[ aws . organizations ]

create-organization

Description

Creates an AWS organization. The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.

This operation must be called using credentials from the account that is to become the new organization’s management account. The principal must also have the relevant IAM permissions.

By default (or if you set the FeatureSet parameter to ALL ), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet parameter to CONSOLIDATED_BILLING" , no policy types are enabled by default, and you can’t use organization policies

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-organization
[--feature-set <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--feature-set (string)

Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.

  • CONSOLIDATED_BILLING : All member accounts have their bills consolidated to and paid by the management account. For more information, see Consolidated billing in the AWS Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the AWS GovCloud (US) Region.

  • ALL : In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. For more information, see All features in the AWS Organizations User Guide.

Possible values:

  • ALL

  • CONSOLIDATED_BILLING

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

Example 1: To create a new organization

Bill wants to create an organization using credentials from account 111111111111. The following example shows that the account becomes the master account in the new organization. Because he does not specify a features set, the new organization defaults to all features enabled and service control policies are enabled on the root.

aws organizations create-organization

The output includes an organization object with details about the new organization:

{
        "Organization": {
                "AvailablePolicyTypes": [
                        {
                                "Status": "ENABLED",
                                "Type": "SERVICE_CONTROL_POLICY"
                        }
                ],
                "MasterAccountId": "111111111111",
                "MasterAccountArn": "arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111",
                "MasterAccountEmail": "bill@example.com",
                "FeatureSet": "ALL",
                "Id": "o-exampleorgid",
                "Arn": "arn:aws:organizations::111111111111:organization/o-exampleorgid"
        }
}

Example 2: To create a new organization with only consolidated billing features enabled

The following example creates an organization that supports only the consolidated billing features:

aws organizations create-organization --feature-set CONSOLIDATED_BILLING

The output includes an organization object with details about the new organization:

{
        "Organization": {
                "Arn": "arn:aws:organizations::111111111111:organization/o-exampleorgid",
                "AvailablePolicyTypes": [],
                "Id": "o-exampleorgid",
                "MasterAccountArn": "arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111",
                "MasterAccountEmail": "bill@example.com",
                "MasterAccountId": "111111111111",
                "FeatureSet": "CONSOLIDATED_BILLING"
        }
}

For more information, see Creating an Organization in the AWS Organizations Users Guide.

Output

Organization -> (structure)

A structure that contains details about the newly created organization.

Id -> (string)

The unique identifier (ID) of an organization.

The regex pattern for an organization ID string requires “o-” followed by from 10 to 32 lowercase letters or digits.

Arn -> (string)

The Amazon Resource Name (ARN) of an organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .

FeatureSet -> (string)

Specifies the functionality that currently is available to the organization. If set to “ALL”, then all features are enabled and policies can be applied to accounts in the organization. If set to “CONSOLIDATED_BILLING”, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .

MasterAccountArn -> (string)

The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .

MasterAccountId -> (string)

The unique identifier (ID) of the management account of an organization.

The regex pattern for an account ID string requires exactly 12 digits.

MasterAccountEmail -> (string)

The email address that is associated with the AWS account that is designated as the management account for the organization.

AvailablePolicyTypes -> (list)

Warning

Do not use. This field is deprecated and doesn’t provide complete information about the policies in your organization.

To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.

(structure)

Contains information about a policy type and its status in the associated root.

Type -> (string)

The name of the policy type.

Status -> (string)

The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.