本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 的操作、资源和条件键 AWS Organizations
AWS Organizations(服务前缀:`organizations`)提供以下特定于服务的资源、操作和条件上下文密钥,供在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.aws.amazon.com/organizations/latest/userguide/)。
+ 查看[适用于该服务的 API 操作列表](https://docs.aws.amazon.com/organizations/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_iam.html) 权限策略保护该服务及其资源。
**Topics**
+ [操作定义为 AWS Organizations](#awsorganizations-actions-as-permissions)
+ [由定义的资源类型 AWS Organizations](#awsorganizations-resources-for-iam-policies)
+ [的条件密钥 AWS Organizations](#awsorganizations-policy-keys)
## 操作定义为 AWS Organizations
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 AWS中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#awsorganizations-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_AcceptHandshake.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_AcceptHandshake.html) **
- **描述:** 授予权限,向握手发起方发送响应,同意握手请求建议的操作
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-handshake](#awsorganizations-handshake)
- **条件键:**
- **相关操作:** iam:CreateServiceLinkedRole
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_AttachPolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_AttachPolicy.html) **
- **描述:** 授予权限,将策略附加到根、组织单位或单个账户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CancelHandshake.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CancelHandshake.html) **
- **描述:** 授予权限,取消握手
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-handshake](#awsorganizations-handshake)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CloseAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CloseAccount.html) **
- **描述:** 授予关闭现在属于组织(O AWS 账户 rganizations)一部分的权限,无论是在组织内创建的,还是受邀加入该组织的
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateAccount.html) **
- **描述:** 授予创建自动成为 AWS 账户 组织成员的权限,该成员具有发出请求的凭据
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys)
[#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateGovCloudAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateGovCloudAccount.html) **
- **描述:** 授予创建 AWS GovCloud (美国)账户的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys)
[#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganization.html) **
- **描述:** 授予创建组织的权限。拥有调用该 CreateOrganization 操作的凭据的账户自动成为新组织的管理账户
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:** iam:CreateServiceLinkedRole
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganizationalUnit.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreateOrganizationalUnit.html) **
- **描述:** 授予权限,在根或父级组织单位 (OU) 中创建 OU
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreatePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_CreatePolicy.html) **
- **描述:** 授予创建策略的权限,您可以将其附加到根、组织单位 (OU) 或个人 AWS 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType)
[#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys)
[#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeclineHandshake.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeclineHandshake.html) **
- **描述:** 授予拒绝握手请求的权限。它会将握手状态设为 DECLINED,有效地停用请求
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-handshake](#awsorganizations-handshake)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganization.html) **
- **描述:** 授予删除组织的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganizationalUnit.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteOrganizationalUnit.html) **
- **描述:** 授予权限,从根或另一 OU 删除组织单位
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeletePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeletePolicy.html) **
- **描述:** 授予权限,删除您的组织的策略
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteResourcePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeleteResourcePolicy.html) **
- **描述:** 授予删除您的组织的资源策略的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeregisterDelegatedAdministrator.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeregisterDelegatedAdministrator.html) **
- **描述:** 授予取消将指定成员注册 AWS 账户 为由指定的 AWS 服务的委托管理员的权限 ServicePrincipal
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_ServicePrincipal](#awsorganizations-organizations_ServicePrincipal) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeAccount.html) **
- **描述:** 授予检索指定账户 Organizations-related 详细信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeCreateAccountStatus.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeCreateAccountStatus.html) **
- **描述:** 授予权限,检索创建账户的异步请求的最新状态
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeEffectivePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeEffectivePolicy.html) **
- **描述:** 授予权限以检索账户的有效策略
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeHandshake.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeHandshake.html) **
- **描述:** 授予权限,检索上次握手请求的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-handshake](#awsorganizations-handshake)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html) **
- **描述:** 授予权限以检索有关调用凭证所属组织的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganizationalUnit.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganizationalUnit.html) **
- **描述:** 授予权限,检索组织单位 (OU) 的相关详情
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribePolicy.html) **
- **描述:** 授予权限以检索有关策略的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeResourcePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeResourcePolicy.html) **
- **描述:** 授予检索资源策略信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeResponsibilityTransfer.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeResponsibilityTransfer.html) **
- **描述:** 授予检索有关先前责任移交的详细信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DetachPolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DetachPolicy.html) **
- **描述:** 授予权限,将策略从目标根、组织单位或账户分离
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html) **
- **描述:** 授予禁用 AWS 服务(由指定的服务 ServicePrincipal)与 Organizations 集成的 AWS 权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_ServicePrincipal](#awsorganizations-organizations_ServicePrincipal)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisablePolicyType.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisablePolicyType.html) **
- **描述:** 授予权限,禁用根中的组织策略类型
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html) **
- **描述:** 授予允许将 AWS 服务(由指定的服务 ServicePrincipal)与 Organizations 集成的 AWS 权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_ServicePrincipal](#awsorganizations-organizations_ServicePrincipal)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAllFeatures.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAllFeatures.html) **
- **描述:** 授予权限,开始启用组织中所有功能的过程。升级仅支持整合账单功能的组织
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html) **
- **描述:** 授予权限,启用根中的策略类型
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_InviteAccountToOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_InviteAccountToOrganization.html) **
- **描述:** 授予向其他人发送邀请的权限 AWS 账户,要求其以成员账户身份加入您的组织
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_InviteOrganizationToTransferResponsibility.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_InviteOrganizationToTransferResponsibility.html) **
- **描述:** 授予向他人发送邀请的权限 AWS 账户,要求其将特定责任移交给您的组织
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_LeaveOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_LeaveOrganization.html) **
- **描述:** 授予权限,将成员账户从其父组织中移除
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAWSServiceAccessForOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAWSServiceAccessForOrganization.html) **
- **描述:** 授予权限以检索您为其启用了与组织集成的 AWS 服务列表
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccounts.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccounts.html) **
- **描述:** 授予权限以列出组织中的所有账户
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccountsForParent.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccountsForParent.html) **
- **描述:** 授予权限,列出组织中包含于根或组织单位 (OU) 之中的账户列表
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccountsWithInvalidEffectivePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListAccountsWithInvalidEffectivePolicy.html) **
- **描述:** 授予权限以列出针对指定策略类型的有效策略无效的账户
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListChildren.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListChildren.html) **
- **描述:** 授予权限,列出父级 OU 或根中的所有 OU 或账户
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListCreateAccountStatus.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListCreateAccountStatus.html) **
- **描述:** 授予权限,列出组织当前跟踪的账户创建异步请求
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedAdministrators.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedAdministrators.html) **
- **描述:** 授予列出该组织中指定为授权管理员的 AWS 账户的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_ServicePrincipal](#awsorganizations-organizations_ServicePrincipal)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedServicesForAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListDelegatedServicesForAccount.html) **
- **描述:** 授予列出该组织中指定账户作为委托管理员的 AWS 服务的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListEffectivePolicyValidationErrors.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListEffectivePolicyValidationErrors.html) **
- **描述:** 授予权限以列出在针对指定账户和策略类型的有效策略中发现的验证错误
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForAccount.html) **
- **描述:** 授予权限,列出与某一账户关联的所有握手
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListHandshakesForOrganization.html) **
- **描述:** 授予权限,列出与组织关联的握手
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListInboundResponsibilityTransfers.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListInboundResponsibilityTransfers.html) **
- **描述:** 授予列出移交给贵组织的所有特定类型职责的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOrganizationalUnitsForParent.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOrganizationalUnitsForParent.html) **
- **描述:** 授予权限以列出父级组织单元或根中的所有组织单元(OU)
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOutboundResponsibilityTransfers.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListOutboundResponsibilityTransfers.html) **
- **描述:** 授予列出移交给其他组织的特定类型的所有职责的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListParents.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListParents.html) **
- **描述:** 授予权限,列出根或组织单位 (OU),它们作为子 OU 或账户的直接父级
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPolicies.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPolicies.html) **
- **描述:** 授予权限,列出组织中的所有策略
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType)
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPoliciesForTarget.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListPoliciesForTarget.html) **
- **描述:** 授予权限,列出直接附加到根、组织单位 (OU) 或账户的所有策略
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListRoots.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListRoots.html) **
- **描述:** 授予权限,列出组织中定义的所有根
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTagsForResource.html) **
- **描述:** 授予权限以列出指定资源的所有标签
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-resourcepolicy](#awsorganizations-resourcepolicy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTargetsForPolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_ListTargetsForPolicy.html) **
- **描述:** 授予权限,列出某一策略附加到的所有根、OU 和账户
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_MoveAccount.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_MoveAccount.html) **
- **描述:** 授予权限,将账户从其当前的根或 OU 移动至另一父级根或 OU
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_PutResourcePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_PutResourcePolicy.html) **
- **描述:** 授予权限以创建或更新资源策略
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-resourcepolicy](#awsorganizations-resourcepolicy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html) **
- **描述:** 授予注册指定成员账户的权限,以管理由指定的 AWS 服务的 Organizations 功能 ServicePrincipal
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_ServicePrincipal](#awsorganizations-organizations_ServicePrincipal) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_RemoveAccountFromOrganization.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_RemoveAccountFromOrganization.html) **
- **描述:** 授予权限以从组织中移除指定账户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_TagResource.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_TagResource.html) **
- **描述:** 授予将一个或多个标签添加到指定资源的权限
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-resourcepolicy](#awsorganizations-resourcepolicy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys)
[#awsorganizations-aws_RequestTag___TagKey_](#awsorganizations-aws_RequestTag___TagKey_)
[#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_TerminateResponsibilityTransfer.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_TerminateResponsibilityTransfer.html) **
- **描述:** 授予权限以终止向组织移交或移出组织的责任
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_UntagResource.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_UntagResource.html) **
- **描述:** 授予从指定资源中删除一个或多个标签的权限
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#awsorganizations-account](#awsorganizations-account) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-resourcepolicy](#awsorganizations-resourcepolicy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
- **资源类型(\* 为必需):** [#awsorganizations-root](#awsorganizations-root) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-aws_TagKeys](#awsorganizations-aws_TagKeys)
[#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdateOrganizationalUnit.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdateOrganizationalUnit.html) **
- **描述:** 授予权限,将组织单位 (OU) 重命名
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-organizationalunit](#awsorganizations-organizationalunit)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdatePolicy.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdatePolicy.html) **
- **描述:** 授予权限,使用新的名称、描述或内容更新现有策略
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-policy](#awsorganizations-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_PolicyType](#awsorganizations-organizations_PolicyType) / **相关操作:**
- ** [https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdateResponsibilityTransfer.html](https://docs.aws.amazon.com/organizations/latest/APIReference/API_UpdateResponsibilityTransfer.html) **
- **描述:** 授予重命名向组织或从组织移交的责任的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsorganizations-responsibilitytransfer](#awsorganizations-responsibilitytransfer) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsorganizations-organizations_TransferType](#awsorganizations-organizations_TransferType)
[#awsorganizations-organizations_TransferDirection](#awsorganizations-organizations_TransferDirection) / **相关操作:**
## 由定义的资源类型 AWS Organizations
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#awsorganizations-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:account/o-${OrganizationId}/${AccountId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:handshake/o-${OrganizationId}/${HandshakeType}/h-${HandshakeId} | |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:organization/o-${OrganizationId} | |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:policy/o-${OrganizationId}/${PolicyType}/p-${PolicyId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:resourcepolicy/o-${OrganizationId}/rp-${ResourcePolicyId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::aws:policy/${PolicyType}/p-${PolicyId} | |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:root/o-${OrganizationId}/r-${RootId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html) | arn:${Partition}:organizations::${Account}:transfer/o-${OrganizationId}/${TransferType}/${TransferDirection}/rt-${ResponsibilityTransferId} | [#awsorganizations-aws_ResourceTag___TagKey_](#awsorganizations-aws_ResourceTag___TagKey_) |
## 的条件密钥 AWS Organizations
AWS Organizations 定义了以下条件键,这些条件键可用于 IAM 策略的`Condition`元素中。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [AWS 全局条件上下文键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | 类型 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 按请求中传递的标签筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 按与资源关联的标签筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 按请求中传递的标签键筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys) | 按指定的策略类型名称筛选访问 | 字符串 |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys) | 按指定的服务主体名称筛选访问 | 字符串 |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys) | 按指定责任移交按方向筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html#orgs_permissions_conditionkeys) | 按指定的责任转移类型名称筛选访问权限 | 字符串 |