ResourcePolicy
Learn how to create, update, and manage AWS Organizations ResourcePolicys using Alchemy Cloud Control.
The ResourcePolicy resource lets you manage AWS Organizations ResourcePolicys to define permissions for your AWS accounts and organizational units.
Minimal Example
Section titled “Minimal Example”Create a basic resource policy with necessary content and tags.
import AWS from "alchemy/aws/control";
const resourcePolicy = await AWS.Organizations.ResourcePolicy("basicResourcePolicy", { Content: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: "*", Action: "organizations:DescribeAccounts", Resource: "*" } ] }, Tags: [ { Key: "Environment", Value: "Development" } ]});Advanced Configuration
Section titled “Advanced Configuration”Define a more complex resource policy with multiple statements and additional properties.
const advancedResourcePolicy = await AWS.Organizations.ResourcePolicy("advancedResourcePolicy", { Content: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { Service: "cloudformation.amazonaws.com" }, Action: "organizations:ListAccounts", Resource: "*" }, { Effect: "Deny", Principal: { AWS: "arn:aws:iam::123456789012:root" }, Action: "organizations:DeleteOrganization", Resource: "*" } ] }, Tags: [ { Key: "Project", Value: "ResourceManagement" } ], adopt: true});Use Case: Restricting Access
Section titled “Use Case: Restricting Access”Implement a resource policy to restrict access to a specific account.
const restrictedAccessPolicy = await AWS.Organizations.ResourcePolicy("restrictedAccessPolicy", { Content: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: "arn:aws:iam::098765432109:user/SpecificUser" }, Action: [ "organizations:DescribeOrganizationalUnits", "organizations:ListAccounts" ], Resource: "*" }, { Effect: "Deny", Principal: "*", Action: "organizations:DescribeOrganizationalUnits", Resource: "arn:aws:organizations::123456789012:ou/o-exampleorgid/ou-exampleouid" } ] }});