Showing preview only (526K chars total). Download the full file or copy to clipboard to get everything.
Repository: pepperize/cdk-organizations
Branch: main
Commit: eddf02b70a10
Files: 87
Total size: 498.4 KB
Directory structure:
gitextract_c_mmm_r8/
├── .editorconfig
├── .eslintrc.json
├── .gitattributes
├── .github/
│ ├── dependabot.yml
│ ├── pull_request_template.md
│ └── workflows/
│ ├── auto-approve.yml
│ ├── build.yml
│ ├── pull-request-lint.yml
│ └── release.yml
├── .gitignore
├── .gitpod.yml
├── .mergify.yml
├── .npmignore
├── .prettierignore
├── .prettierrc.json
├── .projen/
│ ├── deps.json
│ ├── files.json
│ └── tasks.json
├── .projenrc.ts
├── API.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── cdk.json
├── package.json
├── src/
│ ├── account-provider/
│ │ ├── account-provider.ts
│ │ ├── index.ts
│ │ ├── is-complete-handler-function.ts
│ │ ├── is-complete-handler.lambda.ts
│ │ ├── on-event-handler-function.ts
│ │ └── on-event-handler.lambda.ts
│ ├── account.ts
│ ├── delegated-administrator.ts
│ ├── dependency-chain.ts
│ ├── enable-aws-service-access.ts
│ ├── enable-policy-type.ts
│ ├── index.ts
│ ├── integ.default.ts
│ ├── organization-provider/
│ │ ├── index.ts
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── organization-provider.ts
│ ├── organization.ts
│ ├── organizational-unit-provider/
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── organizational-unit-provider.ts
│ ├── organizational-unit.ts
│ ├── parent.ts
│ ├── policy-attachment.ts
│ ├── policy.ts
│ ├── resource.ts
│ ├── tag-resource-provider/
│ │ ├── index.ts
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── tag-resource-provider.ts
│ ├── tag-resource.ts
│ └── validators.ts
├── test/
│ ├── __snapshots__/
│ │ ├── account.test.ts.snap
│ │ ├── delegated-administrator.test.ts.snap
│ │ ├── dependency-chain.test.ts.snap
│ │ ├── enable-aws-service-access.test.ts.snap
│ │ ├── enable-policy-type.test.ts.snap
│ │ ├── integ.default.test.ts.snap
│ │ ├── organization.test.ts.snap
│ │ ├── organizational-unit.test.ts.snap
│ │ ├── policy-attachment.test.ts.snap
│ │ ├── policy.test.ts.snap
│ │ └── tag-resource.test.ts.snap
│ ├── account-provider/
│ │ ├── is-complete-handler.lambda.test.ts
│ │ └── on-event-handler.lambda.test.ts
│ ├── account.test.ts
│ ├── cdk-nag.test.ts
│ ├── delegated-administrator.test.ts
│ ├── dependency-chain.test.ts
│ ├── enable-aws-service-access.test.ts
│ ├── enable-policy-type.test.ts
│ ├── integ.default.test.ts
│ ├── organization-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── organization.test.ts
│ ├── organizational-unit-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── organizational-unit.test.ts
│ ├── policy-attachment.test.ts
│ ├── policy.test.ts
│ ├── tag-resource-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── tag-resource.test.ts
│ └── validators.test.ts
└── tsconfig.dev.json
================================================
FILE CONTENTS
================================================
================================================
FILE: .editorconfig
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
root=true
[*]
end_of_line=lf
charset=utf-8
[*\.{js,ts}]
indent_style=space
indent_size=2
max_line_length=120
================================================
FILE: .eslintrc.json
================================================
// ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
{
"env": {
"jest": true,
"node": true
},
"root": true,
"plugins": [
"@typescript-eslint",
"import"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2018,
"sourceType": "module",
"project": "./tsconfig.dev.json"
},
"extends": [
"plugin:import/typescript",
"plugin:prettier/recommended"
],
"settings": {
"import/parsers": {
"@typescript-eslint/parser": [
".ts",
".tsx"
]
},
"import/resolver": {
"node": {},
"typescript": {
"project": "./tsconfig.dev.json",
"alwaysTryTypes": true
}
}
},
"ignorePatterns": [
"*.js",
"*.d.ts",
"node_modules/",
"*.generated.ts",
"coverage",
"!.projenrc.ts",
"!projenrc/**/*.ts"
],
"rules": {
"@typescript-eslint/no-require-imports": [
"error"
],
"import/no-extraneous-dependencies": [
"error",
{
"devDependencies": [
"**/test/**",
"**/build-tools/**",
"src/account-provider/is-complete-handler.lambda.ts",
"src/account-provider/on-event-handler.lambda.ts",
"src/organization-provider/on-event-handler.lambda.ts",
"src/organizational-unit-provider/on-event-handler.lambda.ts",
"src/tag-resource-provider/on-event-handler.lambda.ts",
".projenrc.ts",
"projenrc/**/*.ts"
],
"optionalDependencies": false,
"peerDependencies": true
}
],
"import/no-unresolved": [
"error"
],
"import/order": [
"warn",
{
"groups": [
"builtin",
"external"
],
"alphabetize": {
"order": "asc",
"caseInsensitive": true
}
}
],
"import/no-duplicates": [
"error"
],
"no-shadow": [
"off"
],
"@typescript-eslint/no-shadow": [
"error"
],
"key-spacing": [
"error"
],
"no-multiple-empty-lines": [
"error"
],
"@typescript-eslint/no-floating-promises": [
"error"
],
"no-return-await": [
"off"
],
"@typescript-eslint/return-await": [
"error"
],
"no-trailing-spaces": [
"error"
],
"dot-notation": [
"error"
],
"no-bitwise": [
"error"
],
"@typescript-eslint/member-ordering": [
"error",
{
"default": [
"public-static-field",
"public-static-method",
"protected-static-field",
"protected-static-method",
"private-static-field",
"private-static-method",
"field",
"constructor",
"method"
]
}
]
},
"overrides": [
{
"files": [
".projenrc.ts"
],
"rules": {
"@typescript-eslint/no-require-imports": "off",
"import/no-extraneous-dependencies": "off"
}
}
]
}
================================================
FILE: .gitattributes
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
* text=auto eol=lf
*.snap linguist-generated
/.editorconfig linguist-generated
/.eslintrc.json linguist-generated
/.gitattributes linguist-generated
/.github/dependabot.yml linguist-generated
/.github/pull_request_template.md linguist-generated
/.github/workflows/auto-approve.yml linguist-generated
/.github/workflows/build.yml linguist-generated
/.github/workflows/pull-request-lint.yml linguist-generated
/.github/workflows/release.yml linguist-generated
/.gitignore linguist-generated
/.gitpod.yml linguist-generated
/.mergify.yml linguist-generated
/.npmignore linguist-generated
/.prettierignore linguist-generated
/.prettierrc.json linguist-generated
/.projen/** linguist-generated
/.projen/deps.json linguist-generated
/.projen/files.json linguist-generated
/.projen/tasks.json linguist-generated
/API.md linguist-generated
/LICENSE linguist-generated
/package.json linguist-generated
/src/account-provider/is-complete-handler-function.ts linguist-generated
/src/account-provider/on-event-handler-function.ts linguist-generated
/src/organization-provider/on-event-handler-function.ts linguist-generated
/src/organizational-unit-provider/on-event-handler-function.ts linguist-generated
/src/tag-resource-provider/on-event-handler-function.ts linguist-generated
/tsconfig.dev.json linguist-generated
/yarn.lock linguist-generated
================================================
FILE: .github/dependabot.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
version: 2
updates:
- package-ecosystem: npm
versioning-strategy: lockfile-only
directory: /
schedule:
interval: daily
ignore:
- dependency-name: projen
labels:
- auto-approve
================================================
FILE: .github/pull_request_template.md
================================================
Fixes #
================================================
FILE: .github/workflows/auto-approve.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: auto-approve
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
jobs:
approve:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && (github.event.pull_request.user.login == 'pflorek' || github.event.pull_request.user.login == 'acfo' || github.event.pull_request.user.login == 'dependabot[bot]')
steps:
- uses: hmarr/auto-approve-action@v2.2.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/build.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: build
on:
pull_request: {}
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files
- name: build
run: npx projen build
- name: Find mutations
id: self_mutation
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT
working-directory: ./
- name: Upload patch
if: steps.self_mutation.outputs.self_mutation_happened
uses: actions/upload-artifact@v4.4.0
with:
name: repo.patch
path: repo.patch
overwrite: true
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat repo.patch
exit 1
- name: Backup artifact permissions
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
uses: actions/upload-artifact@v4.4.0
with:
name: build-artifact
path: dist
overwrite: true
self-mutation:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download patch
uses: actions/download-artifact@v4
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Push changes
env:
PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
run: |-
git add .
git commit -s -m "chore: self mutation"
git push origin HEAD:$PULL_REQUEST_REF
package-js:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create js artifact
run: cd .repo && npx projen package:js
- name: Collect js artifact
run: mv .repo/dist dist
package-java:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-java@v4
with:
distribution: corretto
java-version: "11"
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create java artifact
run: cd .repo && npx projen package:java
- name: Collect java artifact
run: mv .repo/dist dist
package-python:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create python artifact
run: cd .repo && npx projen package:python
- name: Collect python artifact
run: mv .repo/dist dist
package-dotnet:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create dotnet artifact
run: cd .repo && npx projen package:dotnet
- name: Collect dotnet artifact
run: mv .repo/dist dist
================================================
FILE: .github/workflows/pull-request-lint.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: pull-request-lint
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
- edited
merge_group: {}
jobs:
validate:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target')
steps:
- uses: amannn/action-semantic-pull-request@v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |-
feat
fix
chore
requireScope: false
================================================
FILE: .github/workflows/release.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: release
on:
push:
branches:
- main
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: release
run: npx projen release
- name: Check if version has already been tagged
id: check_tag_exists
run: |-
TAG=$(cat dist/releasetag.txt)
([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
cat $GITHUB_OUTPUT
- name: Check for new commits
id: git_remote
run: |-
echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Backup artifact permissions
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
uses: actions/upload-artifact@v4.4.0
with:
name: build-artifact
path: dist
overwrite: true
release_github:
name: Publish to GitHub Releases
needs:
- release
- release_npm
- release_maven
- release_pypi
- release_nuget
runs-on: ubuntu-latest
permissions:
contents: write
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_REF: ${{ github.sha }}
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
release_npm:
name: Publish to npm
needs: release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create js artifact
run: cd .repo && npx projen package:js
- name: Collect js artifact
run: mv .repo/dist dist
- name: Release
env:
NPM_DIST_TAG: latest
NPM_REGISTRY: registry.npmjs.org
NPM_CONFIG_PROVENANCE: "true"
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npx -p publib@latest publib-npm
release_maven:
name: Publish to Maven Central
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-java@v4
with:
distribution: corretto
java-version: "11"
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create java artifact
run: cd .repo && npx projen package:java
- name: Collect java artifact
run: mv .repo/dist dist
- name: Release
env:
MAVEN_ENDPOINT: https://ossrh-staging-api.central.sonatype.com
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
run: npx -p publib@latest publib-maven
release_pypi:
name: Publish to PyPI
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create python artifact
run: cd .repo && npx projen package:python
- name: Collect python artifact
run: mv .repo/dist dist
- name: Release
env:
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
run: npx -p publib@latest publib-pypi
release_nuget:
name: Publish to NuGet Gallery
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create dotnet artifact
run: cd .repo && npx projen package:dotnet
- name: Collect dotnet artifact
run: mv .repo/dist dist
- name: Release
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
run: npx -p publib@latest publib-nuget
================================================
FILE: .gitignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
!/.gitattributes
!/.projen/tasks.json
!/.projen/deps.json
!/.projen/files.json
!/.github/workflows/pull-request-lint.yml
!/.gitpod.yml
!/.github/workflows/auto-approve.yml
!/package.json
!/LICENSE
!/.npmignore
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
pids
*.pid
*.seed
*.pid.lock
lib-cov
coverage
*.lcov
.nyc_output
build/Release
node_modules/
jspm_packages/
*.tsbuildinfo
.eslintcache
*.tgz
.yarn-integrity
.cache
/test-reports/
junit.xml
/coverage/
!/.github/workflows/build.yml
/dist/changelog.md
/dist/version.txt
!/.github/workflows/release.yml
!/.mergify.yml
!/.github/dependabot.yml
!/.github/pull_request_template.md
!/.prettierignore
!/.prettierrc.json
!/test/
!/tsconfig.dev.json
!/src/
/lib
/dist/
!/.eslintrc.json
.jsii
tsconfig.json
!/API.md
/assets/
!/src/account-provider/is-complete-handler-function.ts
!/src/account-provider/on-event-handler-function.ts
!/src/organization-provider/on-event-handler-function.ts
!/src/organizational-unit-provider/on-event-handler-function.ts
!/src/tag-resource-provider/on-event-handler-function.ts
.idea/
*.iml
.vscode/
!/.editorconfig
!/.projenrc.ts
================================================
FILE: .gitpod.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
tasks:
- name: setup
command: npx projen watch
init: yarn install && npx projen build
vscode:
extensions:
- dbaeumer.vscode-eslint
================================================
FILE: .mergify.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
queue_rules:
- name: default
update_method: merge
conditions:
- "#approved-reviews-by>=1"
- -label~=(do-not-merge)
- status-success=build
- status-success=package-js
- status-success=package-java
- status-success=package-python
- status-success=package-dotnet
merge_method: squash
commit_message_template: |-
{{ title }} (#{{ number }})
{{ body }}
pull_request_rules:
- name: Automatic merge on approval and successful build
actions:
delete_head_branch: {}
queue:
name: default
method: merge
conditions:
- "#approved-reviews-by>=1"
- -label~=(do-not-merge)
- status-success=build
- status-success=package-js
- status-success=package-java
- status-success=package-python
- status-success=package-dotnet
================================================
FILE: .npmignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
/.projen/
/test-reports/
junit.xml
/coverage/
permissions-backup.acl
/dist/changelog.md
/dist/version.txt
/.mergify.yml
/.prettierignore
/.prettierrc.json
/test/
/tsconfig.dev.json
/src/
!/lib/
!/lib/**/*.js
!/lib/**/*.d.ts
dist
/tsconfig.json
/.github/
/.vscode/
/.idea/
/.projenrc.js
tsconfig.tsbuildinfo
/.eslintrc.json
!.jsii
!/assets/
/.gitattributes
/.projenrc.ts
/projenrc
================================================
FILE: .prettierignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
API.md
src/account-provider/is-complete-handler-function.ts
src/account-provider/on-event-handler-function.ts
src/organization-provider/on-event-handler-function.ts
src/organizational-unit-provider/on-event-handler-function.ts
src/tag-resource-provider/on-event-handler-function.ts
================================================
FILE: .prettierrc.json
================================================
{
"printWidth": 120,
"overrides": []
}
================================================
FILE: .projen/deps.json
================================================
{
"dependencies": [
{
"name": "@pepperize/projen-awscdk-construct",
"version": "~0.0.730",
"type": "build"
},
{
"name": "@types/aws-lambda",
"type": "build"
},
{
"name": "@types/jest",
"type": "build"
},
{
"name": "@types/node",
"type": "build"
},
{
"name": "@types/sinon",
"type": "build"
},
{
"name": "@typescript-eslint/eslint-plugin",
"version": "^8",
"type": "build"
},
{
"name": "@typescript-eslint/parser",
"version": "^8",
"type": "build"
},
{
"name": "aws-lambda",
"type": "build"
},
{
"name": "aws-sdk",
"type": "build"
},
{
"name": "aws-sdk-mock",
"type": "build"
},
{
"name": "cdk-nag",
"type": "build"
},
{
"name": "commit-and-tag-version",
"version": "^12",
"type": "build"
},
{
"name": "esbuild",
"type": "build"
},
{
"name": "eslint-config-prettier",
"type": "build"
},
{
"name": "eslint-import-resolver-typescript",
"type": "build"
},
{
"name": "eslint-plugin-import",
"type": "build"
},
{
"name": "eslint-plugin-prettier",
"type": "build"
},
{
"name": "eslint",
"version": "^9",
"type": "build"
},
{
"name": "jest",
"type": "build"
},
{
"name": "jest-cdk-snapshot",
"type": "build"
},
{
"name": "jest-junit",
"version": "^15",
"type": "build"
},
{
"name": "jsii-diff",
"type": "build"
},
{
"name": "jsii-docgen",
"version": "^10.5.0",
"type": "build"
},
{
"name": "jsii-pacmak",
"type": "build"
},
{
"name": "jsii-rosetta",
"version": "~5.8.0",
"type": "build"
},
{
"name": "jsii",
"version": "~5.8.0",
"type": "build"
},
{
"name": "prettier",
"type": "build"
},
{
"name": "projen",
"type": "build"
},
{
"name": "sinon",
"type": "build"
},
{
"name": "ts-jest",
"type": "build"
},
{
"name": "ts-node",
"type": "build"
},
{
"name": "typescript",
"type": "build"
},
{
"name": "pascal-case",
"type": "bundled"
},
{
"name": "projen",
"version": "~0.91.1",
"type": "devenv"
},
{
"name": "aws-cdk-lib",
"version": "^2.203.1",
"type": "peer"
},
{
"name": "constructs",
"version": "^10.0.5",
"type": "peer"
},
{
"name": "pascal-case",
"type": "runtime"
}
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/files.json
================================================
{
"files": [
".editorconfig",
".eslintrc.json",
".gitattributes",
".github/dependabot.yml",
".github/pull_request_template.md",
".github/workflows/auto-approve.yml",
".github/workflows/build.yml",
".github/workflows/pull-request-lint.yml",
".github/workflows/release.yml",
".gitignore",
".gitpod.yml",
".mergify.yml",
".prettierignore",
".prettierrc.json",
".projen/deps.json",
".projen/files.json",
".projen/tasks.json",
"LICENSE",
"src/account-provider/is-complete-handler-function.ts",
"src/account-provider/on-event-handler-function.ts",
"src/organization-provider/on-event-handler-function.ts",
"src/organizational-unit-provider/on-event-handler-function.ts",
"src/tag-resource-provider/on-event-handler-function.ts",
"tsconfig.dev.json"
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/tasks.json
================================================
{
"tasks": {
"build": {
"name": "build",
"description": "Full release build",
"steps": [
{
"spawn": "default"
},
{
"spawn": "pre-compile"
},
{
"spawn": "compile"
},
{
"spawn": "post-compile"
},
{
"spawn": "test"
},
{
"spawn": "package"
}
]
},
"bump": {
"name": "bump",
"description": "Bumps version based on latest git tag and generates a changelog entry",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"VERSIONRCOPTIONS": "{\"types\":[{\"type\":\"chore\",\"section\":\"Chore\",\"hidden\":false}]}",
"BUMP_PACKAGE": "commit-and-tag-version@^12"
},
"steps": [
{
"builtin": "release/bump-version"
}
],
"condition": "git log --oneline -1 | grep -qv \"chore(release):\""
},
"bundle": {
"name": "bundle",
"description": "Prepare assets",
"steps": [
{
"spawn": "bundle:account-provider/is-complete-handler.lambda"
},
{
"spawn": "bundle:account-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:organization-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:organizational-unit-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:tag-resource-provider/on-event-handler.lambda"
}
]
},
"bundle:account-provider/is-complete-handler.lambda": {
"name": "bundle:account-provider/is-complete-handler.lambda",
"description": "Create a JavaScript bundle from src/account-provider/is-complete-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/is-complete-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/is-complete-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:account-provider/is-complete-handler.lambda:watch": {
"name": "bundle:account-provider/is-complete-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/account-provider/is-complete-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/is-complete-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/is-complete-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:account-provider/on-event-handler.lambda": {
"name": "bundle:account-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/account-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:account-provider/on-event-handler.lambda:watch": {
"name": "bundle:account-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/account-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:organization-provider/on-event-handler.lambda": {
"name": "bundle:organization-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/organization-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organization-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organization-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:organization-provider/on-event-handler.lambda:watch": {
"name": "bundle:organization-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/organization-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organization-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organization-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:organizational-unit-provider/on-event-handler.lambda": {
"name": "bundle:organizational-unit-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/organizational-unit-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organizational-unit-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organizational-unit-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:organizational-unit-provider/on-event-handler.lambda:watch": {
"name": "bundle:organizational-unit-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/organizational-unit-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organizational-unit-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organizational-unit-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:tag-resource-provider/on-event-handler.lambda": {
"name": "bundle:tag-resource-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/tag-resource-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/tag-resource-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/tag-resource-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:tag-resource-provider/on-event-handler.lambda:watch": {
"name": "bundle:tag-resource-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/tag-resource-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/tag-resource-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/tag-resource-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"clobber": {
"name": "clobber",
"description": "hard resets to HEAD of origin and cleans the local repo",
"env": {
"BRANCH": "$(git branch --show-current)"
},
"steps": [
{
"exec": "git checkout -b scratch",
"name": "save current HEAD in \"scratch\" branch"
},
{
"exec": "git checkout $BRANCH"
},
{
"exec": "git fetch origin",
"name": "fetch latest changes from origin"
},
{
"exec": "git reset --hard origin/$BRANCH",
"name": "hard reset to origin commit"
},
{
"exec": "git clean -fdx",
"name": "clean all untracked files"
},
{
"say": "ready to rock! (unpushed commits are under the \"scratch\" branch)"
}
],
"condition": "git diff --exit-code > /dev/null"
},
"compat": {
"name": "compat",
"description": "Perform API compatibility check against latest version",
"steps": [
{
"exec": "jsii-diff npm:$(node -p \"require('./package.json').name\") -k --ignore-file .compatignore || (echo \"\nUNEXPECTED BREAKING CHANGES: add keys such as 'removed:constructs.Node.of' to .compatignore to skip.\n\" && exit 1)"
}
]
},
"compile": {
"name": "compile",
"description": "Only compile",
"steps": [
{
"exec": "jsii --silence-warnings=reserved-word"
}
]
},
"default": {
"name": "default",
"description": "Synthesize project files",
"steps": [
{
"exec": "ts-node --project tsconfig.dev.json .projenrc.ts"
}
]
},
"docgen": {
"name": "docgen",
"description": "Generate API.md from .jsii manifest",
"steps": [
{
"exec": "jsii-docgen -o API.md"
}
]
},
"eject": {
"name": "eject",
"description": "Remove projen from the project",
"env": {
"PROJEN_EJECTING": "true"
},
"steps": [
{
"spawn": "default"
}
]
},
"eslint": {
"name": "eslint",
"description": "Runs eslint against the codebase",
"env": {
"ESLINT_USE_FLAT_CONFIG": "false"
},
"steps": [
{
"exec": "eslint --ext .ts,.tsx --fix --no-error-on-unmatched-pattern $@ src test build-tools projenrc .projenrc.ts",
"receiveArgs": true
}
]
},
"format": {
"name": "format",
"description": "Format with prettier",
"steps": [
{
"exec": "prettier --write src/**/*.ts test/**/*.ts .projenrc.[jt]s README.md"
}
]
},
"install": {
"name": "install",
"description": "Install project dependencies and update lockfile (non-frozen)",
"steps": [
{
"exec": "yarn install --check-files"
}
]
},
"install:ci": {
"name": "install:ci",
"description": "Install project dependencies using frozen lockfile",
"steps": [
{
"exec": "yarn install --check-files --frozen-lockfile"
}
]
},
"package": {
"name": "package",
"description": "Creates the distribution package",
"steps": [
{
"spawn": "package:js",
"condition": "node -e \"if (!process.env.CI) process.exit(1)\""
},
{
"spawn": "package-all",
"condition": "node -e \"if (process.env.CI) process.exit(1)\""
}
]
},
"package-all": {
"name": "package-all",
"description": "Packages artifacts for all target languages",
"steps": [
{
"spawn": "package:js"
},
{
"spawn": "package:java"
},
{
"spawn": "package:python"
},
{
"spawn": "package:dotnet"
}
]
},
"package:dotnet": {
"name": "package:dotnet",
"description": "Create dotnet language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target dotnet"
}
]
},
"package:java": {
"name": "package:java",
"description": "Create java language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target java"
}
]
},
"package:js": {
"name": "package:js",
"description": "Create js language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target js"
}
]
},
"package:python": {
"name": "package:python",
"description": "Create python language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target python"
}
]
},
"post-compile": {
"name": "post-compile",
"description": "Runs after successful compilation",
"steps": [
{
"spawn": "docgen"
}
]
},
"pre-compile": {
"name": "pre-compile",
"description": "Prepare the project for compilation",
"steps": [
{
"spawn": "bundle"
}
]
},
"release": {
"name": "release",
"description": "Prepare a release from \"main\" branch",
"env": {
"RELEASE": "true"
},
"steps": [
{
"exec": "rm -fr dist"
},
{
"spawn": "bump"
},
{
"spawn": "build"
},
{
"spawn": "unbump"
},
{
"exec": "git diff --ignore-space-at-eol --exit-code"
}
]
},
"test": {
"name": "test",
"description": "Run tests",
"steps": [
{
"exec": "jest --passWithNoTests --updateSnapshot",
"receiveArgs": true
},
{
"spawn": "eslint"
}
]
},
"test:watch": {
"name": "test:watch",
"description": "Run jest in watch mode",
"steps": [
{
"exec": "jest --watch"
}
]
},
"unbump": {
"name": "unbump",
"description": "Restores version to 0.0.0",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"VERSIONRCOPTIONS": "{\"types\":[{\"type\":\"chore\",\"section\":\"Chore\",\"hidden\":false}]}",
"BUMP_PACKAGE": "commit-and-tag-version@^12"
},
"steps": [
{
"builtin": "release/reset-version"
}
]
},
"watch": {
"name": "watch",
"description": "Watch & compile in the background",
"steps": [
{
"exec": "jsii -w --silence-warnings=reserved-word"
}
]
}
},
"env": {
"PATH": "$(npx -c \"node --print process.env.PATH\")"
},
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projenrc.ts
================================================
import { AwsCdkConstructLibrary } from "@pepperize/projen-awscdk-construct";
import { awscdk, javascript } from "projen";
const project = new AwsCdkConstructLibrary({
author: "Patrick Florek",
authorAddress: "patrick.florek@gmail.com",
license: "MIT",
copyrightOwner: "Pepperize UG (haftungsbeschränkt)",
cdkVersion: "2.203.1",
jsiiVersion: "~5.8.0",
name: "@pepperize/cdk-organizations",
description: "Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).",
keywords: [
"aws",
"cdk",
"organizations",
"organization-principal",
"organizational-unit",
"account",
"account-management",
"policies",
"service-control-policy",
"delegated-administrator",
"trusted-service",
"trusted-access",
"tag-resources",
],
repositoryUrl: "https://github.com/pepperize/cdk-organizations.git",
projenrcTs: true,
deps: ["pascal-case"],
bundledDeps: ["pascal-case"],
devDeps: [
"@pepperize/projen-awscdk-construct@~0.0.730",
"@types/aws-lambda",
"@types/jest",
"@types/sinon",
"aws-lambda",
"aws-sdk",
"aws-sdk-mock",
"cdk-nag",
"jest-cdk-snapshot",
"sinon",
],
versionrcOptions: {
types: [{ type: "chore", section: "Chore", hidden: false }],
},
defaultReleaseBranch: "main",
releaseToNpm: true,
npmAccess: javascript.NpmAccess.PUBLIC,
publishToNuget: {
dotNetNamespace: "Pepperize.CDK",
packageId: "Pepperize.CDK.Organizations",
},
publishToPypi: {
distName: "pepperize.cdk-organizations",
module: "pepperize_cdk_organizations",
},
publishToMaven: {
mavenEndpoint: "https://ossrh-staging-api.central.sonatype.com",
mavenGroupId: "com.pepperize",
mavenArtifactId: "cdk-organizations",
javaPackage: "com.pepperize.cdk.organizations",
},
gitpod: true,
lambdaOptions: {
runtime: awscdk.LambdaRuntime.NODEJS_22_X,
bundlingOptions: {
externals: [],
},
},
});
project.gitpod?.addCustomTask({
name: "setup",
init: "yarn install && npx projen build",
command: "npx projen watch",
});
project.gitpod?.addVscodeExtensions("dbaeumer.vscode-eslint");
project.synth();
================================================
FILE: API.md
================================================
# API Reference <a name="API Reference" id="api-reference"></a>
## Constructs <a name="Constructs" id="Constructs"></a>
### Account <a name="Account" id="@pepperize/cdk-organizations.Account"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>, <a href="#@pepperize/cdk-organizations.ITaggableResource">ITaggableResource</a>
Creates or imports an AWS account that is automatically a member of the organization whose credentials made the request.
AWS Organizations automatically copies the information from the management account to the new member account
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Account.Initializer"></a>
```typescript
import { Account } from '@pepperize/cdk-organizations'
new Account(scope: Construct, id: string, props: AccountProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Account.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Account.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Account.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.AccountProps">AccountProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Account.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Account.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.Account.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.AccountProps">AccountProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Account.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.Account.attachPolicy">attachPolicy</a></code> | Attach a policy. |
| <code><a href="#@pepperize/cdk-organizations.Account.delegateAdministrator">delegateAdministrator</a></code> | Enables trusted access for the AWS service (trusted service) as <strong>Delegated Administrator</strong>, which performs tasks in your organization and its accounts on your behalf. |
| <code><a href="#@pepperize/cdk-organizations.Account.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.Account.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy` <a name="attachPolicy" id="@pepperize/cdk-organizations.Account.attachPolicy"></a>
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`<sup>Required</sup> <a name="policy" id="@pepperize/cdk-organizations.Account.attachPolicy.parameter.policy"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
---
##### `delegateAdministrator` <a name="delegateAdministrator" id="@pepperize/cdk-organizations.Account.delegateAdministrator"></a>
```typescript
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void
```
Enables trusted access for the AWS service (trusted service) as <strong>Delegated Administrator</strong>, which performs tasks in your organization and its accounts on your behalf.
###### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.Account.delegateAdministrator.parameter.servicePrincipal"></a>
- *Type:* string
The supported AWS service that you specify.
---
###### `region`<sup>Optional</sup> <a name="region" id="@pepperize/cdk-organizations.Account.delegateAdministrator.parameter.region"></a>
- *Type:* string
The region to delegate in.
---
###### `props`<sup>Optional</sup> <a name="props" id="@pepperize/cdk-organizations.Account.delegateAdministrator.parameter.props"></a>
- *Type:* {[ key: string ]: any}
additional DelegatedAdministrator props.
---
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.Account.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Account.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.Account.isConstruct"></a>
```typescript
import { Account } from '@pepperize/cdk-organizations'
Account.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.Account.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Account.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.Account.property.accountArn">accountArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of the account. |
| <code><a href="#@pepperize/cdk-organizations.Account.property.accountId">accountId</a></code> | <code>string</code> | If the account was created successfully, the unique identifier (ID) of the new account. |
| <code><a href="#@pepperize/cdk-organizations.Account.property.accountName">accountName</a></code> | <code>string</code> | The friendly name of the account. |
| <code><a href="#@pepperize/cdk-organizations.Account.property.email">email</a></code> | <code>string</code> | The email address of the owner to assign to the new member account. |
| <code><a href="#@pepperize/cdk-organizations.Account.property.tags">tags</a></code> | <code>aws-cdk-lib.TagManager</code> | TagManager to set, remove and format tags. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.Account.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `accountArn`<sup>Required</sup> <a name="accountArn" id="@pepperize/cdk-organizations.Account.property.accountArn"></a>
```typescript
public readonly accountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account.
---
##### `accountId`<sup>Required</sup> <a name="accountId" id="@pepperize/cdk-organizations.Account.property.accountId"></a>
```typescript
public readonly accountId: string;
```
- *Type:* string
If the account was created successfully, the unique identifier (ID) of the new account.
Exactly 12 digits.
---
##### `accountName`<sup>Required</sup> <a name="accountName" id="@pepperize/cdk-organizations.Account.property.accountName"></a>
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the account.
---
##### `email`<sup>Required</sup> <a name="email" id="@pepperize/cdk-organizations.Account.property.email"></a>
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.Account.property.tags"></a>
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### DelegatedAdministrator <a name="DelegatedAdministrator" id="@pepperize/cdk-organizations.DelegatedAdministrator"></a>
Enables the specified member account to administer the Organizations features of the specified AWS service.
It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.
You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
> [https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html](https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html)
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.DelegatedAdministrator.Initializer"></a>
```typescript
import { DelegatedAdministrator } from '@pepperize/cdk-organizations'
new DelegatedAdministrator(scope: Construct, id: string, props: DelegatedAdministratorProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps">DelegatedAdministratorProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.DelegatedAdministrator.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps">DelegatedAdministratorProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.DelegatedAdministrator.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.DelegatedAdministrator.isConstruct"></a>
```typescript
import { DelegatedAdministrator } from '@pepperize/cdk-organizations'
DelegatedAdministrator.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.DelegatedAdministrator.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministrator.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.DelegatedAdministrator.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### EnableAwsServiceAccess <a name="EnableAwsServiceAccess" id="@pepperize/cdk-organizations.EnableAwsServiceAccess"></a>
Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations.
When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.
<strong>This operation can be called only from the organization's management account and only if the organization has enabled all features.</strong>
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms)
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer"></a>
```typescript
import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'
new EnableAwsServiceAccess(scope: Construct, id: string, props: EnableAwsServiceAccessProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccessProps">EnableAwsServiceAccessProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.EnableAwsServiceAccessProps">EnableAwsServiceAccessProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.isConstruct"></a>
```typescript
import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'
EnableAwsServiceAccess.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccess.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.EnableAwsServiceAccess.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### EnablePolicyType <a name="EnablePolicyType" id="@pepperize/cdk-organizations.EnablePolicyType"></a>
Enables and disables Enables a policy type in a root.
After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html)
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.EnablePolicyType.Initializer"></a>
```typescript
import { EnablePolicyType } from '@pepperize/cdk-organizations'
new EnablePolicyType(scope: Construct, id: string, props: EnablePolicyTypeProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.EnablePolicyTypeProps">EnablePolicyTypeProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.EnablePolicyType.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.EnablePolicyTypeProps">EnablePolicyTypeProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.EnablePolicyType.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.EnablePolicyType.isConstruct"></a>
```typescript
import { EnablePolicyType } from '@pepperize/cdk-organizations'
EnablePolicyType.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.EnablePolicyType.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyType.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.EnablePolicyType.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### Organization <a name="Organization" id="@pepperize/cdk-organizations.Organization"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IOrganization">IOrganization</a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Organization.Initializer"></a>
```typescript
import { Organization } from '@pepperize/cdk-organizations'
new Organization(scope: Construct, id: string, props?: OrganizationProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Organization.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Organization.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Organization.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.OrganizationProps">OrganizationProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Organization.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Organization.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Optional</sup> <a name="props" id="@pepperize/cdk-organizations.Organization.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.OrganizationProps">OrganizationProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Organization.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.Organization.attachPolicy">attachPolicy</a></code> | Attach a policy. |
| <code><a href="#@pepperize/cdk-organizations.Organization.enableAwsServiceAccess">enableAwsServiceAccess</a></code> | Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf. |
| <code><a href="#@pepperize/cdk-organizations.Organization.enablePolicyType">enablePolicyType</a></code> | Enables policy types in the following two broad categories: Authorization policies and Management policies. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.Organization.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy` <a name="attachPolicy" id="@pepperize/cdk-organizations.Organization.attachPolicy"></a>
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`<sup>Required</sup> <a name="policy" id="@pepperize/cdk-organizations.Organization.attachPolicy.parameter.policy"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
---
##### `enableAwsServiceAccess` <a name="enableAwsServiceAccess" id="@pepperize/cdk-organizations.Organization.enableAwsServiceAccess"></a>
```typescript
public enableAwsServiceAccess(servicePrincipal: string): void
```
Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
###### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.Organization.enableAwsServiceAccess.parameter.servicePrincipal"></a>
- *Type:* string
The supported AWS service that you specify.
---
##### `enablePolicyType` <a name="enablePolicyType" id="@pepperize/cdk-organizations.Organization.enablePolicyType"></a>
```typescript
public enablePolicyType(policyType: PolicyType): void
```
Enables policy types in the following two broad categories: Authorization policies and Management policies.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types)
###### `policyType`<sup>Required</sup> <a name="policyType" id="@pepperize/cdk-organizations.Organization.enablePolicyType.parameter.policyType"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a>
: the type of the policy that you specify.
---
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Organization.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
| <code><a href="#@pepperize/cdk-organizations.Organization.of">of</a></code> | Describe the organization that the current account belongs to. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.Organization.isConstruct"></a>
```typescript
import { Organization } from '@pepperize/cdk-organizations'
Organization.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.Organization.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
##### `of` <a name="of" id="@pepperize/cdk-organizations.Organization.of"></a>
```typescript
import { Organization } from '@pepperize/cdk-organizations'
Organization.of(scope: Construct, id: string)
```
Describe the organization that the current account belongs to.
> [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html)
###### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Organization.of.parameter.scope"></a>
- *Type:* constructs.Construct
---
###### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Organization.of.parameter.id"></a>
- *Type:* string
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.featureSet">featureSet</a></code> | <code><a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a></code> | Specifies the functionality that currently is available to the organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.managementAccountArn">managementAccountArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.managementAccountEmail">managementAccountEmail</a></code> | <code>string</code> | The email address that is associated with the AWS account that is designated as the management account for the organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.managementAccountId">managementAccountId</a></code> | <code>string</code> | The unique identifier (ID) of the management account of an organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.organizationArn">organizationArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of an organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.organizationId">organizationId</a></code> | <code>string</code> | The unique identifier (ID) of an organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.principal">principal</a></code> | <code>aws-cdk-lib.aws_iam.IPrincipal</code> | The principal that represents this AWS Organization. |
| <code><a href="#@pepperize/cdk-organizations.Organization.property.root">root</a></code> | <code><a href="#@pepperize/cdk-organizations.Root">Root</a></code> | The root of the current organization, which is automatically created. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.Organization.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `featureSet`<sup>Required</sup> <a name="featureSet" id="@pepperize/cdk-organizations.Organization.property.featureSet"></a>
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* <a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a>
Specifies the functionality that currently is available to the organization.
If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.
---
##### `managementAccountArn`<sup>Required</sup> <a name="managementAccountArn" id="@pepperize/cdk-organizations.Organization.property.managementAccountArn"></a>
```typescript
public readonly managementAccountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
---
##### `managementAccountEmail`<sup>Required</sup> <a name="managementAccountEmail" id="@pepperize/cdk-organizations.Organization.property.managementAccountEmail"></a>
```typescript
public readonly managementAccountEmail: string;
```
- *Type:* string
The email address that is associated with the AWS account that is designated as the management account for the organization.
---
##### `managementAccountId`<sup>Required</sup> <a name="managementAccountId" id="@pepperize/cdk-organizations.Organization.property.managementAccountId"></a>
```typescript
public readonly managementAccountId: string;
```
- *Type:* string
The unique identifier (ID) of the management account of an organization.
---
##### `organizationArn`<sup>Required</sup> <a name="organizationArn" id="@pepperize/cdk-organizations.Organization.property.organizationArn"></a>
```typescript
public readonly organizationArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of an organization.
---
##### `organizationId`<sup>Required</sup> <a name="organizationId" id="@pepperize/cdk-organizations.Organization.property.organizationId"></a>
```typescript
public readonly organizationId: string;
```
- *Type:* string
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
---
##### `principal`<sup>Required</sup> <a name="principal" id="@pepperize/cdk-organizations.Organization.property.principal"></a>
```typescript
public readonly principal: IPrincipal;
```
- *Type:* aws-cdk-lib.aws_iam.IPrincipal
The principal that represents this AWS Organization.
---
##### `root`<sup>Required</sup> <a name="root" id="@pepperize/cdk-organizations.Organization.property.root"></a>
```typescript
public readonly root: Root;
```
- *Type:* <a href="#@pepperize/cdk-organizations.Root">Root</a>
The root of the current organization, which is automatically created.
---
### OrganizationalUnit <a name="OrganizationalUnit" id="@pepperize/cdk-organizations.OrganizationalUnit"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.ITaggableResource">ITaggableResource</a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.OrganizationalUnit.Initializer"></a>
```typescript
import { OrganizationalUnit } from '@pepperize/cdk-organizations'
new OrganizationalUnit(scope: Construct, id: string, props: OrganizationalUnitProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.OrganizationalUnitProps">OrganizationalUnitProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.OrganizationalUnit.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.OrganizationalUnitProps">OrganizationalUnitProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.attachPolicy">attachPolicy</a></code> | Attach a policy. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.OrganizationalUnit.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy` <a name="attachPolicy" id="@pepperize/cdk-organizations.OrganizationalUnit.attachPolicy"></a>
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`<sup>Required</sup> <a name="policy" id="@pepperize/cdk-organizations.OrganizationalUnit.attachPolicy.parameter.policy"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
---
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.OrganizationalUnit.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.OrganizationalUnit.isConstruct"></a>
```typescript
import { OrganizationalUnit } from '@pepperize/cdk-organizations'
OrganizationalUnit.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.OrganizationalUnit.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitArn">organizationalUnitArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of this OU. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitId">organizationalUnitId</a></code> | <code>string</code> | The unique identifier (ID) associated with this OU. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitName">organizationalUnitName</a></code> | <code>string</code> | The friendly name of this OU. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnit.property.tags">tags</a></code> | <code>aws-cdk-lib.TagManager</code> | TagManager to set, remove and format tags. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.OrganizationalUnit.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `organizationalUnitArn`<sup>Required</sup> <a name="organizationalUnitArn" id="@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitArn"></a>
```typescript
public readonly organizationalUnitArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see [ARN Formats Supported by Organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) in the AWS Service Authorization Reference.
---
##### `organizationalUnitId`<sup>Required</sup> <a name="organizationalUnitId" id="@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitId"></a>
```typescript
public readonly organizationalUnitId: string;
```
- *Type:* string
The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
---
##### `organizationalUnitName`<sup>Required</sup> <a name="organizationalUnitName" id="@pepperize/cdk-organizations.OrganizationalUnit.property.organizationalUnitName"></a>
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name of this OU.
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.OrganizationalUnit.property.tags"></a>
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### Parent <a name="Parent" id="@pepperize/cdk-organizations.Parent"></a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Parent.Initializer"></a>
```typescript
import { Parent } from '@pepperize/cdk-organizations'
new Parent(scope: Construct, id: string, props: ParentProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Parent.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Parent.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Parent.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.ParentProps">ParentProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Parent.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Parent.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.Parent.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.ParentProps">ParentProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Parent.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.Parent.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.Parent.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.Parent.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Parent.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
| <code><a href="#@pepperize/cdk-organizations.Parent.fromChildId">fromChildId</a></code> | *No description.* |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.Parent.isConstruct"></a>
```typescript
import { Parent } from '@pepperize/cdk-organizations'
Parent.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.Parent.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
##### `fromChildId` <a name="fromChildId" id="@pepperize/cdk-organizations.Parent.fromChildId"></a>
```typescript
import { Parent } from '@pepperize/cdk-organizations'
Parent.fromChildId(scope: Construct, id: string, childId: string)
```
###### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Parent.fromChildId.parameter.scope"></a>
- *Type:* constructs.Construct
---
###### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Parent.fromChildId.parameter.id"></a>
- *Type:* string
---
###### `childId`<sup>Required</sup> <a name="childId" id="@pepperize/cdk-organizations.Parent.fromChildId.parameter.childId"></a>
- *Type:* string
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Parent.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.Parent.property.parentId">parentId</a></code> | <code>string</code> | *No description.* |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.Parent.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `parentId`<sup>Required</sup> <a name="parentId" id="@pepperize/cdk-organizations.Parent.property.parentId"></a>
```typescript
public readonly parentId: string;
```
- *Type:* string
---
### ParentBase <a name="ParentBase" id="@pepperize/cdk-organizations.ParentBase"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IParent">IParent</a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.ParentBase.Initializer"></a>
```typescript
import { ParentBase } from '@pepperize/cdk-organizations'
new ParentBase(scope: Construct, id: string, props: ParentBaseProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.ParentBaseProps">ParentBaseProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.ParentBase.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.ParentBase.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.ParentBase.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.ParentBaseProps">ParentBaseProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.ParentBase.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.ParentBase.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.ParentBase.isConstruct"></a>
```typescript
import { ParentBase } from '@pepperize/cdk-organizations'
ParentBase.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.ParentBase.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.ParentBase.property.parentId">parentId</a></code> | <code>string</code> | *No description.* |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.ParentBase.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `parentId`<sup>Required</sup> <a name="parentId" id="@pepperize/cdk-organizations.ParentBase.property.parentId"></a>
```typescript
public readonly parentId: string;
```
- *Type:* string
---
### Policy <a name="Policy" id="@pepperize/cdk-organizations.Policy"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>, <a href="#@pepperize/cdk-organizations.ITaggableResource">ITaggableResource</a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Policy.Initializer"></a>
```typescript
import { Policy } from '@pepperize/cdk-organizations'
new Policy(scope: Construct, id: string, props: PolicyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Policy.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Policy.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Policy.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.PolicyProps">PolicyProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Policy.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Policy.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.Policy.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyProps">PolicyProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Policy.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.Policy.identifier">identifier</a></code> | *No description.* |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.Policy.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.Policy.identifier"></a>
```typescript
public identifier(): string
```
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Policy.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.Policy.isConstruct"></a>
```typescript
import { Policy } from '@pepperize/cdk-organizations'
Policy.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.Policy.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Policy.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.Policy.property.policyId">policyId</a></code> | <code>string</code> | The unique identifier (ID) of the policy. |
| <code><a href="#@pepperize/cdk-organizations.Policy.property.tags">tags</a></code> | <code>aws-cdk-lib.TagManager</code> | TagManager to set, remove and format tags. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.Policy.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `policyId`<sup>Required</sup> <a name="policyId" id="@pepperize/cdk-organizations.Policy.property.policyId"></a>
```typescript
public readonly policyId: string;
```
- *Type:* string
The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.Policy.property.tags"></a>
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### PolicyAttachment <a name="PolicyAttachment" id="@pepperize/cdk-organizations.PolicyAttachment"></a>
Attaches a policy to a root, an organizational unit (OU), or an individual account.
How the policy affects accounts depends on the type of policy. Refer to the AWS Organizations User Guide for information about each policy type:
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.PolicyAttachment.Initializer"></a>
```typescript
import { PolicyAttachment } from '@pepperize/cdk-organizations'
new PolicyAttachment(scope: Construct, id: string, props: PolicyAttachmentProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.PolicyAttachmentProps">PolicyAttachmentProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.PolicyAttachment.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyAttachmentProps">PolicyAttachmentProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.PolicyAttachment.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.PolicyAttachment.isConstruct"></a>
```typescript
import { PolicyAttachment } from '@pepperize/cdk-organizations'
PolicyAttachment.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.PolicyAttachment.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachment.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.PolicyAttachment.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### Root <a name="Root" id="@pepperize/cdk-organizations.Root"></a>
- *Implements:* <a href="#@pepperize/cdk-organizations.IParent">IParent</a>, <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>, <a href="#@pepperize/cdk-organizations.ITaggableResource">ITaggableResource</a>
The parent container for all the accounts for your organization.
If you apply a policy to the root, it applies to all organizational units (OUs) and accounts in the organization.
<strong>Currently, you can have only one root. AWS Organizations automatically creates it for you when you create an organization.</strong>
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html)
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Root.Initializer"></a>
```typescript
import { Root } from '@pepperize/cdk-organizations'
new Root(scope: Construct, id: string)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Root.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Root.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.Root.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Root.Initializer.parameter.id"></a>
- *Type:* string
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Root.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#@pepperize/cdk-organizations.Root.attachPolicy">attachPolicy</a></code> | Attach a policy. |
| <code><a href="#@pepperize/cdk-organizations.Root.enablePolicyType">enablePolicyType</a></code> | Enables and disables Enables a policy type. |
| <code><a href="#@pepperize/cdk-organizations.Root.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.Root.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy` <a name="attachPolicy" id="@pepperize/cdk-organizations.Root.attachPolicy"></a>
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`<sup>Required</sup> <a name="policy" id="@pepperize/cdk-organizations.Root.attachPolicy.parameter.policy"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
---
##### `enablePolicyType` <a name="enablePolicyType" id="@pepperize/cdk-organizations.Root.enablePolicyType"></a>
```typescript
public enablePolicyType(policyType: PolicyType): void
```
Enables and disables Enables a policy type.
After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html)
###### `policyType`<sup>Required</sup> <a name="policyType" id="@pepperize/cdk-organizations.Root.enablePolicyType.parameter.policyType"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a>
---
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.Root.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Root.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.Root.isConstruct"></a>
```typescript
import { Root } from '@pepperize/cdk-organizations'
Root.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.Root.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Root.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.Root.property.rootId">rootId</a></code> | <code>string</code> | The unique identifier (ID) for the root. |
| <code><a href="#@pepperize/cdk-organizations.Root.property.tags">tags</a></code> | <code>aws-cdk-lib.TagManager</code> | TagManager to set, remove and format tags. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.Root.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `rootId`<sup>Required</sup> <a name="rootId" id="@pepperize/cdk-organizations.Root.property.rootId"></a>
```typescript
public readonly rootId: string;
```
- *Type:* string
The unique identifier (ID) for the root.
The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lowercase letters or digits.
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.Root.property.tags"></a>
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### TagResource <a name="TagResource" id="@pepperize/cdk-organizations.TagResource"></a>
Add tags to an AWS Organizations resource to make it easier to identify, organize, and search.
> [https://docs.aws.amazon.com/ARG/latest/APIReference/API_Tag.html](https://docs.aws.amazon.com/ARG/latest/APIReference/API_Tag.html)
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.TagResource.Initializer"></a>
```typescript
import { TagResource } from '@pepperize/cdk-organizations'
new TagResource(scope: Construct, id: string, props: TagResourceProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.TagResource.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.TagResource.Initializer.parameter.id">id</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.TagResource.Initializer.parameter.props">props</a></code> | <code><a href="#@pepperize/cdk-organizations.TagResourceProps">TagResourceProps</a></code> | *No description.* |
---
##### `scope`<sup>Required</sup> <a name="scope" id="@pepperize/cdk-organizations.TagResource.Initializer.parameter.scope"></a>
- *Type:* constructs.Construct
---
##### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.TagResource.Initializer.parameter.id"></a>
- *Type:* string
---
##### `props`<sup>Required</sup> <a name="props" id="@pepperize/cdk-organizations.TagResource.Initializer.parameter.props"></a>
- *Type:* <a href="#@pepperize/cdk-organizations.TagResourceProps">TagResourceProps</a>
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.TagResource.toString">toString</a></code> | Returns a string representation of this construct. |
---
##### `toString` <a name="toString" id="@pepperize/cdk-organizations.TagResource.toString"></a>
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.TagResource.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~ <a name="isConstruct" id="@pepperize/cdk-organizations.TagResource.isConstruct"></a>
```typescript
import { TagResource } from '@pepperize/cdk-organizations'
TagResource.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`<sup>Required</sup> <a name="x" id="@pepperize/cdk-organizations.TagResource.isConstruct.parameter.x"></a>
- *Type:* any
Any object.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.TagResource.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.TagResource.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
## Structs <a name="Structs" id="Structs"></a>
### AccountProps <a name="AccountProps" id="@pepperize/cdk-organizations.AccountProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.AccountProps.Initializer"></a>
```typescript
import { AccountProps } from '@pepperize/cdk-organizations'
const accountProps: AccountProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.accountName">accountName</a></code> | <code>string</code> | The friendly name of the member account. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.email">email</a></code> | <code>string</code> | The email address of the owner to assign to the new member account. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.iamUserAccessToBilling">iamUserAccessToBilling</a></code> | <code><a href="#@pepperize/cdk-organizations.IamUserAccessToBilling">IamUserAccessToBilling</a></code> | If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.importOnDuplicate">importOnDuplicate</a></code> | <code>boolean</code> | Whether to import, if a duplicate account with same name and email already exists. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.parent">parent</a></code> | <code><a href="#@pepperize/cdk-organizations.IParent">IParent</a></code> | The parent root or OU that you want to create the new Account in. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.removalPolicy">removalPolicy</a></code> | <code>aws-cdk-lib.RemovalPolicy</code> | If set to RemovalPolicy.DESTROY, the account will be moved to the root. |
| <code><a href="#@pepperize/cdk-organizations.AccountProps.property.roleName">roleName</a></code> | <code>string</code> | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. |
---
##### `accountName`<sup>Required</sup> <a name="accountName" id="@pepperize/cdk-organizations.AccountProps.property.accountName"></a>
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the member account.
---
##### `email`<sup>Required</sup> <a name="email" id="@pepperize/cdk-organizations.AccountProps.property.email"></a>
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
##### `iamUserAccessToBilling`<sup>Optional</sup> <a name="iamUserAccessToBilling" id="@pepperize/cdk-organizations.AccountProps.property.iamUserAccessToBilling"></a>
```typescript
public readonly iamUserAccessToBilling: IamUserAccessToBilling;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IamUserAccessToBilling">IamUserAccessToBilling</a>
- *Default:* ALLOW
If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions.
If set to DENY , only the root user of the new account can access account billing information.
---
##### `importOnDuplicate`<sup>Optional</sup> <a name="importOnDuplicate" id="@pepperize/cdk-organizations.AccountProps.property.importOnDuplicate"></a>
```typescript
public readonly importOnDuplicate: boolean;
```
- *Type:* boolean
- *Default:* true
Whether to import, if a duplicate account with same name and email already exists.
---
##### `parent`<sup>Optional</sup> <a name="parent" id="@pepperize/cdk-organizations.AccountProps.property.parent"></a>
```typescript
public readonly parent: IParent;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IParent">IParent</a>
The parent root or OU that you want to create the new Account in.
---
##### `removalPolicy`<sup>Optional</sup> <a name="removalPolicy" id="@pepperize/cdk-organizations.AccountProps.property.removalPolicy"></a>
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.Retain
If set to RemovalPolicy.DESTROY, the account will be moved to the root.
---
##### `roleName`<sup>Optional</sup> <a name="roleName" id="@pepperize/cdk-organizations.AccountProps.property.roleName"></a>
```typescript
public readonly roleName: string;
```
- *Type:* string
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.
If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
---
### DelegatedAdministratorProps <a name="DelegatedAdministratorProps" id="@pepperize/cdk-organizations.DelegatedAdministratorProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.DelegatedAdministratorProps.Initializer"></a>
```typescript
import { DelegatedAdministratorProps } from '@pepperize/cdk-organizations'
const delegatedAdministratorProps: DelegatedAdministratorProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps.property.account">account</a></code> | <code><a href="#@pepperize/cdk-organizations.IAccount">IAccount</a></code> | The member account in the organization to register as a delegated administrator. |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps.property.servicePrincipal">servicePrincipal</a></code> | <code>string</code> | The service principal of the AWS service for which you want to make the member account a delegated administrator. |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps.property.region">region</a></code> | <code>string</code> | The region to delegate the administrator in. |
| <code><a href="#@pepperize/cdk-organizations.DelegatedAdministratorProps.property.removalPolicy">removalPolicy</a></code> | <code>aws-cdk-lib.RemovalPolicy</code> | If set to RemovalPolicy.RETAIN, the delegation will not be removed. |
---
##### `account`<sup>Required</sup> <a name="account" id="@pepperize/cdk-organizations.DelegatedAdministratorProps.property.account"></a>
```typescript
public readonly account: IAccount;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>
The member account in the organization to register as a delegated administrator.
---
##### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.DelegatedAdministratorProps.property.servicePrincipal"></a>
```typescript
public readonly servicePrincipal: string;
```
- *Type:* string
The service principal of the AWS service for which you want to make the member account a delegated administrator.
---
##### `region`<sup>Optional</sup> <a name="region" id="@pepperize/cdk-organizations.DelegatedAdministratorProps.property.region"></a>
```typescript
public readonly region: string;
```
- *Type:* string
The region to delegate the administrator in.
---
##### `removalPolicy`<sup>Optional</sup> <a name="removalPolicy" id="@pepperize/cdk-organizations.DelegatedAdministratorProps.property.removalPolicy"></a>
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.DESTROY
If set to RemovalPolicy.RETAIN, the delegation will not be removed.
---
### EnableAwsServiceAccessProps <a name="EnableAwsServiceAccessProps" id="@pepperize/cdk-organizations.EnableAwsServiceAccessProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.EnableAwsServiceAccessProps.Initializer"></a>
```typescript
import { EnableAwsServiceAccessProps } from '@pepperize/cdk-organizations'
const enableAwsServiceAccessProps: EnableAwsServiceAccessProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnableAwsServiceAccessProps.property.servicePrincipal">servicePrincipal</a></code> | <code>string</code> | The service principal name of the AWS service for which you want to enable integration with your organization. |
---
##### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.EnableAwsServiceAccessProps.property.servicePrincipal"></a>
```typescript
public readonly servicePrincipal: string;
```
- *Type:* string
The service principal name of the AWS service for which you want to enable integration with your organization.
This is typically in the form of a URL, such as service-abbreviation.amazonaws.com.
---
### EnablePolicyTypeProps <a name="EnablePolicyTypeProps" id="@pepperize/cdk-organizations.EnablePolicyTypeProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.EnablePolicyTypeProps.Initializer"></a>
```typescript
import { EnablePolicyTypeProps } from '@pepperize/cdk-organizations'
const enablePolicyTypeProps: EnablePolicyTypeProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyTypeProps.property.policyType">policyType</a></code> | <code><a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.EnablePolicyTypeProps.property.root">root</a></code> | <code><a href="#@pepperize/cdk-organizations.Root">Root</a></code> | *No description.* |
---
##### `policyType`<sup>Required</sup> <a name="policyType" id="@pepperize/cdk-organizations.EnablePolicyTypeProps.property.policyType"></a>
```typescript
public readonly policyType: PolicyType;
```
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a>
---
##### `root`<sup>Required</sup> <a name="root" id="@pepperize/cdk-organizations.EnablePolicyTypeProps.property.root"></a>
```typescript
public readonly root: Root;
```
- *Type:* <a href="#@pepperize/cdk-organizations.Root">Root</a>
---
### OrganizationalUnitProps <a name="OrganizationalUnitProps" id="@pepperize/cdk-organizations.OrganizationalUnitProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.OrganizationalUnitProps.Initializer"></a>
```typescript
import { OrganizationalUnitProps } from '@pepperize/cdk-organizations'
const organizationalUnitProps: OrganizationalUnitProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnitProps.property.organizationalUnitName">organizationalUnitName</a></code> | <code>string</code> | The friendly name to assign to the new OU. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnitProps.property.parent">parent</a></code> | <code><a href="#@pepperize/cdk-organizations.IParent">IParent</a></code> | The parent root or OU that you want to create the new OrganizationalUnit in. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnitProps.property.importOnDuplicate">importOnDuplicate</a></code> | <code>boolean</code> | Whether to import, if a duplicate organizational unit with same name exists in the parent exists. |
| <code><a href="#@pepperize/cdk-organizations.OrganizationalUnitProps.property.removalPolicy">removalPolicy</a></code> | <code>aws-cdk-lib.RemovalPolicy</code> | If set to RemovalPolicy.DESTROY, the organizational unit will be deleted. |
---
##### `organizationalUnitName`<sup>Required</sup> <a name="organizationalUnitName" id="@pepperize/cdk-organizations.OrganizationalUnitProps.property.organizationalUnitName"></a>
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name to assign to the new OU.
---
##### `parent`<sup>Required</sup> <a name="parent" id="@pepperize/cdk-organizations.OrganizationalUnitProps.property.parent"></a>
```typescript
public readonly parent: IParent;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IParent">IParent</a>
The parent root or OU that you want to create the new OrganizationalUnit in.
---
##### `importOnDuplicate`<sup>Optional</sup> <a name="importOnDuplicate" id="@pepperize/cdk-organizations.OrganizationalUnitProps.property.importOnDuplicate"></a>
```typescript
public readonly importOnDuplicate: boolean;
```
- *Type:* boolean
- *Default:* true
Whether to import, if a duplicate organizational unit with same name exists in the parent exists.
---
##### `removalPolicy`<sup>Optional</sup> <a name="removalPolicy" id="@pepperize/cdk-organizations.OrganizationalUnitProps.property.removalPolicy"></a>
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.Retain
If set to RemovalPolicy.DESTROY, the organizational unit will be deleted.
---
### OrganizationProps <a name="OrganizationProps" id="@pepperize/cdk-organizations.OrganizationProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.OrganizationProps.Initializer"></a>
```typescript
import { OrganizationProps } from '@pepperize/cdk-organizations'
const organizationProps: OrganizationProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.OrganizationProps.property.featureSet">featureSet</a></code> | <code><a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a></code> | Enabling features in your organization. |
---
##### `featureSet`<sup>Optional</sup> <a name="featureSet" id="@pepperize/cdk-organizations.OrganizationProps.property.featureSet"></a>
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* <a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a>
- *Default:* ALL
Enabling features in your organization.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
---
### ParentBaseProps <a name="ParentBaseProps" id="@pepperize/cdk-organizations.ParentBaseProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.ParentBaseProps.Initializer"></a>
```typescript
import { ParentBaseProps } from '@pepperize/cdk-organizations'
const parentBaseProps: ParentBaseProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentBaseProps.property.childId">childId</a></code> | <code>string</code> | *No description.* |
---
##### `childId`<sup>Required</sup> <a name="childId" id="@pepperize/cdk-organizations.ParentBaseProps.property.childId"></a>
```typescript
public readonly childId: string;
```
- *Type:* string
---
### ParentProps <a name="ParentProps" id="@pepperize/cdk-organizations.ParentProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.ParentProps.Initializer"></a>
```typescript
import { ParentProps } from '@pepperize/cdk-organizations'
const parentProps: ParentProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ParentProps.property.child">child</a></code> | <code><a href="#@pepperize/cdk-organizations.IChild">IChild</a></code> | *No description.* |
---
##### `child`<sup>Required</sup> <a name="child" id="@pepperize/cdk-organizations.ParentProps.property.child"></a>
```typescript
public readonly child: IChild;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IChild">IChild</a>
---
### PolicyAttachmentProps <a name="PolicyAttachmentProps" id="@pepperize/cdk-organizations.PolicyAttachmentProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.PolicyAttachmentProps.Initializer"></a>
```typescript
import { PolicyAttachmentProps } from '@pepperize/cdk-organizations'
const policyAttachmentProps: PolicyAttachmentProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachmentProps.property.policy">policy</a></code> | <code><a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a></code> | The policy that you want to attach to the target. |
| <code><a href="#@pepperize/cdk-organizations.PolicyAttachmentProps.property.target">target</a></code> | <code><a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a></code> | The root, OU, or account that you want to attach the policy to. |
---
##### `policy`<sup>Required</sup> <a name="policy" id="@pepperize/cdk-organizations.PolicyAttachmentProps.property.policy"></a>
```typescript
public readonly policy: IPolicy;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
The policy that you want to attach to the target.
---
##### `target`<sup>Required</sup> <a name="target" id="@pepperize/cdk-organizations.PolicyAttachmentProps.property.target"></a>
```typescript
public readonly target: IPolicyAttachmentTarget;
```
- *Type:* <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>
The root, OU, or account that you want to attach the policy to.
---
### PolicyProps <a name="PolicyProps" id="@pepperize/cdk-organizations.PolicyProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.PolicyProps.Initializer"></a>
```typescript
import { PolicyProps } from '@pepperize/cdk-organizations'
const policyProps: PolicyProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyProps.property.content">content</a></code> | <code>string</code> | The policy text content to add to the new policy. |
| <code><a href="#@pepperize/cdk-organizations.PolicyProps.property.policyName">policyName</a></code> | <code>string</code> | The friendly name to assign to the policy. |
| <code><a href="#@pepperize/cdk-organizations.PolicyProps.property.policyType">policyType</a></code> | <code><a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a></code> | The type of policy to create. |
| <code><a href="#@pepperize/cdk-organizations.PolicyProps.property.description">description</a></code> | <code>string</code> | An optional description to assign to the policy. |
---
##### `content`<sup>Required</sup> <a name="content" id="@pepperize/cdk-organizations.PolicyProps.property.content"></a>
```typescript
public readonly content: string;
```
- *Type:* string
The policy text content to add to the new policy.
The text that you supply must adhere to the rules of the policy type you specify in the Type parameter.
---
##### `policyName`<sup>Required</sup> <a name="policyName" id="@pepperize/cdk-organizations.PolicyProps.property.policyName"></a>
```typescript
public readonly policyName: string;
```
- *Type:* string
The friendly name to assign to the policy.
---
##### `policyType`<sup>Required</sup> <a name="policyType" id="@pepperize/cdk-organizations.PolicyProps.property.policyType"></a>
```typescript
public readonly policyType: PolicyType;
```
- *Type:* <a href="#@pepperize/cdk-organizations.PolicyType">PolicyType</a>
The type of policy to create.
You can specify one of the following values:
---
##### `description`<sup>Optional</sup> <a name="description" id="@pepperize/cdk-organizations.PolicyProps.property.description"></a>
```typescript
public readonly description: string;
```
- *Type:* string
An optional description to assign to the policy.
---
### TagResourceProps <a name="TagResourceProps" id="@pepperize/cdk-organizations.TagResourceProps"></a>
#### Initializer <a name="Initializer" id="@pepperize/cdk-organizations.TagResourceProps.Initializer"></a>
```typescript
import { TagResourceProps } from '@pepperize/cdk-organizations'
const tagResourceProps: TagResourceProps = { ... }
```
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.TagResourceProps.property.resourceId">resourceId</a></code> | <code>string</code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.TagResourceProps.property.tags">tags</a></code> | <code>aws-cdk-lib.IResolvable</code> | *No description.* |
---
##### `resourceId`<sup>Required</sup> <a name="resourceId" id="@pepperize/cdk-organizations.TagResourceProps.property.resourceId"></a>
```typescript
public readonly resourceId: string;
```
- *Type:* string
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.TagResourceProps.property.tags"></a>
```typescript
public readonly tags: IResolvable;
```
- *Type:* aws-cdk-lib.IResolvable
---
## Classes <a name="Classes" id="Classes"></a>
### DependencyChain <a name="DependencyChain" id="@pepperize/cdk-organizations.DependencyChain"></a>
- *Implements:* aws-cdk-lib.IAspect
Aspect to create dependency chain of organization resource that needs to be deployed sequentially.
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.DependencyChain.Initializer"></a>
```typescript
import { DependencyChain } from '@pepperize/cdk-organizations'
new DependencyChain()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.DependencyChain.visit">visit</a></code> | All aspects can visit an IConstruct. |
---
##### `visit` <a name="visit" id="@pepperize/cdk-organizations.DependencyChain.visit"></a>
```typescript
public visit(current: IConstruct): void
```
All aspects can visit an IConstruct.
###### `current`<sup>Required</sup> <a name="current" id="@pepperize/cdk-organizations.DependencyChain.visit.parameter.current"></a>
- *Type:* constructs.IConstruct
---
### Validators <a name="Validators" id="@pepperize/cdk-organizations.Validators"></a>
#### Initializers <a name="Initializers" id="@pepperize/cdk-organizations.Validators.Initializer"></a>
```typescript
import { Validators } from '@pepperize/cdk-organizations'
new Validators()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Validators.accountId">accountId</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Validators.accountName">accountName</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Validators.email">email</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Validators.organizationalUnitName">organizationalUnitName</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Validators.policyContent">policyContent</a></code> | *No description.* |
| <code><a href="#@pepperize/cdk-organizations.Validators.servicePrincipal">servicePrincipal</a></code> | *No description.* |
---
##### `accountId` <a name="accountId" id="@pepperize/cdk-organizations.Validators.accountId"></a>
```typescript
public accountId(id: string): boolean
```
###### `id`<sup>Required</sup> <a name="id" id="@pepperize/cdk-organizations.Validators.accountId.parameter.id"></a>
- *Type:* string
---
##### `accountName` <a name="accountName" id="@pepperize/cdk-organizations.Validators.accountName"></a>
```typescript
public accountName(name: string): boolean
```
###### `name`<sup>Required</sup> <a name="name" id="@pepperize/cdk-organizations.Validators.accountName.parameter.name"></a>
- *Type:* string
---
##### `email` <a name="email" id="@pepperize/cdk-organizations.Validators.email"></a>
```typescript
public email(email: string): boolean
```
###### `email`<sup>Required</sup> <a name="email" id="@pepperize/cdk-organizations.Validators.email.parameter.email"></a>
- *Type:* string
---
##### `organizationalUnitName` <a name="organizationalUnitName" id="@pepperize/cdk-organizations.Validators.organizationalUnitName"></a>
```typescript
public organizationalUnitName(name: string): boolean
```
###### `name`<sup>Required</sup> <a name="name" id="@pepperize/cdk-organizations.Validators.organizationalUnitName.parameter.name"></a>
- *Type:* string
---
##### `policyContent` <a name="policyContent" id="@pepperize/cdk-organizations.Validators.policyContent"></a>
```typescript
public policyContent(content: string): boolean
```
###### `content`<sup>Required</sup> <a name="content" id="@pepperize/cdk-organizations.Validators.policyContent.parameter.content"></a>
- *Type:* string
---
##### `servicePrincipal` <a name="servicePrincipal" id="@pepperize/cdk-organizations.Validators.servicePrincipal"></a>
```typescript
public servicePrincipal(servicePrincipal: string): boolean
```
###### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.Validators.servicePrincipal.parameter.servicePrincipal"></a>
- *Type:* string
---
#### Static Functions <a name="Static Functions" id="Static Functions"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.Validators.of">of</a></code> | *No description.* |
---
##### `of` <a name="of" id="@pepperize/cdk-organizations.Validators.of"></a>
```typescript
import { Validators } from '@pepperize/cdk-organizations'
Validators.of()
```
## Protocols <a name="Protocols" id="Protocols"></a>
### IAccount <a name="IAccount" id="@pepperize/cdk-organizations.IAccount"></a>
- *Extends:* <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>, <a href="#@pepperize/cdk-organizations.IChild">IChild</a>, constructs.IConstruct, <a href="#@pepperize/cdk-organizations.IResource">IResource</a>
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Account">Account</a>, <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IAccount.delegateAdministrator">delegateAdministrator</a></code> | Enables trusted access for the AWS service (trusted service) as <strong>Delegated Administrator</strong>, which performs tasks in your organization and its accounts on your behalf. |
---
##### `delegateAdministrator` <a name="delegateAdministrator" id="@pepperize/cdk-organizations.IAccount.delegateAdministrator"></a>
```typescript
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void
```
Enables trusted access for the AWS service (trusted service) as <strong>Delegated Administrator</strong>, which performs tasks in your organization and its accounts on your behalf.
###### `servicePrincipal`<sup>Required</sup> <a name="servicePrincipal" id="@pepperize/cdk-organizations.IAccount.delegateAdministrator.parameter.servicePrincipal"></a>
- *Type:* string
The supported AWS service that you specify.
---
###### `region`<sup>Optional</sup> <a name="region" id="@pepperize/cdk-organizations.IAccount.delegateAdministrator.parameter.region"></a>
- *Type:* string
The region to delegate in.
---
###### `props`<sup>Optional</sup> <a name="props" id="@pepperize/cdk-organizations.IAccount.delegateAdministrator.parameter.props"></a>
- *Type:* {[ key: string ]: any}
additional DelegatedAdministrator props.
---
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IAccount.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.IAccount.property.accountArn">accountArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of the account. |
| <code><a href="#@pepperize/cdk-organizations.IAccount.property.accountId">accountId</a></code> | <code>string</code> | If the account was created successfully, the unique identifier (ID) of the new account. |
| <code><a href="#@pepperize/cdk-organizations.IAccount.property.accountName">accountName</a></code> | <code>string</code> | The friendly name of the account. |
| <code><a href="#@pepperize/cdk-organizations.IAccount.property.email">email</a></code> | <code>string</code> | The email address of the owner to assign to the new member account. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IAccount.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `accountArn`<sup>Required</sup> <a name="accountArn" id="@pepperize/cdk-organizations.IAccount.property.accountArn"></a>
```typescript
public readonly accountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account.
---
##### `accountId`<sup>Required</sup> <a name="accountId" id="@pepperize/cdk-organizations.IAccount.property.accountId"></a>
```typescript
public readonly accountId: string;
```
- *Type:* string
If the account was created successfully, the unique identifier (ID) of the new account.
Exactly 12 digits.
---
##### `accountName`<sup>Required</sup> <a name="accountName" id="@pepperize/cdk-organizations.IAccount.property.accountName"></a>
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the account.
---
##### `email`<sup>Required</sup> <a name="email" id="@pepperize/cdk-organizations.IAccount.property.email"></a>
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
### IChild <a name="IChild" id="@pepperize/cdk-organizations.IChild"></a>
- *Extends:* constructs.IConstruct, <a href="#@pepperize/cdk-organizations.IResource">IResource</a>
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Account">Account</a>, <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>, <a href="#@pepperize/cdk-organizations.IChild">IChild</a>, <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IChild.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IChild.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### IOrganization <a name="IOrganization" id="@pepperize/cdk-organizations.IOrganization"></a>
- *Extends:* constructs.IConstruct
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Organization">Organization</a>, <a href="#@pepperize/cdk-organizations.IOrganization">IOrganization</a>
Creates an organization to consolidate your AWS accounts so that you can administer them as a single unit.
An organization has one management account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. Each account can be directly in the root, or placed in one of the OUs in the hierarchy. An organization has the functionality that is determined by the feature set that you enable.
<strong>The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.</strong>
<strong>For deletion of an organization you must previously remove all the member accounts, OUs, and policies from the organization!</strong>
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org)
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.featureSet">featureSet</a></code> | <code><a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a></code> | Specifies the functionality that currently is available to the organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.managementAccountArn">managementAccountArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.managementAccountEmail">managementAccountEmail</a></code> | <code>string</code> | The email address that is associated with the AWS account that is designated as the management account for the organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.managementAccountId">managementAccountId</a></code> | <code>string</code> | The unique identifier (ID) of the management account of an organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.organizationArn">organizationArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of an organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.organizationId">organizationId</a></code> | <code>string</code> | The unique identifier (ID) of an organization. |
| <code><a href="#@pepperize/cdk-organizations.IOrganization.property.principal">principal</a></code> | <code>aws-cdk-lib.aws_iam.IPrincipal</code> | The principal that represents this AWS Organization. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IOrganization.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `featureSet`<sup>Required</sup> <a name="featureSet" id="@pepperize/cdk-organizations.IOrganization.property.featureSet"></a>
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* <a href="#@pepperize/cdk-organizations.FeatureSet">FeatureSet</a>
Specifies the functionality that currently is available to the organization.
If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.
---
##### `managementAccountArn`<sup>Required</sup> <a name="managementAccountArn" id="@pepperize/cdk-organizations.IOrganization.property.managementAccountArn"></a>
```typescript
public readonly managementAccountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
---
##### `managementAccountEmail`<sup>Required</sup> <a name="managementAccountEmail" id="@pepperize/cdk-organizations.IOrganization.property.managementAccountEmail"></a>
```typescript
public readonly managementAccountEmail: string;
```
- *Type:* string
The email address that is associated with the AWS account that is designated as the management account for the organization.
---
##### `managementAccountId`<sup>Required</sup> <a name="managementAccountId" id="@pepperize/cdk-organizations.IOrganization.property.managementAccountId"></a>
```typescript
public readonly managementAccountId: string;
```
- *Type:* string
The unique identifier (ID) of the management account of an organization.
---
##### `organizationArn`<sup>Required</sup> <a name="organizationArn" id="@pepperize/cdk-organizations.IOrganization.property.organizationArn"></a>
```typescript
public readonly organizationArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of an organization.
---
##### `organizationId`<sup>Required</sup> <a name="organizationId" id="@pepperize/cdk-organizations.IOrganization.property.organizationId"></a>
```typescript
public readonly organizationId: string;
```
- *Type:* string
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
---
##### `principal`<sup>Required</sup> <a name="principal" id="@pepperize/cdk-organizations.IOrganization.property.principal"></a>
```typescript
public readonly principal: IPrincipal;
```
- *Type:* aws-cdk-lib.aws_iam.IPrincipal
The principal that represents this AWS Organization.
---
### IOrganizationalUnit <a name="IOrganizationalUnit" id="@pepperize/cdk-organizations.IOrganizationalUnit"></a>
- *Extends:* <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>, <a href="#@pepperize/cdk-organizations.IParent">IParent</a>, <a href="#@pepperize/cdk-organizations.IChild">IChild</a>, constructs.IConstruct
- *Implemented By:* <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>
A container for accounts within a root.
An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree. When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it. An OU can have exactly one parent, and currently each account can be a member of exactly one OU.
<strong>You must first move all accounts out of the OU and any child OUs, and then you can delete the child OUs.</strong>
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IOrganizationalUnit.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitArn">organizationalUnitArn</a></code> | <code>string</code> | The Amazon Resource Name (ARN) of this OU. |
| <code><a href="#@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitId">organizationalUnitId</a></code> | <code>string</code> | The unique identifier (ID) associated with this OU. |
| <code><a href="#@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitName">organizationalUnitName</a></code> | <code>string</code> | The friendly name of this OU. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IOrganizationalUnit.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `organizationalUnitArn`<sup>Required</sup> <a name="organizationalUnitArn" id="@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitArn"></a>
```typescript
public readonly organizationalUnitArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see [ARN Formats Supported by Organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) in the AWS Service Authorization Reference.
---
##### `organizationalUnitId`<sup>Required</sup> <a name="organizationalUnitId" id="@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitId"></a>
```typescript
public readonly organizationalUnitId: string;
```
- *Type:* string
The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
---
##### `organizationalUnitName`<sup>Required</sup> <a name="organizationalUnitName" id="@pepperize/cdk-organizations.IOrganizationalUnit.property.organizationalUnitName"></a>
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name of this OU.
---
### IParent <a name="IParent" id="@pepperize/cdk-organizations.IParent"></a>
- *Extends:* constructs.IConstruct, <a href="#@pepperize/cdk-organizations.IResource">IResource</a>
- *Implemented By:* <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.Parent">Parent</a>, <a href="#@pepperize/cdk-organizations.ParentBase">ParentBase</a>, <a href="#@pepperize/cdk-organizations.Root">Root</a>, <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.IParent">IParent</a>
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IParent.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IParent.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### IPolicy <a name="IPolicy" id="@pepperize/cdk-organizations.IPolicy"></a>
- *Extends:* constructs.IConstruct
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Policy">Policy</a>, <a href="#@pepperize/cdk-organizations.IPolicy">IPolicy</a>
Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization.
<strong>You can use policies when all features are enabled in your organization.</strong>
<strong>Before you can create and attach a policy to your organization, you must enable that policy type for use.</strong>
> [FeatureSet](FeatureSet)
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IPolicy.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
| <code><a href="#@pepperize/cdk-organizations.IPolicy.property.policyId">policyId</a></code> | <code>string</code> | The unique identifier (ID) of the policy. |
---
##### `node`<sup>Required</sup> <a name="node" id="@pepperize/cdk-organizations.IPolicy.property.node"></a>
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `policyId`<sup>Required</sup> <a name="policyId" id="@pepperize/cdk-organizations.IPolicy.property.policyId"></a>
```typescript
public readonly policyId: string;
```
- *Type:* string
The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
---
### IPolicyAttachmentTarget <a name="IPolicyAttachmentTarget" id="@pepperize/cdk-organizations.IPolicyAttachmentTarget"></a>
- *Extends:* constructs.IDependable, <a href="#@pepperize/cdk-organizations.IResource">IResource</a>
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Account">Account</a>, <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.Root">Root</a>, <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>, <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>
### IResource <a name="IResource" id="@pepperize/cdk-organizations.IResource"></a>
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Account">Account</a>, <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.Parent">Parent</a>, <a href="#@pepperize/cdk-organizations.ParentBase">ParentBase</a>, <a href="#@pepperize/cdk-organizations.Root">Root</a>, <a href="#@pepperize/cdk-organizations.IAccount">IAccount</a>, <a href="#@pepperize/cdk-organizations.IChild">IChild</a>, <a href="#@pepperize/cdk-organizations.IOrganizationalUnit">IOrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.IParent">IParent</a>, <a href="#@pepperize/cdk-organizations.IPolicyAttachmentTarget">IPolicyAttachmentTarget</a>, <a href="#@pepperize/cdk-organizations.IResource">IResource</a>
Interface for an AWS Organizations resource.
#### Methods <a name="Methods" id="Methods"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IResource.identifier">identifier</a></code> | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `identifier` <a name="identifier" id="@pepperize/cdk-organizations.IResource.identifier"></a>
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
### ITaggableResource <a name="ITaggableResource" id="@pepperize/cdk-organizations.ITaggableResource"></a>
- *Extends:* aws-cdk-lib.ITaggable
- *Implemented By:* <a href="#@pepperize/cdk-organizations.Account">Account</a>, <a href="#@pepperize/cdk-organizations.OrganizationalUnit">OrganizationalUnit</a>, <a href="#@pepperize/cdk-organizations.Policy">Policy</a>, <a href="#@pepperize/cdk-organizations.Root">Root</a>, <a href="#@pepperize/cdk-organizations.ITaggableResource">ITaggableResource</a>
#### Properties <a name="Properties" id="Properties"></a>
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| <code><a href="#@pepperize/cdk-organizations.ITaggableResource.property.tags">tags</a></code> | <code>aws-cdk-lib.TagManager</code> | TagManager to set, remove and format tags. |
---
##### `tags`<sup>Required</sup> <a name="tags" id="@pepperize/cdk-organizations.ITaggableResource.property.tags"></a>
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
## Enums <a name="Enums" id="Enums"></a>
### FeatureSet <a name="FeatureSet" id="@pepperize/cdk-organizations.FeatureSet"></a>
Specifies the feature set supported by the new organization.
Each feature set supports different levels of functionality.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set)
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.FeatureSet.CONSOLIDATED_BILLING">CONSOLIDATED_BILLING</a></code> | All member accounts have their bills consolidated to and paid by the management account. |
| <code><a href="#@pepperize/cdk-organizations.FeatureSet.ALL">ALL</a></code> | In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. |
---
##### `CONSOLIDATED_BILLING` <a name="CONSOLIDATED_BILLING" id="@pepperize/cdk-organizations.FeatureSet.CONSOLIDATED_BILLING"></a>
All member accounts have their bills consolidated to and paid by the management account.
For more information, see [Consolidated billing](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) in the AWS Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the AWS GovCloud (US) Region.
---
##### `ALL` <a name="ALL" id="@pepperize/cdk-organizations.FeatureSet.ALL"></a>
In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization.
For more information, see [All features](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) in the AWS Organizations User Guide.
---
### IamUserAccessToBilling <a name="IamUserAccessToBilling" id="@pepperize/cdk-organizations.IamUserAccessToBilling"></a>
> [https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate)
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.IamUserAccessToBilling.ALLOW">ALLOW</a></code> | If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. |
| <code><a href="#@pepperize/cdk-organizations.IamUserAccessToBilling.DENY">DENY</a></code> | If set to DENY, only the root user of the new account can access account billing information. |
---
##### `ALLOW` <a name="ALLOW" id="@pepperize/cdk-organizations.IamUserAccessToBilling.ALLOW"></a>
If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions.
---
##### `DENY` <a name="DENY" id="@pepperize/cdk-organizations.IamUserAccessToBilling.DENY"></a>
If set to DENY, only the root user of the new account can access account billing information.
---
### PolicyType <a name="PolicyType" id="@pepperize/cdk-organizations.PolicyType"></a>
Organizations offers policy types in the following two broad categories: <ol> <li>Authorization policies help you to centrally manage the security of the AWS accounts in your organization.</li> <li>Management policies enable you to centrally configure and manage AWS services and their features.</li> </ol>.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types)
#### Members <a name="Members" id="Members"></a>
| **Name** | **Description** |
| --- | --- |
| <code><a href="#@pepperize/cdk-organizations.PolicyType.SERVICE_CONTROL_POLICY">SERVICE_CONTROL_POLICY</a></code> | Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization. |
| <code><a href="#@pepperize/cdk-organizations.PolicyType.TAG_POLICY">TAG_POLICY</a></code> | Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts. |
| <code><a href="#@pepperize/cdk-organizations.PolicyType.BACKUP_POLICY">BACKUP_POLICY</a></code> | Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts. |
| <code><a href="#@pepperize/cdk-organizations.PolicyType.AISERVICES_OPT_OUT_POLICY">AISERVICES_OPT_OUT_POLICY</a></code> | Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts. |
---
##### `SERVICE_CONTROL_POLICY` <a name="SERVICE_CONTROL_POLICY" id="@pepperize/cdk-organizations.PolicyType.SERVICE_CONTROL_POLICY"></a>
Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.
---
##### `TAG_POLICY` <a name="TAG_POLICY" id="@pepperize/cdk-organizations.PolicyType.TAG_POLICY"></a>
Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts.
---
##### `BACKUP_POLICY` <a name="BACKUP_POLICY" id="@pepperize/cdk-organizations.PolicyType.BACKUP_POLICY"></a>
Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts.
---
##### `AISERVICES_OPT_OUT_POLICY` <a name="AISERVICES_OPT_OUT_POLICY" id="@pepperize/cdk-organizations.PolicyType.AISERVICES_OPT_OUT_POLICY"></a>
Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts.
---
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing to cdk-organizations
Thank you for contributing to cdk-organizations! :heart:
This document describes how to set up your development environment and submit your contributions. Please read it and
submit a pull request if it's not up-to date :wink:.
## Prerequisites
### Manually install tools
The following tools need to be installed to develop on projen locally.
- [Node](https://nodejs.org/en/download/)
- [Yarn](https://yarnpkg.com/en/docs/install)
## Getting Started
The basic commands to get the repository cloned and built locally follow:
```shell
git clone git@github.com:pepperize/cdk-organizations
cd cdk-organizations
# install dependencies
yarn
# build with projen
yarn build
```
### Development workflow
The projen package provides the following scripts:
- `build` - builds the package, generates api docs, runs linter and runs all unit tests
- `watch` - watches for file changes and builds them progressively
- `test` - executes all unit tests and runs linter
- `test:update` - executes all unit tests and overwrites snapshot expectations (those `.snap` files)
- `test:watch` - runs all unit tests and reruns tests when files are changed
- `eslint` - runs linter against source code
- `format` - runs prettier
Each of these scripts can be executed using `yarn <script>` or `npx projen <script>`.
Tests are located under `test/`.
One trick for quickly iterating is to run `yarn watch` in one terminal, and
`yarn test:watch` in another. Then, when you change your unit tests the code
will automatically recompile, thus triggering the tests to automatically re-run.
#### Linting & Formatting
Eslint is used to lint and format our typescript code. The `eslint` script can be run from the root of the package.
You can integrate the linting and formatting workflow with your editor or ide by installing the approporiate eslint
plugin. For example, when using Webstorm, the [eslint plugin](https://www.jetbrains.com/help/webstorm/eslint.html)
exposes a number of options including "fix on save". This will auto correct lint and formatting errors whenever
possible while saving a document.
#### Projen (CDK for software projects)
This project uses [projen](https://github.com/projen/projen) to maintain project configuration through code. Thus, the
synthesized files with projen should never be manually edited (in fact, projen enforces that).
To modify the project setup, you should interact with rich strongly-typed
class [AwsCdkConstructLibrary](https://github.com/projen/projen/blob/master/API.md#projen-awscdk-construct) and
execute `npx projen` to update project configuration files.
> In simple words, developers can only modify `.projenrc.js` file for configuration/maintenance and files under `/src`
> or `/test` directory for development.
See also [Create and Publish CDK Constructs Using projen and jsii](https://github.com/seeebiii/projen-test).
### Version bumping
Currently, projen bumps versions automatically thru a GitHub action when a commit pushed to master successfully builds.
Projen follows [semantic versioning](https://semver.org/)
through the [standard-version](https://github.com/conventional-changelog/standard-version) npm utility.
## Making a pull request
- Commit title and message (and PR title and description) must adhere to [conventionalcommits](https://www.conventionalcommits.org).
- The title must begin with `feat(module): title`, `fix(module): title`,
`refactor(module): title` or `chore(module): title`, where the module refers
to the projects or components that the change centers on.
The module can be omitted, so "feat: title" is okay as well.
- Title should be lowercase.
- No period at the end of the title.
- Commit message should describe _motivation_. Think about your code reviewers and what information they need in
order to understand what you did. If it's a big commit (hopefully not), try to provide some good entry points so
it will be easier to follow.
- Commit message should indicate which issues are fixed: `fixes #<issue>` or `closes #<issue>`.
- Shout out to collaborators.
- If not obvious (i.e. from unit tests), describe how you verified that your change works.
- If this commit includes breaking changes, they must be listed at the end in the following format (notice how multiple breaking changes should be formatted):
```
BREAKING CHANGE: Description of what broke and how to achieve this behavior now
* **module-name:** Another breaking change
* **module-name:** Yet another breaking change
```
================================================
FILE: LICENSE
================================================
Copyright (c) 2026 Pepperize UG (haftungsbeschränkt)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
[](https://makeapullrequest.com)
[](https://github.com/pepperize/cdk-organizations/blob/main/LICENSE)
[](https://www.npmjs.com/package/@pepperize/cdk-organizations)
[](https://pypi.org/project/pepperize.cdk-organizations/)
[](https://www.nuget.org/packages/Pepperize.CDK.Organizations/)
[](https://s01.oss.sonatype.org/content/repositories/releases/com/pepperize/cdk-organizations/)
[](https://github.com/pepperize/cdk-organizations/actions/workflows/release.yml)
[](https://github.com/pepperize/cdk-organizations/releases)
[](https://gitpod.io/#https://github.com/pepperize/cdk-organizations)
# CDK Organizations [](https://github.com/kolomied/awesome-cdk)
Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).
Features:
- [Organization](https://github.com/pepperize/cdk-organizations#organization)
- [Organizational Unit (OU)](https://github.com/pepperize/cdk-organizations#organizational-unit-ou)
- [Account](https://github.com/pepperize/cdk-organizations#account)
- [Delegated Administrator](https://github.com/pepperize/cdk-organizations#delegated-administrator)
- [Trusted Service](https://github.com/pepperize/cdk-organizations#enable-an-aws-service-trusted-service)
- [Policies](https://github.com/pepperize/cdk-organizations#policy), [PolicyTypes](https://github.com/pepperize/cdk-organizations#enable-a-policy-type), [PolicyAttachment](https://github.com/pepperize/cdk-organizations#policyattachment)
- [Tagging](https://github.com/pepperize/cdk-organizations#tagging-resources)
[](https://constructs.dev/packages/@pepperize/cdk-organizations)
## Install
### TypeScript
```shell
npm install @pepperize/cdk-organizations
```
or
```shell
yarn add @pepperize/cdk-organizations
```
### Python
```shell
pip install pepperize.cdk-organizations
```
### C\# / .Net
```
dotnet add package Pepperize.CDK.Organizations
```
### Java
```xml
<dependency>
<groupId>com.pepperize</groupId>
<artifactId>cdk-organizations</artifactId>
<version>${cdkOrganizations.version}</version>
</dependency>
```
## Contributing
Contributions of all kinds are welcome :rocket: Check out our [contributor's guide](https://github.com/pepperize/cdk-organizations/blob/main/CONTRIBUTING.md).
For a quick start, [check out](https://github.com/pepperize/cdk-organizations/fork) a development environment:
```shell
git clone git@github.com:pepperize/cdk-organizations
cd cdk-organizations
# install dependencies
yarn
# build with projen
yarn build
```
## Getting Started
1. Create a new account
[Signup for AWS](https://portal.aws.amazon.com/billing/signup#/start)
2. Prepare an IAM User with `AdministratorAccess`
To deploy your new organization, you have to create an Administrator with an AccessKey
- [Creating your first IAM admin user and user group](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html)
- [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey)
3. Create a new CDK TypeScript App project with [projen](https://github.com/projen/projen)
```shell
mkdir my-project
cd my-project
git init -b main
npx projen new awscdk-app-ts
```
4. Add `@pepperize/cdk-organizations` to your dependencies in `.projenrc.js`
```typescript
const project = new awscdk.AwsCdkTypeScriptApp({
//...
deps: ["@pepperize/cdk-organizations"],
});
```
5. Install the dependency
```shell
npx projen
```
6. Create a stack
```typescript
import { Account, Organization, OrganizationalUnit } from "@pepperize/cdk-organizations";
import { Stack } from "aws-cdk-lib";
export class OrganizationStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps = {}) {
super(scope, id, props);
// Create your organization
const organization = new Organization(stack, "Organization", {});
// Create an organizational unit (OU)
const organizationUnit = new OrganizationalUnit(stack, "OrganizationalUnit", {
organizationalUnitName: "MyFirstOU",
parent: organization.root,
});
// Create an account
const account = new Account(stack, "Account", {
accountName: "MyFirstAccount",
email: "<your email for the member account>",
parent: organizationUnit,
});
}
}
```
7. Configure your AWS CLI to deploy
- [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)
- [AWSume](https://awsu.me/)
The easiest is to export your access key
```shell
export AWS_ACCESS_KEY_ID=<your created access key id>
export AWS_SECRET_ACCESS_KEY=<your created secret access key>
```
8. Deploy your first AWS organization
```shell
export CDK_DEFAULT_REGION=<your AWS region>
export CDK_DEFAULT_ACCOUNT=<your AWS account id>
```
```shell
yarn deploy
```
## Usage
### Organization
To create a new organization or import an existing organization, add the following construct to your stack:
```typescript
const organization = new Organization(stack, "Organization", {
featureSet: FeatureSet.ALL, // (default) required later on to enable SCPs, enable AWS services or delegate an administrator account
});
organization.root; // The organization's root is automatically created
```
- `FeatureSet.ALL` is required for advanced features like Service Control Policies (SCP) and is the [preferred way to work with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
- The account which deploys the stack, will automatically become the management account of the new organization.
- If an organization already exists, it will be imported automatically. You can disable this behaviour by passing `importOnDuplicate: false` in the props.
- If the construct is removed from the stack, the organization will remain and must be deleted manually. For deletion of an organization you must previously remove all the member accounts, OUs, and policies from the organization. [Deleting the organization by removing the management account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_delete.html)
- An organization root is automatically created for you when you create the new organization.
See [IOrganization](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.IOrganization)
### Organization Principal
To retrieve the AWS IAM organization principal in a member account, add the following to any construct:
```
const organization = Organization.of(scope, "Organization");
organization.principal; // The AWS IAM organization principal
```
- This helper construct can be used in any member account in the organization.
See [AWS Organization API Reference - DescribeOrganization](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html)
### Organizational Unit (OU)
To create a new organizational unit (OU), add the following construct to your stack:
```typescript
const organizationUnit = new OrganizationalUnit(stack, "Organization", {
organizationalUnitName: "Project2",
parent: organization.root,
});
```
- The parent of an organizational unit (OU) can be either the organization's root or another OU within the organization.
- An organizational unit (OU) can't be moved. You have to create a new OU first, move all the accounts and then delete the old OU.
- For deletion of an organizational unit (OU) you must first move all accounts out of the OU and any child OUs, and then you can delete the child OUs. [Deleting an organizational unit](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html#delete-ou)
See [IOrganizationalUnit](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.IOrganizationalUnit)
#### Organizational Unit (OU) Properties
- `importOnDuplicate` If an organizational unit (OU) with the name exists in the parent, it will be imported.
- `removalPolicy` Default `RemovalPolicy.Retain` If you set `removalPolicy` to `RemovalPolicy.destroy`, the organizational unit (OU) will be deleted on Cloudformation delete event.
See [OrganizationalUnitProps](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.OrganizationalUnitProps)
### Account
To create a new account, add the following construct to your stack:
```typescript
new Account(stack, "Account", {
accountName: "MyAccount",
email: "info@pepperize.com",
parent: organization.root,
});
```
- The email address must not already be associated with another AWS account. You may suffix the email address, i.e. `info+account-123456789012@pepperize.com`.
- The AWS Organizations supports only a one account creation `IN_PROGRESS`. Ensure account creation by using `account2.node.addDependency(account1)` [dependency relationship](https://docs.aws.amazon.com/cdk/api/v1/docs/core-readme.html#dependencies).
- An account will be created and moved to the parent, if the parent is an organizational unit (OU).
- An account can only be created from within the management account.
See [IAccount](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.IAccount)
#### Account Properties
- `importOnDuplicate` If an account with the same email address exists in the organization, it will be imported.
- `removalPolicy` Default `RemovalPolicy.Retain` If you set `removalPolicy` to `RemovalPolicy.destroy`, the account will be closed. [Closing an AWS account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
- `iamUserAccessToBilling` Default `IamUserAccessToBilling.ALLOW` If you set `iamUserAccessToBilling` to `ALLOW`, IAM users and roles that have appropriate permissions can view billing information for the account.
- `roleName` Default `OrganizationAccountAccessRole` is preconfigures in the newly created account and grants users in the management account administrator permissions in the new member account.
See [AccountProps](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.AccountProps)
### Delegated Administrator
A compatible AWS service (trusted service) can register an AWS member account in the organization as an administrator in the organization on your behalf. To enable an AWS account as administrator of that trusted in your organization call `delegateAdministrator` on your account:
```typescript
const account = new Account(stack, "Account", {
accountName: "StackSetsDelegatedAdministrator",
email: "info@pepperize.com",
});
account.delegateAdministrator("stacksets.amazonaws.com");
```
- [AWS services that support Delegated Administrator](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
- To be able to use Delegated Administrator, your organization must have [all features](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.FeatureSet) enabled.
See [DelegatedAdministrator](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.DelegatedAdministrator)
### Enable an AWS Service (trusted service)
To enable trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf, call `enableAwsService` on your organization:
```typescript
const organization = new Organization(stack, "Organization", {
featureSet: FeatureSet.ALL, // (default) the organization must be created with all features enabled
});
organization.enableAwsServiceAccess("ssm.amazonaws.com");
```
- To enable trusted access, you must have [all features](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.FeatureSet) enabled.
- It's recommended to use only the trusted service's console [How to enable or disable trusted access](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_how-to-enable-disable-trusted-access)
- [AWS services that you can use with AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
See [EnableAwsServiceAccess](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.EnableAwsServiceAccess)
### Enable a Policy Type
To enable a policy type call `enablePolicyType` on your organization.
```typescript
const organization = new Organization(stack, "Organization", {
featureSet: FeatureSet.ALL, // (default) the organization must be created with all features enabled
});
organization.enablePolicyType(PolicyType.SERVICE_CONTROL_POLICY);
organization.enablePolicyType(PolicyType.TAG_POLICY);
organization.enablePolicyType(PolicyType.BACKUP_POLICY);
organization.enablePolicyType(PolicyType.AISERVICES_OPT_OUT_POLICY);
```
- To create or attach policies later on, you have to [enable all features](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.FeatureSet) and the [policy type](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types) .
See [EnablePolicyType](https://github.com/pepperize/cdk-organizations/blob/main/API.md#enablepolicytype-), [PolicyType](https://github.com/pepperize/cdk-organizations/blob/main/API.md#policytype-).
### Policy
To create a new policy add the following construct to your stack:
```typescript
new Policy(stack, "Policy", {
content: '{\n"Version":"2012-10-17","Statement":{\n"Effect":"Allow","Action":"s3:*"\n}\n}',
description: "Enables admins of attached accounts to delegate all S3 permissions",
policyName: "AllowAllS3Actions",
policyType: PolicyType.SERVICE_CONTROL_POLICY,
});
```
- To create or attach policies, you must have [all features](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.FeatureSet) and the [policy type](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types) enabled.
- The [SCP Syntax](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html) is quite similar to IAM policies, but way more limited.
See [Policy](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.Policy)
### PolicyAttachment
To attach a policy to a root, an organizational unit (OU), or an individual account call `attachPolicy` with the policy to attach:
```typescript
organization.enablePolicyType(PolicyType.TAG_POLICY);
const policy = new Policy(stack, "Policy", {
content: '{\n"tags":{\n"CostCenter":{\n"tag_key":{\n"@@assign":"CostCenter"\n}\n}\n}\n}',
description: "Defines the CostCenter tag key",
policyName: "CostCenterTag",
policyType: PolicyType.TAG_POLICY,
});
organization.attachPolicy(policy);
organizationalUnit.attachPolicy(policy);
account.attachPolicy(policy);
```
- To create or attach policies, you must have [all features](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.FeatureSet) and the [policy type](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types) enabled.
### Tagging resources
To tag a resource you may follow the [AWS CDK Developer Guide - Tagging](https://docs.aws.amazon.com/cdk/v2/guide/tagging.html):
You can add one or more tags to the following resources in AWS Organizations.
- Account
- Organization root
- Organizational unit (OU)
- Policy
See [Tagging AWS Organizations resources](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html), [ITaggableResource](https://github.com/pepperize/cdk-organizations/blob/main/API.md#@pepperize/cdk-organizations.ITaggableResource)
#### Tagging an organization's root
```typescript
import { Tags } from "aws-cdk-lib";
const organization = new Organization();
Tags.of(organization.root).add("key", "value");
```
#### Tagging an organizational unit (OU)
```typescript
import { Tags } from "aws-cdk-lib";
const organizationalUnit = new OrganizationalUnit();
Tags.of(organizationalUnit).add("key", "value");
```
#### Tagging an account
```typescript
import { Tags } from "aws-cdk-lib";
const account = new Account();
Tags.of(account).add("key", "value");
```
#### Tagging a policy
```typescript
import { Tags } from "aws-cdk-lib";
const policy = new Policy();
Tags.of(policy).add("key", "value");
```
## Limitations
AWS Organizations has some limitations:
- The stack's account must be the management account of an existing organization.
- The stack's account becomes the management account of the new organization.
- An account belongs to only one organization within a single root.
- [Quotas for AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
> AWS Organizations is a global service with service endpoints in `us-east-1`, `us-gov-west-1` and `cn-northwest-1`. Read also
> [Endpoint to call When using the AWS CLI or the AWS SDK](https://docs.aws.amazon.com/organizations/latest/APIReference/Welcome.html).
> Currently all custom resources of this library defaults to use `us-east-1`, but it can be configured to use `cn-northwest-1`
> with the environment variable `CDK_AWS_PARTITION` set to `aws-cn`.
## Example
See [example](https://github.com/pepperize/cdk-organizations-example/blob/main/src/example-stack.ts)
```typescript
import { App, Stack } from "aws-cdk-lib/core";
import {
Account,
DelegatedAdministrator,
EnableAwsServiceAccess,
EnablePolicyType,
FeatureSet,
IamUserAccessToBilling,
Organization,
OrganizationalUnit,
Policy,
PolicyAttachment,
PolicyType,
} from "@pepperize/cdk-organizations";
const app = new App();
const stack = new Stack(app);
// Create an organization
const organization = new Organization(stack, "Organization", {
featureSet: FeatureSet.ALL,
});
// Enable AWS Service Access (requires FeatureSet: ALL)
organization.enableAwsServiceAccess("service-abbreviation.amazonaws.com");
// Create an account
const account1 = new Account(stack, "SharedAccount", {
accountName: "SharedAccount",
email: "info+shared-account@pepperize.com",
roleName: "OrganizationAccountAccessRole",
iamUserAccessToBilling: IamUserAccessToBilling.ALLOW,
parent: organization.root,
});
// Enable a delegated admin account
account1.delegateAdministrator("service-abbreviation.amazonaws.com");
// Create an OU in the current organizations root
const projects = new OrganizationalUnit(stack, "ProjectsOU", {
organizationalUnitName: "Projects",
parent: organization.root,
});
const account2 = new Account(stack, "Project1Account", {
accountName: "SharedAccount",
email: "info+project1@pepperize.com",
parent: projects,
});
account2.node.addDependency(account1);
// Create a nested OU and attach two accounts
const project2 = new OrganizationalUnit(stack, "Project2OU", {
organizationalUnitName: "Project2",
parent: projects,
});
const account3 = new Account(stack, "Project2DevAccount", {
accountName: "Project 2 Dev",
email: "info+project2-dev@pepperize.com",
parent: project2,
});
account3.node.addDependency(account2);
const account4 = new Account(stack, "Project2ProdAccount", {
accountName: "Project 2 Prod",
email: "info+project2-prod@pepperize.com",
parent: project2,
});
account4.node.addDependency(account3);
// Enable the service control policy (SCP) type within the organization
organization.enablePolicyType(PolicyType.SERVICE_CONTROL_POLICY);
// Create and attach and Service Control Policy (SCP)
const policy = new Policy(stack, "Policy", {
content: '{\n"Version":"2012-10-17","Statement":{\n"Effect":"Allow","Action":"s3:*"\n}\n}',
description: "Enables admins of attached accounts to delegate all S3 permissions",
policyName: "AllowAllS3Actions",
policyType: PolicyType.SERVICE_CONTROL_POLICY,
});
organization.attachPolicy(policy);
// Tagging AWS organization resources of this stack
Tags.of(stack).add("tagKey", "tagValue");
```
## References
- [CDK Organizations API Reference](https://github.com/pepperize/cdk-organizations/blob/main/API.md)
- [AWS Account Management Reference Guide](https://docs.aws.amazon.com/accounts/latest/reference/accounts-welcome.html)
- [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html)
- [AWS API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/Welcome.html)
- [AWS CDK Custom Resources](https://docs.aws.amazon.com/cdk/api/v1/docs/custom-resources-readme.html#custom-resources-for-aws-apis)
## Alternatives
- [AWS Bootstrap Kit](https://github.com/awslabs/aws-bootstrap-kit)
- [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest)
- [AWS Deployment Framework (ADF)](https://github.com/awslabs/aws-deployment-framework)
- [AWS Organization Formation](https://github.com/org-formation)
- [AWS Control Tower Account Factory for Terraform (ATF)](https://github.com/aws-ia/terraform-aws-control_tower_account_factory)
================================================
FILE: cdk.json
================================================
{
"context": {
"account": "123456789012",
"region": "us-east-1"
}
}
================================================
FILE: package.json
================================================
{
"name": "@pepperize/cdk-organizations",
"description": "Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).",
"repository": {
"type": "git",
"url": "https://github.com/pepperize/cdk-organizations.git"
},
"scripts": {
"build": "npx projen build",
"bump": "npx projen bump",
"bundle": "npx projen bundle",
"bundle:account-provider/is-complete-handler.lambda": "npx projen bundle:account-provider/is-complete-handler.lambda",
"bundle:account-provider/is-complete-handler.lambda:watch": "npx projen bundle:account-provider/is-complete-handler.lambda:watch",
"bundle:account-provider/on-event-handler.lambda": "npx projen bundle:account-provider/on-event-handler.lambda",
"bundle:account-provider/on-event-handler.lambda:watch": "npx projen bundle:account-provider/on-event-handler.lambda:watch",
"bundle:organization-provider/on-event-handler.lambda": "npx projen bundle:organization-provider/on-event-handler.lambda",
"bundle:organization-provider/on-event-handler.lambda:watch": "npx projen bundle:organization-provider/on-event-handler.lambda:watch",
"bundle:organizational-unit-provider/on-event-handler.lambda": "npx projen bundle:organizational-unit-provider/on-event-handler.lambda",
"bundle:organizational-unit-provider/on-event-handler.lambda:watch": "npx projen bundle:organizational-unit-provider/on-event-handler.lambda:watch",
"bundle:tag-resource-provider/on-event-handler.lambda": "npx projen bundle:tag-resource-provider/on-event-handler.lambda",
"bundle:tag-resource-provider/on-event-handler.lambda:watch": "npx projen bundle:tag-resource-provider/on-event-handler.lambda:watch",
"clobber": "npx projen clobber",
"compat": "npx projen compat",
"compile": "npx projen compile",
"default": "npx projen default",
"docgen": "npx projen docgen",
"eject": "npx projen eject",
"eslint": "npx projen eslint",
"format": "npx projen format",
"package": "npx projen package",
"package-all": "npx projen package-all",
"package:dotnet": "npx projen package:dotnet",
"package:java": "npx projen package:java",
"package:js": "npx projen package:js",
"package:python": "npx projen package:python",
"post-compile": "npx projen post-compile",
"pre-compile": "npx projen pre-compile",
"release": "npx projen rel
gitextract_c_mmm_r8/ ├── .editorconfig ├── .eslintrc.json ├── .gitattributes ├── .github/ │ ├── dependabot.yml │ ├── pull_request_template.md │ └── workflows/ │ ├── auto-approve.yml │ ├── build.yml │ ├── pull-request-lint.yml │ └── release.yml ├── .gitignore ├── .gitpod.yml ├── .mergify.yml ├── .npmignore ├── .prettierignore ├── .prettierrc.json ├── .projen/ │ ├── deps.json │ ├── files.json │ └── tasks.json ├── .projenrc.ts ├── API.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── cdk.json ├── package.json ├── src/ │ ├── account-provider/ │ │ ├── account-provider.ts │ │ ├── index.ts │ │ ├── is-complete-handler-function.ts │ │ ├── is-complete-handler.lambda.ts │ │ ├── on-event-handler-function.ts │ │ └── on-event-handler.lambda.ts │ ├── account.ts │ ├── delegated-administrator.ts │ ├── dependency-chain.ts │ ├── enable-aws-service-access.ts │ ├── enable-policy-type.ts │ ├── index.ts │ ├── integ.default.ts │ ├── organization-provider/ │ │ ├── index.ts │ │ ├── on-event-handler-function.ts │ │ ├── on-event-handler.lambda.ts │ │ └── organization-provider.ts │ ├── organization.ts │ ├── organizational-unit-provider/ │ │ ├── on-event-handler-function.ts │ │ ├── on-event-handler.lambda.ts │ │ └── organizational-unit-provider.ts │ ├── organizational-unit.ts │ ├── parent.ts │ ├── policy-attachment.ts │ ├── policy.ts │ ├── resource.ts │ ├── tag-resource-provider/ │ │ ├── index.ts │ │ ├── on-event-handler-function.ts │ │ ├── on-event-handler.lambda.ts │ │ └── tag-resource-provider.ts │ ├── tag-resource.ts │ └── validators.ts ├── test/ │ ├── __snapshots__/ │ │ ├── account.test.ts.snap │ │ ├── delegated-administrator.test.ts.snap │ │ ├── dependency-chain.test.ts.snap │ │ ├── enable-aws-service-access.test.ts.snap │ │ ├── enable-policy-type.test.ts.snap │ │ ├── integ.default.test.ts.snap │ │ ├── organization.test.ts.snap │ │ ├── organizational-unit.test.ts.snap │ │ ├── policy-attachment.test.ts.snap │ │ ├── policy.test.ts.snap │ │ └── tag-resource.test.ts.snap │ ├── account-provider/ │ │ ├── is-complete-handler.lambda.test.ts │ │ └── on-event-handler.lambda.test.ts │ ├── account.test.ts │ ├── cdk-nag.test.ts │ ├── delegated-administrator.test.ts │ ├── dependency-chain.test.ts │ ├── enable-aws-service-access.test.ts │ ├── enable-policy-type.test.ts │ ├── integ.default.test.ts │ ├── organization-provider/ │ │ └── on-event-handler.lambda.test.ts │ ├── organization.test.ts │ ├── organizational-unit-provider/ │ │ └── on-event-handler.lambda.test.ts │ ├── organizational-unit.test.ts │ ├── policy-attachment.test.ts │ ├── policy.test.ts │ ├── tag-resource-provider/ │ │ └── on-event-handler.lambda.test.ts │ ├── tag-resource.test.ts │ └── validators.test.ts └── tsconfig.dev.json
SYMBOL INDEX (111 symbols across 28 files)
FILE: src/account-provider/account-provider.ts
type AccountProviderProps (line 9) | interface AccountProviderProps extends NestedStackProps {}
class AccountProvider (line 16) | class AccountProvider extends NestedStack {
method getOrCreate (line 22) | public static getOrCreate(scope: Construct): AccountProvider {
method constructor (line 47) | constructor(scope: Construct, id: string, props: AccountProviderProps) {
FILE: src/account-provider/is-complete-handler-function.ts
type IsCompleteHandlerFunctionProps (line 9) | interface IsCompleteHandlerFunctionProps extends lambda.FunctionOptions {
class IsCompleteHandlerFunction (line 15) | class IsCompleteHandlerFunction extends lambda.Function {
method constructor (line 16) | constructor(scope: Construct, id: string, props?: IsCompleteHandlerFun...
FILE: src/account-provider/is-complete-handler.lambda.ts
function handler (line 15) | async function handler(event: IsCompleteRequest): Promise<IsCompleteResp...
FILE: src/account-provider/on-event-handler-function.ts
type OnEventHandlerFunctionProps (line 9) | interface OnEventHandlerFunctionProps extends lambda.FunctionOptions {
class OnEventHandlerFunction (line 15) | class OnEventHandlerFunction extends lambda.Function {
method constructor (line 16) | constructor(scope: Construct, id: string, props?: OnEventHandlerFuncti...
FILE: src/account-provider/on-event-handler.lambda.ts
function handler (line 12) | async function handler(event: OnEventRequest): Promise<OnEventResponse> {
FILE: src/account.ts
type IamUserAccessToBilling (line 16) | enum IamUserAccessToBilling {
type AccountProps (line 27) | interface AccountProps {
type IAccount (line 67) | interface IAccount extends IPolicyAttachmentTarget, IChild, IConstruct, ...
class Account (line 98) | class Account extends Construct implements IAccount, ITaggableResource {
method constructor (line 110) | public constructor(scope: Construct, id: string, props: AccountProps) {
method identifier (line 150) | identifier(): string {
method delegateAdministrator (line 161) | public delegateAdministrator(servicePrincipal: string, region?: string...
method attachPolicy (line 183) | public attachPolicy(policy: IPolicy) {
FILE: src/delegated-administrator.ts
type DelegatedAdministratorProps (line 6) | interface DelegatedAdministratorProps {
class DelegatedAdministrator (line 34) | class DelegatedAdministrator extends Construct {
method constructor (line 35) | public constructor(scope: Construct, id: string, props: DelegatedAdmin...
FILE: src/dependency-chain.ts
class DependencyChain (line 14) | class DependencyChain implements IAspect {
method visit (line 17) | visit(current: IConstruct): void {
method needsChaining (line 31) | private needsChaining(current: IConstruct): boolean {
FILE: src/enable-aws-service-access.ts
type EnableAwsServiceAccessProps (line 4) | interface EnableAwsServiceAccessProps {
class EnableAwsServiceAccess (line 18) | class EnableAwsServiceAccess extends Construct {
method constructor (line 19) | public constructor(scope: Construct, id: string, props: EnableAwsServi...
FILE: src/enable-policy-type.ts
type EnablePolicyTypeProps (line 6) | interface EnablePolicyTypeProps {
class EnablePolicyType (line 16) | class EnablePolicyType extends Construct {
method constructor (line 17) | public constructor(scope: Construct, id: string, props: EnablePolicyTy...
FILE: src/organization-provider/on-event-handler-function.ts
type OnEventHandlerFunctionProps (line 9) | interface OnEventHandlerFunctionProps extends lambda.FunctionOptions {
class OnEventHandlerFunction (line 15) | class OnEventHandlerFunction extends lambda.Function {
method constructor (line 16) | constructor(scope: Construct, id: string, props?: OnEventHandlerFuncti...
FILE: src/organization-provider/on-event-handler.lambda.ts
function handler (line 12) | async function handler(event: OnEventRequest): Promise<OnEventResponse> {
FILE: src/organization-provider/organization-provider.ts
type OrganizationProviderProps (line 8) | interface OrganizationProviderProps extends NestedStackProps {}
class OrganizationProvider (line 18) | class OrganizationProvider extends NestedStack {
method getOrCreate (line 24) | public static getOrCreate(scope: Construct): OrganizationProvider {
method constructor (line 44) | constructor(scope: Construct, id: string, props: OrganizationProviderP...
FILE: src/organization.ts
type FeatureSet (line 20) | enum FeatureSet {
type OrganizationProps (line 31) | interface OrganizationProps {
type IOrganization (line 51) | interface IOrganization extends IConstruct {
class Organization (line 82) | class Organization extends Construct implements IOrganization {
method of (line 88) | public static of(scope: Construct, id: string): IOrganization {
method constructor (line 152) | public constructor(scope: Construct, id: string, props: OrganizationPr...
method enableAwsServiceAccess (line 184) | public enableAwsServiceAccess(servicePrincipal: string) {
method enablePolicyType (line 197) | public enablePolicyType(policyType: PolicyType) {
method attachPolicy (line 206) | public attachPolicy(policy: IPolicy) {
class Root (line 216) | class Root extends Construct implements IParent, IPolicyAttachmentTarget...
method constructor (line 228) | public constructor(scope: Construct, id: string) {
method identifier (line 268) | public identifier(): string {
method attachPolicy (line 277) | public attachPolicy(policy: IPolicy) {
method enablePolicyType (line 294) | public enablePolicyType(policyType: PolicyType) {
FILE: src/organizational-unit-provider/on-event-handler-function.ts
type OnEventHandlerFunctionProps (line 9) | interface OnEventHandlerFunctionProps extends lambda.FunctionOptions {
class OnEventHandlerFunction (line 15) | class OnEventHandlerFunction extends lambda.Function {
method constructor (line 16) | constructor(scope: Construct, id: string, props?: OnEventHandlerFuncti...
FILE: src/organizational-unit-provider/organizational-unit-provider.ts
type OrganizationalUnitProviderProps (line 8) | interface OrganizationalUnitProviderProps extends NestedStackProps {}
class OrganizationalUnitProvider (line 20) | class OrganizationalUnitProvider extends NestedStack {
method getOrCreate (line 26) | public static getOrCreate(scope: Construct): OrganizationalUnitProvider {
method constructor (line 46) | constructor(scope: Construct, id: string, props: OrganizationalUnitPro...
FILE: src/organizational-unit.ts
type OrganizationalUnitProps (line 10) | interface OrganizationalUnitProps {
type IOrganizationalUnit (line 38) | interface IOrganizationalUnit extends IPolicyAttachmentTarget, IParent, ...
class OrganizationalUnit (line 53) | class OrganizationalUnit extends Construct implements IOrganizationalUni...
method constructor (line 64) | public constructor(scope: Construct, id: string, props: Organizational...
method identifier (line 101) | identifier(): string {
method attachPolicy (line 110) | public attachPolicy(policy: IPolicy) {
FILE: src/parent.ts
type IParent (line 5) | interface IParent extends IConstruct, IResource {}
type IChild (line 7) | interface IChild extends IConstruct, IResource {}
type ParentProps (line 9) | interface ParentProps {
type ParentBaseProps (line 13) | interface ParentBaseProps {
method constructor (line 20) | protected constructor(scope: Construct, id: string, props: ParentBasePro...
method identifier (line 62) | public identifier(): string {
class Parent (line 67) | class Parent extends ParentBase {
method fromChildId (line 68) | public static fromChildId(scope: Construct, id: string, childId: strin...
method constructor (line 78) | public constructor(scope: Construct, id: string, props: ParentProps) {
FILE: src/policy-attachment.ts
type IPolicyAttachmentTarget (line 6) | interface IPolicyAttachmentTarget extends IDependable, IResource {}
type PolicyAttachmentProps (line 8) | interface PolicyAttachmentProps {
class PolicyAttachment (line 22) | class PolicyAttachment extends Construct {
method constructor (line 23) | public constructor(scope: Construct, id: string, props: PolicyAttachme...
FILE: src/policy.ts
type PolicyType (line 21) | enum PolicyType {
type PolicyProps (line 40) | interface PolicyProps {
type IPolicy (line 67) | interface IPolicy extends IConstruct {
class Policy (line 74) | class Policy extends Construct implements IPolicy, ITaggableResource {
method constructor (line 79) | public constructor(scope: Construct, id: string, props: PolicyProps) {
method identifier (line 136) | identifier(): string {
FILE: src/resource.ts
type IResource (line 4) | interface IResource {
FILE: src/tag-resource-provider/on-event-handler-function.ts
type OnEventHandlerFunctionProps (line 9) | interface OnEventHandlerFunctionProps extends lambda.FunctionOptions {
class OnEventHandlerFunction (line 15) | class OnEventHandlerFunction extends lambda.Function {
method constructor (line 16) | constructor(scope: Construct, id: string, props?: OnEventHandlerFuncti...
FILE: src/tag-resource-provider/on-event-handler.lambda.ts
function handler (line 12) | async function handler(event: OnEventRequest): Promise<OnEventResponse> {
FILE: src/tag-resource-provider/tag-resource-provider.ts
type TagResourceProviderProps (line 7) | interface TagResourceProviderProps extends NestedStackProps {}
class TagResourceProvider (line 14) | class TagResourceProvider extends NestedStack {
method getOrCreate (line 20) | public static getOrCreate(scope: Construct): TagResourceProvider {
method constructor (line 41) | constructor(scope: Construct, id: string, props: TagResourceProviderPr...
FILE: src/tag-resource.ts
type ITaggableResource (line 6) | interface ITaggableResource extends ITaggable {}
type TagResourceProps (line 8) | interface TagResourceProps {
class TagResource (line 19) | class TagResource extends Construct {
method constructor (line 20) | public constructor(scope: Construct, id: string, props: TagResourcePro...
FILE: src/validators.ts
class Validators (line 1) | class Validators {
method of (line 2) | public static of(): Validators {
method accountId (line 5) | public accountId(id: string): boolean {
method accountName (line 8) | public accountName(name: string): boolean {
method email (line 11) | public email(email: string): boolean {
method organizationalUnitName (line 14) | public organizationalUnitName(name: string): boolean {
method servicePrincipal (line 17) | public servicePrincipal(servicePrincipal: string): boolean {
method policyContent (line 20) | public policyContent(content: string): boolean {
FILE: test/organization-provider/on-event-handler.lambda.test.ts
class AWSError (line 66) | class AWSError extends Error {
method constructor (line 67) | public constructor(readonly code: string) {
FILE: test/organizational-unit-provider/on-event-handler.lambda.test.ts
class AWSError (line 66) | class AWSError extends Error {
method constructor (line 67) | public constructor(readonly code: string) {
Condensed preview — 87 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (551K chars).
[
{
"path": ".editorconfig",
"chars": 189,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nroot=true\n\n[*]\nend_of_line=lf\ncharset=utf-"
},
{
"path": ".eslintrc.json",
"chars": 3035,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n{\n \"env\": {\n \"jest\": true,\n \"node\":"
},
{
"path": ".gitattributes",
"chars": 1413,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\n* text=auto eol=lf\n*.snap linguist-generat"
},
{
"path": ".github/dependabot.yml",
"chars": 294,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nversion: 2\nupdates:\n - package-ecosystem:"
},
{
"path": ".github/pull_request_template.md",
"chars": 7,
"preview": "Fixes #"
},
{
"path": ".github/workflows/auto-approve.yml",
"chars": 680,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: auto-approve\non:\n pull_request_targ"
},
{
"path": ".github/workflows/build.yml",
"chars": 8183,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: build\non:\n pull_request: {}\n workf"
},
{
"path": ".github/workflows/pull-request-lint.yml",
"chars": 723,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: pull-request-lint\non:\n pull_request"
},
{
"path": ".github/workflows/release.yml",
"chars": 9196,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: release\non:\n push:\n branches:\n "
},
{
"path": ".gitignore",
"chars": 1253,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n!/.gitattributes\n!/.projen/tasks.json\n!/.pr"
},
{
"path": ".gitpod.yml",
"chars": 225,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\ntasks:\n - name: setup\n command: npx pr"
},
{
"path": ".mergify.yml",
"chars": 933,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nqueue_rules:\n - name: default\n update_"
},
{
"path": ".npmignore",
"chars": 457,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n/.projen/\n/test-reports/\njunit.xml\n/coverag"
},
{
"path": ".prettierignore",
"chars": 359,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nAPI.md\nsrc/account-provider/is-complete-han"
},
{
"path": ".prettierrc.json",
"chars": 43,
"preview": "{\n \"printWidth\": 120,\n \"overrides\": []\n}\n"
},
{
"path": ".projen/deps.json",
"chars": 2872,
"preview": "{\n \"dependencies\": [\n {\n \"name\": \"@pepperize/projen-awscdk-construct\",\n \"version\": \"~0.0.730\",\n \"type"
},
{
"path": ".projen/files.json",
"chars": 935,
"preview": "{\n \"files\": [\n \".editorconfig\",\n \".eslintrc.json\",\n \".gitattributes\",\n \".github/dependabot.yml\",\n \".gith"
},
{
"path": ".projen/tasks.json",
"chars": 14229,
"preview": "{\n \"tasks\": {\n \"build\": {\n \"name\": \"build\",\n \"description\": \"Full release build\",\n \"steps\": [\n "
},
{
"path": ".projenrc.ts",
"chars": 2200,
"preview": "import { AwsCdkConstructLibrary } from \"@pepperize/projen-awscdk-construct\";\nimport { awscdk, javascript } from \"projen\""
},
{
"path": "API.md",
"chars": 119121,
"preview": "# API Reference <a name=\"API Reference\" id=\"api-reference\"></a>\n\n## Constructs <a name=\"Constructs\" id=\"Constructs\"></a>"
},
{
"path": "CONTRIBUTING.md",
"chars": 4532,
"preview": "# Contributing to cdk-organizations\n\nThank you for contributing to cdk-organizations! :heart:\n\nThis document describes h"
},
{
"path": "LICENSE",
"chars": 1077,
"preview": "Copyright (c) 2026 Pepperize UG (haftungsbeschränkt)\n\nPermission is hereby granted, free of charge, to any person obtain"
},
{
"path": "README.md",
"chars": 22480,
"preview": "[](https://makeapullrequest.co"
},
{
"path": "cdk.json",
"chars": 79,
"preview": "{\n \"context\": {\n \"account\": \"123456789012\",\n \"region\": \"us-east-1\"\n }\n}"
},
{
"path": "package.json",
"chars": 6034,
"preview": "{\n \"name\": \"@pepperize/cdk-organizations\",\n \"description\": \"Manage AWS organizations, organizational units (OU), accou"
},
{
"path": "src/account-provider/account-provider.ts",
"chars": 3675,
"preview": "import { Duration, NestedStack, NestedStackProps, Stack } from \"aws-cdk-lib\";\nimport { PolicyStatement } from \"aws-cdk-l"
},
{
"path": "src/account-provider/index.ts",
"chars": 129,
"preview": "export * from \"./account-provider\";\nexport * from \"./is-complete-handler-function\";\nexport * from \"./on-event-handler-fu"
},
{
"path": "src/account-provider/is-complete-handler-function.ts",
"chars": 1017,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nimport * as path from 'path';\nimport * as "
},
{
"path": "src/account-provider/is-complete-handler.lambda.ts",
"chars": 6293,
"preview": "import {\n CdkCustomResourceIsCompleteEvent as IsCompleteRequest,\n CdkCustomResourceIsCompleteResponse as IsCompleteRes"
},
{
"path": "src/account-provider/on-event-handler-function.ts",
"chars": 996,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nimport * as path from 'path';\nimport * as "
},
{
"path": "src/account-provider/on-event-handler.lambda.ts",
"chars": 1581,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "src/account.ts",
"chars": 8220,
"preview": "import { Annotations, CustomResource, Names, RemovalPolicy, TagManager, TagType } from \"aws-cdk-lib\";\nimport { Construct"
},
{
"path": "src/delegated-administrator.ts",
"chars": 3479,
"preview": "import { RemovalPolicy } from \"aws-cdk-lib\";\nimport { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } f"
},
{
"path": "src/dependency-chain.ts",
"chars": 1517,
"preview": "import { IAspect, Stack } from \"aws-cdk-lib\";\nimport { IConstruct } from \"constructs\";\nimport { Account } from \"./accoun"
},
{
"path": "src/enable-aws-service-access.ts",
"chars": 2457,
"preview": "import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from \"aws-cdk-lib/custom-resources\";\nimport { "
},
{
"path": "src/enable-policy-type.ts",
"chars": 2206,
"preview": "import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from \"aws-cdk-lib/custom-resources\";\nimport { "
},
{
"path": "src/index.ts",
"chars": 439,
"preview": "export * from \"./account\";\nexport * from \"./enable-aws-service-access\";\nexport * from \"./enable-policy-type\";\nexport * f"
},
{
"path": "src/integ.default.ts",
"chars": 3143,
"preview": "import { App, Stack, Tags } from \"aws-cdk-lib\";\nimport { Account, IamUserAccessToBilling } from \"./account\";\nimport { Fe"
},
{
"path": "src/organization-provider/index.ts",
"chars": 86,
"preview": "export * from \"./on-event-handler-function\";\nexport * from \"./organization-provider\";\n"
},
{
"path": "src/organization-provider/on-event-handler-function.ts",
"chars": 1011,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nimport * as path from 'path';\nimport * as "
},
{
"path": "src/organization-provider/on-event-handler.lambda.ts",
"chars": 2157,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "src/organization-provider/organization-provider.ts",
"chars": 2932,
"preview": "import { Aws, Duration, NestedStack, NestedStackProps, Stack } from \"aws-cdk-lib\";\nimport { PolicyStatement } from \"aws-"
},
{
"path": "src/organization.ts",
"chars": 14192,
"preview": "import { Aspects, CustomResource, Names, Stack, TagManager, TagType } from \"aws-cdk-lib\";\nimport * as aws_iam from \"aws-"
},
{
"path": "src/organizational-unit-provider/on-event-handler-function.ts",
"chars": 1032,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nimport * as path from 'path';\nimport * as "
},
{
"path": "src/organizational-unit-provider/on-event-handler.lambda.ts",
"chars": 5217,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "src/organizational-unit-provider/organizational-unit-provider.ts",
"chars": 2980,
"preview": "import { Duration, NestedStack, NestedStackProps, Stack } from \"aws-cdk-lib\";\nimport { PolicyStatement } from \"aws-cdk-l"
},
{
"path": "src/organizational-unit.ts",
"chars": 5289,
"preview": "import { Annotations, CustomResource, Names, RemovalPolicy, TagManager, TagType } from \"aws-cdk-lib\";\nimport { Construct"
},
{
"path": "src/parent.ts",
"chars": 2681,
"preview": "import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from \"aws-cdk-lib/custom-resources\";\nimport { "
},
{
"path": "src/policy-attachment.ts",
"chars": 2281,
"preview": "import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from \"aws-cdk-lib/custom-resources\";\nimport { "
},
{
"path": "src/policy.ts",
"chars": 5562,
"preview": "import { Annotations, TagManager, TagType } from \"aws-cdk-lib\";\nimport {\n AwsCustomResource,\n AwsCustomResourcePolicy,"
},
{
"path": "src/resource.ts",
"chars": 259,
"preview": "/**\n * Interface for an AWS Organizations resource.\n */\nexport interface IResource {\n /**\n * The unique identifier (I"
},
{
"path": "src/tag-resource-provider/index.ts",
"chars": 86,
"preview": "export * from \"./tag-resource-provider\";\nexport * from \"./on-event-handler-function\";\n"
},
{
"path": "src/tag-resource-provider/on-event-handler-function.ts",
"chars": 1011,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\nimport * as path from 'path';\nimport * as "
},
{
"path": "src/tag-resource-provider/on-event-handler.lambda.ts",
"chars": 2143,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "src/tag-resource-provider/tag-resource-provider.ts",
"chars": 2573,
"preview": "import { Duration, NestedStack, NestedStackProps, Stack } from \"aws-cdk-lib\";\nimport { PolicyStatement } from \"aws-cdk-l"
},
{
"path": "src/tag-resource.ts",
"chars": 1167,
"preview": "import { CustomResource, ITaggable } from \"aws-cdk-lib\";\nimport { IResolvable } from \"aws-cdk-lib/core/lib/resolvable\";\n"
},
{
"path": "src/validators.ts",
"chars": 709,
"preview": "export class Validators {\n public static of(): Validators {\n return new Validators();\n }\n public accountId(id: str"
},
{
"path": "test/__snapshots__/account.test.ts.snap",
"chars": 8418,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`Account Should match snapshot 1`] = `\nObject {\n \"Resources\": Objec"
},
{
"path": "test/__snapshots__/delegated-administrator.test.ts.snap",
"chars": 7381,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`DelegatedAdministrator Should match snapshot 1`] = `\nObject {\n \"Re"
},
{
"path": "test/__snapshots__/dependency-chain.test.ts.snap",
"chars": 41436,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`DependencyChain Should chain accounts with delegated administrator "
},
{
"path": "test/__snapshots__/enable-aws-service-access.test.ts.snap",
"chars": 3552,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`EnableAwsServiceAccess Should match snapshot 1`] = `\nObject {\n \"Re"
},
{
"path": "test/__snapshots__/enable-policy-type.test.ts.snap",
"chars": 8978,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`EnablePolicyType Should match snapshot 1`] = `\nObject {\n \"Resource"
},
{
"path": "test/__snapshots__/integ.default.test.ts.snap",
"chars": 69435,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`integ.default Should match snapshot 1`] = `\nObject {\n \"Resources\":"
},
{
"path": "test/__snapshots__/organization.test.ts.snap",
"chars": 6104,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`Organization Should match snapshot 1`] = `\nObject {\n \"Resources\": "
},
{
"path": "test/__snapshots__/organizational-unit.test.ts.snap",
"chars": 8825,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`OrganizationalUnit Should match snapshot 1`] = `\nObject {\n \"Resour"
},
{
"path": "test/__snapshots__/policy-attachment.test.ts.snap",
"chars": 12354,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`PolicyAttachment Should match snapshot 1`] = `\nObject {\n \"Resource"
},
{
"path": "test/__snapshots__/policy.test.ts.snap",
"chars": 6154,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`Policy Should match snapshot 1`] = `\nObject {\n \"Resources\": Object"
},
{
"path": "test/__snapshots__/tag-resource.test.ts.snap",
"chars": 1353,
"preview": "// Jest Snapshot v1, https://goo.gl/fbAQLP\n\nexports[`TagResource Should match snapshot 1`] = `\nObject {\n \"Resources\": O"
},
{
"path": "test/account-provider/is-complete-handler.lambda.test.ts",
"chars": 13915,
"preview": "import {\n CdkCustomResourceIsCompleteEvent as IsCompleteRequest,\n CdkCustomResourceResponse as OnEventResponse,\n} from"
},
{
"path": "test/account-provider/on-event-handler.lambda.test.ts",
"chars": 3208,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "test/account.test.ts",
"chars": 1890,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { Template } from \"aws-cdk-lib/assertions\";\nimport { Account, Organization }"
},
{
"path": "test/cdk-nag.test.ts",
"chars": 1273,
"preview": "import { Aspects, assertions } from \"aws-cdk-lib\";\nimport { Match } from \"aws-cdk-lib/assertions\";\n// eslint-disable-nex"
},
{
"path": "test/delegated-administrator.test.ts",
"chars": 812,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { Account, DelegatedAdministrator } from \"../src\";\nimport \"jest-cdk-snapshot"
},
{
"path": "test/dependency-chain.test.ts",
"chars": 4794,
"preview": "import { Aspects, Stack } from \"aws-cdk-lib\";\nimport { Capture, Template } from \"aws-cdk-lib/assertions\";\nimport { Accou"
},
{
"path": "test/enable-aws-service-access.test.ts",
"chars": 650,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { EnableAwsServiceAccess } from \"../src\";\nimport \"jest-cdk-snapshot\";\n\ndescr"
},
{
"path": "test/enable-policy-type.test.ts",
"chars": 795,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { EnablePolicyType, FeatureSet, Organization, PolicyType } from \"../src\";\nim"
},
{
"path": "test/integ.default.test.ts",
"chars": 552,
"preview": "import { Template } from \"aws-cdk-lib/assertions\";\nimport { stack } from \"../src/integ.default\";\nimport \"jest-cdk-snapsh"
},
{
"path": "test/organization-provider/on-event-handler.lambda.test.ts",
"chars": 3257,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "test/organization.test.ts",
"chars": 2243,
"preview": "import { Stack, Token } from \"aws-cdk-lib\";\nimport { Template } from \"aws-cdk-lib/assertions\";\nimport * as aws_iam from "
},
{
"path": "test/organizational-unit-provider/on-event-handler.lambda.test.ts",
"chars": 5724,
"preview": "import { RemovalPolicy } from \"aws-cdk-lib\";\nimport { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceRespons"
},
{
"path": "test/organizational-unit.test.ts",
"chars": 740,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { Organization, OrganizationalUnit } from \"../src\";\nimport \"jest-cdk-snapsho"
},
{
"path": "test/policy-attachment.test.ts",
"chars": 1188,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { Account, Policy, PolicyAttachment, PolicyType } from \"../src\";\nimport \"jes"
},
{
"path": "test/policy.test.ts",
"chars": 836,
"preview": "import { Stack } from \"aws-cdk-lib\";\nimport { Policy, PolicyType } from \"../src\";\nimport \"jest-cdk-snapshot\";\n\ndescribe("
},
{
"path": "test/tag-resource-provider/on-event-handler.lambda.test.ts",
"chars": 3507,
"preview": "import { CdkCustomResourceEvent as OnEventRequest, CdkCustomResourceResponse as OnEventResponse } from \"aws-lambda\";\nimp"
},
{
"path": "test/tag-resource.test.ts",
"chars": 750,
"preview": "import { Stack, TagManager, Tags, TagType } from \"aws-cdk-lib\";\nimport { TagResource } from \"../src\";\nimport \"jest-cdk-s"
},
{
"path": "test/validators.test.ts",
"chars": 284,
"preview": "import { Validators } from \"../src\";\n\ndescribe(\"validators\", () => {\n it(\"Should be valid email\", () => {\n // Given\n"
},
{
"path": "tsconfig.dev.json",
"chars": 870,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n{\n \"compilerOptions\": {\n \"alwaysStrict"
}
]
About this extraction
This page contains the full source code of the pepperize/cdk-organizations GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 87 files (498.4 KB), approximately 124.8k tokens, and a symbol index with 111 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.