[ aws . organizations ]
Creates an Amazon Web Services organization. The account whose user is calling the CreateOrganization
operation automatically becomes the management account of the new organization.
This operation must be called using credentials from the account that is to become the new organization’s management account. The principal must also have the relevant IAM permissions.
By default (or if you set the FeatureSet
parameter to ALL
), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet
parameter to CONSOLIDATED_BILLING"
, no policy types are enabled by default, and you can’t use organization policies
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-organization
[--feature-set <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--feature-set
(string)
Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.
CONSOLIDATED_BILLING
: All member accounts have their bills consolidated to and paid by the management account. For more information, see Consolidated billing in the Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the Amazon Web Services GovCloud (US) Region.
ALL
: In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. For more information, see All features in the Organizations User Guide.Possible values:
ALL
CONSOLIDATED_BILLING
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
See ‘aws help’ for descriptions of global parameters.
Note
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
Example 1: To create a new organization
Bill wants to create an organization using credentials from account 111111111111. The following example shows that the account becomes the master account in the new organization. Because he does not specify a features set, the new organization defaults to all features enabled and service control policies are enabled on the root.
aws organizations create-organization
The output includes an organization object with details about the new organization:
{
"Organization": {
"AvailablePolicyTypes": [
{
"Status": "ENABLED",
"Type": "SERVICE_CONTROL_POLICY"
}
],
"MasterAccountId": "111111111111",
"MasterAccountArn": "arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111",
"MasterAccountEmail": "bill@example.com",
"FeatureSet": "ALL",
"Id": "o-exampleorgid",
"Arn": "arn:aws:organizations::111111111111:organization/o-exampleorgid"
}
}
Example 2: To create a new organization with only consolidated billing features enabled
The following example creates an organization that supports only the consolidated billing features:
aws organizations create-organization --feature-set CONSOLIDATED_BILLING
The output includes an organization object with details about the new organization:
{
"Organization": {
"Arn": "arn:aws:organizations::111111111111:organization/o-exampleorgid",
"AvailablePolicyTypes": [],
"Id": "o-exampleorgid",
"MasterAccountArn": "arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111",
"MasterAccountEmail": "bill@example.com",
"MasterAccountId": "111111111111",
"FeatureSet": "CONSOLIDATED_BILLING"
}
}
For more information, see Creating an Organization in the AWS Organizations Users Guide.
Organization -> (structure)
A structure that contains details about the newly created organization.
Id -> (string)
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires “o-” followed by from 10 to 32 lowercase letters or digits.
Arn -> (string)
The Amazon Resource Name (ARN) of an organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference .
FeatureSet -> (string)
Specifies the functionality that currently is available to the organization. If set to “ALL”, then all features are enabled and policies can be applied to accounts in the organization. If set to “CONSOLIDATED_BILLING”, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the Organizations User Guide .
MasterAccountArn -> (string)
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference .
MasterAccountId -> (string)
The unique identifier (ID) of the management account of an organization.
The regex pattern for an account ID string requires exactly 12 digits.
MasterAccountEmail -> (string)
The email address that is associated with the Amazon Web Services account that is designated as the management account for the organization.
AvailablePolicyTypes -> (list)
Warning
Do not use. This field is deprecated and doesn’t provide complete information about the policies in your organization.
To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.
(structure)
Contains information about a policy type and its status in the associated root.
Type -> (string)
The name of the policy type.
Status -> (string)
The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.