Learn R
paws.management (version 0.1.0)

organizations_create_policy: Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account

Description

Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account.

Usage

organizations_create_policy(Content, Description, Name, Type)

Arguments

Content

[required] The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see Service Control Policy Syntax in the AWS Organizations User Guide.

Description

[required] An optional description to assign to the policy.

Name

[required] The friendly name to assign to the policy.

The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

Type

[required] The type of policy to create.

In the current release, the only type of policy that you can create is a service control policy (SCP).

Request syntax

svc$create_policy(
  Content = "string",
  Description = "string",
  Name = "string",
  Type = "SERVICE_CONTROL_POLICY"
)

Details

For more information about policies and their use, see Managing Organization Policies.

This operation can be called only from the organization's master account.

Examples

Run this code
# NOT RUN {
# The following example shows how to create a service control policy (SCP)
# that is named AllowAllS3Actions. The JSON string in the content
# parameter specifies the content in the policy. The parameter string is
# escaped with backslashes to ensure that the embedded double quotes in
# the JSON policy are treated as literals in the parameter, which itself
# is surrounded by double quotes:
# 
# 
# }
# NOT RUN {
svc$create_policy(
  Content = "{\\\"Version\\\":\\\"2012-10-17\\\",\\\"Statement\\\":{\\\"Effect\\\":...",
  Description = "Enables admins of attached accounts to delegate all S3 permissions",
  Name = "AllowAllS3Actions",
  Type = "SERVICE_CONTROL_POLICY"
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab