API.md

API Reference

Constructs

IPAMAdministratorProvider

Initializers

import { IPAMAdministratorProvider } from '@renovosolutions/cdk-library-aws-organization'

new IPAMAdministratorProvider(scope: Construct, id: string, props: IPAMAdministratorProviderProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.IPAMAdministratorProviderProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.IPAMAdministratorProviderProps

---

Properties

Name	Type	Description
provider*	aws-cdk-lib.custom_resources.Provider	No description.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

---

IPAMdministrator

The construct to create or update the delegated IPAM administrator for an organization.

This relies on the custom resource provider IPAMAdministratorProvider.

Initializers

import { IPAMdministrator } from '@renovosolutions/cdk-library-aws-organization'

new IPAMdministrator(scope: Construct, id: string, props: IPAMAdministratorProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.IPAMAdministratorProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.IPAMAdministratorProps

---

Properties

Name	Type	Description
resource*	aws-cdk-lib.CustomResource	No description.

---

resource^Required

public readonly resource: CustomResource;

• Type: aws-cdk-lib.CustomResource

---

OrganizationAccount

The construct to create or update an Organization account.

This relies on the custom resource provider OrganizationAccountProvider.

Initializers

import { OrganizationAccount } from '@renovosolutions/cdk-library-aws-organization'

new OrganizationAccount(scope: Construct, id: string, props: AccountResourceProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.AccountResourceProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.AccountResourceProps

---

Properties

Name	Type	Description
resource*	aws-cdk-lib.CustomResource	No description.

---

resource^Required

public readonly resource: CustomResource;

• Type: aws-cdk-lib.CustomResource

---

OrganizationAccountProvider

The provider for account custom resources.

This creates a lambda function that handles custom resource requests for creating/updating accounts.

Initializers

import { OrganizationAccountProvider } from '@renovosolutions/cdk-library-aws-organization'

new OrganizationAccountProvider(scope: Construct, id: string, props: OrganizationOUProviderProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.OrganizationOUProviderProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.OrganizationOUProviderProps

---

Properties

Name	Type	Description
provider*	aws-cdk-lib.custom_resources.Provider	No description.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

---

OrganizationOU

The construct to create or update an Organization OU.

This relies on the custom resource provider OrganizationOUProvider.

Initializers

import { OrganizationOU } from '@renovosolutions/cdk-library-aws-organization'

new OrganizationOU(scope: Construct, id: string, props: OUResourceProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.OUResourceProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.OUResourceProps

---

Properties

Name	Type	Description
resource*	aws-cdk-lib.CustomResource	No description.

---

resource^Required

public readonly resource: CustomResource;

• Type: aws-cdk-lib.CustomResource

---

OrganizationOUProvider

The provider for OU custom resources.

This creates a lambda function that handles custom resource requests for creating/updating/deleting OUs.

Initializers

import { OrganizationOUProvider } from '@renovosolutions/cdk-library-aws-organization'

new OrganizationOUProvider(scope: Construct, id: string, props: OrganizationOUProviderProps)

Name	Type	Description
scope*	constructs.Construct	No description.
id*	string	No description.
props*	@renovosolutions/cdk-library-aws-organization.OrganizationOUProviderProps	No description.

---

scope^Required

• Type: constructs.Construct

---

id^Required

• Type: string

---

props^Required

• Type: @renovosolutions/cdk-library-aws-organization.OrganizationOUProviderProps

---

Properties

Name	Type	Description
provider*	aws-cdk-lib.custom_resources.Provider	No description.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

---

Structs

AccountProps

The properties of an Account.

Initializer

import { AccountProps } from '@renovosolutions/cdk-library-aws-organization'

const accountProps: AccountProps = { ... }

Properties

Name	Type	Description
email*	string	The email address of the account.
name*	string	The name of the account.
allowMove	boolean	Whether or not to allow this account to be moved between OUs.
disableDelete	boolean	Whether or not attempting to delete an account should raise an error.
importOnDuplicate	boolean	Whether or not to import an existing account if the new account is a duplicate.

---

email^Required

public readonly email: string;

• Type: string

The email address of the account.

Most be unique.

---

name^Required

public readonly name: string;

• Type: string

The name of the account.

---

allowMove^Optional

public readonly allowMove: boolean;

• Type: boolean
• Default: false

Whether or not to allow this account to be moved between OUs.

If importing is enabled this will also allow imported accounts to be moved.

---

disableDelete^Optional

public readonly disableDelete: boolean;

• Type: boolean
• Default: false

Whether or not attempting to delete an account should raise an error.

Accounts cannot be deleted programmatically, but they can be removed as a managed resource. This property will allow you to control whether or not an error is thrown when the stack wants to delete an account (orphan it) or if it should continue silently.

https://aws.amazon.com/premiumsupport/knowledge-center/close-aws-account/

---

importOnDuplicate^Optional

public readonly importOnDuplicate: boolean;

• Type: boolean
• Default: false

Whether or not to import an existing account if the new account is a duplicate.

If this is false and the account already exists an error will be thrown.

---

AccountResourceProps

The properties of an OrganizationAccount custom resource.

Initializer

import { AccountResourceProps } from '@renovosolutions/cdk-library-aws-organization'

const accountResourceProps: AccountResourceProps = { ... }

Properties

Name	Type	Description
email*	string	The email address of the account.
name*	string	The name of the account.
allowMove	boolean	Whether or not to allow this account to be moved between OUs.
disableDelete	boolean	Whether or not attempting to delete an account should raise an error.
importOnDuplicate	boolean	Whether or not to import an existing account if the new account is a duplicate.
parent*	string | @renovosolutions/cdk-library-aws-organization.OrganizationOU	The parent OU id.
provider*	aws-cdk-lib.custom_resources.Provider	The provider to use for the custom resource that will create the OU.

---

email^Required

public readonly email: string;

• Type: string

The email address of the account.

Most be unique.

---

name^Required

public readonly name: string;

• Type: string

The name of the account.

---

allowMove^Optional

public readonly allowMove: boolean;

• Type: boolean
• Default: false

Whether or not to allow this account to be moved between OUs.

If importing is enabled this will also allow imported accounts to be moved.

---

disableDelete^Optional

public readonly disableDelete: boolean;

• Type: boolean
• Default: false

Whether or not attempting to delete an account should raise an error.

Accounts cannot be deleted programmatically, but they can be removed as a managed resource. This property will allow you to control whether or not an error is thrown when the stack wants to delete an account (orphan it) or if it should continue silently.

https://aws.amazon.com/premiumsupport/knowledge-center/close-aws-account/

---

importOnDuplicate^Optional

public readonly importOnDuplicate: boolean;

• Type: boolean
• Default: false

Whether or not to import an existing account if the new account is a duplicate.

If this is false and the account already exists an error will be thrown.

---

parent^Required

public readonly parent: string | OrganizationOU;

• Type: string | @renovosolutions/cdk-library-aws-organization.OrganizationOU

The parent OU id.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

The provider to use for the custom resource that will create the OU.

You can create a provider with the OrganizationOuProvider class

---

OrganizationAccountProviderProps

The properties for the account custom resource provider.

Initializer

import { OrganizationAccountProviderProps } from '@renovosolutions/cdk-library-aws-organization'

const organizationAccountProviderProps: OrganizationAccountProviderProps = { ... }

Properties

Name	Type	Description
role	aws-cdk-lib.aws_iam.IRole	The role the custom resource should use for taking actions on OUs if one is not provided one will be created automatically.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

The role the custom resource should use for taking actions on OUs if one is not provided one will be created automatically.

---

OrganizationOUProviderProps

The properties for the OU custom resource provider.

Initializer

import { OrganizationOUProviderProps } from '@renovosolutions/cdk-library-aws-organization'

const organizationOUProviderProps: OrganizationOUProviderProps = { ... }

Properties

Name	Type	Description
role	aws-cdk-lib.aws_iam.IRole	The role the custom resource should use for taking actions on OUs if one is not provided one will be created automatically.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

The role the custom resource should use for taking actions on OUs if one is not provided one will be created automatically.

---

OUObject

The structure of an OrgObject.

Initializer

import { OUObject } from '@renovosolutions/cdk-library-aws-organization'

const oUObject: OUObject = { ... }

Properties

Name	Type	Description
children*	@renovosolutions/cdk-library-aws-organization.OUObject[]	OUs that are children of this OU.
properties*	@renovosolutions/cdk-library-aws-organization.OUProps	The OU object properties.
accounts	@renovosolutions/cdk-library-aws-organization.AccountProps[]	Accounts that belong to this OU.
id	string	The unique id of the OUObject.

---

children^Required

public readonly children: OUObject[];

• Type: @renovosolutions/cdk-library-aws-organization.OUObject[]

OUs that are children of this OU.

---

properties^Required

public readonly properties: OUProps;

• Type: @renovosolutions/cdk-library-aws-organization.OUProps

The OU object properties.

---

accounts^Optional

public readonly accounts: AccountProps[];

• Type: @renovosolutions/cdk-library-aws-organization.AccountProps[]

Accounts that belong to this OU.

---

id^Optional

public readonly id: string;

• Type: string

The unique id of the OUObject.

This is used as the unique identifier when instantiating a construct object. This is important for the CDK to be able to maintain a reference for the object when utilizing the processOUObj function rather then using the name property of an object which could change. If the id changes the CDK treats this as a new construct and will create a new construct resource and destroy the old one. Not strictly required but useful when using the processOUObj function. If the id is not provided the name property will be used as the id in processOUObj. You can create a unique id however you like. A bash example is provided.

---

OUProps

The properties of an OU.

Initializer

import { OUProps } from '@renovosolutions/cdk-library-aws-organization'

const oUProps: OUProps = { ... }

Properties

Name	Type	Description
name*	string	The name of the OU.
allowRecreateOnUpdate	boolean	Whether or not a missing OU should be recreated during an update.
importOnDuplicate	boolean	Whether or not to import an existing OU if the new OU is a duplicate.

---

name^Required

public readonly name: string;

• Type: string

The name of the OU.

---

allowRecreateOnUpdate^Optional

public readonly allowRecreateOnUpdate: boolean;

• Type: boolean
• Default: false

Whether or not a missing OU should be recreated during an update.

If this is false and the OU does not exist an error will be thrown when you try to update it.

---

importOnDuplicate^Optional

public readonly importOnDuplicate: boolean;

• Type: boolean
• Default: false

Whether or not to import an existing OU if the new OU is a duplicate.

If this is false and the OU already exists an error will be thrown.

---

OUResourceProps

The properties of an OrganizationOU custom resource.

Initializer

import { OUResourceProps } from '@renovosolutions/cdk-library-aws-organization'

const oUResourceProps: OUResourceProps = { ... }

Properties

Name	Type	Description
name*	string	The name of the OU.
allowRecreateOnUpdate	boolean	Whether or not a missing OU should be recreated during an update.
importOnDuplicate	boolean	Whether or not to import an existing OU if the new OU is a duplicate.
parent*	string | @renovosolutions/cdk-library-aws-organization.OrganizationOU	The parent OU id.
provider*	aws-cdk-lib.custom_resources.Provider	The provider to use for the custom resource that will create the OU.

---

name^Required

public readonly name: string;

• Type: string

The name of the OU.

---

allowRecreateOnUpdate^Optional

public readonly allowRecreateOnUpdate: boolean;

• Type: boolean
• Default: false

Whether or not a missing OU should be recreated during an update.

If this is false and the OU does not exist an error will be thrown when you try to update it.

---

importOnDuplicate^Optional

public readonly importOnDuplicate: boolean;

• Type: boolean
• Default: false

Whether or not to import an existing OU if the new OU is a duplicate.

If this is false and the OU already exists an error will be thrown.

---

parent^Required

public readonly parent: string | OrganizationOU;

• Type: string | @renovosolutions/cdk-library-aws-organization.OrganizationOU

The parent OU id.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

The provider to use for the custom resource that will create the OU.

You can create a provider with the OrganizationOuProvider class

---

Protocols

IPAMAdministratorProps

• Implemented By: @renovosolutions/cdk-library-aws-organization.IPAMAdministratorProps

The properties of an OrganizationAccount custom resource.

Properties

Name	Type	Description
delegatedAdminAccountId*	string	The account id of the IPAM administrator.
provider*	aws-cdk-lib.custom_resources.Provider	The provider to use for the custom resource that will handle IPAM admin delegation.

---

delegatedAdminAccountId^Required

public readonly delegatedAdminAccountId: string;

• Type: string

The account id of the IPAM administrator.

---

provider^Required

public readonly provider: Provider;

• Type: aws-cdk-lib.custom_resources.Provider

The provider to use for the custom resource that will handle IPAM admin delegation.

You can create a provider with the IPAMAdministratorProvider class

---

IPAMAdministratorProviderProps

• Implemented By: @renovosolutions/cdk-library-aws-organization.IPAMAdministratorProviderProps

The properties of an IPAM administrator custom resource provider.

Properties

Name	Type	Description
role	aws-cdk-lib.aws_iam.IRole	The role the custom resource should use for working with the IPAM administrator delegation if one is not provided one will be created automatically.

---

role^Optional

public readonly role: IRole;

• Type: aws-cdk-lib.aws_iam.IRole

The role the custom resource should use for working with the IPAM administrator delegation if one is not provided one will be created automatically.

---