[Enhancement]: Return complete Organization data for Delegated Administrator accounts #32055
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
service/organizations
Issues and PRs that pertain to the organizations service.
service/sts
Issues and PRs that pertain to the sts service.
Milestone
Description
If an AWS account is a Delegated Administrator for a service within an Organization, it has read-only access to the Organization data such as account lists. This means the
aws_organizations_organization
data source can return the complete set of Organization data, just like the master account does.Currently the data source code checks that the current account ID running Terraform is the same as the master account ID before gathering the rest of the data, therefore it should be possible to also request the list of delegated administrators and check that the current account is within that list somewhere. If the
ListDelegatedAdministrators
call fails with access denied then the account isn't a delegated administrator.Affected Resource(s) and/or Data Source(s)
Potential Terraform Configuration
References
From https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html:
Would you like to implement a fix?
Yes
The text was updated successfully, but these errors were encountered: