Creating a Policy
Function
This API is used to create a policy of the specified type. It can be called only from the organization's management account.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
organizations:policies:create
Write
-
-
g:RequestTag/<tag-key>
-
g:TagKeys
-
organizations:resources:tag
-
URI
POST /v1/organizations/policies
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Security-Token |
No |
String |
Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required. |
|
X-Language |
No |
String |
Language of the returned results. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
content |
Yes |
String |
Policy text content to be added to the new policy. |
|
description |
Yes |
String |
Optional description to be assigned to the policy. |
|
name |
Yes |
String |
Name to be assigned to the policy. |
|
type |
Yes |
String |
Type of the policy to be created. It can be service_control_policy or tag_policy. |
|
tags |
No |
Array of TagDto objects |
List of tags you want to attach to the new policy. |
Response Parameters
Status code: 201
|
Parameter |
Type |
Description |
|---|---|---|
|
policy |
PolicyDto object |
Details about a policy. |
|
Parameter |
Type |
Description |
|---|---|---|
|
content |
String |
Text content of the policy. |
|
policy_summary |
PolicySummaryDto object |
Information about a policy (policy content not included). |
|
Parameter |
Type |
Description |
|---|---|---|
|
is_builtin |
Boolean |
A boolean value indicating whether the specified policy is a system policy. If the value is true, the policy is a system policy. You can attach the policy to roots, OUs, or accounts, but you cannot edit it. |
|
description |
String |
Description of the policy. |
|
id |
String |
Unique ID of the policy. |
|
urn |
String |
Uniform resource name of the policy. |
|
name |
String |
Name of the policy. |
|
type |
String |
Policy type. It can be service_control_policy or tag_policy. |
Example Requests
Creating a policy
POST /v1/organizations/policies
{
"content" : "{\"Version\":\"5.0\",\"Statement\":[{\"Sid\":\"Statement1\",\"Effect\":\"Allow\",\"Action\":[\"*\"],\"Resource\":[\"*\"]}]}",
"description" : "auto0923160642938XHxSPolicydesc",
"name" : "auto092316064293806EYPolicyName",
"type" : "service_control_policy",
"tags" : [ {
"key" : "keystring",
"value" : "valuestring"
} ]
}
Example Responses
Status code: 201
Successful.
{
"policy" : {
"content" : "{\"Version\":\"5.0\",\"Statement\":[{\"Sid\":\"Statement1\",\"Effect\":\"Allow\",\"Action\":[\"*\"],\"Resource\":[\"*\"]}]}",
"policy_summary" : {
"is_builtin" : false,
"description" : "auto0923160642938XHxSPolicydesc",
"id" : "p-b4wpejd02o66g0pvfinvsatp4t9krfum",
"urn" : "organizations::0a6d25d23900d45c0faac010e0fb4de0:policy:o-fhkmi6mek7wlqdp6nideqhb47qwtjdsv/service_control_policy/p-b4wpejd02o66g0pvfinvsatp4t9krfum",
"name" : "auto092316064293806EYPolicyName",
"type" : "service_control_policy"
}
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
201 |
Successful. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
