Skip to content

Add property to OU which represents their path in the organization (aws:PrincipalOrgPaths) #44993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

Add property to OU which represents their path in the organization (aws:PrincipalOrgPaths) #44993

wants to merge 18 commits into from
+464 −0

Conversation

@yves-vogl
Copy link

@yves-vogl yves-vogl commented Nov 7, 2025

Description

To allow restricting e.g. AWS CloudWatch OAM Policy allows to use aws:PrincipalOrgPaths.
In certain cases it'd be convenient to get the path of an OU to restrict to its accounts.

It could be done by using regex on a concatenated string of data.aws_organizations_organizational_units.children[*].id but having aws_organizations_organizational_unit.principal_org_path as readable attribute would be more usable.

Relations

Closes #33623

References

@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/organizations Issues and PRs that pertain to the organizations service. size/XL Managed by automation to categorize the size of a PR. labels Nov 7, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 10, 2025

⚠️ Our automation has detected the following potential issues with your pull request

❌ Dependency Changes (Click to expand)

Typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. For more information, see the Dependency Updates section of the contributing guide.

Remove any changes to the go.mod or go.sum files and commit them into this pull request to prevent delays with reviewing and potentially merging it.

Additional details:

  • Check open pull requests with the dependencies label to view other dependency updates.
  • If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed.
  • If this pull request is for supporting a new AWS service:
  • Ensure the new AWS service changes are following the Adding a New AWS Service section of the contributing guide, in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split.
  • If this pull request is already a separate pull request from the above item, you can ignore this message.
❌ Unnecessary Changelog Changes (Click to expand)

The CHANGELOG.md file contents are handled by the maintainers during merge. This is to prevent pull request merge conflicts, especially for contributions which may not be merged immediately. Please see the Changelog Process section of the contributing guide for additional information.

Remove any changes to the CHANGELOG.md file and commit them in this pull request to prevent delays with reviewing and potentially merging it.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. service/iam Issues and PRs that pertain to the iam service. service/s3 Issues and PRs that pertain to the s3 service. service/lightsail Issues and PRs that pertain to the lightsail service. service/inspector Issues and PRs that pertain to the inspector service. service/sagemaker Issues and PRs that pertain to the sagemaker service. service/servicecatalog Issues and PRs that pertain to the servicecatalog service. service/kinesis Issues and PRs that pertain to the kinesis service. provider Pertains to the provider itself, rather than any interaction with AWS. service/comprehend Issues and PRs that pertain to the comprehend service. service/wafv2 Issues and PRs that pertain to the wafv2 service. labels Nov 10, 2025
@github-actions github-actions bot added linter Pertains to changes to or issues with the various linters. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. generators Relates to code generators. github_actions Pull requests that update Github_actions code skaff Issues and pull requested related to the skaff tool service/bedrockagentcore Issues and PRs that pertain to the bedrockagentcore service. labels Nov 10, 2025
@yves-vogl
Copy link
Author

yves-vogl commented Nov 10, 2025

This probably will close #30656

@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 11, 2025
@yves-vogl
Copy link
Author

yves-vogl commented Nov 12, 2025

⚠️ Our automation has detected the following potential issues with your pull request

❌ Dependency Changes (Click to expand)
❌ Unnecessary Changelog Changes (Click to expand)

Changed base to fix this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. generators Relates to code generators. github_actions Pull requests that update Github_actions code linter Pertains to changes to or issues with the various linters. provider Pertains to the provider itself, rather than any interaction with AWS. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. service/bedrockagentcore Issues and PRs that pertain to the bedrockagentcore service. service/comprehend Issues and PRs that pertain to the comprehend service. service/iam Issues and PRs that pertain to the iam service. service/inspector Issues and PRs that pertain to the inspector service. service/kinesis Issues and PRs that pertain to the kinesis service. service/lightsail Issues and PRs that pertain to the lightsail service. service/organizations Issues and PRs that pertain to the organizations service. service/s3 Issues and PRs that pertain to the s3 service. service/sagemaker Issues and PRs that pertain to the sagemaker service. service/servicecatalog Issues and PRs that pertain to the servicecatalog service. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/XL Managed by automation to categorize the size of a PR. skaff Issues and pull requested related to the skaff tool tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Enhancement]: Add property to OU which represents their path in the organization (aws:PrincipalOrgPaths)

2 participants

@yves-vogl @justinretzolk