Organizations / Client / create_organization

create_organization#

Organizations.Client.create_organization(**kwargs)#

Creates an Amazon Web Services organization. The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.

This operation must be called using credentials from the account that is to become the new organization’s management account. The principal must also have the relevant IAM permissions.

By default (or if you set the FeatureSet parameter to ALL), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet parameter to CONSOLIDATED_BILLING, no policy types are enabled by default and you can’t use organization policies.

See also: AWS API Documentation

Request Syntax

response = client.create_organization(
    FeatureSet='ALL'|'CONSOLIDATED_BILLING'
)
Parameters:

FeatureSet (string) –

Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.

  • CONSOLIDATED_BILLING: All member accounts have their bills consolidated to and paid by the management account. For more information, see Consolidated billing in the Organizations User Guide. The consolidated billing feature subset isn’t available for organizations in the Amazon Web Services GovCloud (US) Region.

  • ALL: In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. For more information, see All features in the Organizations User Guide.

Return type:

dict

Returns:

Response Syntax

{
    'Organization': {
        'Id': 'string',
        'Arn': 'string',
        'FeatureSet': 'ALL'|'CONSOLIDATED_BILLING',
        'MasterAccountArn': 'string',
        'MasterAccountId': 'string',
        'MasterAccountEmail': 'string',
        'AvailablePolicyTypes': [
            {
                'Type': 'SERVICE_CONTROL_POLICY'|'RESOURCE_CONTROL_POLICY'|'TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY'|'CHATBOT_POLICY'|'DECLARATIVE_POLICY_EC2',
                'Status': 'ENABLED'|'PENDING_ENABLE'|'PENDING_DISABLE'
            },
        ]
    }
}

Response Structure

  • (dict) –

    • Organization (dict) –

      A structure that contains details about the newly created organization.

      • Id (string) –

        The unique identifier (ID) of an organization.

        The regex pattern for an organization ID string requires “o-” followed by from 10 to 32 lowercase letters or digits.

      • Arn (string) –

        The Amazon Resource Name (ARN) of an organization.

        For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.

      • FeatureSet (string) –

        Specifies the functionality that currently is available to the organization. If set to “ALL”, then all features are enabled and policies can be applied to accounts in the organization. If set to “CONSOLIDATED_BILLING”, then only consolidated billing functionality is available. For more information, see Enabling all features in your organization in the Organizations User Guide.

      • MasterAccountArn (string) –

        The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

        For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.

      • MasterAccountId (string) –

        The unique identifier (ID) of the management account of an organization.

        The regex pattern for an account ID string requires exactly 12 digits.

      • MasterAccountEmail (string) –

        The email address that is associated with the Amazon Web Services account that is designated as the management account for the organization.

      • AvailablePolicyTypes (list) –

        Warning

        Do not use. This field is deprecated and doesn’t provide complete information about the policies in your organization.

        To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.

        • (dict) –

          Contains information about a policy type and its status in the associated root.

          • Type (string) –

            The name of the policy type.

          • Status (string) –

            The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.

Exceptions

  • Organizations.Client.exceptions.AccessDeniedException

  • Organizations.Client.exceptions.AlreadyInOrganizationException

  • Organizations.Client.exceptions.ConcurrentModificationException

  • Organizations.Client.exceptions.ConstraintViolationException

  • Organizations.Client.exceptions.InvalidInputException

  • Organizations.Client.exceptions.ServiceException

  • Organizations.Client.exceptions.TooManyRequestsException

  • Organizations.Client.exceptions.AccessDeniedForDependencyException

Examples

Bill wants to create an organization using credentials from account 111111111111. The following example shows that the account becomes the master account in the new organization. Because he does not specify a feature set, the new organization defaults to all features enabled and service control policies enabled on the root:

response = client.create_organization(
)

print(response)

Expected Output:

{
    'Organization': {
        'Arn': 'arn:aws:organizations::111111111111:organization/o-exampleorgid',
        'AvailablePolicyTypes': [
            {
                'Status': 'ENABLED',
                'Type': 'SERVICE_CONTROL_POLICY',
            },
        ],
        'FeatureSet': 'ALL',
        'Id': 'o-exampleorgid',
        'MasterAccountArn': 'arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111',
        'MasterAccountEmail': 'bill@example.com',
        'MasterAccountId': '111111111111',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}

In the following example, Bill creates an organization using credentials from account 111111111111, and configures the organization to support only the consolidated billing feature set:

response = client.create_organization(
    FeatureSet='CONSOLIDATED_BILLING',
)

print(response)

Expected Output:

{
    'Organization': {
        'Arn': 'arn:aws:organizations::111111111111:organization/o-exampleorgid',
        'AvailablePolicyTypes': [
        ],
        'FeatureSet': 'CONSOLIDATED_BILLING',
        'Id': 'o-exampleorgid',
        'MasterAccountArn': 'arn:aws:organizations::111111111111:account/o-exampleorgid/111111111111',
        'MasterAccountEmail': 'bill@example.com',
        'MasterAccountId': '111111111111',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}