Class CfnAccount
A CloudFormation AWS::Organizations::Account
.
Inherited Members
Namespace: Amazon.CDK.AWS.Organizations
Assembly: Amazon.CDK.AWS.Organizations.dll
Syntax (csharp)
public class CfnAccount : CfnResource, IConstruct, IDependable, IInspectable
Syntax (vb)
Public Class CfnAccount
Inherits CfnResource
Implements IConstruct, IDependable, IInspectable
Remarks
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
AWS CloudFormation uses the CreateAccount
operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount
permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations
. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource
permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole
by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating an AWS account in Your Organization in the AWS Organizations User Guide.
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy
for resource AWS::Organizations::Account
is Retain
. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName
and Email
, you must sign in to the AWS Management Console as the AWS account root user. For more information, see Modifying the account name, email address, or password for the AWS account root user in the AWS Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Organizations;
var cfnAccount = new CfnAccount(this, "MyCfnAccount", new CfnAccountProps {
AccountName = "accountName",
Email = "email",
// the properties below are optional
ParentIds = new [] { "parentIds" },
RoleName = "roleName",
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
});
Synopsis
Constructors
CfnAccount(Construct, String, ICfnAccountProps) | Create a new |
CfnAccount(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnAccount(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
AccountName | The account name given to the account when it was created. |
AttrAccountId | Returns the unique identifier (ID) of the account. |
AttrArn | Returns the Amazon Resource Name (ARN) of the account. |
AttrJoinedMethod | Returns the method by which the account joined the organization. |
AttrJoinedTimestamp | Returns the date the account became a part of the organization. |
AttrStatus | Returns the status of the account in the organization. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
The email address associated with the AWS account. |
|
ParentIds | The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in. |
RoleName | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. |
Tags | A list of tags that you want to attach to the newly created account. |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnAccount(Construct, String, ICfnAccountProps)
Create a new AWS::Organizations::Account
.
public CfnAccount(Construct scope, string id, ICfnAccountProps props)
Parameters
- scope Construct
- scope in which this resource is defined.
- id System.String
- scoped id of the resource.
- props ICfnAccountProps
- resource properties.
CfnAccount(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnAccount(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnAccount(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnAccount(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
AccountName
The account name given to the account when it was created.
public virtual string AccountName { get; set; }
Property Value
System.String
Remarks
AttrAccountId
Returns the unique identifier (ID) of the account.
public virtual string AttrAccountId { get; }
Property Value
System.String
Remarks
For example: 123456789012
.
CloudformationAttribute: AccountId
AttrArn
Returns the Amazon Resource Name (ARN) of the account.
public virtual string AttrArn { get; }
Property Value
System.String
Remarks
For example: arn:aws:organizations::111111111111:account/o-exampleorgid/555555555555
.
CloudformationAttribute: Arn
AttrJoinedMethod
Returns the method by which the account joined the organization.
public virtual string AttrJoinedMethod { get; }
Property Value
System.String
Remarks
For example: INVITED | CREATED
.
CloudformationAttribute: JoinedMethod
AttrJoinedTimestamp
Returns the date the account became a part of the organization.
public virtual string AttrJoinedTimestamp { get; }
Property Value
System.String
Remarks
For example: 2016-11-24T11:11:48-08:00
.
CloudformationAttribute: JoinedTimestamp
AttrStatus
Returns the status of the account in the organization.
public virtual string AttrStatus { get; }
Property Value
System.String
Remarks
For example: ACTIVE | SUSPENDED | PENDING_CLOSURE
.
CloudformationAttribute: Status
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
The email address associated with the AWS account.
public virtual string Email { get; set; }
Property Value
System.String
Remarks
The regex pattern for this parameter is a string of characters that represents a standard internet email address.
ParentIds
The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.
public virtual string[] ParentIds { get; set; }
Property Value
System.String[]
Remarks
If you don't specify this parameter, the ParentId
defaults to the root ID.
This parameter only accepts a string array with one string value.
The regex pattern for a parent ID string requires one of the following:
RoleName
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
public virtual string RoleName { get; set; }
Property Value
System.String
Remarks
This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account.
If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole
.
For more information about how to use this role to access the member account, see the following links:
The regex pattern that is used to validate this parameter. The pattern can include uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
Tags
A list of tags that you want to attach to the newly created account.
public virtual TagManager Tags { get; }
Property Value
Remarks
For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null
. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
If any one of the tags is not valid or if you exceed the maximum allowed number of tags for an account, then the entire request fails and the account is not created.
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
- tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>