusMetadata
organizations:ListDelegatedAdministratorsMetadata
organizations:ListDelegatedServicesForAccountMetadata
organizations:ListHandshakesForAccountMetadata
organizations:ListHandshakesForOrganizationMetadata
organizations:ListOrganizationalUnitsForParentMetadata
organizations:ListParentsMetadata
organizations:ListPoliciesMetadata
organizations:ListPoliciesForTargetMetadata
organizations:ListRootsMetadata
organizations:ListTagsForResourceMetadata
organizations:ListTargetsForPolicyMetadata
organizations:MoveAccountNone
organizations:RegisterDelegatedAdministratorNone
organizations:RemoveAccountFromOrganizationNone
organizations:TagResourceNone
organizations:UntagResourceNone
organizations:UpdateOrganizationalUnitNone
organizations:UpdatePolicyNone

Learn More About Turbot

Version
5.1.0
Released On
Jun 14, 2023
Depends On

Resource Types

Control Types

Policy Types

Release Notes

5.1.0 (2023-06-14)

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.
  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

Bug fixes

  • The AWS > Organizations > Organizational Account > CMDB control did not cleanup Organizational Accounts from Turbot CMDB if the accounts were deleted in AWS. This is now fixed.

5.0.1 (2022-02-17)

Bug fixes

  • The AWS > Organizations > Organization > Discovery control would incorrectly go into an error state for management accounts belonging to AWS US Gov Cloud. This is now fixed.

5.0.0 (2021-10-28)

Resource Types

Added

  • AWS > Organizations
  • AWS > Organizations > Organization
  • AWS > Organizations > Organization Root
  • AWS > Organizations > Organizational Account
  • AWS > Organizations > Organizational Unit

Control Types

Added

  • AWS > Organizations > Organization > CMDB
  • AWS > Organizations > Organization > Discovery
  • AWS > Organizations > Organization Root > CMDB
  • AWS > Organizations > Organization Root > Discovery
  • AWS > Organizations > Organizational Account > CMDB
  • AWS > Organizations > Organizational Account > Discovery
  • AWS > Organizations > Organizational Unit > CMDB
  • AWS > Organizations > Organizational Unit > Discovery

Policy Types

Added

  • AWS > Organizations > API Enabled
  • AWS > Organizations > Enabled
  • AWS > Organizations > Organization > CMDB
  • AWS > Organizations > Organization Root > CMDB
  • AWS > Organizations > Organizational Account > CMDB
  • AWS > Organizations > Organizational Unit > CMDB
  • AWS > Organizations > Permissions
  • AWS > Organizations > Permissions > Levels
  • AWS > Organizations > Permissions > Levels > Modifiers
  • AWS > Organizations > Permissions > Lockdown
  • AWS > Organizations > Permissions > Lockdown > API Boundary
  • AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-organizations
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-organizations
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-organizations
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-organizations

Action Types

Added

  • AWS > Organizations > Organization Root > Router
  • AWS > Organizations > Organizational Account > Router
  • AWS > Organizations > Organizational Unit > Router