Organizations / Client / attach_policy

attach_policy

Organizations.Client.attach_policy(**kwargs)

Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:

• AISERVICES_OPT_OUT_POLICY

• BACKUP_POLICY

• SERVICE_CONTROL_POLICY

• TAG_POLICY

This operation can be called only from the organization’s management account or by a member account that is a delegated administrator for an Amazon Web Services service.

See also: AWS API Documentation

Request Syntax

response = client.attach_policy(
    PolicyId='string',
    TargetId='string'
)

Parameters:

• PolicyId (string) –

  [REQUIRED]

  The unique identifier (ID) of the policy that you want to attach to the target. You can get the ID for the policy by calling the ListPolicies operation.

  The regex pattern for a policy ID string requires “p-” followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

• TargetId (string) –

  [REQUIRED]

  The unique identifier (ID) of the root, OU, or account that you want to attach the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.

  The regex pattern for a target ID string requires one of the following:

  • Root - A string that begins with “r-” followed by from 4 to 32 lowercase letters or digits.

  • Account - A string that consists of exactly 12 digits.

  • Organizational unit (OU) - A string that begins with “ou-” followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second “-” dash and from 8 to 32 additional lowercase letters or digits.

Returns:

None

Exceptions

• Organizations.Client.exceptions.AccessDeniedException

• Organizations.Client.exceptions.AWSOrganizationsNotInUseException

• Organizations.Client.exceptions.ConcurrentModificationException

• Organizations.Client.exceptions.ConstraintViolationException

• Organizations.Client.exceptions.DuplicatePolicyAttachmentException

• Organizations.Client.exceptions.InvalidInputException

• Organizations.Client.exceptions.PolicyNotFoundException

• Organizations.Client.exceptions.PolicyTypeNotEnabledException

• Organizations.Client.exceptions.ServiceException

• Organizations.Client.exceptions.TargetNotFoundException

• Organizations.Client.exceptions.TooManyRequestsException

• Organizations.Client.exceptions.UnsupportedAPIEndpointException

• Organizations.Client.exceptions.PolicyChangesInProgressException

Examples

The following example shows how to attach a service control policy (SCP) to an OU:

response = client.attach_policy(
    PolicyId='p-examplepolicyid111',
    TargetId='ou-examplerootid111-exampleouid111',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

The following example shows how to attach a service control policy (SCP) to an account:

response = client.attach_policy(
    PolicyId='p-examplepolicyid111',
    TargetId='333333333333',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}