Get information about the organization that the user's account belongs to
data "aws_organizations_organization" "example" {}
output "account_ids" {
value = data.aws_organizations_organization.example.accounts[*].id
}
data "aws_organizations_organization" "example" {}
resource "aws_sns_topic" "sns_topic" {
name = "my-sns-topic"
}
resource "aws_sns_topic_policy" "sns_topic_policy" {
arn = aws_sns_topic.sns_topic.arn
policy = data.aws_iam_policy_document.sns_topic_policy.json
}
data "aws_iam_policy_document" "sns_topic_policy" {
statement {
effect = "Allow"
actions = [
"SNS:Subscribe",
"SNS:Publish",
]
condition {
test = "StringEquals"
variable = "aws:PrincipalOrgID"
values = [
data.aws_organizations_organization.example.id,
]
}
principals {
type = "AWS"
identifiers = ["*"]
}
resources = [
aws_sns_topic.sns_topic.arn,
]
}
}
There are no arguments available for this data source.
This data source exports the following attributes in addition to the arguments above:
arn
- ARN of the organization.feature_set
- FeatureSet of the organization.id
- ID of the organization.master_account_arn
- ARN of the account that is designated as the master account for the organization.master_account_email
- The email address that is associated with the AWS account that is designated as the master account for the organization.master_account_id
- Unique identifier (ID) of the master account of an organization.master_account_name
- Name of the master account of an organization.If the account is the master account or a delegated administrator for the organization, the following attributes are also exported:
accounts
- List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts
attribute. All elements have these attributes:
arn
- ARN of the accountemail
- Email of the accountid
- Identifier of the accountname
- Name of the accountstatus
- Status of the accountaws_service_access_principals
- A list of AWS service principal names that have integration enabled with your organization. Organization must have feature_set
set to ALL
. For additional information, see the AWS Organizations User Guide.enabled_policy_types
- A list of Organizations policy types that are enabled in the Organization Root. Organization must have feature_set
set to ALL
. For additional information about valid policy types (e.g., SERVICE_CONTROL_POLICY
), see the AWS Organizations API Reference.non_master_accounts
- List of organization accounts excluding the master account. For a list including the master account, see the accounts
attribute. All elements have these attributes:
arn
- ARN of the accountemail
- Email of the accountid
- Identifier of the accountname
- Name of the accountstatus
- Status of the accountroots
- List of organization roots. All elements have these attributes:
arn
- ARN of the rootid
- Identifier of the rootname
- Name of the rootpolicy_types
- List of policy types enabled for this root. All elements have these attributes:
name
- The name of the policy typestatus
- The status of the policy type as it relates to the associated root