# Amazon Organization

## Example Usage

***

{% tabs %}
{% tab title="Terraform" %}
{% code title="aws-organization-integration.tf" %}

```tf
resource "apono_integration" "aws-organization-integration" {
  name                     = "Amazon Organization"
  type                     = "aws-organization"
  connector_id             = "apono-connector-id"
  connected_resource_types = ["aws-organization-account"]
  metadata = {
    region = "<Region>"
    aws_sso_region = "<AWS SSO Region>"
    aws_resource_explorer_region = "<AWS Resource Explorer Region>"
    aws_sso_portal = "<SSO Portal>"
    management_account_role_arn = "<Management Account Role ARN>"
    filter_not_organizational_unit_ids = "<Exclude Organizational Unit IDs>"
    user_assuming_role_arns = "<Assumable Roles>"
    session_duration_hours = "<Session Duration (in Hours)>"
    filter_not_account_ids = "<Exclude Account IDs>"
    enable_audit = "<Enable Audit>"
  }
}
```

{% endcode %}
{% endtab %}

{% tab title="Terraform V2" %}
{% code title="aws-organization-integration.tf" %}

```tf
resource "apono_resource_integration" "aws-organization-integration" {
  name                     = "Amazon Organization"
  type                     = "aws-organization"
  connector_id             = "apono-connector-id"
  connected_resource_types = ["aws-organization-account"]
  integration_config = {
    region = "<Region>"
    aws_sso_region = "<AWS SSO Region>"
    aws_resource_explorer_region = "<AWS Resource Explorer Region>"
    aws_sso_portal = "<SSO Portal>"
    management_account_role_arn = "<Management Account Role ARN>"
    filter_not_organizational_unit_ids = "<Exclude Organizational Unit IDs>"
    user_assuming_role_arns = "<Assumable Roles>"
    session_duration_hours = "<Session Duration (in Hours)>"
    filter_not_account_ids = "<Exclude Account IDs>"
    enable_audit = "<Enable Audit>"
  }
}
```

{% endcode %}
{% endtab %}

{% tab title="Public API" %}
{% code title="aws-organization-integration.json" %}

```json
{
    "aws-organization-integration": {
        "name": "Amazon Organization",
        "type": "aws-organization",
        "connector_id": "apono-connector-id",
        "connected_resource_types": [
            "aws-organization-account"
        ],
        "integration_config": {
            "region": "<Region>",
            "aws_sso_region": "<AWS SSO Region>",
            "aws_resource_explorer_region": "<AWS Resource Explorer Region>",
            "aws_sso_portal": "<SSO Portal>",
            "management_account_role_arn": "<Management Account Role ARN>",
            "filter_not_organizational_unit_ids": "<Exclude Organizational Unit IDs>",
            "user_assuming_role_arns": "<Assumable Roles>",
            "session_duration_hours": "<Session Duration (in Hours)>",
            "filter_not_account_ids": "<Exclude Account IDs>",
            "enable_audit": "<Enable Audit>",
        }
    }
}
```

{% endcode %}
{% endtab %}
{% endtabs %}

## Schema

***

* `type` aws-organization
* `connected_resource_types` List of resource types to sync.

<details>

<summary>Available resource types you can use</summary>

* aws-organization-account
* aws-organization-s3-bucket
* aws-organization-s3-folder
* aws-organization-iam-group
* aws-organization-iam-role
* aws-organization-customer-managed-iam-policy
* aws-organization-account-iam-managed-policy
* aws-organization-systems-manager-parameter-store
* aws-organization-systems-manager-parameter-store-param
* aws-organization-ec2-loadbalancer
* aws-organization-ec2-instance
* aws-organization-ec2-service
* aws-organization-eks-cluster-v2
* aws-organization-eks-namespace
* aws-organization-eks-group
* aws-organization-ecr
* aws-organization-ecr-repository
* aws-organization-ecs-cluster
* aws-organization-sagemaker-notebook
* aws-organization-lambda-function
* aws-organization-secrets-manager-secret
* aws-organization-sqs-queue
* aws-organization-sns-topic
* aws-organization-dynamodb-table
* aws-organization-cloudformation-stack
* aws-organization-cloudformation-stackset
* aws-organization-kms-key
* aws-organization-emr-cluster
* aws-organization-acm-certificate
* aws-organization-ses
* aws-organization-cognito
* aws-organization-elasticache
* aws-organization-route53
* aws-organization-route53-hostedzone
* aws-organization-permission-boundary

</details>

### Integration Config

***

* `region` (Required | String) Region
  * Possible values: us-east-1, us-east-2, us-west-1, us-west-2, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-south-1, eu-south-2, eu-west-3, eu-north-1, af-south-1, ap-east-1, ap-southeast-3, ap-southeast-4, ap-southeast-5, ap-southeast-7, ap-south-1, ap-south-2, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, ca-west-1, me-south-1, me-central-1, sa-east-1, il-central-1, mx-central-1
* `aws_sso_region` (Required | String) AWS SSO Region
  * Default value: `us-east-1`
  * Possible values: us-east-1, us-east-2, us-west-1, us-west-2, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-south-1, eu-south-2, eu-west-3, eu-north-1, af-south-1, ap-east-1, ap-southeast-3, ap-southeast-4, ap-southeast-5, ap-southeast-7, ap-south-1, ap-south-2, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, ca-west-1, me-south-1, me-central-1, sa-east-1, il-central-1, mx-central-1
* `aws_resource_explorer_region` (Optional | String) AWS Resource Explorer Region
  * Possible values: us-east-1, us-east-2, us-west-1, us-west-2, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-south-1, eu-south-2, eu-west-3, eu-north-1, af-south-1, ap-east-1, ap-southeast-3, ap-southeast-4, ap-southeast-5, ap-southeast-7, ap-south-1, ap-south-2, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, ca-west-1, me-south-1, me-central-1, sa-east-1, il-central-1, mx-central-1
* `aws_sso_portal` (Required | String) SSO Portal
* `management_account_role_arn` (Optional | String) Management Account Role ARN
* `filter_not_organizational_unit_ids` (Optional | String) Exclude Organizational Unit IDs
* `user_assuming_role_arns` (Optional | String) Assumable Roles
* `session_duration_hours` (Optional | String) Session Duration (in Hours)
  * Possible values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
* `filter_not_account_ids` (Optional | String) Exclude Account IDs
* `enable_audit` (Optional | String) Enable Audit
  * Default value: `false`
  * Possible values: true, false


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/metadata-for-integration-config/integration-metadata/aws-organization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.