MDAA TS Docs
    Preparing search index...

    Interface DomainUnit

    interface DomainUnit {
        allowAllUsers?: boolean;
        allowedGroups?: string[];
        allowedUsers?: string[];
        authorizationPolicies?: NamedAuthorizationPolicies;
        authorizations?: Authorizations;
        description?: string;
        domainUnits?: NamedDomainUnits;
        ownerAccounts?: string[];
        ownerGroups?: string[];
        ownerUsers?: string[];
    }
    Index

    Properties

    allowAllUsers? allowedGroups? allowedUsers? authorizationPolicies? authorizations? description? domainUnits? ownerAccounts? ownerGroups? ownerUsers?

    Properties

    allowAllUsers?: boolean

    Deprecated. Use authorizations.eligibleProjectMembers or authorizationPolicies instead. When true, all domain users are added to the project member pool for this domain unit. This does not grant direct access to projects — it only makes users eligible to be added as project members. Translates to an ADD_TO_PROJECT_MEMBER_POOL policy with allUsersGrantFilter.

    Use cases: Open member pools; Making all users eligible for project membership

    AWS: DataZone ADD_TO_PROJECT_MEMBER_POOL authorization policy (allUsersGrantFilter)

    Validation: Optional; boolean

    Use authorizations.eligibleProjectMembers.all: true or authorizationPolicies instead.

    allowedGroups?: string[]

    Deprecated. Use authorizations.eligibleProjectMembers or authorizationPolicies instead. Specific group names added to the project member pool for this domain unit. This does not grant direct access to projects — it only makes these groups eligible to be added as project members. Names must match entries in the domain's groups config. Translates to an ADD_TO_PROJECT_MEMBER_POOL policy.

    Use cases: Group-scoped member pool; Restricting project membership eligibility

    AWS: DataZone ADD_TO_PROJECT_MEMBER_POOL authorization policy (groupName principals)

    Validation: Optional; string array; names must match domain groups keys

    Use authorizations.eligibleProjectMembers or authorizationPolicies instead.

    allowedUsers?: string[]

    Deprecated. Use authorizations.eligibleProjectMembers or authorizationPolicies instead. Specific user names added to the project member pool for this domain unit. This does not grant direct access to projects — it only makes these users eligible to be added as project members. Names must match entries in the domain's users config. Translates to an ADD_TO_PROJECT_MEMBER_POOL policy.

    Use cases: User-scoped member pool; Restricting project membership eligibility

    AWS: DataZone ADD_TO_PROJECT_MEMBER_POOL authorization policy (userName principals)

    Validation: Optional; string array; names must match domain users keys

    Use authorizations.eligibleProjectMembers or authorizationPolicies instead.

    authorizationPolicies?: NamedAuthorizationPolicies

    Fine-grained authorization policies for this domain unit. Supports policy types like CREATE_DOMAIN_UNIT, CREATE_GLOSSARY, and CREATE_PROJECT with user/group principals.

    Use cases: Permission scoping per domain unit; Policy-driven project creation control

    AWS: DataZone authorization policies (CREATE_DOMAIN_UNIT, CREATE_PROJECT, etc.)

    Validation: Optional; Record of AuthorizationPolicy objects

    authorizations?: Authorizations

    Simplified authorizations for this domain unit. Provides a concise way to grant common permissions by specifying users and groups directly, without constructing full AuthorizationPolicy objects.

    Supported fields: projectCreators, projectFromProfileCreators, eligibleProjectMembers, domainUnitCreators, glossaryCreators, environmentCreators.

    Use cases: Quick project creation grants; Simple membership pool configuration; Delegated domain unit management; Glossary and environment provisioning

    AWS: DataZone authorization policies (CREATE_PROJECT, CREATE_PROJECT_FROM_PROJECT_PROFILE, ADD_TO_PROJECT_MEMBER_POOL, CREATE_DOMAIN_UNIT, CREATE_GLOSSARY, CREATE_ENVIRONMENT)

    Validation: Optional; Authorizations object

    description?: string

    Human-readable description of this domain unit's purpose and scope.

    Use cases: Organizational documentation; Domain unit identification

    AWS: DataZone domain unit description

    Validation: Optional; string

    domainUnits?: NamedDomainUnits

    Child domain units nested under this unit, enabling recursive hierarchical organization. Each child inherits the parent's domain context.

    Use cases: Multi-level organizational hierarchy; Nested governance scopes

    AWS: DataZone nested domain units

    Validation: Optional; valid NamedDomainUnits; supports arbitrary nesting depth

    ownerAccounts?: string[]

    Associated account names that receive ownership of this domain unit, allowing project creation within it. Names must match entries in the domain's associatedAccounts config.

    Use cases: Cross-account project creation; Delegated domain unit ownership

    AWS: DataZone domain unit owner (account-based)

    Validation: Optional; string array; names must match associatedAccounts keys

    ownerGroups?: string[]

    Group names that receive ownership of this domain unit. Names must match entries in the domain's groups config.

    Use cases: Team-based domain unit administration; Group ownership delegation

    AWS: DataZone domain unit owner (group-based)

    Validation: Optional; string array; names must match domain groups keys

    ownerUsers?: string[]

    User names that receive ownership of this domain unit. Names must match entries in the domain's users config.

    Use cases: User-based domain unit administration; Individual ownership delegation

    AWS: DataZone domain unit owner (user-based)

    Validation: Optional; string array; names must match domain users keys

    Settings

    Member Visibility

    On This Page

    Properties