Guides

ORGANIZATIONS

docs.aws.amazon.com
AWS documentation

AcceptHandshake

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachPolicy

valid {
    input.Body.PolicyId == STRING
    input.Body.TargetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelHandshake

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CloseAccount

valid {
    input.Body.AccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAccount

enum_IAMUserAccessToBilling := [ "ALLOW", "DENY" ]

valid {
    input.Body.Email == STRING
    input.Body.AccountName == STRING
    input.Body.RoleName == STRING
    input.Body.IamUserAccessToBilling == enum_IAMUserAccessToBilling[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGovCloudAccount

enum_IAMUserAccessToBilling := [ "ALLOW", "DENY" ]

valid {
    input.Body.Email == STRING
    input.Body.AccountName == STRING
    input.Body.RoleName == STRING
    input.Body.IamUserAccessToBilling == enum_IAMUserAccessToBilling[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOrganization

enum_OrganizationFeatureSet := [ "ALL", "CONSOLIDATED_BILLING" ]

valid {
    input.Body.FeatureSet == enum_OrganizationFeatureSet[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOrganizationalUnit

valid {
    input.Body.ParentId == STRING
    input.Body.Name == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicy

enum_PolicyType := [ "SERVICE_CONTROL_POLICY", "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.Content == STRING
    input.Body.Description == STRING
    input.Body.Name == STRING
    input.Body.Type == enum_PolicyType[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeclineHandshake

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOrganization

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOrganizationalUnit

valid {
    input.Body.OrganizationalUnitId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicy

valid {
    input.Body.PolicyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteResourcePolicy

valid {
    input.Body.PolicyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterDelegatedAdministrator

valid {
    input.Body.AccountId == STRING
    input.Body.ServicePrincipal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAccount

valid {
    input.Body.AccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCreateAccountStatus

valid {
    input.Body.CreateAccountRequestId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEffectivePolicy

enum_EffectivePolicyType := [ "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.PolicyType == enum_EffectivePolicyType[_]
    input.Body.TargetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeHandshake

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOrganization

valid {
    input.Body.HandshakeId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOrganizationalUnit

valid {
    input.Body.OrganizationalUnitId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribePolicy

valid {
    input.Body.PolicyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeResourcePolicy

valid {
    input.Body.PolicyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachPolicy

valid {
    input.Body.PolicyId == STRING
    input.Body.TargetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableAWSServiceAccess

valid {
    input.Body.ServicePrincipal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisablePolicyType

enum_PolicyType := [ "SERVICE_CONTROL_POLICY", "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.RootId == STRING
    input.Body.PolicyType == enum_PolicyType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableAWSServiceAccess

valid {
    input.Body.ServicePrincipal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableAllFeatures

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnablePolicyType

enum_PolicyType := [ "SERVICE_CONTROL_POLICY", "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.RootId == STRING
    input.Body.PolicyType == enum_PolicyType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

InviteAccountToOrganization

enum_HandshakePartyType := [ "ACCOUNT", "ORGANIZATION", "EMAIL" ]

valid {
    input.Body.Target.Id == STRING
    input.Body.Target.Type == enum_HandshakePartyType[_]
    input.Body.Notes == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

LeaveOrganization

enum_HandshakePartyType := [ "ACCOUNT", "ORGANIZATION", "EMAIL" ]

valid {
    input.Body.Target.Id == STRING
    input.Body.Target.Type == enum_HandshakePartyType[_]
    input.Body.Notes == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAWSServiceAccessForOrganization

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccounts

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccountsForParent

valid {
    input.Body.ParentId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccountsWithInvalidEffectivePolicy

enum_EffectivePolicyType := [ "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.PolicyType == enum_EffectivePolicyType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListChildren

enum_ChildType := [ "ACCOUNT", "ORGANIZATIONAL_UNIT" ]

valid {
    input.Body.ParentId == STRING
    input.Body.ChildType == enum_ChildType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCreateAccountStatus

enum_CreateAccountState := [ "IN_PROGRESS", "SUCCEEDED", "FAILED" ]

valid {
    input.Body.States[_] == enum_CreateAccountState[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDelegatedAdministrators

valid {
    input.Body.ServicePrincipal == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDelegatedServicesForAccount

valid {
    input.Body.AccountId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListEffectivePolicyValidationErrors

enum_EffectivePolicyType := [ "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.AccountId == STRING
    input.Body.PolicyType == enum_EffectivePolicyType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListHandshakesForAccount

enum_ActionType := [ "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES", "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" ]

valid {
    input.Body.Filter.ActionType == enum_ActionType[_]
    input.Body.Filter.ParentHandshakeId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListHandshakesForOrganization

enum_ActionType := [ "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES", "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" ]

valid {
    input.Body.Filter.ActionType == enum_ActionType[_]
    input.Body.Filter.ParentHandshakeId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOrganizationalUnitsForParent

valid {
    input.Body.ParentId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListParents

valid {
    input.Body.ChildId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicies

enum_PolicyType := [ "SERVICE_CONTROL_POLICY", "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.Filter == enum_PolicyType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPoliciesForTarget

enum_PolicyType := [ "SERVICE_CONTROL_POLICY", "RESOURCE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", "DECLARATIVE_POLICY_EC2", "SECURITYHUB_POLICY" ]

valid {
    input.Body.TargetId == STRING
    input.Body.Filter == enum_PolicyType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRoots

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Body.ResourceId == STRING
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTargetsForPolicy

valid {
    input.Body.PolicyId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

MoveAccount

valid {
    input.Body.AccountId == STRING
    input.Body.SourceParentId == STRING
    input.Body.DestinationParentId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutResourcePolicy

valid {
    input.Body.Content == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterDelegatedAdministrator

valid {
    input.Body.AccountId == STRING
    input.Body.ServicePrincipal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveAccountFromOrganization

valid {
    input.Body.AccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.ResourceId == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.ResourceId == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOrganizationalUnit

valid {
    input.Body.OrganizationalUnitId == STRING
    input.Body.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePolicy

valid {
    input.Body.PolicyId == STRING
    input.Body.Name == STRING
    input.Body.Description == STRING
    input.Body.Content == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}