enable_policy_type - Boto3 1.34.74 documentation
Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization’s management account or by a member account that is a delegated administrator for an Amazon Web Services service.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.
See also: AWS API Documentation
Request Syntax
response = client.enable_policy_type( RootId='string', PolicyType='SERVICE_CONTROL_POLICY'|'TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY')
- Parameters:
RootId (string) –
[REQUIRED]
The unique identifier (ID) of the root in which you want to enable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires “r-” followed by from 4 to 32 lowercase letters or digits.
PolicyType (string) –
[REQUIRED]
The policy type that you want to enable. You can specify one of the following values:
- Return type:
dict
- Returns:
Response Syntax
{ 'Root': { 'Id': 'string', 'Arn': 'string', 'Name': 'string', 'PolicyTypes': [ { 'Type': 'SERVICE_CONTROL_POLICY'|'TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY', 'Status': 'ENABLED'|'PENDING_ENABLE'|'PENDING_DISABLE' }, ] }}
Response Structure
(dict) –
Exceptions
Organizations.Client.exceptions.AccessDeniedExceptionOrganizations.Client.exceptions.AWSOrganizationsNotInUseExceptionOrganizations.Client.exceptions.ConcurrentModificationExceptionOrganizations.Client.exceptions.ConstraintViolationExceptionOrganizations.Client.exceptions.InvalidInputExceptionOrganizations.Client.exceptions.PolicyTypeAlreadyEnabledExceptionOrganizations.Client.exceptions.RootNotFoundExceptionOrganizations.Client.exceptions.ServiceExceptionOrganizations.Client.exceptions.TooManyRequestsExceptionOrganizations.Client.exceptions.PolicyTypeNotAvailableForOrganizationExceptionOrganizations.Client.exceptions.UnsupportedAPIEndpointExceptionOrganizations.Client.exceptions.PolicyChangesInProgressException
Examples
The following example shows how to enable the service control policy (SCP) policy type in a root. The output shows a root object with a PolicyTypes response element showing that SCPs are now enabled:/n/n
response = client.enable_policy_type( PolicyType='SERVICE_CONTROL_POLICY', RootId='r-examplerootid111',)print(response)
Expected Output:
{ 'Root': { 'Arn': 'arn:aws:organizations::111111111111:root/o-exampleorgid/r-examplerootid111', 'Id': 'r-examplerootid111', 'Name': 'Root', 'PolicyTypes': [ { 'Status': 'ENABLED', 'Type': 'SERVICE_CONTROL_POLICY', }, ], }, 'ResponseMetadata': { '...': '...', },}
