As a cloudformation user i want to be able to control what policies are enabled at an Organisation level using cloudformation.
Currently the AWS::Organizations::Organization resource only supports one parameter, FeatureSet. regardless of what this is set to when the Org is created all the Policies are Disabled are default.
This Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
organisation:
Type: AWS::Organizations::Organization
Properties:
FeatureSet: ALL
Creates this Org:
I would suggest new supported parameters like
AWSTemplateFormatVersion: '2010-09-09'
Resources:
organisation:
Type: AWS::Organizations::Organization
Properties:
FeatureSet: ALL
AIServicesOptOut: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
BackupPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
ServiceControlPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
TagPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
or a new Policies object to contain them.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
organisation:
Type: AWS::Organizations::Organization
Properties:
FeatureSet: ALL
Policies:
AIServicesOptOut: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
BackupPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
ServiceControlPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
TagPolicies: ENABLED # Can be ENABLED or DISABLED. Defaults to DISABLED
Under the hood, this would call enable-policy-type
E.g.
aws organizations enable-policy-type --root-id root-id --policy-type policy-type
where policy-type can be:
AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY or TAG_POLICY which corresponds to the requested parameters
Name of the resource
Other
Resource name
AWS::Organizations::Organization
Description
As a cloudformation user i want to be able to control what policies are enabled at an Organisation level using cloudformation. Currently the
AWS::Organizations::Organization
resource only supports one parameter, FeatureSet. regardless of what this is set to when the Org is created all the Policies areDisabled
are default. This TemplateCreates this Org:
I would suggest new supported parameters like
or a new
Policies
object to contain them.Under the hood, this would call enable-policy-type E.g. aws organizations enable-policy-type --root-id
root-id
--policy-typepolicy-type
where policy-type can be:AISERVICES_OPT_OUT_POLICY
,BACKUP_POLICY
,SERVICE_CONTROL_POLICY
orTAG_POLICY
which corresponds to the requested parametersOther Details
No response