AWS Organizations (IAM)

aws management

AWS Organizations helps you centrally govern your environment as you grow and scale your AWS resources.

Common permissions

organizations:ListAccountsorganizations:ListRootsorganizations:ListOrganizationalUnitsForParentorganizations:DescribeOrganizationorganizations:ListPoliciesorganizations:ListTagsForResourceorganizations:TagResourceorganizations:UntagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "organizations:ListAccounts",
        "organizations:ListRoots",
        "organizations:ListOrganizationalUnitsForParent",
        "organizations:DescribeOrganization",
        "organizations:ListPolicies",
        "organizations:ListTagsForResource",
        "organizations:TagResource",
        "organizations:UntagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid organizations:* — grants full control including account creation and policy management
Avoid organizations:CreateAccount and organizations:DeleteOrganization — can lead to account sprawl or accidental deletion

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/organizations/organizations.json ↗

API

full doc /v1/iam/organizations