Options
All
  • Public
  • Public/Protected
  • All
English
  • English
  • Français
Menu
Warning
The configuration file schema documentation is a work in progress. Please use this draft document with caution. The deeper you browse into the hierarchy, the less accurate the definitions are likely to be.

Organizational units allows for the grouping of AWS accounts and provisioning unique personas or configurations to groups of AWS accounts. In most cases, the majority of a workload accounts persona or configuration will be defined in this section based on the accounts Organizational Unit (OU). A common set of OUs could include: Security, Infrastructure, Sandbox, Dev, Test, Prod, Central. This is where you configure services and features that will be shared or common to the accounts inside the Organizational Unit.

Hierarchy

  • OrganizationalUnitConfiguration

Index

Properties

Properties

Optional alb

alb: (ALBConfig2 | { action-type: string; apply-tags?: {}; cross-zone?: boolean; endpoint-subnets: { account?: string; subnet: string; vpc: string }[]; ip-type: string; name: string; subnets: string; targets: ALBTargetConfig5[]; type: "GWLB"; vpc: string })[]
Title: ELB
Description: Deploys an ELB (ALB and/or GWLB), per the defined configuration, in every account in the OU.

Optional aws-config

aws-config: AWSConfigRules1[]
Title: AWS Config Rules
Description: A list of config rules defined in `global-options` to be deployed in every account in this OU.

Optional certificates

certificates: (ImportCertificateConfig2 | CertificateRequestConfig2)[]
Title: Certificates
Description: Defines certificates to be created or imported into every account in the OU.

Optional default-budgets

default-budgets: BudgetConfig2
Title: Default Budgets
Description: AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. This setting defines the AWS Budget configuration which will be created in every account in the OU.

Optional description

description: string
Title: Description
Description: Description field used in the future GUI, and allows customers to provide a purpose for this OU.

Optional gui-perm

gui-perm: boolean
Title: GUI Permission
Description: Set to true to block this field from being edited in the GUI.

Optional iam

iam: IAMConfig2
Title: IAM
Description: Creates the defined IAM users, roles, and policies in every account in the OU.

scps

scps: string[]
Title: SCPs
Description: A list of SCPs which were defined in `global-options` and are to be attached to this OU.

Optional share-mad-from

share-mad-from: string
Title: Share MAD From
Description: Shares the Managed Microsoft Active Directory (MAD) from the account specified in this parameter to each account in this OU.

Optional ssm-automation

ssm-automation: SSMShareAutomation2[]
Title: SSM Automation Documents
Description: A list of the SSM automation documents defined and created within `global-options` to be *shared* into every account within this OU.

Optional ssm-inventory-collection

ssm-inventory-collection: boolean
Title: SSM Inventory Collection
Description: When true, deploys and configures SSM Inventory Collection.

type

type: string
Title: Type
Description: This field is on path to be deprecated. Set to "mandatory" for the core, Security and Infrastructure OUs, all other OUs set to "ignore".

Optional vpc

vpc: VPCConfig2[]
Title: VPC
Description: Either: a) defines and creates the VPC(s) that will be shared with every account in the OU, or b) defines and creates the VPC(s) in every account in the OU.