Organizations / Client / enable_aws_service_access



Enables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations. When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.


We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization’s accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.

For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.

You can only call this operation from the organization’s management account and only if the organization has enabled all features.

See also: AWS API Documentation

Request Syntax

response = client.enable_aws_service_access(

ServicePrincipal (string) –


The service principal name of the Amazon Web Services service for which you want to enable integration with your organization. This is typically in the form of a URL, such as




  • Organizations.Client.exceptions.AccessDeniedException

  • Organizations.Client.exceptions.AWSOrganizationsNotInUseException

  • Organizations.Client.exceptions.ConcurrentModificationException

  • Organizations.Client.exceptions.ConstraintViolationException

  • Organizations.Client.exceptions.InvalidInputException

  • Organizations.Client.exceptions.ServiceException

  • Organizations.Client.exceptions.TooManyRequestsException

  • Organizations.Client.exceptions.UnsupportedAPIEndpointException