Options
All
  • Public
  • Public/Protected
  • All
Menu

Class OrganizationConfig

Organization configuration

Hierarchy

  • OrganizationConfig

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

  • new OrganizationConfig(values?: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }, configDir?: string, validateConfig?: boolean): OrganizationConfig

  • Parameters

    • Optional values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }
      • backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • enable: boolean
      • organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]
      • organizationalUnits: { name: string; ignore: boolean | undefined; }[]
      • serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
    • Optional configDir: string
    • Optional validateConfig: boolean

    Returns OrganizationConfig

Properties

Readonly backupPolicies

backupPolicies: BackupPolicyConfig[] = []

A Record of Backup Policy configurations

see

BackupPolicyConfig

To create backup policy named BackupPolicy from backup-policies/org-backup-policies.json file in config repository, you need to provide following values for this parameter.

example
backupPolicies:
  - name: BackupPolicy
    description: Organization Backup Policy
    policy: backup-policies/org-backup-policies.json
    deploymentTargets:
        organizationalUnits:
          - Root

Readonly enable

enable: true = true

Indicates whether AWS Organization enabled.

organizationalUnitIds

organizationalUnitIds: undefined | OrganizationalUnitIdConfig[] = undefined

Optionally provide a list of Organizational Unit IDs to bypass the usage of the AWS Organizations Client lookup. This is not a readonly member since we will initialize it with values if it is not provided

Readonly organizationalUnits

organizationalUnits: OrganizationalUnitConfig[] = ...

A Record of Organizational Unit configurations

see

OrganizationalUnitConfig

To create Security and Infrastructure OU in root , you need to provide following values for this parameter. Nested OU's start at root and configure all of the ou's in the path

example
organizationalUnits:
  - name: Security
  - name: Infrastructure
  - name: Sandbox
  - name: Sandbox/Pipeline
  - name: Sandbox/Development
  - name: Sandbox/Development/Application1

Readonly quarantineNewAccounts

quarantineNewAccounts: undefined | QuarantineNewAccountsConfig = undefined

A record of Quarantine New Accounts configuration

see

QuarantineNewAccountsConfig

Readonly serviceControlPolicies

serviceControlPolicies: ServiceControlPolicyConfig[] = []

A Record of Service Control Policy configurations

see

ServiceControlPolicyConfig

To create service control policy named DenyDeleteVpcFlowLogs from service-control-policies/deny-delete-vpc-flow-logs.json file in config repository, you need to provide following values for this parameter.

example
serviceControlPolicies:
  - name: DenyDeleteVpcFlowLogs
    description: >
      This SCP prevents users or roles in any affected account from deleting
      Amazon Elastic Compute Cloud (Amazon EC2) flow logs or CloudWatch log
      groups or log streams.
    policy: service-control-policies/deny-delete-vpc-flow-logs.json
    type: customerManaged
    deploymentTargets:
      organizationalUnits:
        - Security

Readonly taggingPolicies

taggingPolicies: TaggingPolicyConfig[] = []

A Record of Tagging Policy configurations

see

TaggingPolicyConfig

To create tagging policy named TagPolicy from tagging-policies/org-tag-policy.json file in config repository, you need to provide following values for this parameter.

example
taggingPolicies:
  - name: TagPolicy
    description: Organization Tagging Policy
    policy: tagging-policies/org-tag-policy.json
    deploymentTargets:
        organizationalUnits:
          - Root

Static Readonly FILENAME

FILENAME: "organization-config.yaml" = 'organization-config.yaml'

A name for the organization config file in config repository

default

organization-config.yaml

Methods

getOrganizationalUnitArn

  • getOrganizationalUnitArn(name: string): string

  • Parameters

    • name: string

    Returns string

getOrganizationalUnitId

  • getOrganizationalUnitId(name: string): string

  • Parameters

    • name: string

    Returns string

getOuName

  • getOuName(name: string): string

  • Parameters

    • name: string

    Returns string

getParentOuName

  • getParentOuName(name: string): string

  • Parameters

    • name: string

    Returns string

getPath

  • getPath(name: string): string

  • Parameters

    • name: string

    Returns string

isIgnored

  • isIgnored(name: string): boolean

  • Parameters

    • name: string

    Returns boolean

loadOrganizationalUnitIds

  • loadOrganizationalUnitIds(partition: string): Promise<void>

  • Load from string content

    Parameters

    • partition: string

    Returns Promise<void>

Private validateBackupPolicyFile

  • validateBackupPolicyFile(configDir: string, values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }, errors: string[]): void

  • Function to validate presence of backup policy file existence

    Parameters

    • configDir: string
    • values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }
      • backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • enable: boolean
      • organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]
      • organizationalUnits: { name: string; ignore: boolean | undefined; }[]
      • serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
    • errors: string[]

    Returns void

Private validateServiceControlPolicyFile

  • validateServiceControlPolicyFile(configDir: string, values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }, errors: string[]): void

  • Function to validate service control policy file existence

    Parameters

    • configDir: string
    • values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }
      • backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • enable: boolean
      • organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]
      • organizationalUnits: { name: string; ignore: boolean | undefined; }[]
      • serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
    • errors: string[]

    Returns void

Private validateTaggingPolicyFile

  • validateTaggingPolicyFile(configDir: string, values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }, errors: string[]): void

  • Function to validate tagging policy file existence

    Parameters

    • configDir: string
    • values: { backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; enable: boolean; organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]; organizationalUnits: { name: string; ignore: boolean | undefined; }[]; serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]; taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[] }
      • backupPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • enable: boolean
      • organizationalUnitIds: undefined | { name: string; id: string; arn: string; }[]
      • organizationalUnits: { name: string; ignore: boolean | undefined; }[]
      • serviceControlPolicies: { name: string; description: string; policy: string; type: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
      • taggingPolicies: { name: string; description: string; policy: string; deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; }[]
    • errors: string[]

    Returns void

Static load

  • Load from config file content

    Parameters

    • dir: string
    • Optional validateConfig: boolean

    Returns OrganizationConfig

Generated using TypeDoc