CDK Organizations

0.7.987 verified Sat May 09 auth: no python

Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP) using AWS CDK. Current version: 0.7.987. Maintained as part of the pepperize CDK constructs, with releases tied to AWS CDK updates.

pip install pepperize-cdk-organizations

Common errors

error ModuleNotFoundError: No module named 'pepperize_cdk_organizations' ↓

cause Installed the wrong package name (e.g., `cdk-organizations`) or using a Python version <3.8.

fix

Run pip install pepperize-cdk-organizations and ensure Python >=3.8.

error jsii.errors.JSIIError: Expected object, got list ↓

cause Passing a list of statements directly to `ServiceControlPolicy(content=...)` instead of a dict with 'Version' and 'Statement'.

fix

Use content={'Version': '2012-10-17', 'Statement': [...]}.

Warnings

breaking Version 0.7.x renamed `OrganizationRoot` to `Organization`. All existing code using `OrganizationRoot` will break. ↓

fix Replace `OrganizationRoot` with `Organization` in imports and usage.

gotcha The package requires Python 3.8 or later. Using an older Python version will fail to install. ↓

fix Use Python >= 3.8.

gotcha Service Control Policies are defined as JSON-like dicts, not as CDK `PolicyDocument` objects. Using `PolicyDocument` will cause a type error at synthesis. ↓

fix Pass a plain dict with 'Version' and 'Statement' keys.

Imports

Organization
wrong
```
from cdk_organizations import Organization
```
correct
```
from pepperize_cdk_organizations import Organization
```
The package uses underscores not hyphens, and must be imported from the pepperize namespace.

OrganizationalUnit

wrong

from pepperize_cdk_organizations.organizational_unit import OrganizationalUnit

correct

from pepperize_cdk_organizations import OrganizationalUnit

All constructs are re-exported from the top-level __init__.py.

Quickstart

Creates an AWS Organization with a Service Control Policy attached.

from aws_cdk import App, Stack
from pepperize_cdk_organizations import Organization
from pepperize_cdk_organizations.scp import ServiceControlPolicy

app = App()
stack = Stack(app, 'MyStack')
org = Organization(stack, 'MyOrg')
policy = ServiceControlPolicy(stack, 'DenyEC2',
    content={
        'Version': '2012-10-17',
        'Statement': [
            {
                'Effect': 'Deny',
                'Action': 'ec2:*',
                'Resource': '*'
            }
        ]
    },
    description='Deny all EC2 actions'
)
org.policy_attachments.add(policy)
app.synth()