[ aws . organizations ]
Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that AWS performs in the background. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization’s management account.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
enable-policy-type
--root-id <value>
--policy-type <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--root-id
(string)
The unique identifier (ID) of the root in which you want to enable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires “r-” followed by from 4 to 32 lowercase letters or digits.
--policy-type
(string)
The policy type that you want to enable. You can specify one of the following values:
Possible values:
SERVICE_CONTROL_POLICY
TAG_POLICY
BACKUP_POLICY
AISERVICES_OPT_OUT_POLICY
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To enable the use of a policy type in a root
The following example shows how to enable the service control policy (SCP) policy type in a root:
aws organizations enable-policy-type --root-id r-examplerootid111 --policy-type SERVICE_CONTROL_POLICY
The output shows a root object with a policyTypes response element showing that SCPs are now enabled:
{
"Root": {
"PolicyTypes": [
{
"Status":"ENABLED",
"Type":"SERVICE_CONTROL_POLICY"
}
],
"Id": "r-examplerootid111",
"Name": "Root",
"Arn": "arn:aws:organizations::111111111111:root/o-exampleorgid/r-examplerootid111"
}
}
Root -> (structure)
A structure that shows the root with the updated list of enabled policy types.
Id -> (string)
The unique identifier (ID) for the root.
The regex pattern for a root ID string requires “r-” followed by from 4 to 32 lowercase letters or digits.
Arn -> (string)
The Amazon Resource Name (ARN) of the root.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
Name -> (string)
The friendly name of the root.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
PolicyTypes -> (list)
The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.
Note
Even if a policy type is shown as available in the organization, you can separately enable and disable them at the root level by using EnablePolicyType and DisablePolicyType . Use DescribeOrganization to see the availability of the policy types in that organization.
(structure)
Contains information about a policy type and its status in the associated root.
Type -> (string)
The name of the policy type.
Status -> (string)
The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.