organization_admins
Creates, updates, deletes or gets an organization_admin resource or lists organization_admins in a region
Overview
| Name | organization_admins |
| Type | Resource |
| Description | Resource schema for AWS::Detective::OrganizationAdmin |
| Id | awscc.detective.organization_admins |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
account_id | string | The account ID of the account that should be registered as your Organization's delegated administrator for Detective |
graph_arn | string | The Detective graph ARN |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
account_id | string | The account ID of the account that should be registered as your Organization's delegated administrator for Detective |
region | string | AWS region. |
For more information, see AWS::Detective::OrganizationAdmin.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | organization_admins | INSERT | AccountId, region |
delete_resource | organization_admins | DELETE | Identifier, region |
list_resources | organization_admins_list_only | SELECT | region |
get_resource | organization_admins | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual organization_admin.
SELECT
region,
account_id,
graph_arn
FROM awscc.detective.organization_admins
WHERE
region = 'us-east-1' AND
Identifier = '{{ account_id }}';
Lists all organization_admins in a region.
SELECT
region,
account_id
FROM awscc.detective.organization_admins_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new organization_admin resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.detective.organization_admins (
AccountId,
region
)
SELECT
'{{ account_id }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.detective.organization_admins (
AccountId,
region
)
SELECT
'{{ account_id }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: organization_admin
props:
- name: account_id
value: '{{ account_id }}'
DELETE example
/*+ delete */
DELETE FROM awscc.detective.organization_admins
WHERE
Identifier = '{{ account_id }}' AND
region = 'us-east-1';
Permissions
To operate on the organization_admins resource, the following permissions are required:
- Create
- Read
- Delete
- List
detective:EnableOrganizationAdminAccount,
detective:ListOrganizationAdminAccount,
iam:CreateServiceLinkedRole,
organizations:RegisterDelegatedAdministrator,
organizations:DescribeOrganization,
organizations:EnableAWSServiceAccess,
organizations:ListAccounts
detective:ListOrganizationAdminAccount,
organizations:DescribeOrganization
detective:DisableOrganizationAdminAccount,
detective:ListOrganizationAdminAccount,
organizations:DescribeOrganization
detective:ListOrganizationAdminAccount,
organizations:DescribeOrganization