AWS::FMS::Policy IEMap - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::FMS::Policy IEMap

Specifies the Amazon account IDs and Amazon Organizations organizational units (OUs) to include in or exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

This is used for the policy's IncludeMap and ExcludeMap.

You can specify account IDs, OUs, or a combination:

  • Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

  • Specify OUs by setting the key to ORGUNIT. For example, the following is a valid map: {“ORGUNIT” : [“ouid111”, “ouid112”]}.

  • Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORGUNIT” : [“ouid111”, “ouid112”]}.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "ACCOUNT" : [ String, ... ], "ORGUNIT" : [ String, ... ] }

YAML

ACCOUNT: - String ORGUNIT: - String

Properties

ACCOUNT

The account list for the map.

Required: No

Type: Array of String

Update requires: No interruption

ORGUNIT

The organizational unit list for the map.

Required: No

Type: Array of String

Update requires: No interruption