Viewing details about your organization
You can perform the following tasks to view details about elements of your organization.
Viewing the details of an organization from the management account
When you sign in to the organization's management account in the AWS Organizations console
, you can view details of the organization.
To view the details of an organization, you must have the following permission:
-
AWS Management Console
-
To view the details for your organization
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
Navigate to the Settings
page. This page displays details about the organization, including the organization ID and the account name and email address assigned to the organization's management account.
-
AWS CLI & AWS SDKs
-
To view the details for your organization
You can use one of the following commands to view details of an organization:
AWS CLI: describe-organization
The following example shows the information included in the output of this command.
$
aws organizations describe-organization
{
"Organization": {
"Id": "o-aa111bb222",
"Arn": "arn:aws:organizations::123456789012:organization/o-aa111bb222",
"FeatureSet": "ALL",
"MasterAccountArn": "arn:aws:organizations::128716708097:account/o-aa111bb222/123456789012",
"MasterAccountId": "123456789012",
"MasterAccountEmail": "admin@example.com",
"AvailablePolicyTypes": [ ...DEPRECATED - DO NOT USE... ]
}
}
The AvailablePolicyTypes
field is deprecated and doesn't contain accurate information about the policies enabled in your organization. To see the accurate and complete list of policy types that are actually enabled for the organization, use the ListRoots
command, as described in the AWS CLI portion of the following section.
AWS SDKs: DescribeOrganization
Viewing the details of the root container
When you sign in to the organization's management account in the AWS Organizations console
, you can view details of the root container.
To view the details of root, you must have the following permissions:
The root is the topmost container in the hierarchy of organizational units (OUs) and generally behaves as an OU. However, as the container at the very top of the hierarchy, changes to the root affect every other OU and every AWS account in the organization.
-
AWS Management Console
-
To view the details of the root
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
Navigate to the AWS accounts
page, and choose the Root OU (its name, not the radio button).
The Root details page appears and displays the details of the root.
-
AWS CLI & AWS SDKs
-
To view the details of the root
You can use one of the following commands to view details of a root:
AWS CLI: list-roots
The following example shows how to retrieve the details of the root, including which policy types are currently enabled in the organization:
$
aws organizations list-roots
{
"Roots": [
{
"Id": "r-a1b2",
"Arn": "arn:aws:organizations::123456789012:root/o-aa111bb222/r-a1b2",
"Name": "Root",
"PolicyTypes": [
{
"Type": "BACKUP_POLICY",
"Status": "ENABLED"
}
]
}
]
}
AWS SDKs: ListRoots
Viewing the details of an OU
When you sign in to the organization's management account in the AWS Organizations console
, you can view details of the OUs in your organization.
To view the details of an organizational unit (OU), you must have the following permissions:
organizations:DescribeOrganizationalUnit
organizations:DescribeOrganization
– required only when using the Organizations console
organizations:ListOrganizationsUnitsForParent
– required only when using the Organizations console
organizations:ListRoots
– required only when using the Organizations console
-
AWS Management Console
-
To view details of an OU
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
On the AWS accounts
page, choose the name of the OU (not its radio button) that you want to examine. If the OU that you want is a child of another OU, choose the triangle icon next to its parent OU to expand it and see those in the next level of the hierarchy. Repeat until you find the OU that you want.
The Organizational unit details box shows the information about the OU.
-
AWS CLI & AWS SDKs
-
To view details of an OU
You can use the following commands to view details of an OU:
AWS CLI, AWS SDKs:
The following example shows how to find the ID of on OU using the AWS CLI. You find the OU ID by traversing the hierarchy starting with the list-roots
command and then performing list-children
on the root and iteratively on each of its children until you find the one you want.
$
aws organizations list-roots
{
"Roots": [
{
"Id": "r-a1b2",
"Arn": "arn:aws:organizations::123456789012:root/o-aa111bb222/r-a1b2",
"Name": "Root",
"PolicyTypes": []
}
]
}
$
aws organizations list-children --parent-id r-a1b2 --child-type ORGANIZATIONAL_UNIT
{
"Children": [
{
"Id": "ou-a1b2-f6g7h111",
"Type": "ORGANIZATIONAL_UNIT"
}
]
}
After you have the OU's ID, the following example shows how to retrieve the details about the OU.
$
aws organizations describe-organizational-unit --organizational-unit-id ou-a1b2-f6g7h111
{
"OrganizationalUnit": {
"Id": "ou-a1b2-f6g7h111",
"Arn": "arn:aws:organizations::123456789012:ou/o-aa111bb222/ou-a1b2-f6g7h111",
"Name": "Production-Apps"
}
}
AWS SDKs:
Viewing details of an account
When you sign in to the organization's management account in the AWS Organizations console
, you can view details about your accounts.
To view the details of an AWS account, you must have the following permissions:
organizations:DescribeAccount
organizations:DescribeOrganization
– required only when using the Organizations console
organizations:ListAccounts
– required only when using the Organizations console
-
AWS Management Console
-
To view details of an AWS account
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
Navigate to the AWS accounts
page and choose the name of the name of the account (not the radio button) that you want to examine. If the account that you want is a child of an OU, you might have to choose the triangle icon next to an OU to expand it and see its children. Repeat until you find the account.
The Account details box shows the information about the account.
-
AWS CLI & AWS SDKs
-
To view details of an AWS account
You can use the following commands to view details of an account:
AWS CLI:
Both commands return the same details for each account included in the response.
The following example shows how to retrieve the details about a specified account.
$
aws organizations describe-account --account-id 123456789012
{
"Account": {
"Id": "123456789012",
"Arn": "arn:aws:organizations::123456789012:account/o-aa111bb222/123456789012",
"Email": "admin@example.com",
"Name": "Example.com Organization's Management Account",
"Status": "ACTIVE",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2020-11-20T09:04:20.346000-08:00"
}
}
AWS SDKs:
Viewing details of a policy
When you sign in to the organization's management account in the AWS Organizations console
, you can view details about your policies.
To view the details of a policy, you must have the following permissions:
-
AWS Management Console
-
To view the details of a policy
Sign in to the AWS Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
Perform one of the following:
Navigate to the Policies
page, and then choose the policy type for the policy that you want to examine.
Navigate to the AWS accounts
page, then navigate to an OU or account to which the policy is attached. Finally, choose the Policies tab to see the list of attached policies.
Choose the name of the policy (not the radio button).
On the Details page for the policy, you can view all of the information about the policy, including the JSON policy text, and the list of OUs and accounts that the policy is attached to.
-
AWS CLI & AWS SDKs
-
To view the details of a policy
You can use one of the following commands to view details of a policy:
AWS CLI:
The following example shows how to find the policy ID of the policy that you want to examine. You must specify a policy type, and the command returns all policies of only that type.
$
aws organizations list-policies --filter BACKUP_POLICY
{
"Policies": [
{
"Id": "p-i9j8k7l6m5",
"Arn": "arn:aws:organizations::123456789012:policy/o-aa111bb222/backup_policy/p-i9j8k7l6m5",
"Name": "test-backup-policy",
"Description": "test-policy-description",
"Type": "BACKUP_POLICY",
"AwsManaged": false
}
]
}
The response includes all of the details except the JSON policy document.
The following example shows how to retrieve the details of only the specified policy, including the JSON policy document.
$
aws organizations describe-policy --policy-id p-i9j8k7l6m5
{
"Policies": [
{
"Id": "p-i9j8k7l6m5",
"Arn": "arn:aws:organizations::123456789012:policy/o-aa111bb222/backup_policy/p-i9j8k7l6m5",
"Name": "test-backup-policy",
"Description": "test-policy-description",
"Type": "BACKUP_POLICY",
"AwsManaged": false
},
"Content": "{\"plans\":{\"My-Backup-Plan\":{\"regions\":{\"@@assign\":[\"us-west-2\"]},\"rules\":{\"My-Backup-Rule\"
:{\"target_backup_vault_name\":{\"@@assign\":\"My-Primary-Backup-Vault\"}}},\"selections\":{\"tags\":{
\"My-Backup-Plan-Resource-Assignment\":{\"iam_role_arn\":{\"@@assign\":\"arn:aws:iam::$account:role/
My-Backup-Role\"},\"tag_key\":{\"@@assign\":\"Stage\"},\"tag_value\":{\"@@assign\":[\"Production\"]}}}}}}}"
]
}
AWS SDKs: