Skip to content

Put Admin Account

fms_put_admin_account R Documentation

Creates or updates an Firewall Manager administrator account

Description

Creates or updates an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by associate_admin_account. Only the organization's management account can create an Firewall Manager administrator account. When you create an Firewall Manager administrator account, the service checks to see if the account is already a delegated administrator within Organizations. If the account isn't a delegated administrator, Firewall Manager calls Organizations to delegate the account within Organizations. For more information about administrator accounts within Organizations, see Managing the Amazon Web Services Accounts in Your Organization.

Usage

fms_put_admin_account(AdminAccount, AdminScope)

Arguments

AdminAccount

[required] The Amazon Web Services account ID to add as an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by associate_admin_account. For more information about Organizations, see Managing the Amazon Web Services Accounts in Your Organization.

AdminScope

Configures the resources that the specified Firewall Manager administrator can manage. As a best practice, set the administrative scope according to the principles of least privilege. Only grant the administrator the specific resources or permissions that they need to perform the duties of their role.

Value

An empty list.

Request syntax

svc$put_admin_account(
  AdminAccount = "string",
  AdminScope = list(
    AccountScope = list(
      Accounts = list(
        "string"
      ),
      AllAccountsEnabled = TRUE|FALSE,
      ExcludeSpecifiedAccounts = TRUE|FALSE
    ),
    OrganizationalUnitScope = list(
      OrganizationalUnits = list(
        "string"
      ),
      AllOrganizationalUnitsEnabled = TRUE|FALSE,
      ExcludeSpecifiedOrganizationalUnits = TRUE|FALSE
    ),
    RegionScope = list(
      Regions = list(
        "string"
      ),
      AllRegionsEnabled = TRUE|FALSE
    ),
    PolicyTypeScope = list(
      PolicyTypes = list(
        "WAF"|"WAFV2"|"SHIELD_ADVANCED"|"SECURITY_GROUPS_COMMON"|"SECURITY_GROUPS_CONTENT_AUDIT"|"SECURITY_GROUPS_USAGE_AUDIT"|"NETWORK_FIREWALL"|"DNS_FIREWALL"|"THIRD_PARTY_FIREWALL"|"IMPORT_NETWORK_FIREWALL"|"NETWORK_ACL_COMMON"
      ),
      AllPolicyTypesEnabled = TRUE|FALSE
    )
  )
)