AWS IAM Policy Attachment

This page shows how to write Terraform for IAM Policy Attachment and write them securely.


Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.


Terraform Example (aws_organizations_policy_attachment)

Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.


Example Usage (from GitHub)

resource "aws_organizations_policy_attachment" "deny_root_account" {
  count = length(var.deny_root_account_target_ids)

  policy_id =
  target_id = element(var.deny_root_account_target_ids.*, count.index)
resource "aws_organizations_policy_attachment" "root" {
  policy_id =
  target_id = "r-xu7c"

#Organization Unit
resource "aws_organizations_policy_attachment" "deny_leaving_orgs" {
  count     = length(var.associate-acct-ids)
  policy_id =
  target_id = element(var.associate-acct-ids.*, count.index)

resource "aws_organizations_policy_attachment" "regions-east-west-only" {
  policy_id =
  target_id =

// Do not allow accounts to be removed from the Org
resource "aws_organizations_policy_attachment" "root" {
  policy_id =
  target_id =[0].id

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS IAM Policy Attachment?

AWS IAM Policy Attachment is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform.

Where can I find the example code for the AWS IAM Policy Attachment?

For Terraform, the trussworks/terraform-aws-org-scp, fabiodsilva/terraform-scp and dev-minds/tf_modules source code examples are useful. See the Terraform Example section for further details.