AWS Managed Policies Explorer

Home About

AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

Service: AWS Organizations

Short Name:

organizations

ARN Format:arn:aws:organizations::${Account}:${Resource}/o-${OrganizationId}(/${ResourceType}/${ResourceId})?

ARN Regex:^arn:aws:organizations::.+:.+

PowerUserAccess

…

CloudFormationStackSetsOrgAdminServiceRolePolicy

Action	Reference	Description
organizations:ListAccounts	Docs	Grants permission to list all of the the accounts in the organization
organizations:ListAccountsForParent	Docs	Grants permission to list the accounts in an organization that are contained by a root or organizational unit (OU)
organizations:ListAWSServiceAccessForOrganization	Docs	Grants permission to retrieve the list of the AWS services for which you enabled integration with your organization
organizations:ListChildren	Docs	Grants permission to list all of the OUs or accounts that are contained in a parent OU or root
organizations:ListCreateAccountStatus	Docs	Grants permission to list the asynchronous account creation requests that are currently being tracked for the organization
organizations:ListDelegatedAdministrators	Docs	Grants permission to list the AWS accounts that are designated as delegated administrators in this organization
organizations:ListDelegatedServicesForAccount	Docs	Grants permission to list the AWS services for which the specified account is a delegated administrator in this organization
organizations:ListHandshakesForAccount	Docs	Grants permission to list all of the handshakes that are associated with an account
organizations:ListHandshakesForOrganization	Docs	Grants permission to list the handshakes that are associated with the organization
organizations:ListOrganizationalUnitsForParent	Docs	Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root
organizations:ListParents	Docs	Grants permission to list the root or organizational units (OUs) that serve as the immediate parent of a child OU or account
organizations:ListPolicies	Docs	Grants permission to list all of the policies in an organization
organizations:ListPoliciesForTarget	Docs	Grants permission to list all of the policies that are directly attached to a root, organizational unit (OU), or account
organizations:ListRoots	Docs	Grants permission to list all of the roots that are defined in the organization
organizations:ListTagsForResource	Docs	Grants permission to list all tags for the specified resource
organizations:ListTargetsForPolicy	Docs	Grants permission to list all the roots, OUs, and accounts to which a policy is attached
organizations:DescribeAccount	Docs	Grants permission to retrieve Organizations-related details about the specified account
organizations:DescribeCreateAccountStatus	Docs	Grants permission to retrieve the current status of an asynchronous request to create an account
organizations:DescribeEffectivePolicy	Docs	Grants permission to retrieve the effective policy for an account
organizations:DescribeHandshake	Docs	Grants permission to retrieve details about a previously requested handshake
organizations:DescribeOrganization	Docs	Grants permission to retrieves details about the organization that the calling credentials belong to
organizations:DescribeOrganizationalUnit	Docs	Grants permission to retrieve details about an organizational unit (OU)
organizations:DescribePolicy	Docs	Grants permission to retrieves details about a policy
organizations:DescribeResourcePolicy	Docs	Grants permission to retrieve information about a resource policy
organizations:TagResource	Docs	Grants permission to add one or more tags to the specified resource
organizations:UntagResource	Docs	Grants permission to remove one or more tags from the specified resource
organizations:AcceptHandshake	Docs	Grants permission to send a response to the originator of a handshake agreeing to the action proposed by the handshake request
organizations:AttachPolicy	Docs	Grants permission to attach a policy to a root, an organizational unit, or an individual account
organizations:CancelHandshake	Docs	Grants permission to cancel a handshake
organizations:CloseAccount	Docs	Grants permission to close an AWS account that is now a part of an Organizations, either created within the organization, or invited to join the organization
organizations:CreateAccount	Docs	Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request
organizations:CreateGovCloudAccount	Docs	Grants permission to create an AWS GovCloud (US) account
organizations:CreateOrganization	Docs	Grants permission to create an organization. The account with the credentials that calls the CreateOrganization operation automatically becomes the management account of the new organization
organizations:CreateOrganizationalUnit	Docs	Grants permission to create an organizational unit (OU) within a root or parent OU
organizations:CreatePolicy	Docs	Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account
organizations:DeclineHandshake	Docs	Grants permission to decline a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request
organizations:DeleteOrganization	Docs	Grants permission to delete the organization
organizations:DeleteOrganizationalUnit	Docs	Grants permission to delete an organizational unit from a root or another OU
organizations:DeletePolicy	Docs	Grants permission to delete a policy from your organization
organizations:DeleteResourcePolicy	Docs	Grants permission to delete a resource policy from your organization
organizations:DeregisterDelegatedAdministrator	Docs	Grants permission to deregister the specified member AWS account as a delegated administrator for the AWS service that is specified by ServicePrincipal
organizations:DetachPolicy	Docs	Grants permission to detach a policy from a target root, organizational unit, or account
organizations:DisableAWSServiceAccess	Docs	Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations
organizations:DisablePolicyType	Docs	Grants permission to disable an organization policy type in a root
organizations:EnableAllFeatures	Docs	Grants permission to start the process to enable all features in an organization, upgrading it from supporting only Consolidated Billing features
organizations:EnableAWSServiceAccess	Docs	Grants permission to enable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations
organizations:EnablePolicyType	Docs	Grants permission to enable a policy type in a root
organizations:InviteAccountToOrganization	Docs	Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account
organizations:LeaveOrganization	Docs	Grants permission to remove a member account from its parent organization
organizations:MoveAccount	Docs	Grants permission to move an account from its current root or OU to another parent root or OU
organizations:PutResourcePolicy	Docs	Grants permission to create or update a resource policy
organizations:RegisterDelegatedAdministrator	Docs	Grants permission to register the specified member account to administer the Organizations features of the AWS service that is specified by ServicePrincipal
organizations:RemoveAccountFromOrganization	Docs	Grants permission to removes the specified account from the organization
organizations:UpdateOrganizationalUnit	Docs	Grants permission to rename an organizational unit (OU)
organizations:UpdatePolicy	Docs	Grants permission to update an existing policy with a new name, description, or content

aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeysorganizations:PolicyTypeorganizations:ServicePrincipal