Repository: pepperize/cdk-organizations
Branch: main
Commit: eddf02b70a10
Files: 87
Total size: 498.4 KB
Directory structure:
gitextract_c_mmm_r8/
├── .editorconfig
├── .eslintrc.json
├── .gitattributes
├── .github/
│ ├── dependabot.yml
│ ├── pull_request_template.md
│ └── workflows/
│ ├── auto-approve.yml
│ ├── build.yml
│ ├── pull-request-lint.yml
│ └── release.yml
├── .gitignore
├── .gitpod.yml
├── .mergify.yml
├── .npmignore
├── .prettierignore
├── .prettierrc.json
├── .projen/
│ ├── deps.json
│ ├── files.json
│ └── tasks.json
├── .projenrc.ts
├── API.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── cdk.json
├── package.json
├── src/
│ ├── account-provider/
│ │ ├── account-provider.ts
│ │ ├── index.ts
│ │ ├── is-complete-handler-function.ts
│ │ ├── is-complete-handler.lambda.ts
│ │ ├── on-event-handler-function.ts
│ │ └── on-event-handler.lambda.ts
│ ├── account.ts
│ ├── delegated-administrator.ts
│ ├── dependency-chain.ts
│ ├── enable-aws-service-access.ts
│ ├── enable-policy-type.ts
│ ├── index.ts
│ ├── integ.default.ts
│ ├── organization-provider/
│ │ ├── index.ts
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── organization-provider.ts
│ ├── organization.ts
│ ├── organizational-unit-provider/
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── organizational-unit-provider.ts
│ ├── organizational-unit.ts
│ ├── parent.ts
│ ├── policy-attachment.ts
│ ├── policy.ts
│ ├── resource.ts
│ ├── tag-resource-provider/
│ │ ├── index.ts
│ │ ├── on-event-handler-function.ts
│ │ ├── on-event-handler.lambda.ts
│ │ └── tag-resource-provider.ts
│ ├── tag-resource.ts
│ └── validators.ts
├── test/
│ ├── __snapshots__/
│ │ ├── account.test.ts.snap
│ │ ├── delegated-administrator.test.ts.snap
│ │ ├── dependency-chain.test.ts.snap
│ │ ├── enable-aws-service-access.test.ts.snap
│ │ ├── enable-policy-type.test.ts.snap
│ │ ├── integ.default.test.ts.snap
│ │ ├── organization.test.ts.snap
│ │ ├── organizational-unit.test.ts.snap
│ │ ├── policy-attachment.test.ts.snap
│ │ ├── policy.test.ts.snap
│ │ └── tag-resource.test.ts.snap
│ ├── account-provider/
│ │ ├── is-complete-handler.lambda.test.ts
│ │ └── on-event-handler.lambda.test.ts
│ ├── account.test.ts
│ ├── cdk-nag.test.ts
│ ├── delegated-administrator.test.ts
│ ├── dependency-chain.test.ts
│ ├── enable-aws-service-access.test.ts
│ ├── enable-policy-type.test.ts
│ ├── integ.default.test.ts
│ ├── organization-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── organization.test.ts
│ ├── organizational-unit-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── organizational-unit.test.ts
│ ├── policy-attachment.test.ts
│ ├── policy.test.ts
│ ├── tag-resource-provider/
│ │ └── on-event-handler.lambda.test.ts
│ ├── tag-resource.test.ts
│ └── validators.test.ts
└── tsconfig.dev.json
================================================
FILE CONTENTS
================================================
================================================
FILE: .editorconfig
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
root=true
[*]
end_of_line=lf
charset=utf-8
[*\.{js,ts}]
indent_style=space
indent_size=2
max_line_length=120
================================================
FILE: .eslintrc.json
================================================
// ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
{
"env": {
"jest": true,
"node": true
},
"root": true,
"plugins": [
"@typescript-eslint",
"import"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2018,
"sourceType": "module",
"project": "./tsconfig.dev.json"
},
"extends": [
"plugin:import/typescript",
"plugin:prettier/recommended"
],
"settings": {
"import/parsers": {
"@typescript-eslint/parser": [
".ts",
".tsx"
]
},
"import/resolver": {
"node": {},
"typescript": {
"project": "./tsconfig.dev.json",
"alwaysTryTypes": true
}
}
},
"ignorePatterns": [
"*.js",
"*.d.ts",
"node_modules/",
"*.generated.ts",
"coverage",
"!.projenrc.ts",
"!projenrc/**/*.ts"
],
"rules": {
"@typescript-eslint/no-require-imports": [
"error"
],
"import/no-extraneous-dependencies": [
"error",
{
"devDependencies": [
"**/test/**",
"**/build-tools/**",
"src/account-provider/is-complete-handler.lambda.ts",
"src/account-provider/on-event-handler.lambda.ts",
"src/organization-provider/on-event-handler.lambda.ts",
"src/organizational-unit-provider/on-event-handler.lambda.ts",
"src/tag-resource-provider/on-event-handler.lambda.ts",
".projenrc.ts",
"projenrc/**/*.ts"
],
"optionalDependencies": false,
"peerDependencies": true
}
],
"import/no-unresolved": [
"error"
],
"import/order": [
"warn",
{
"groups": [
"builtin",
"external"
],
"alphabetize": {
"order": "asc",
"caseInsensitive": true
}
}
],
"import/no-duplicates": [
"error"
],
"no-shadow": [
"off"
],
"@typescript-eslint/no-shadow": [
"error"
],
"key-spacing": [
"error"
],
"no-multiple-empty-lines": [
"error"
],
"@typescript-eslint/no-floating-promises": [
"error"
],
"no-return-await": [
"off"
],
"@typescript-eslint/return-await": [
"error"
],
"no-trailing-spaces": [
"error"
],
"dot-notation": [
"error"
],
"no-bitwise": [
"error"
],
"@typescript-eslint/member-ordering": [
"error",
{
"default": [
"public-static-field",
"public-static-method",
"protected-static-field",
"protected-static-method",
"private-static-field",
"private-static-method",
"field",
"constructor",
"method"
]
}
]
},
"overrides": [
{
"files": [
".projenrc.ts"
],
"rules": {
"@typescript-eslint/no-require-imports": "off",
"import/no-extraneous-dependencies": "off"
}
}
]
}
================================================
FILE: .gitattributes
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
* text=auto eol=lf
*.snap linguist-generated
/.editorconfig linguist-generated
/.eslintrc.json linguist-generated
/.gitattributes linguist-generated
/.github/dependabot.yml linguist-generated
/.github/pull_request_template.md linguist-generated
/.github/workflows/auto-approve.yml linguist-generated
/.github/workflows/build.yml linguist-generated
/.github/workflows/pull-request-lint.yml linguist-generated
/.github/workflows/release.yml linguist-generated
/.gitignore linguist-generated
/.gitpod.yml linguist-generated
/.mergify.yml linguist-generated
/.npmignore linguist-generated
/.prettierignore linguist-generated
/.prettierrc.json linguist-generated
/.projen/** linguist-generated
/.projen/deps.json linguist-generated
/.projen/files.json linguist-generated
/.projen/tasks.json linguist-generated
/API.md linguist-generated
/LICENSE linguist-generated
/package.json linguist-generated
/src/account-provider/is-complete-handler-function.ts linguist-generated
/src/account-provider/on-event-handler-function.ts linguist-generated
/src/organization-provider/on-event-handler-function.ts linguist-generated
/src/organizational-unit-provider/on-event-handler-function.ts linguist-generated
/src/tag-resource-provider/on-event-handler-function.ts linguist-generated
/tsconfig.dev.json linguist-generated
/yarn.lock linguist-generated
================================================
FILE: .github/dependabot.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
version: 2
updates:
- package-ecosystem: npm
versioning-strategy: lockfile-only
directory: /
schedule:
interval: daily
ignore:
- dependency-name: projen
labels:
- auto-approve
================================================
FILE: .github/pull_request_template.md
================================================
Fixes #
================================================
FILE: .github/workflows/auto-approve.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: auto-approve
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
jobs:
approve:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && (github.event.pull_request.user.login == 'pflorek' || github.event.pull_request.user.login == 'acfo' || github.event.pull_request.user.login == 'dependabot[bot]')
steps:
- uses: hmarr/auto-approve-action@v2.2.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/build.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: build
on:
pull_request: {}
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files
- name: build
run: npx projen build
- name: Find mutations
id: self_mutation
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT
working-directory: ./
- name: Upload patch
if: steps.self_mutation.outputs.self_mutation_happened
uses: actions/upload-artifact@v4.4.0
with:
name: repo.patch
path: repo.patch
overwrite: true
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat repo.patch
exit 1
- name: Backup artifact permissions
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
uses: actions/upload-artifact@v4.4.0
with:
name: build-artifact
path: dist
overwrite: true
self-mutation:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download patch
uses: actions/download-artifact@v4
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Push changes
env:
PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
run: |-
git add .
git commit -s -m "chore: self mutation"
git push origin HEAD:$PULL_REQUEST_REF
package-js:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create js artifact
run: cd .repo && npx projen package:js
- name: Collect js artifact
run: mv .repo/dist dist
package-java:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-java@v4
with:
distribution: corretto
java-version: "11"
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create java artifact
run: cd .repo && npx projen package:java
- name: Collect java artifact
run: mv .repo/dist dist
package-python:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create python artifact
run: cd .repo && npx projen package:python
- name: Collect python artifact
run: mv .repo/dist dist
package-dotnet:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ !needs.build.outputs.self_mutation_happened }}
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create dotnet artifact
run: cd .repo && npx projen package:dotnet
- name: Collect dotnet artifact
run: mv .repo/dist dist
================================================
FILE: .github/workflows/pull-request-lint.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: pull-request-lint
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
- edited
merge_group: {}
jobs:
validate:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target')
steps:
- uses: amannn/action-semantic-pull-request@v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |-
feat
fix
chore
requireScope: false
================================================
FILE: .github/workflows/release.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: release
on:
push:
branches:
- main
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: release
run: npx projen release
- name: Check if version has already been tagged
id: check_tag_exists
run: |-
TAG=$(cat dist/releasetag.txt)
([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
cat $GITHUB_OUTPUT
- name: Check for new commits
id: git_remote
run: |-
echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Backup artifact permissions
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
uses: actions/upload-artifact@v4.4.0
with:
name: build-artifact
path: dist
overwrite: true
release_github:
name: Publish to GitHub Releases
needs:
- release
- release_npm
- release_maven
- release_pypi
- release_nuget
runs-on: ubuntu-latest
permissions:
contents: write
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_REF: ${{ github.sha }}
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
release_npm:
name: Publish to npm
needs: release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create js artifact
run: cd .repo && npx projen package:js
- name: Collect js artifact
run: mv .repo/dist dist
- name: Release
env:
NPM_DIST_TAG: latest
NPM_REGISTRY: registry.npmjs.org
NPM_CONFIG_PROVENANCE: "true"
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npx -p publib@latest publib-npm
release_maven:
name: Publish to Maven Central
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-java@v4
with:
distribution: corretto
java-version: "11"
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create java artifact
run: cd .repo && npx projen package:java
- name: Collect java artifact
run: mv .repo/dist dist
- name: Release
env:
MAVEN_ENDPOINT: https://ossrh-staging-api.central.sonatype.com
MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
run: npx -p publib@latest publib-maven
release_pypi:
name: Publish to PyPI
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create python artifact
run: cd .repo && npx projen package:python
- name: Collect python artifact
run: mv .repo/dist dist
- name: Release
env:
TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
run: npx -p publib@latest publib-pypi
release_nuget:
name: Publish to NuGet Gallery
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 6.x
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Checkout
uses: actions/checkout@v4
with:
path: .repo
- name: Install Dependencies
run: cd .repo && yarn install --check-files --frozen-lockfile
- name: Extract build artifact
run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo
- name: Move build artifact out of the way
run: mv dist dist.old
- name: Create dotnet artifact
run: cd .repo && npx projen package:dotnet
- name: Collect dotnet artifact
run: mv .repo/dist dist
- name: Release
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
run: npx -p publib@latest publib-nuget
================================================
FILE: .gitignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
!/.gitattributes
!/.projen/tasks.json
!/.projen/deps.json
!/.projen/files.json
!/.github/workflows/pull-request-lint.yml
!/.gitpod.yml
!/.github/workflows/auto-approve.yml
!/package.json
!/LICENSE
!/.npmignore
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
pids
*.pid
*.seed
*.pid.lock
lib-cov
coverage
*.lcov
.nyc_output
build/Release
node_modules/
jspm_packages/
*.tsbuildinfo
.eslintcache
*.tgz
.yarn-integrity
.cache
/test-reports/
junit.xml
/coverage/
!/.github/workflows/build.yml
/dist/changelog.md
/dist/version.txt
!/.github/workflows/release.yml
!/.mergify.yml
!/.github/dependabot.yml
!/.github/pull_request_template.md
!/.prettierignore
!/.prettierrc.json
!/test/
!/tsconfig.dev.json
!/src/
/lib
/dist/
!/.eslintrc.json
.jsii
tsconfig.json
!/API.md
/assets/
!/src/account-provider/is-complete-handler-function.ts
!/src/account-provider/on-event-handler-function.ts
!/src/organization-provider/on-event-handler-function.ts
!/src/organizational-unit-provider/on-event-handler-function.ts
!/src/tag-resource-provider/on-event-handler-function.ts
.idea/
*.iml
.vscode/
!/.editorconfig
!/.projenrc.ts
================================================
FILE: .gitpod.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
tasks:
- name: setup
command: npx projen watch
init: yarn install && npx projen build
vscode:
extensions:
- dbaeumer.vscode-eslint
================================================
FILE: .mergify.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
queue_rules:
- name: default
update_method: merge
conditions:
- "#approved-reviews-by>=1"
- -label~=(do-not-merge)
- status-success=build
- status-success=package-js
- status-success=package-java
- status-success=package-python
- status-success=package-dotnet
merge_method: squash
commit_message_template: |-
{{ title }} (#{{ number }})
{{ body }}
pull_request_rules:
- name: Automatic merge on approval and successful build
actions:
delete_head_branch: {}
queue:
name: default
method: merge
conditions:
- "#approved-reviews-by>=1"
- -label~=(do-not-merge)
- status-success=build
- status-success=package-js
- status-success=package-java
- status-success=package-python
- status-success=package-dotnet
================================================
FILE: .npmignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
/.projen/
/test-reports/
junit.xml
/coverage/
permissions-backup.acl
/dist/changelog.md
/dist/version.txt
/.mergify.yml
/.prettierignore
/.prettierrc.json
/test/
/tsconfig.dev.json
/src/
!/lib/
!/lib/**/*.js
!/lib/**/*.d.ts
dist
/tsconfig.json
/.github/
/.vscode/
/.idea/
/.projenrc.js
tsconfig.tsbuildinfo
/.eslintrc.json
!.jsii
!/assets/
/.gitattributes
/.projenrc.ts
/projenrc
================================================
FILE: .prettierignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
API.md
src/account-provider/is-complete-handler-function.ts
src/account-provider/on-event-handler-function.ts
src/organization-provider/on-event-handler-function.ts
src/organizational-unit-provider/on-event-handler-function.ts
src/tag-resource-provider/on-event-handler-function.ts
================================================
FILE: .prettierrc.json
================================================
{
"printWidth": 120,
"overrides": []
}
================================================
FILE: .projen/deps.json
================================================
{
"dependencies": [
{
"name": "@pepperize/projen-awscdk-construct",
"version": "~0.0.730",
"type": "build"
},
{
"name": "@types/aws-lambda",
"type": "build"
},
{
"name": "@types/jest",
"type": "build"
},
{
"name": "@types/node",
"type": "build"
},
{
"name": "@types/sinon",
"type": "build"
},
{
"name": "@typescript-eslint/eslint-plugin",
"version": "^8",
"type": "build"
},
{
"name": "@typescript-eslint/parser",
"version": "^8",
"type": "build"
},
{
"name": "aws-lambda",
"type": "build"
},
{
"name": "aws-sdk",
"type": "build"
},
{
"name": "aws-sdk-mock",
"type": "build"
},
{
"name": "cdk-nag",
"type": "build"
},
{
"name": "commit-and-tag-version",
"version": "^12",
"type": "build"
},
{
"name": "esbuild",
"type": "build"
},
{
"name": "eslint-config-prettier",
"type": "build"
},
{
"name": "eslint-import-resolver-typescript",
"type": "build"
},
{
"name": "eslint-plugin-import",
"type": "build"
},
{
"name": "eslint-plugin-prettier",
"type": "build"
},
{
"name": "eslint",
"version": "^9",
"type": "build"
},
{
"name": "jest",
"type": "build"
},
{
"name": "jest-cdk-snapshot",
"type": "build"
},
{
"name": "jest-junit",
"version": "^15",
"type": "build"
},
{
"name": "jsii-diff",
"type": "build"
},
{
"name": "jsii-docgen",
"version": "^10.5.0",
"type": "build"
},
{
"name": "jsii-pacmak",
"type": "build"
},
{
"name": "jsii-rosetta",
"version": "~5.8.0",
"type": "build"
},
{
"name": "jsii",
"version": "~5.8.0",
"type": "build"
},
{
"name": "prettier",
"type": "build"
},
{
"name": "projen",
"type": "build"
},
{
"name": "sinon",
"type": "build"
},
{
"name": "ts-jest",
"type": "build"
},
{
"name": "ts-node",
"type": "build"
},
{
"name": "typescript",
"type": "build"
},
{
"name": "pascal-case",
"type": "bundled"
},
{
"name": "projen",
"version": "~0.91.1",
"type": "devenv"
},
{
"name": "aws-cdk-lib",
"version": "^2.203.1",
"type": "peer"
},
{
"name": "constructs",
"version": "^10.0.5",
"type": "peer"
},
{
"name": "pascal-case",
"type": "runtime"
}
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/files.json
================================================
{
"files": [
".editorconfig",
".eslintrc.json",
".gitattributes",
".github/dependabot.yml",
".github/pull_request_template.md",
".github/workflows/auto-approve.yml",
".github/workflows/build.yml",
".github/workflows/pull-request-lint.yml",
".github/workflows/release.yml",
".gitignore",
".gitpod.yml",
".mergify.yml",
".prettierignore",
".prettierrc.json",
".projen/deps.json",
".projen/files.json",
".projen/tasks.json",
"LICENSE",
"src/account-provider/is-complete-handler-function.ts",
"src/account-provider/on-event-handler-function.ts",
"src/organization-provider/on-event-handler-function.ts",
"src/organizational-unit-provider/on-event-handler-function.ts",
"src/tag-resource-provider/on-event-handler-function.ts",
"tsconfig.dev.json"
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/tasks.json
================================================
{
"tasks": {
"build": {
"name": "build",
"description": "Full release build",
"steps": [
{
"spawn": "default"
},
{
"spawn": "pre-compile"
},
{
"spawn": "compile"
},
{
"spawn": "post-compile"
},
{
"spawn": "test"
},
{
"spawn": "package"
}
]
},
"bump": {
"name": "bump",
"description": "Bumps version based on latest git tag and generates a changelog entry",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"VERSIONRCOPTIONS": "{\"types\":[{\"type\":\"chore\",\"section\":\"Chore\",\"hidden\":false}]}",
"BUMP_PACKAGE": "commit-and-tag-version@^12"
},
"steps": [
{
"builtin": "release/bump-version"
}
],
"condition": "git log --oneline -1 | grep -qv \"chore(release):\""
},
"bundle": {
"name": "bundle",
"description": "Prepare assets",
"steps": [
{
"spawn": "bundle:account-provider/is-complete-handler.lambda"
},
{
"spawn": "bundle:account-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:organization-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:organizational-unit-provider/on-event-handler.lambda"
},
{
"spawn": "bundle:tag-resource-provider/on-event-handler.lambda"
}
]
},
"bundle:account-provider/is-complete-handler.lambda": {
"name": "bundle:account-provider/is-complete-handler.lambda",
"description": "Create a JavaScript bundle from src/account-provider/is-complete-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/is-complete-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/is-complete-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:account-provider/is-complete-handler.lambda:watch": {
"name": "bundle:account-provider/is-complete-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/account-provider/is-complete-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/is-complete-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/is-complete-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:account-provider/on-event-handler.lambda": {
"name": "bundle:account-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/account-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:account-provider/on-event-handler.lambda:watch": {
"name": "bundle:account-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/account-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/account-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/account-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:organization-provider/on-event-handler.lambda": {
"name": "bundle:organization-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/organization-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organization-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organization-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:organization-provider/on-event-handler.lambda:watch": {
"name": "bundle:organization-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/organization-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organization-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organization-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:organizational-unit-provider/on-event-handler.lambda": {
"name": "bundle:organizational-unit-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/organizational-unit-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organizational-unit-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organizational-unit-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:organizational-unit-provider/on-event-handler.lambda:watch": {
"name": "bundle:organizational-unit-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/organizational-unit-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/organizational-unit-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/organizational-unit-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"bundle:tag-resource-provider/on-event-handler.lambda": {
"name": "bundle:tag-resource-provider/on-event-handler.lambda",
"description": "Create a JavaScript bundle from src/tag-resource-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/tag-resource-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/tag-resource-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\""
}
]
},
"bundle:tag-resource-provider/on-event-handler.lambda:watch": {
"name": "bundle:tag-resource-provider/on-event-handler.lambda:watch",
"description": "Continuously update the JavaScript bundle from src/tag-resource-provider/on-event-handler.lambda.ts",
"steps": [
{
"exec": "esbuild --bundle src/tag-resource-provider/on-event-handler.lambda.ts --target=\"node22\" --platform=\"node\" --outfile=\"assets/tag-resource-provider/on-event-handler.lambda/index.js\" --tsconfig=\"tsconfig.dev.json\" --watch"
}
]
},
"clobber": {
"name": "clobber",
"description": "hard resets to HEAD of origin and cleans the local repo",
"env": {
"BRANCH": "$(git branch --show-current)"
},
"steps": [
{
"exec": "git checkout -b scratch",
"name": "save current HEAD in \"scratch\" branch"
},
{
"exec": "git checkout $BRANCH"
},
{
"exec": "git fetch origin",
"name": "fetch latest changes from origin"
},
{
"exec": "git reset --hard origin/$BRANCH",
"name": "hard reset to origin commit"
},
{
"exec": "git clean -fdx",
"name": "clean all untracked files"
},
{
"say": "ready to rock! (unpushed commits are under the \"scratch\" branch)"
}
],
"condition": "git diff --exit-code > /dev/null"
},
"compat": {
"name": "compat",
"description": "Perform API compatibility check against latest version",
"steps": [
{
"exec": "jsii-diff npm:$(node -p \"require('./package.json').name\") -k --ignore-file .compatignore || (echo \"\nUNEXPECTED BREAKING CHANGES: add keys such as 'removed:constructs.Node.of' to .compatignore to skip.\n\" && exit 1)"
}
]
},
"compile": {
"name": "compile",
"description": "Only compile",
"steps": [
{
"exec": "jsii --silence-warnings=reserved-word"
}
]
},
"default": {
"name": "default",
"description": "Synthesize project files",
"steps": [
{
"exec": "ts-node --project tsconfig.dev.json .projenrc.ts"
}
]
},
"docgen": {
"name": "docgen",
"description": "Generate API.md from .jsii manifest",
"steps": [
{
"exec": "jsii-docgen -o API.md"
}
]
},
"eject": {
"name": "eject",
"description": "Remove projen from the project",
"env": {
"PROJEN_EJECTING": "true"
},
"steps": [
{
"spawn": "default"
}
]
},
"eslint": {
"name": "eslint",
"description": "Runs eslint against the codebase",
"env": {
"ESLINT_USE_FLAT_CONFIG": "false"
},
"steps": [
{
"exec": "eslint --ext .ts,.tsx --fix --no-error-on-unmatched-pattern $@ src test build-tools projenrc .projenrc.ts",
"receiveArgs": true
}
]
},
"format": {
"name": "format",
"description": "Format with prettier",
"steps": [
{
"exec": "prettier --write src/**/*.ts test/**/*.ts .projenrc.[jt]s README.md"
}
]
},
"install": {
"name": "install",
"description": "Install project dependencies and update lockfile (non-frozen)",
"steps": [
{
"exec": "yarn install --check-files"
}
]
},
"install:ci": {
"name": "install:ci",
"description": "Install project dependencies using frozen lockfile",
"steps": [
{
"exec": "yarn install --check-files --frozen-lockfile"
}
]
},
"package": {
"name": "package",
"description": "Creates the distribution package",
"steps": [
{
"spawn": "package:js",
"condition": "node -e \"if (!process.env.CI) process.exit(1)\""
},
{
"spawn": "package-all",
"condition": "node -e \"if (process.env.CI) process.exit(1)\""
}
]
},
"package-all": {
"name": "package-all",
"description": "Packages artifacts for all target languages",
"steps": [
{
"spawn": "package:js"
},
{
"spawn": "package:java"
},
{
"spawn": "package:python"
},
{
"spawn": "package:dotnet"
}
]
},
"package:dotnet": {
"name": "package:dotnet",
"description": "Create dotnet language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target dotnet"
}
]
},
"package:java": {
"name": "package:java",
"description": "Create java language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target java"
}
]
},
"package:js": {
"name": "package:js",
"description": "Create js language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target js"
}
]
},
"package:python": {
"name": "package:python",
"description": "Create python language bindings",
"steps": [
{
"exec": "jsii-pacmak -v --target python"
}
]
},
"post-compile": {
"name": "post-compile",
"description": "Runs after successful compilation",
"steps": [
{
"spawn": "docgen"
}
]
},
"pre-compile": {
"name": "pre-compile",
"description": "Prepare the project for compilation",
"steps": [
{
"spawn": "bundle"
}
]
},
"release": {
"name": "release",
"description": "Prepare a release from \"main\" branch",
"env": {
"RELEASE": "true"
},
"steps": [
{
"exec": "rm -fr dist"
},
{
"spawn": "bump"
},
{
"spawn": "build"
},
{
"spawn": "unbump"
},
{
"exec": "git diff --ignore-space-at-eol --exit-code"
}
]
},
"test": {
"name": "test",
"description": "Run tests",
"steps": [
{
"exec": "jest --passWithNoTests --updateSnapshot",
"receiveArgs": true
},
{
"spawn": "eslint"
}
]
},
"test:watch": {
"name": "test:watch",
"description": "Run jest in watch mode",
"steps": [
{
"exec": "jest --watch"
}
]
},
"unbump": {
"name": "unbump",
"description": "Restores version to 0.0.0",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"VERSIONRCOPTIONS": "{\"types\":[{\"type\":\"chore\",\"section\":\"Chore\",\"hidden\":false}]}",
"BUMP_PACKAGE": "commit-and-tag-version@^12"
},
"steps": [
{
"builtin": "release/reset-version"
}
]
},
"watch": {
"name": "watch",
"description": "Watch & compile in the background",
"steps": [
{
"exec": "jsii -w --silence-warnings=reserved-word"
}
]
}
},
"env": {
"PATH": "$(npx -c \"node --print process.env.PATH\")"
},
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projenrc.ts
================================================
import { AwsCdkConstructLibrary } from "@pepperize/projen-awscdk-construct";
import { awscdk, javascript } from "projen";
const project = new AwsCdkConstructLibrary({
author: "Patrick Florek",
authorAddress: "patrick.florek@gmail.com",
license: "MIT",
copyrightOwner: "Pepperize UG (haftungsbeschränkt)",
cdkVersion: "2.203.1",
jsiiVersion: "~5.8.0",
name: "@pepperize/cdk-organizations",
description: "Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).",
keywords: [
"aws",
"cdk",
"organizations",
"organization-principal",
"organizational-unit",
"account",
"account-management",
"policies",
"service-control-policy",
"delegated-administrator",
"trusted-service",
"trusted-access",
"tag-resources",
],
repositoryUrl: "https://github.com/pepperize/cdk-organizations.git",
projenrcTs: true,
deps: ["pascal-case"],
bundledDeps: ["pascal-case"],
devDeps: [
"@pepperize/projen-awscdk-construct@~0.0.730",
"@types/aws-lambda",
"@types/jest",
"@types/sinon",
"aws-lambda",
"aws-sdk",
"aws-sdk-mock",
"cdk-nag",
"jest-cdk-snapshot",
"sinon",
],
versionrcOptions: {
types: [{ type: "chore", section: "Chore", hidden: false }],
},
defaultReleaseBranch: "main",
releaseToNpm: true,
npmAccess: javascript.NpmAccess.PUBLIC,
publishToNuget: {
dotNetNamespace: "Pepperize.CDK",
packageId: "Pepperize.CDK.Organizations",
},
publishToPypi: {
distName: "pepperize.cdk-organizations",
module: "pepperize_cdk_organizations",
},
publishToMaven: {
mavenEndpoint: "https://ossrh-staging-api.central.sonatype.com",
mavenGroupId: "com.pepperize",
mavenArtifactId: "cdk-organizations",
javaPackage: "com.pepperize.cdk.organizations",
},
gitpod: true,
lambdaOptions: {
runtime: awscdk.LambdaRuntime.NODEJS_22_X,
bundlingOptions: {
externals: [],
},
},
});
project.gitpod?.addCustomTask({
name: "setup",
init: "yarn install && npx projen build",
command: "npx projen watch",
});
project.gitpod?.addVscodeExtensions("dbaeumer.vscode-eslint");
project.synth();
================================================
FILE: API.md
================================================
# API Reference
## Constructs
### Account
- *Implements:* IAccount, ITaggableResource
Creates or imports an AWS account that is automatically a member of the organization whose credentials made the request.
AWS Organizations automatically copies the information from the management account to the new member account
#### Initializers
```typescript
import { Account } from '@pepperize/cdk-organizations'
new Account(scope: Construct, id: string, props: AccountProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | AccountProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* AccountProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| attachPolicy | Attach a policy. |
| delegateAdministrator | Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf. |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy`
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`Required
- *Type:* IPolicy
---
##### `delegateAdministrator`
```typescript
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void
```
Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.
###### `servicePrincipal`Required
- *Type:* string
The supported AWS service that you specify.
---
###### `region`Optional
- *Type:* string
The region to delegate in.
---
###### `props`Optional
- *Type:* {[ key: string ]: any}
additional DelegatedAdministrator props.
---
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { Account } from '@pepperize/cdk-organizations'
Account.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| accountArn | string | The Amazon Resource Name (ARN) of the account. |
| accountId | string | If the account was created successfully, the unique identifier (ID) of the new account. |
| accountName | string | The friendly name of the account. |
| email | string | The email address of the owner to assign to the new member account. |
| tags | aws-cdk-lib.TagManager | TagManager to set, remove and format tags. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `accountArn`Required
```typescript
public readonly accountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account.
---
##### `accountId`Required
```typescript
public readonly accountId: string;
```
- *Type:* string
If the account was created successfully, the unique identifier (ID) of the new account.
Exactly 12 digits.
---
##### `accountName`Required
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the account.
---
##### `email`Required
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### DelegatedAdministrator
Enables the specified member account to administer the Organizations features of the specified AWS service.
It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.
You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
> [https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html](https://docs.aws.amazon.com/accounts/latest/reference/using-orgs-delegated-admin.html)
#### Initializers
```typescript
import { DelegatedAdministrator } from '@pepperize/cdk-organizations'
new DelegatedAdministrator(scope: Construct, id: string, props: DelegatedAdministratorProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | DelegatedAdministratorProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* DelegatedAdministratorProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { DelegatedAdministrator } from '@pepperize/cdk-organizations'
DelegatedAdministrator.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### EnableAwsServiceAccess
Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations.
When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.
This operation can be called only from the organization's management account and only if the organization has enabled all features.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_trusted_access_perms)
#### Initializers
```typescript
import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'
new EnableAwsServiceAccess(scope: Construct, id: string, props: EnableAwsServiceAccessProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | EnableAwsServiceAccessProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* EnableAwsServiceAccessProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { EnableAwsServiceAccess } from '@pepperize/cdk-organizations'
EnableAwsServiceAccess.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### EnablePolicyType
Enables and disables Enables a policy type in a root.
After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html)
#### Initializers
```typescript
import { EnablePolicyType } from '@pepperize/cdk-organizations'
new EnablePolicyType(scope: Construct, id: string, props: EnablePolicyTypeProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | EnablePolicyTypeProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* EnablePolicyTypeProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { EnablePolicyType } from '@pepperize/cdk-organizations'
EnablePolicyType.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### Organization
- *Implements:* IOrganization
#### Initializers
```typescript
import { Organization } from '@pepperize/cdk-organizations'
new Organization(scope: Construct, id: string, props?: OrganizationProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | OrganizationProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Optional
- *Type:* OrganizationProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| attachPolicy | Attach a policy. |
| enableAwsServiceAccess | Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf. |
| enablePolicyType | Enables policy types in the following two broad categories: Authorization policies and Management policies. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy`
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`Required
- *Type:* IPolicy
---
##### `enableAwsServiceAccess`
```typescript
public enableAwsServiceAccess(servicePrincipal: string): void
```
Enables trusted access for a supported AWS service (trusted service), which performs tasks in your organization and its accounts on your behalf.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
###### `servicePrincipal`Required
- *Type:* string
The supported AWS service that you specify.
---
##### `enablePolicyType`
```typescript
public enablePolicyType(policyType: PolicyType): void
```
Enables policy types in the following two broad categories: Authorization policies and Management policies.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types)
###### `policyType`Required
- *Type:* PolicyType
: the type of the policy that you specify.
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
| of | Describe the organization that the current account belongs to. |
---
##### ~~`isConstruct`~~
```typescript
import { Organization } from '@pepperize/cdk-organizations'
Organization.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
##### `of`
```typescript
import { Organization } from '@pepperize/cdk-organizations'
Organization.of(scope: Construct, id: string)
```
Describe the organization that the current account belongs to.
> [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html)
###### `scope`Required
- *Type:* constructs.Construct
---
###### `id`Required
- *Type:* string
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| featureSet | FeatureSet | Specifies the functionality that currently is available to the organization. |
| managementAccountArn | string | The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. |
| managementAccountEmail | string | The email address that is associated with the AWS account that is designated as the management account for the organization. |
| managementAccountId | string | The unique identifier (ID) of the management account of an organization. |
| organizationArn | string | The Amazon Resource Name (ARN) of an organization. |
| organizationId | string | The unique identifier (ID) of an organization. |
| principal | aws-cdk-lib.aws_iam.IPrincipal | The principal that represents this AWS Organization. |
| root | Root | The root of the current organization, which is automatically created. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `featureSet`Required
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* FeatureSet
Specifies the functionality that currently is available to the organization.
If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.
---
##### `managementAccountArn`Required
```typescript
public readonly managementAccountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
---
##### `managementAccountEmail`Required
```typescript
public readonly managementAccountEmail: string;
```
- *Type:* string
The email address that is associated with the AWS account that is designated as the management account for the organization.
---
##### `managementAccountId`Required
```typescript
public readonly managementAccountId: string;
```
- *Type:* string
The unique identifier (ID) of the management account of an organization.
---
##### `organizationArn`Required
```typescript
public readonly organizationArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of an organization.
---
##### `organizationId`Required
```typescript
public readonly organizationId: string;
```
- *Type:* string
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
---
##### `principal`Required
```typescript
public readonly principal: IPrincipal;
```
- *Type:* aws-cdk-lib.aws_iam.IPrincipal
The principal that represents this AWS Organization.
---
##### `root`Required
```typescript
public readonly root: Root;
```
- *Type:* Root
The root of the current organization, which is automatically created.
---
### OrganizationalUnit
- *Implements:* IOrganizationalUnit, ITaggableResource
#### Initializers
```typescript
import { OrganizationalUnit } from '@pepperize/cdk-organizations'
new OrganizationalUnit(scope: Construct, id: string, props: OrganizationalUnitProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | OrganizationalUnitProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* OrganizationalUnitProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| attachPolicy | Attach a policy. |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy`
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`Required
- *Type:* IPolicy
---
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { OrganizationalUnit } from '@pepperize/cdk-organizations'
OrganizationalUnit.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| organizationalUnitArn | string | The Amazon Resource Name (ARN) of this OU. |
| organizationalUnitId | string | The unique identifier (ID) associated with this OU. |
| organizationalUnitName | string | The friendly name of this OU. |
| tags | aws-cdk-lib.TagManager | TagManager to set, remove and format tags. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `organizationalUnitArn`Required
```typescript
public readonly organizationalUnitArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see [ARN Formats Supported by Organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) in the AWS Service Authorization Reference.
---
##### `organizationalUnitId`Required
```typescript
public readonly organizationalUnitId: string;
```
- *Type:* string
The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
---
##### `organizationalUnitName`Required
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name of this OU.
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### Parent
#### Initializers
```typescript
import { Parent } from '@pepperize/cdk-organizations'
new Parent(scope: Construct, id: string, props: ParentProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | ParentProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* ParentProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
| fromChildId | *No description.* |
---
##### ~~`isConstruct`~~
```typescript
import { Parent } from '@pepperize/cdk-organizations'
Parent.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
##### `fromChildId`
```typescript
import { Parent } from '@pepperize/cdk-organizations'
Parent.fromChildId(scope: Construct, id: string, childId: string)
```
###### `scope`Required
- *Type:* constructs.Construct
---
###### `id`Required
- *Type:* string
---
###### `childId`Required
- *Type:* string
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| parentId | string | *No description.* |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `parentId`Required
```typescript
public readonly parentId: string;
```
- *Type:* string
---
### ParentBase
- *Implements:* IParent
#### Initializers
```typescript
import { ParentBase } from '@pepperize/cdk-organizations'
new ParentBase(scope: Construct, id: string, props: ParentBaseProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | ParentBaseProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* ParentBaseProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { ParentBase } from '@pepperize/cdk-organizations'
ParentBase.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| parentId | string | *No description.* |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `parentId`Required
```typescript
public readonly parentId: string;
```
- *Type:* string
---
### Policy
- *Implements:* IPolicy, ITaggableResource
#### Initializers
```typescript
import { Policy } from '@pepperize/cdk-organizations'
new Policy(scope: Construct, id: string, props: PolicyProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | PolicyProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* PolicyProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| identifier | *No description.* |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `identifier`
```typescript
public identifier(): string
```
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { Policy } from '@pepperize/cdk-organizations'
Policy.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| policyId | string | The unique identifier (ID) of the policy. |
| tags | aws-cdk-lib.TagManager | TagManager to set, remove and format tags. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `policyId`Required
```typescript
public readonly policyId: string;
```
- *Type:* string
The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### PolicyAttachment
Attaches a policy to a root, an organizational unit (OU), or an individual account.
How the policy affects accounts depends on the type of policy. Refer to the AWS Organizations User Guide for information about each policy type:
#### Initializers
```typescript
import { PolicyAttachment } from '@pepperize/cdk-organizations'
new PolicyAttachment(scope: Construct, id: string, props: PolicyAttachmentProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | PolicyAttachmentProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* PolicyAttachmentProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { PolicyAttachment } from '@pepperize/cdk-organizations'
PolicyAttachment.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### Root
- *Implements:* IParent, IPolicyAttachmentTarget, ITaggableResource
The parent container for all the accounts for your organization.
If you apply a policy to the root, it applies to all organizational units (OUs) and accounts in the organization.
Currently, you can have only one root. AWS Organizations automatically creates it for you when you create an organization.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html)
#### Initializers
```typescript
import { Root } from '@pepperize/cdk-organizations'
new Root(scope: Construct, id: string)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| attachPolicy | Attach a policy. |
| enablePolicyType | Enables and disables Enables a policy type. |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `attachPolicy`
```typescript
public attachPolicy(policy: IPolicy): void
```
Attach a policy.
Before you can attach the policy, you must enable that policy type for use. You can use policies when you have all features enabled.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html)
###### `policy`Required
- *Type:* IPolicy
---
##### `enablePolicyType`
```typescript
public enablePolicyType(policyType: PolicyType): void
```
Enables and disables Enables a policy type.
After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html)
###### `policyType`Required
- *Type:* PolicyType
---
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { Root } from '@pepperize/cdk-organizations'
Root.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| rootId | string | The unique identifier (ID) for the root. |
| tags | aws-cdk-lib.TagManager | TagManager to set, remove and format tags. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `rootId`Required
```typescript
public readonly rootId: string;
```
- *Type:* string
The unique identifier (ID) for the root.
The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lowercase letters or digits.
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
### TagResource
Add tags to an AWS Organizations resource to make it easier to identify, organize, and search.
> [https://docs.aws.amazon.com/ARG/latest/APIReference/API_Tag.html](https://docs.aws.amazon.com/ARG/latest/APIReference/API_Tag.html)
#### Initializers
```typescript
import { TagResource } from '@pepperize/cdk-organizations'
new TagResource(scope: Construct, id: string, props: TagResourceProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | TagResourceProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* TagResourceProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
---
##### ~~`isConstruct`~~
```typescript
import { TagResource } from '@pepperize/cdk-organizations'
TagResource.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
## Structs
### AccountProps
#### Initializer
```typescript
import { AccountProps } from '@pepperize/cdk-organizations'
const accountProps: AccountProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| accountName | string | The friendly name of the member account. |
| email | string | The email address of the owner to assign to the new member account. |
| iamUserAccessToBilling | IamUserAccessToBilling | If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions. |
| importOnDuplicate | boolean | Whether to import, if a duplicate account with same name and email already exists. |
| parent | IParent | The parent root or OU that you want to create the new Account in. |
| removalPolicy | aws-cdk-lib.RemovalPolicy | If set to RemovalPolicy.DESTROY, the account will be moved to the root. |
| roleName | string | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. |
---
##### `accountName`Required
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the member account.
---
##### `email`Required
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
##### `iamUserAccessToBilling`Optional
```typescript
public readonly iamUserAccessToBilling: IamUserAccessToBilling;
```
- *Type:* IamUserAccessToBilling
- *Default:* ALLOW
If set to ALLOW , the new account enables IAM users to access account billing information if they have the required permissions.
If set to DENY , only the root user of the new account can access account billing information.
---
##### `importOnDuplicate`Optional
```typescript
public readonly importOnDuplicate: boolean;
```
- *Type:* boolean
- *Default:* true
Whether to import, if a duplicate account with same name and email already exists.
---
##### `parent`Optional
```typescript
public readonly parent: IParent;
```
- *Type:* IParent
The parent root or OU that you want to create the new Account in.
---
##### `removalPolicy`Optional
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.Retain
If set to RemovalPolicy.DESTROY, the account will be moved to the root.
---
##### `roleName`Optional
```typescript
public readonly roleName: string;
```
- *Type:* string
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.
If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
---
### DelegatedAdministratorProps
#### Initializer
```typescript
import { DelegatedAdministratorProps } from '@pepperize/cdk-organizations'
const delegatedAdministratorProps: DelegatedAdministratorProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| account | IAccount | The member account in the organization to register as a delegated administrator. |
| servicePrincipal | string | The service principal of the AWS service for which you want to make the member account a delegated administrator. |
| region | string | The region to delegate the administrator in. |
| removalPolicy | aws-cdk-lib.RemovalPolicy | If set to RemovalPolicy.RETAIN, the delegation will not be removed. |
---
##### `account`Required
```typescript
public readonly account: IAccount;
```
- *Type:* IAccount
The member account in the organization to register as a delegated administrator.
---
##### `servicePrincipal`Required
```typescript
public readonly servicePrincipal: string;
```
- *Type:* string
The service principal of the AWS service for which you want to make the member account a delegated administrator.
---
##### `region`Optional
```typescript
public readonly region: string;
```
- *Type:* string
The region to delegate the administrator in.
---
##### `removalPolicy`Optional
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.DESTROY
If set to RemovalPolicy.RETAIN, the delegation will not be removed.
---
### EnableAwsServiceAccessProps
#### Initializer
```typescript
import { EnableAwsServiceAccessProps } from '@pepperize/cdk-organizations'
const enableAwsServiceAccessProps: EnableAwsServiceAccessProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| servicePrincipal | string | The service principal name of the AWS service for which you want to enable integration with your organization. |
---
##### `servicePrincipal`Required
```typescript
public readonly servicePrincipal: string;
```
- *Type:* string
The service principal name of the AWS service for which you want to enable integration with your organization.
This is typically in the form of a URL, such as service-abbreviation.amazonaws.com.
---
### EnablePolicyTypeProps
#### Initializer
```typescript
import { EnablePolicyTypeProps } from '@pepperize/cdk-organizations'
const enablePolicyTypeProps: EnablePolicyTypeProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| policyType | PolicyType | *No description.* |
| root | Root | *No description.* |
---
##### `policyType`Required
```typescript
public readonly policyType: PolicyType;
```
- *Type:* PolicyType
---
##### `root`Required
```typescript
public readonly root: Root;
```
- *Type:* Root
---
### OrganizationalUnitProps
#### Initializer
```typescript
import { OrganizationalUnitProps } from '@pepperize/cdk-organizations'
const organizationalUnitProps: OrganizationalUnitProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| organizationalUnitName | string | The friendly name to assign to the new OU. |
| parent | IParent | The parent root or OU that you want to create the new OrganizationalUnit in. |
| importOnDuplicate | boolean | Whether to import, if a duplicate organizational unit with same name exists in the parent exists. |
| removalPolicy | aws-cdk-lib.RemovalPolicy | If set to RemovalPolicy.DESTROY, the organizational unit will be deleted. |
---
##### `organizationalUnitName`Required
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name to assign to the new OU.
---
##### `parent`Required
```typescript
public readonly parent: IParent;
```
- *Type:* IParent
The parent root or OU that you want to create the new OrganizationalUnit in.
---
##### `importOnDuplicate`Optional
```typescript
public readonly importOnDuplicate: boolean;
```
- *Type:* boolean
- *Default:* true
Whether to import, if a duplicate organizational unit with same name exists in the parent exists.
---
##### `removalPolicy`Optional
```typescript
public readonly removalPolicy: RemovalPolicy;
```
- *Type:* aws-cdk-lib.RemovalPolicy
- *Default:* RemovalPolicy.Retain
If set to RemovalPolicy.DESTROY, the organizational unit will be deleted.
---
### OrganizationProps
#### Initializer
```typescript
import { OrganizationProps } from '@pepperize/cdk-organizations'
const organizationProps: OrganizationProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| featureSet | FeatureSet | Enabling features in your organization. |
---
##### `featureSet`Optional
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* FeatureSet
- *Default:* ALL
Enabling features in your organization.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
---
### ParentBaseProps
#### Initializer
```typescript
import { ParentBaseProps } from '@pepperize/cdk-organizations'
const parentBaseProps: ParentBaseProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| childId | string | *No description.* |
---
##### `childId`Required
```typescript
public readonly childId: string;
```
- *Type:* string
---
### ParentProps
#### Initializer
```typescript
import { ParentProps } from '@pepperize/cdk-organizations'
const parentProps: ParentProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| child | IChild | *No description.* |
---
##### `child`Required
```typescript
public readonly child: IChild;
```
- *Type:* IChild
---
### PolicyAttachmentProps
#### Initializer
```typescript
import { PolicyAttachmentProps } from '@pepperize/cdk-organizations'
const policyAttachmentProps: PolicyAttachmentProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| policy | IPolicy | The policy that you want to attach to the target. |
| target | IPolicyAttachmentTarget | The root, OU, or account that you want to attach the policy to. |
---
##### `policy`Required
```typescript
public readonly policy: IPolicy;
```
- *Type:* IPolicy
The policy that you want to attach to the target.
---
##### `target`Required
```typescript
public readonly target: IPolicyAttachmentTarget;
```
- *Type:* IPolicyAttachmentTarget
The root, OU, or account that you want to attach the policy to.
---
### PolicyProps
#### Initializer
```typescript
import { PolicyProps } from '@pepperize/cdk-organizations'
const policyProps: PolicyProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| content | string | The policy text content to add to the new policy. |
| policyName | string | The friendly name to assign to the policy. |
| policyType | PolicyType | The type of policy to create. |
| description | string | An optional description to assign to the policy. |
---
##### `content`Required
```typescript
public readonly content: string;
```
- *Type:* string
The policy text content to add to the new policy.
The text that you supply must adhere to the rules of the policy type you specify in the Type parameter.
---
##### `policyName`Required
```typescript
public readonly policyName: string;
```
- *Type:* string
The friendly name to assign to the policy.
---
##### `policyType`Required
```typescript
public readonly policyType: PolicyType;
```
- *Type:* PolicyType
The type of policy to create.
You can specify one of the following values:
---
##### `description`Optional
```typescript
public readonly description: string;
```
- *Type:* string
An optional description to assign to the policy.
---
### TagResourceProps
#### Initializer
```typescript
import { TagResourceProps } from '@pepperize/cdk-organizations'
const tagResourceProps: TagResourceProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| resourceId | string | *No description.* |
| tags | aws-cdk-lib.IResolvable | *No description.* |
---
##### `resourceId`Required
```typescript
public readonly resourceId: string;
```
- *Type:* string
---
##### `tags`Required
```typescript
public readonly tags: IResolvable;
```
- *Type:* aws-cdk-lib.IResolvable
---
## Classes
### DependencyChain
- *Implements:* aws-cdk-lib.IAspect
Aspect to create dependency chain of organization resource that needs to be deployed sequentially.
#### Initializers
```typescript
import { DependencyChain } from '@pepperize/cdk-organizations'
new DependencyChain()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| visit | All aspects can visit an IConstruct. |
---
##### `visit`
```typescript
public visit(current: IConstruct): void
```
All aspects can visit an IConstruct.
###### `current`Required
- *Type:* constructs.IConstruct
---
### Validators
#### Initializers
```typescript
import { Validators } from '@pepperize/cdk-organizations'
new Validators()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| accountId | *No description.* |
| accountName | *No description.* |
| email | *No description.* |
| organizationalUnitName | *No description.* |
| policyContent | *No description.* |
| servicePrincipal | *No description.* |
---
##### `accountId`
```typescript
public accountId(id: string): boolean
```
###### `id`Required
- *Type:* string
---
##### `accountName`
```typescript
public accountName(name: string): boolean
```
###### `name`Required
- *Type:* string
---
##### `email`
```typescript
public email(email: string): boolean
```
###### `email`Required
- *Type:* string
---
##### `organizationalUnitName`
```typescript
public organizationalUnitName(name: string): boolean
```
###### `name`Required
- *Type:* string
---
##### `policyContent`
```typescript
public policyContent(content: string): boolean
```
###### `content`Required
- *Type:* string
---
##### `servicePrincipal`
```typescript
public servicePrincipal(servicePrincipal: string): boolean
```
###### `servicePrincipal`Required
- *Type:* string
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| of | *No description.* |
---
##### `of`
```typescript
import { Validators } from '@pepperize/cdk-organizations'
Validators.of()
```
## Protocols
### IAccount
- *Extends:* IPolicyAttachmentTarget, IChild, constructs.IConstruct, IResource
- *Implemented By:* Account, IAccount
#### Methods
| **Name** | **Description** |
| --- | --- |
| delegateAdministrator | Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf. |
---
##### `delegateAdministrator`
```typescript
public delegateAdministrator(servicePrincipal: string, region?: string, props?: {[ key: string ]: any}): void
```
Enables trusted access for the AWS service (trusted service) as Delegated Administrator, which performs tasks in your organization and its accounts on your behalf.
###### `servicePrincipal`Required
- *Type:* string
The supported AWS service that you specify.
---
###### `region`Optional
- *Type:* string
The region to delegate in.
---
###### `props`Optional
- *Type:* {[ key: string ]: any}
additional DelegatedAdministrator props.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| accountArn | string | The Amazon Resource Name (ARN) of the account. |
| accountId | string | If the account was created successfully, the unique identifier (ID) of the new account. |
| accountName | string | The friendly name of the account. |
| email | string | The email address of the owner to assign to the new member account. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `accountArn`Required
```typescript
public readonly accountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account.
---
##### `accountId`Required
```typescript
public readonly accountId: string;
```
- *Type:* string
If the account was created successfully, the unique identifier (ID) of the new account.
Exactly 12 digits.
---
##### `accountName`Required
```typescript
public readonly accountName: string;
```
- *Type:* string
The friendly name of the account.
---
##### `email`Required
```typescript
public readonly email: string;
```
- *Type:* string
The email address of the owner to assign to the new member account.
This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
---
### IChild
- *Extends:* constructs.IConstruct, IResource
- *Implemented By:* Account, OrganizationalUnit, IAccount, IChild, IOrganizationalUnit
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### IOrganization
- *Extends:* constructs.IConstruct
- *Implemented By:* Organization, IOrganization
Creates an organization to consolidate your AWS accounts so that you can administer them as a single unit.
An organization has one management account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. Each account can be directly in the root, or placed in one of the OUs in the hierarchy. An organization has the functionality that is determined by the feature set that you enable.
The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.
For deletion of an organization you must previously remove all the member accounts, OUs, and policies from the organization!
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org)
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| featureSet | FeatureSet | Specifies the functionality that currently is available to the organization. |
| managementAccountArn | string | The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. |
| managementAccountEmail | string | The email address that is associated with the AWS account that is designated as the management account for the organization. |
| managementAccountId | string | The unique identifier (ID) of the management account of an organization. |
| organizationArn | string | The Amazon Resource Name (ARN) of an organization. |
| organizationId | string | The unique identifier (ID) of an organization. |
| principal | aws-cdk-lib.aws_iam.IPrincipal | The principal that represents this AWS Organization. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `featureSet`Required
```typescript
public readonly featureSet: FeatureSet;
```
- *Type:* FeatureSet
Specifies the functionality that currently is available to the organization.
If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available.
---
##### `managementAccountArn`Required
```typescript
public readonly managementAccountArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
---
##### `managementAccountEmail`Required
```typescript
public readonly managementAccountEmail: string;
```
- *Type:* string
The email address that is associated with the AWS account that is designated as the management account for the organization.
---
##### `managementAccountId`Required
```typescript
public readonly managementAccountId: string;
```
- *Type:* string
The unique identifier (ID) of the management account of an organization.
---
##### `organizationArn`Required
```typescript
public readonly organizationArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of an organization.
---
##### `organizationId`Required
```typescript
public readonly organizationId: string;
```
- *Type:* string
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
---
##### `principal`Required
```typescript
public readonly principal: IPrincipal;
```
- *Type:* aws-cdk-lib.aws_iam.IPrincipal
The principal that represents this AWS Organization.
---
### IOrganizationalUnit
- *Extends:* IPolicyAttachmentTarget, IParent, IChild, constructs.IConstruct
- *Implemented By:* OrganizationalUnit, IOrganizationalUnit
A container for accounts within a root.
An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree. When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it. An OU can have exactly one parent, and currently each account can be a member of exactly one OU.
You must first move all accounts out of the OU and any child OUs, and then you can delete the child OUs.
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| organizationalUnitArn | string | The Amazon Resource Name (ARN) of this OU. |
| organizationalUnitId | string | The unique identifier (ID) associated with this OU. |
| organizationalUnitName | string | The friendly name of this OU. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `organizationalUnitArn`Required
```typescript
public readonly organizationalUnitArn: string;
```
- *Type:* string
The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see [ARN Formats Supported by Organizations](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) in the AWS Service Authorization Reference.
---
##### `organizationalUnitId`Required
```typescript
public readonly organizationalUnitId: string;
```
- *Type:* string
The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
---
##### `organizationalUnitName`Required
```typescript
public readonly organizationalUnitName: string;
```
- *Type:* string
The friendly name of this OU.
---
### IParent
- *Extends:* constructs.IConstruct, IResource
- *Implemented By:* OrganizationalUnit, Parent, ParentBase, Root, IOrganizationalUnit, IParent
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
### IPolicy
- *Extends:* constructs.IConstruct
- *Implemented By:* Policy, IPolicy
Policies in AWS Organizations enable you to apply additional types of management to the AWS accounts in your organization.
You can use policies when all features are enabled in your organization.
Before you can create and attach a policy to your organization, you must enable that policy type for use.
> [FeatureSet](FeatureSet)
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| policyId | string | The unique identifier (ID) of the policy. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `policyId`Required
```typescript
public readonly policyId: string;
```
- *Type:* string
The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
---
### IPolicyAttachmentTarget
- *Extends:* constructs.IDependable, IResource
- *Implemented By:* Account, OrganizationalUnit, Root, IAccount, IOrganizationalUnit, IPolicyAttachmentTarget
### IResource
- *Implemented By:* Account, OrganizationalUnit, Parent, ParentBase, Root, IAccount, IChild, IOrganizationalUnit, IParent, IPolicyAttachmentTarget, IResource
Interface for an AWS Organizations resource.
#### Methods
| **Name** | **Description** |
| --- | --- |
| identifier | The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in. |
---
##### `identifier`
```typescript
public identifier(): string
```
The unique identifier (ID) of the parent root, organizational unit (OU), account, or policy that you want to create the new OU in.
### ITaggableResource
- *Extends:* aws-cdk-lib.ITaggable
- *Implemented By:* Account, OrganizationalUnit, Policy, Root, ITaggableResource
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| tags | aws-cdk-lib.TagManager | TagManager to set, remove and format tags. |
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
---
## Enums
### FeatureSet
Specifies the feature set supported by the new organization.
Each feature set supports different levels of functionality.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set)
#### Members
| **Name** | **Description** |
| --- | --- |
| CONSOLIDATED_BILLING | All member accounts have their bills consolidated to and paid by the management account. |
| ALL | In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. |
---
##### `CONSOLIDATED_BILLING`
All member accounts have their bills consolidated to and paid by the management account.
For more information, see [Consolidated billing](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) in the AWS Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the AWS GovCloud (US) Region.
---
##### `ALL`
In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization.
For more information, see [All features](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) in the AWS Organizations User Guide.
---
### IamUserAccessToBilling
> [https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate)
#### Members
| **Name** | **Description** |
| --- | --- |
| ALLOW | If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. |
| DENY | If set to DENY, only the root user of the new account can access account billing information. |
---
##### `ALLOW`
If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions.
---
##### `DENY`
If set to DENY, only the root user of the new account can access account billing information.
---
### PolicyType
Organizations offers policy types in the following two broad categories: - Authorization policies help you to centrally manage the security of the AWS accounts in your organization.
- Management policies enable you to centrally configure and manage AWS services and their features.
.
> [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#orgs-policy-types)
#### Members
| **Name** | **Description** |
| --- | --- |
| SERVICE_CONTROL_POLICY | Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization. |
| TAG_POLICY | Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts. |
| BACKUP_POLICY | Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts. |
| AISERVICES_OPT_OUT_POLICY | Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts. |
---
##### `SERVICE_CONTROL_POLICY`
Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.
---
##### `TAG_POLICY`
Tag policies help you standardize the tags attached to the AWS resources in your organization's accounts.
---
##### `BACKUP_POLICY`
Backup policies help you centrally manage and apply backup plans to the AWS resources across your organization's accounts.
---
##### `AISERVICES_OPT_OUT_POLICY`
Artificial Intelligence (AI) services opt-out policies enable you to control data collection for AWS AI services for all of your organization's accounts.
---
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing to cdk-organizations
Thank you for contributing to cdk-organizations! :heart:
This document describes how to set up your development environment and submit your contributions. Please read it and
submit a pull request if it's not up-to date :wink:.
## Prerequisites
### Manually install tools
The following tools need to be installed to develop on projen locally.
- [Node](https://nodejs.org/en/download/)
- [Yarn](https://yarnpkg.com/en/docs/install)
## Getting Started
The basic commands to get the repository cloned and built locally follow:
```shell
git clone git@github.com:pepperize/cdk-organizations
cd cdk-organizations
# install dependencies
yarn
# build with projen
yarn build
```
### Development workflow
The projen package provides the following scripts:
- `build` - builds the package, generates api docs, runs linter and runs all unit tests
- `watch` - watches for file changes and builds them progressively
- `test` - executes all unit tests and runs linter
- `test:update` - executes all unit tests and overwrites snapshot expectations (those `.snap` files)
- `test:watch` - runs all unit tests and reruns tests when files are changed
- `eslint` - runs linter against source code
- `format` - runs prettier
Each of these scripts can be executed using `yarn