aws-sdk-organizations 1.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e4b0c051b68380a1f255cbdbbf952376a659e43e
4
+ data.tar.gz: 6f1fc5673369b9d5afcb88fc5a7d99cda16cacfc
5
+ SHA512:
6
+ metadata.gz: 275054857f73a16d725c6813aeae431a924403d90bb17290c5432f4634c74da1f5e6ae59bb8d31280e5e8fd05d857385296b451d974d3392278865ae836d449f
7
+ data.tar.gz: 6981b9ea25e2242b43219b1ba06bbed13408796880682ace7ad83c6462e8aa62a1d4aefb911e5b6c46727c10ce04f0fb11ea10e5ec26665976dc1ebf755dd92f
@@ -0,0 +1,47 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ require 'aws-sdk-core'
9
+ require 'aws-sigv4'
10
+
11
+ require_relative 'aws-sdk-organizations/types'
12
+ require_relative 'aws-sdk-organizations/client_api'
13
+ require_relative 'aws-sdk-organizations/client'
14
+ require_relative 'aws-sdk-organizations/errors'
15
+ require_relative 'aws-sdk-organizations/resource'
16
+ require_relative 'aws-sdk-organizations/customizations'
17
+
18
+ # This module provides support for AWS Organizations. This module is available in the
19
+ # `aws-sdk-organizations` gem.
20
+ #
21
+ # # Client
22
+ #
23
+ # The {Client} class provides one method for each API operation. Operation
24
+ # methods each accept a hash of request parameters and return a response
25
+ # structure.
26
+ #
27
+ # See {Client} for more information.
28
+ #
29
+ # # Errors
30
+ #
31
+ # Errors returned from AWS Organizations all
32
+ # extend {Errors::ServiceError}.
33
+ #
34
+ # begin
35
+ # # do stuff
36
+ # rescue Aws::Organizations::Errors::ServiceError
37
+ # # rescues all service API errors
38
+ # end
39
+ #
40
+ # See {Errors} for more information.
41
+ #
42
+ # @service
43
+ module Aws::Organizations
44
+
45
+ GEM_VERSION = '1.0.0.rc1'
46
+
47
+ end
@@ -0,0 +1,2574 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ require 'seahorse/client/plugins/content_length.rb'
9
+ require 'aws-sdk-core/plugins/credentials_configuration.rb'
10
+ require 'aws-sdk-core/plugins/logging.rb'
11
+ require 'aws-sdk-core/plugins/param_converter.rb'
12
+ require 'aws-sdk-core/plugins/param_validator.rb'
13
+ require 'aws-sdk-core/plugins/user_agent.rb'
14
+ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
15
+ require 'aws-sdk-core/plugins/retry_errors.rb'
16
+ require 'aws-sdk-core/plugins/global_configuration.rb'
17
+ require 'aws-sdk-core/plugins/regional_endpoint.rb'
18
+ require 'aws-sdk-core/plugins/response_paging.rb'
19
+ require 'aws-sdk-core/plugins/stub_responses.rb'
20
+ require 'aws-sdk-core/plugins/idempotency_token.rb'
21
+ require 'aws-sdk-core/plugins/signature_v4.rb'
22
+ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
23
+
24
+ Aws::Plugins::GlobalConfiguration.add_identifier(:organizations)
25
+
26
+ module Aws::Organizations
27
+ class Client < Seahorse::Client::Base
28
+
29
+ include Aws::ClientStubs
30
+
31
+ @identifier = :organizations
32
+
33
+ set_api(ClientApi::API)
34
+
35
+ add_plugin(Seahorse::Client::Plugins::ContentLength)
36
+ add_plugin(Aws::Plugins::CredentialsConfiguration)
37
+ add_plugin(Aws::Plugins::Logging)
38
+ add_plugin(Aws::Plugins::ParamConverter)
39
+ add_plugin(Aws::Plugins::ParamValidator)
40
+ add_plugin(Aws::Plugins::UserAgent)
41
+ add_plugin(Aws::Plugins::HelpfulSocketErrors)
42
+ add_plugin(Aws::Plugins::RetryErrors)
43
+ add_plugin(Aws::Plugins::GlobalConfiguration)
44
+ add_plugin(Aws::Plugins::RegionalEndpoint)
45
+ add_plugin(Aws::Plugins::ResponsePaging)
46
+ add_plugin(Aws::Plugins::StubResponses)
47
+ add_plugin(Aws::Plugins::IdempotencyToken)
48
+ add_plugin(Aws::Plugins::SignatureV4)
49
+ add_plugin(Aws::Plugins::Protocols::JsonRpc)
50
+
51
+ # @option options [required, Aws::CredentialProvider] :credentials
52
+ # Your AWS credentials. This can be an instance of any one of the
53
+ # following classes:
54
+ #
55
+ # * `Aws::Credentials` - Used for configuring static, non-refreshing
56
+ # credentials.
57
+ #
58
+ # * `Aws::InstanceProfileCredentials` - Used for loading credentials
59
+ # from an EC2 IMDS on an EC2 instance.
60
+ #
61
+ # * `Aws::SharedCredentials` - Used for loading credentials from a
62
+ # shared file, such as `~/.aws/config`.
63
+ #
64
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
65
+ #
66
+ # When `:credentials` are not configured directly, the following
67
+ # locations will be searched for credentials:
68
+ #
69
+ # * `Aws.config[:credentials]`
70
+ # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
71
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
72
+ # * `~/.aws/credentials`
73
+ # * `~/.aws/config`
74
+ # * EC2 IMDS instance profile - When used by default, the timeouts are
75
+ # very aggressive. Construct and pass an instance of
76
+ # `Aws::InstanceProfileCredentails` to enable retries and extended
77
+ # timeouts.
78
+ #
79
+ # @option options [required, String] :region
80
+ # The AWS region to connect to. The configured `:region` is
81
+ # used to determine the service `:endpoint`. When not passed,
82
+ # a default `:region` is search for in the following locations:
83
+ #
84
+ # * `Aws.config[:region]`
85
+ # * `ENV['AWS_REGION']`
86
+ # * `ENV['AMAZON_REGION']`
87
+ # * `ENV['AWS_DEFAULT_REGION']`
88
+ # * `~/.aws/credentials`
89
+ # * `~/.aws/config`
90
+ #
91
+ # @option options [String] :access_key_id
92
+ #
93
+ # @option options [Boolean] :convert_params (true)
94
+ # When `true`, an attempt is made to coerce request parameters into
95
+ # the required types.
96
+ #
97
+ # @option options [String] :endpoint
98
+ # The client endpoint is normally constructed from the `:region`
99
+ # option. You should only configure an `:endpoint` when connecting
100
+ # to test endpoints. This should be avalid HTTP(S) URI.
101
+ #
102
+ # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
103
+ # The log formatter.
104
+ #
105
+ # @option options [Symbol] :log_level (:info)
106
+ # The log level to send messages to the `:logger` at.
107
+ #
108
+ # @option options [Logger] :logger
109
+ # The Logger instance to send log messages to. If this option
110
+ # is not set, logging will be disabled.
111
+ #
112
+ # @option options [String] :profile ("default")
113
+ # Used when loading credentials from the shared credentials file
114
+ # at HOME/.aws/credentials. When not specified, 'default' is used.
115
+ #
116
+ # @option options [Integer] :retry_limit (3)
117
+ # The maximum number of times to retry failed requests. Only
118
+ # ~ 500 level server errors and certain ~ 400 level client errors
119
+ # are retried. Generally, these are throttling errors, data
120
+ # checksum errors, networking errors, timeout errors and auth
121
+ # errors from expired credentials.
122
+ #
123
+ # @option options [String] :secret_access_key
124
+ #
125
+ # @option options [String] :session_token
126
+ #
127
+ # @option options [Boolean] :simple_json (false)
128
+ # Disables request parameter conversion, validation, and formatting.
129
+ # Also disable response data type conversions. This option is useful
130
+ # when you want to ensure the highest level of performance by
131
+ # avoiding overhead of walking request parameters and response data
132
+ # structures.
133
+ #
134
+ # When `:simple_json` is enabled, the request parameters hash must
135
+ # be formatted exactly as the DynamoDB API expects.
136
+ #
137
+ # @option options [Boolean] :stub_responses (false)
138
+ # Causes the client to return stubbed responses. By default
139
+ # fake responses are generated and returned. You can specify
140
+ # the response data to return or errors to raise by calling
141
+ # {ClientStubs#stub_responses}. See {ClientStubs} for more information.
142
+ #
143
+ # ** Please note ** When response stubbing is enabled, no HTTP
144
+ # requests are made, and retries are disabled.
145
+ #
146
+ # @option options [Boolean] :validate_params (true)
147
+ # When `true`, request parameters are validated before
148
+ # sending the request.
149
+ #
150
+ def initialize(*args)
151
+ super
152
+ end
153
+
154
+ # @!group API Operations
155
+
156
+ # Sends a response to the originator of a handshake agreeing to the
157
+ # action proposed by the handshake request.
158
+ #
159
+ # This operation can be called only by the following principals when
160
+ # they also have the relevant IAM permissions:
161
+ #
162
+ # * **Invitation to join** or **Approve all features request**
163
+ # handshakes: only a principal from the member account.
164
+ #
165
+ # * **Enable all features final confirmation** handshake: only a
166
+ # principal from the master account.
167
+ #
168
+ # For more information about invitations, see [Inviting an AWS Account
169
+ # to Join Your Organization][1] in the *AWS Organizations User Guide*.
170
+ # For more information about requests to enable all features in the
171
+ # organization, see [Enabling All Features in Your Organization][2] in
172
+ # the *AWS Organizations User Guide*.
173
+ #
174
+ #
175
+ #
176
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html
177
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
178
+ #
179
+ # @option params [required, String] :handshake_id
180
+ # The unique identifier (ID) of the handshake that you want to accept.
181
+ #
182
+ # The [regex pattern][1] for handshake ID string requires "h-"
183
+ # followed by from 8 to 32 lower-case letters or digits.
184
+ #
185
+ #
186
+ #
187
+ # [1]: http://wikipedia.org/wiki/regex
188
+ #
189
+ # @return [Types::AcceptHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
190
+ #
191
+ # * {Types::AcceptHandshakeResponse#handshake #handshake} => Types::Handshake
192
+ #
193
+ # @example Request syntax with placeholder values
194
+ #
195
+ # resp = client.accept_handshake({
196
+ # handshake_id: "HandshakeId", # required
197
+ # })
198
+ #
199
+ # @example Response structure
200
+ #
201
+ # resp.handshake.id #=> String
202
+ # resp.handshake.arn #=> String
203
+ # resp.handshake.parties #=> Array
204
+ # resp.handshake.parties[0].id #=> String
205
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
206
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
207
+ # resp.handshake.requested_timestamp #=> Time
208
+ # resp.handshake.expiration_timestamp #=> Time
209
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
210
+ # resp.handshake.resources #=> Array
211
+ # resp.handshake.resources[0].value #=> String
212
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
213
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
214
+ #
215
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake AWS API Documentation
216
+ #
217
+ # @overload accept_handshake(params = {})
218
+ # @param [Hash] params ({})
219
+ def accept_handshake(params = {}, options = {})
220
+ req = build_request(:accept_handshake, params)
221
+ req.send_request(options)
222
+ end
223
+
224
+ # Attaches a policy to a root, an organizational unit, or an individual
225
+ # account. How the policy affects accounts depends on the type of
226
+ # policy:
227
+ #
228
+ # * **Service control policy (SCP)** - An SCP specifies what permissions
229
+ # can be delegated to users in affected member accounts. The scope of
230
+ # influence for a policy depends on what you attach the policy to:
231
+ #
232
+ # * If you attach an SCP to a root, it affects all accounts in the
233
+ # organization.
234
+ #
235
+ # * If you attach an SCP to an OU, it affects all accounts in that OU
236
+ # and in any child OUs.
237
+ #
238
+ # * If you attach the policy directly to an account, then it affects
239
+ # only that account.
240
+ #
241
+ # SCPs essentially are permission "filters". When you attach one SCP
242
+ # to a higher level root or OU, and you also attach a different SCP to
243
+ # a child OU or to an account, the child policy can further restrict
244
+ # only the permissions that pass through the parent filter and are
245
+ # available to the child. An SCP that is attached to a child cannot
246
+ # grant a permission that is not already granted by the parent. For
247
+ # example, imagine that the parent SCP allows permissions A, B, C, D,
248
+ # and E. The child SCP allows C, D, E, F, and G. The result is that
249
+ # the accounts affected by the child SCP are allowed to use only C, D,
250
+ # and E. They cannot use A or B because they were filtered out by the
251
+ # child OU. They also cannot use F and G because they were filtered
252
+ # out by the parent OU. They cannot be granted back by the child SCP;
253
+ # child SCPs can only filter the permissions they receive from the
254
+ # parent SCP.
255
+ #
256
+ # AWS Organizations attaches a default SCP named `"FullAWSAccess` to
257
+ # every root, OU, and account. This default SCP allows all services
258
+ # and actions, enabling any new child OU or account to inherit the
259
+ # permissions of the parent root or OU. If you detach the default
260
+ # policy, you must replace it with a policy that specifies the
261
+ # permissions that you want to allow in that OU or account.
262
+ #
263
+ # For more information about how Organizations policies permissions
264
+ # work, see [Using Service Control Policies][1] in the *AWS
265
+ # Organizations User Guide*.
266
+ #
267
+ # This operation can be called only from the organization's master
268
+ # account.
269
+ #
270
+ #
271
+ #
272
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
273
+ #
274
+ # @option params [required, String] :policy_id
275
+ # The unique identifier (ID) of the policy that you want to attach to
276
+ # the target. You can get the ID for the policy by calling the
277
+ # ListPolicies operation.
278
+ #
279
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
280
+ # by from 8 to 128 lower-case letters or digits.
281
+ #
282
+ #
283
+ #
284
+ # [1]: http://wikipedia.org/wiki/regex
285
+ #
286
+ # @option params [required, String] :target_id
287
+ # The unique identifier (ID) of the root, OU, or account that you want
288
+ # to attach the policy to. You can get the ID by calling the ListRoots,
289
+ # ListOrganizationalUnitsForParent, or ListAccounts operations.
290
+ #
291
+ # The [regex pattern][1] for a target ID string requires one of the
292
+ # following:
293
+ #
294
+ # * Root: a string that begins with "r-" followed by from 4 to 32
295
+ # lower-case letters or digits.
296
+ #
297
+ # * Account: a string that consists of exactly 12 digits.
298
+ #
299
+ # * Organizational unit (OU): a string that begins with "ou-" followed
300
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
301
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
302
+ # additional lower-case letters or digits.
303
+ #
304
+ #
305
+ #
306
+ # [1]: http://wikipedia.org/wiki/regex
307
+ #
308
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
309
+ #
310
+ # @example Request syntax with placeholder values
311
+ #
312
+ # resp = client.attach_policy({
313
+ # policy_id: "PolicyId", # required
314
+ # target_id: "PolicyTargetId", # required
315
+ # })
316
+ #
317
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy AWS API Documentation
318
+ #
319
+ # @overload attach_policy(params = {})
320
+ # @param [Hash] params ({})
321
+ def attach_policy(params = {}, options = {})
322
+ req = build_request(:attach_policy, params)
323
+ req.send_request(options)
324
+ end
325
+
326
+ # Cancels a handshake. Canceling a handshake sets the handshake state to
327
+ # `CANCELED`.
328
+ #
329
+ # This operation can be called only from the account that originated the
330
+ # handshake. The recipient of the handshake can't cancel it, but can
331
+ # use DeclineHandshake instead. After a handshake is canceled, the
332
+ # recipient can no longer respond to that handshake.
333
+ #
334
+ # @option params [required, String] :handshake_id
335
+ # The unique identifier (ID) of the handshake that you want to cancel.
336
+ # You can get the ID from the ListHandshakesForOrganization operation.
337
+ #
338
+ # The [regex pattern][1] for handshake ID string requires "h-"
339
+ # followed by from 8 to 32 lower-case letters or digits.
340
+ #
341
+ #
342
+ #
343
+ # [1]: http://wikipedia.org/wiki/regex
344
+ #
345
+ # @return [Types::CancelHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
346
+ #
347
+ # * {Types::CancelHandshakeResponse#handshake #handshake} => Types::Handshake
348
+ #
349
+ # @example Request syntax with placeholder values
350
+ #
351
+ # resp = client.cancel_handshake({
352
+ # handshake_id: "HandshakeId", # required
353
+ # })
354
+ #
355
+ # @example Response structure
356
+ #
357
+ # resp.handshake.id #=> String
358
+ # resp.handshake.arn #=> String
359
+ # resp.handshake.parties #=> Array
360
+ # resp.handshake.parties[0].id #=> String
361
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
362
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
363
+ # resp.handshake.requested_timestamp #=> Time
364
+ # resp.handshake.expiration_timestamp #=> Time
365
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
366
+ # resp.handshake.resources #=> Array
367
+ # resp.handshake.resources[0].value #=> String
368
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
369
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
370
+ #
371
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake AWS API Documentation
372
+ #
373
+ # @overload cancel_handshake(params = {})
374
+ # @param [Hash] params ({})
375
+ def cancel_handshake(params = {}, options = {})
376
+ req = build_request(:cancel_handshake, params)
377
+ req.send_request(options)
378
+ end
379
+
380
+ # Creates an AWS account that is automatically a member of the
381
+ # organization whose credentials made the request. This is an
382
+ # asynchronous request that AWS performs in the background. If you want
383
+ # to check the status of the request later, you need the `OperationId`
384
+ # response element from this operation to provide as a parameter to the
385
+ # DescribeCreateAccountStatus operation.
386
+ #
387
+ # AWS Organizations preconfigures the new member account with a role
388
+ # (named `OrganizationAccountAccessRole` by default) that grants
389
+ # administrator permissions to the new account. Principals in the master
390
+ # account can assume the role. AWS Organizations clones the company name
391
+ # and address information for the new account from the organization's
392
+ # master account.
393
+ #
394
+ # For more information about creating accounts, see [Creating an AWS
395
+ # Account in Your Organization][1] in the *AWS Organizations User
396
+ # Guide*.
397
+ #
398
+ # You cannot remove accounts that are created with this operation from
399
+ # an organization. That also means that you cannot delete an
400
+ # organization that contains an account that is created with this
401
+ # operation.
402
+ #
403
+ # <note markdown="1"> When you create a member account with this operation, the account is
404
+ # created with the **IAM User and Role Access to Billing Information**
405
+ # switch enabled. This allows IAM users and roles that are granted
406
+ # appropriate permissions to view billing information. If this is
407
+ # disabled, then only the account root user can access billing
408
+ # information. For information about how to disable this for an account,
409
+ # see [Granting Access to Your Billing Information and Tools][2].
410
+ #
411
+ # </note>
412
+ #
413
+ # This operation can be called only from the organization's master
414
+ # account.
415
+ #
416
+ #
417
+ #
418
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
419
+ # [2]: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
420
+ #
421
+ # @option params [required, String] :email
422
+ # The email address of the owner to assign to the new member account.
423
+ # This email address must not already be associated with another AWS
424
+ # account.
425
+ #
426
+ # @option params [required, String] :account_name
427
+ # The friendly name of the member account.
428
+ #
429
+ # @option params [String] :role_name
430
+ # (Optional)
431
+ #
432
+ # The name of an IAM role that Organizations automatically preconfigures
433
+ # in the new member account. This role trusts the master account,
434
+ # allowing users in the master account to assume the role, as permitted
435
+ # by the master account administrator. The role has administrator
436
+ # permissions in the new member account.
437
+ #
438
+ # If you do not specify this parameter, the role name defaults to
439
+ # `OrganizationAccountAccessRole`.
440
+ #
441
+ # For more information about how to use this role to access the member
442
+ # account, see [Accessing and Administering the Member Accounts in Your
443
+ # Organization][1] in the *AWS Organizations User Guide*, and steps 2
444
+ # and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
445
+ # Roles][2] in the *IAM User Guide*.
446
+ #
447
+ # The [regex pattern][3] that is used to validate this parameter is a
448
+ # string of characters that can consist of uppercase letters, lowercase
449
+ # letters, digits with no spaces, and any of the following characters:
450
+ # =,.@-
451
+ #
452
+ #
453
+ #
454
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
455
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
456
+ # [3]: http://wikipedia.org/wiki/regex
457
+ #
458
+ # @option params [String] :iam_user_access_to_billing
459
+ # If set to `ALLOW`, the new account enables IAM users to access account
460
+ # billing information *if* they have the required permissions. If set to
461
+ # `DENY`, then only the root user of the new account can access account
462
+ # billing information. For more information, see [Activating Access to
463
+ # the Billing and Cost Management Console][1] in the *AWS Billing and
464
+ # Cost Management User Guide*.
465
+ #
466
+ #
467
+ #
468
+ # [1]: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
469
+ #
470
+ # @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
471
+ #
472
+ # * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
473
+ #
474
+ # @example Request syntax with placeholder values
475
+ #
476
+ # resp = client.create_account({
477
+ # email: "Email", # required
478
+ # account_name: "AccountName", # required
479
+ # role_name: "RoleName",
480
+ # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
481
+ # })
482
+ #
483
+ # @example Response structure
484
+ #
485
+ # resp.create_account_status.id #=> String
486
+ # resp.create_account_status.account_name #=> String
487
+ # resp.create_account_status.state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
488
+ # resp.create_account_status.requested_timestamp #=> Time
489
+ # resp.create_account_status.completed_timestamp #=> Time
490
+ # resp.create_account_status.account_id #=> String
491
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
492
+ #
493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
494
+ #
495
+ # @overload create_account(params = {})
496
+ # @param [Hash] params ({})
497
+ def create_account(params = {}, options = {})
498
+ req = build_request(:create_account, params)
499
+ req.send_request(options)
500
+ end
501
+
502
+ # Creates an AWS organization. The account whose user is calling the
503
+ # CreateOrganization operation automatically becomes the [master
504
+ # account][1] of the new organization.
505
+ #
506
+ # This operation must be called using credentials from the account that
507
+ # is to become the new organization's master account. The principal
508
+ # must also have the relevant IAM permissions.
509
+ #
510
+ # By default (or if you set the `FeatureSet` parameter to `ALL`), the
511
+ # new organization is created with all features enabled and service
512
+ # control policies automatically enabled in the root. If you instead
513
+ # choose to create the organization supporting only the consolidated
514
+ # billing features by setting the `FeatureSet` parameter to
515
+ # `CONSOLIDATED_BILLING"`, then no policy types are enabled by default
516
+ # and you cannot use organization policies.
517
+ #
518
+ #
519
+ #
520
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account
521
+ #
522
+ # @option params [String] :feature_set
523
+ # Specifies the feature set supported by the new organization. Each
524
+ # feature set supports different levels of functionality.
525
+ #
526
+ # * *CONSOLIDATED\_BILLING*\: All member accounts have their bills
527
+ # consolidated to and paid by the master account. For more
528
+ # information, see [Consolidated Billing][1] in the *AWS Organizations
529
+ # User Guide*.
530
+ #
531
+ # * *ALL*\: In addition to all the features supported by the
532
+ # consolidated billing feature set, the master account can also apply
533
+ # any type of policy to any member account in the organization. For
534
+ # more information, see [All features][2] in the *AWS Organizations
535
+ # User Guide*.
536
+ #
537
+ #
538
+ #
539
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only
540
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all
541
+ #
542
+ # @return [Types::CreateOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
543
+ #
544
+ # * {Types::CreateOrganizationResponse#organization #organization} => Types::Organization
545
+ #
546
+ # @example Request syntax with placeholder values
547
+ #
548
+ # resp = client.create_organization({
549
+ # feature_set: "ALL", # accepts ALL, CONSOLIDATED_BILLING
550
+ # })
551
+ #
552
+ # @example Response structure
553
+ #
554
+ # resp.organization.id #=> String
555
+ # resp.organization.arn #=> String
556
+ # resp.organization.feature_set #=> String, one of "ALL", "CONSOLIDATED_BILLING"
557
+ # resp.organization.master_account_arn #=> String
558
+ # resp.organization.master_account_id #=> String
559
+ # resp.organization.master_account_email #=> String
560
+ # resp.organization.available_policy_types #=> Array
561
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
562
+ # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
563
+ #
564
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
565
+ #
566
+ # @overload create_organization(params = {})
567
+ # @param [Hash] params ({})
568
+ def create_organization(params = {}, options = {})
569
+ req = build_request(:create_organization, params)
570
+ req.send_request(options)
571
+ end
572
+
573
+ # Creates an organizational unit (OU) within a root or parent OU. An OU
574
+ # is a container for accounts that enables you to organize your accounts
575
+ # to apply policies according to your business requirements. The number
576
+ # of levels deep that you can nest OUs is dependent upon the policy
577
+ # types enabled for that root. For service control policies, the limit
578
+ # is five.
579
+ #
580
+ # For more information about OUs, see [Managing Organizational Units][1]
581
+ # in the *AWS Organizations User Guide*.
582
+ #
583
+ # This operation can be called only from the organization's master
584
+ # account.
585
+ #
586
+ #
587
+ #
588
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
589
+ #
590
+ # @option params [required, String] :parent_id
591
+ # The unique identifier (ID) of the parent root or OU in which you want
592
+ # to create the new OU.
593
+ #
594
+ # The [regex pattern][1] for a parent ID string requires one of the
595
+ # following:
596
+ #
597
+ # * Root: a string that begins with "r-" followed by from 4 to 32
598
+ # lower-case letters or digits.
599
+ #
600
+ # * Organizational unit (OU): a string that begins with "ou-" followed
601
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
602
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
603
+ # additional lower-case letters or digits.
604
+ #
605
+ #
606
+ #
607
+ # [1]: http://wikipedia.org/wiki/regex
608
+ #
609
+ # @option params [required, String] :name
610
+ # The friendly name to assign to the new OU.
611
+ #
612
+ # @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
613
+ #
614
+ # * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
615
+ #
616
+ # @example Request syntax with placeholder values
617
+ #
618
+ # resp = client.create_organizational_unit({
619
+ # parent_id: "ParentId", # required
620
+ # name: "OrganizationalUnitName", # required
621
+ # })
622
+ #
623
+ # @example Response structure
624
+ #
625
+ # resp.organizational_unit.id #=> String
626
+ # resp.organizational_unit.arn #=> String
627
+ # resp.organizational_unit.name #=> String
628
+ #
629
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit AWS API Documentation
630
+ #
631
+ # @overload create_organizational_unit(params = {})
632
+ # @param [Hash] params ({})
633
+ def create_organizational_unit(params = {}, options = {})
634
+ req = build_request(:create_organizational_unit, params)
635
+ req.send_request(options)
636
+ end
637
+
638
+ # Creates a policy of a specified type that you can attach to a root, an
639
+ # organizational unit (OU), or an individual AWS account.
640
+ #
641
+ # For more information about policies and their use, see [Managing
642
+ # Organization Policies][1].
643
+ #
644
+ # This operation can be called only from the organization's master
645
+ # account.
646
+ #
647
+ #
648
+ #
649
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
650
+ #
651
+ # @option params [required, String] :content
652
+ # The policy content to add to the new policy. For example, if you
653
+ # create a [service control policy][1] (SCP), this string must be JSON
654
+ # text that specifies the permissions that admins in attached accounts
655
+ # can delegate to their users, groups, and roles. For more information
656
+ # about the SCP syntax, see [Service Control Policy Syntax][2] in the
657
+ # *AWS Organizations User Guide*.
658
+ #
659
+ #
660
+ #
661
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
662
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
663
+ #
664
+ # @option params [required, String] :description
665
+ # An optional description to assign to the policy.
666
+ #
667
+ # @option params [required, String] :name
668
+ # The friendly name to assign to the policy.
669
+ #
670
+ # The [regex pattern][1] that is used to validate this parameter is a
671
+ # string of any of the characters in the ASCII character range.
672
+ #
673
+ #
674
+ #
675
+ # [1]: http://wikipedia.org/wiki/regex
676
+ #
677
+ # @option params [required, String] :type
678
+ # The type of policy to create.
679
+ #
680
+ # <note markdown="1"> In the current release, the only type of policy that you can create is
681
+ # a service control policy (SCP).
682
+ #
683
+ # </note>
684
+ #
685
+ # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
686
+ #
687
+ # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
688
+ #
689
+ # @example Request syntax with placeholder values
690
+ #
691
+ # resp = client.create_policy({
692
+ # content: "PolicyContent", # required
693
+ # description: "PolicyDescription", # required
694
+ # name: "PolicyName", # required
695
+ # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
696
+ # })
697
+ #
698
+ # @example Response structure
699
+ #
700
+ # resp.policy.policy_summary.id #=> String
701
+ # resp.policy.policy_summary.arn #=> String
702
+ # resp.policy.policy_summary.name #=> String
703
+ # resp.policy.policy_summary.description #=> String
704
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
705
+ # resp.policy.policy_summary.aws_managed #=> Boolean
706
+ # resp.policy.content #=> String
707
+ #
708
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy AWS API Documentation
709
+ #
710
+ # @overload create_policy(params = {})
711
+ # @param [Hash] params ({})
712
+ def create_policy(params = {}, options = {})
713
+ req = build_request(:create_policy, params)
714
+ req.send_request(options)
715
+ end
716
+
717
+ # Declines a handshake request. This sets the handshake state to
718
+ # `DECLINED` and effectively deactivates the request.
719
+ #
720
+ # This operation can be called only from the account that received the
721
+ # handshake. The originator of the handshake can use CancelHandshake
722
+ # instead. The originator can't reactivate a declined request, but can
723
+ # re-initiate the process with a new handshake request.
724
+ #
725
+ # @option params [required, String] :handshake_id
726
+ # The unique identifier (ID) of the handshake that you want to decline.
727
+ # You can get the ID from the ListHandshakesForAccount operation.
728
+ #
729
+ # The [regex pattern][1] for handshake ID string requires "h-"
730
+ # followed by from 8 to 32 lower-case letters or digits.
731
+ #
732
+ #
733
+ #
734
+ # [1]: http://wikipedia.org/wiki/regex
735
+ #
736
+ # @return [Types::DeclineHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
737
+ #
738
+ # * {Types::DeclineHandshakeResponse#handshake #handshake} => Types::Handshake
739
+ #
740
+ # @example Request syntax with placeholder values
741
+ #
742
+ # resp = client.decline_handshake({
743
+ # handshake_id: "HandshakeId", # required
744
+ # })
745
+ #
746
+ # @example Response structure
747
+ #
748
+ # resp.handshake.id #=> String
749
+ # resp.handshake.arn #=> String
750
+ # resp.handshake.parties #=> Array
751
+ # resp.handshake.parties[0].id #=> String
752
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
753
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
754
+ # resp.handshake.requested_timestamp #=> Time
755
+ # resp.handshake.expiration_timestamp #=> Time
756
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
757
+ # resp.handshake.resources #=> Array
758
+ # resp.handshake.resources[0].value #=> String
759
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
760
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
761
+ #
762
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake AWS API Documentation
763
+ #
764
+ # @overload decline_handshake(params = {})
765
+ # @param [Hash] params ({})
766
+ def decline_handshake(params = {}, options = {})
767
+ req = build_request(:decline_handshake, params)
768
+ req.send_request(options)
769
+ end
770
+
771
+ # Deletes the organization. You can delete an organization only by using
772
+ # credentials from the master account. The organization must be empty of
773
+ # member accounts, OUs, and policies.
774
+ #
775
+ # If you create any accounts using Organizations operations or the
776
+ # Organizations console, you can't remove those accounts from the
777
+ # organization, which means that you can't delete the organization.
778
+ #
779
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
780
+ #
781
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization AWS API Documentation
782
+ #
783
+ # @overload delete_organization(params = {})
784
+ # @param [Hash] params ({})
785
+ def delete_organization(params = {}, options = {})
786
+ req = build_request(:delete_organization, params)
787
+ req.send_request(options)
788
+ end
789
+
790
+ # Deletes an organizational unit from a root or another OU. You must
791
+ # first remove all accounts and child OUs from the OU that you want to
792
+ # delete.
793
+ #
794
+ # This operation can be called only from the organization's master
795
+ # account.
796
+ #
797
+ # @option params [required, String] :organizational_unit_id
798
+ # The unique identifier (ID) of the organizational unit that you want to
799
+ # delete. You can get the ID from the ListOrganizationalUnitsForParent
800
+ # operation.
801
+ #
802
+ # The [regex pattern][1] for an organizational unit ID string requires
803
+ # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
804
+ # of the root that contains the OU) followed by a second "-" dash and
805
+ # from 8 to 32 additional lower-case letters or digits.
806
+ #
807
+ #
808
+ #
809
+ # [1]: http://wikipedia.org/wiki/regex
810
+ #
811
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
812
+ #
813
+ # @example Request syntax with placeholder values
814
+ #
815
+ # resp = client.delete_organizational_unit({
816
+ # organizational_unit_id: "OrganizationalUnitId", # required
817
+ # })
818
+ #
819
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit AWS API Documentation
820
+ #
821
+ # @overload delete_organizational_unit(params = {})
822
+ # @param [Hash] params ({})
823
+ def delete_organizational_unit(params = {}, options = {})
824
+ req = build_request(:delete_organizational_unit, params)
825
+ req.send_request(options)
826
+ end
827
+
828
+ # Deletes the specified policy from your organization. Before you
829
+ # perform this operation, you must first detach the policy from all OUs,
830
+ # roots, and accounts.
831
+ #
832
+ # This operation can be called only from the organization's master
833
+ # account.
834
+ #
835
+ # @option params [required, String] :policy_id
836
+ # The unique identifier (ID) of the policy that you want to delete. You
837
+ # can get the ID from the ListPolicies or ListPoliciesForTarget
838
+ # operations.
839
+ #
840
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
841
+ # by from 8 to 128 lower-case letters or digits.
842
+ #
843
+ #
844
+ #
845
+ # [1]: http://wikipedia.org/wiki/regex
846
+ #
847
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
848
+ #
849
+ # @example Request syntax with placeholder values
850
+ #
851
+ # resp = client.delete_policy({
852
+ # policy_id: "PolicyId", # required
853
+ # })
854
+ #
855
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy AWS API Documentation
856
+ #
857
+ # @overload delete_policy(params = {})
858
+ # @param [Hash] params ({})
859
+ def delete_policy(params = {}, options = {})
860
+ req = build_request(:delete_policy, params)
861
+ req.send_request(options)
862
+ end
863
+
864
+ # Retrieves Organizations-related information about the specified
865
+ # account.
866
+ #
867
+ # This operation can be called only from the organization's master
868
+ # account.
869
+ #
870
+ # @option params [required, String] :account_id
871
+ # The unique identifier (ID) of the AWS account that you want
872
+ # information about. You can get the ID from the ListAccounts or
873
+ # ListAccountsForParent operations.
874
+ #
875
+ # The [regex pattern][1] for an account ID string requires exactly 12
876
+ # digits.
877
+ #
878
+ #
879
+ #
880
+ # [1]: http://wikipedia.org/wiki/regex
881
+ #
882
+ # @return [Types::DescribeAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
883
+ #
884
+ # * {Types::DescribeAccountResponse#account #account} => Types::Account
885
+ #
886
+ # @example Request syntax with placeholder values
887
+ #
888
+ # resp = client.describe_account({
889
+ # account_id: "AccountId", # required
890
+ # })
891
+ #
892
+ # @example Response structure
893
+ #
894
+ # resp.account.id #=> String
895
+ # resp.account.arn #=> String
896
+ # resp.account.name #=> String
897
+ # resp.account.status #=> String, one of "ACTIVE", "SUSPENDED"
898
+ # resp.account.joined_method #=> String, one of "INVITED", "CREATED"
899
+ # resp.account.joined_timestamp #=> Time
900
+ #
901
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount AWS API Documentation
902
+ #
903
+ # @overload describe_account(params = {})
904
+ # @param [Hash] params ({})
905
+ def describe_account(params = {}, options = {})
906
+ req = build_request(:describe_account, params)
907
+ req.send_request(options)
908
+ end
909
+
910
+ # Retrieves the current status of an asynchronous request to create an
911
+ # account.
912
+ #
913
+ # This operation can be called only from the organization's master
914
+ # account.
915
+ #
916
+ # @option params [required, String] :create_account_request_id
917
+ # Specifies the `operationId` that uniquely identifies the request. You
918
+ # can get the ID from the response to an earlier CreateAccount request,
919
+ # or from the ListCreateAccountStatus operation.
920
+ #
921
+ # The [regex pattern][1] for an create account request ID string
922
+ # requires "car-" followed by from 8 to 32 lower-case letters or
923
+ # digits.
924
+ #
925
+ #
926
+ #
927
+ # [1]: http://wikipedia.org/wiki/regex
928
+ #
929
+ # @return [Types::DescribeCreateAccountStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
930
+ #
931
+ # * {Types::DescribeCreateAccountStatusResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
932
+ #
933
+ # @example Request syntax with placeholder values
934
+ #
935
+ # resp = client.describe_create_account_status({
936
+ # create_account_request_id: "CreateAccountRequestId", # required
937
+ # })
938
+ #
939
+ # @example Response structure
940
+ #
941
+ # resp.create_account_status.id #=> String
942
+ # resp.create_account_status.account_name #=> String
943
+ # resp.create_account_status.state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
944
+ # resp.create_account_status.requested_timestamp #=> Time
945
+ # resp.create_account_status.completed_timestamp #=> Time
946
+ # resp.create_account_status.account_id #=> String
947
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
948
+ #
949
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
950
+ #
951
+ # @overload describe_create_account_status(params = {})
952
+ # @param [Hash] params ({})
953
+ def describe_create_account_status(params = {}, options = {})
954
+ req = build_request(:describe_create_account_status, params)
955
+ req.send_request(options)
956
+ end
957
+
958
+ # Retrieves information about a previously requested handshake. The
959
+ # handshake ID comes from the response to the original
960
+ # InviteAccountToOrganization operation that generated the handshake.
961
+ #
962
+ # This operation can be called from any account in the organization.
963
+ #
964
+ # @option params [required, String] :handshake_id
965
+ # The unique identifier (ID) of the handshake that you want information
966
+ # about. You can get the ID from the original call to
967
+ # InviteAccountToOrganization, or from a call to
968
+ # ListHandshakesForAccount or ListHandshakesForOrganization.
969
+ #
970
+ # The [regex pattern][1] for handshake ID string requires "h-"
971
+ # followed by from 8 to 32 lower-case letters or digits.
972
+ #
973
+ #
974
+ #
975
+ # [1]: http://wikipedia.org/wiki/regex
976
+ #
977
+ # @return [Types::DescribeHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
978
+ #
979
+ # * {Types::DescribeHandshakeResponse#handshake #handshake} => Types::Handshake
980
+ #
981
+ # @example Request syntax with placeholder values
982
+ #
983
+ # resp = client.describe_handshake({
984
+ # handshake_id: "HandshakeId", # required
985
+ # })
986
+ #
987
+ # @example Response structure
988
+ #
989
+ # resp.handshake.id #=> String
990
+ # resp.handshake.arn #=> String
991
+ # resp.handshake.parties #=> Array
992
+ # resp.handshake.parties[0].id #=> String
993
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
994
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
995
+ # resp.handshake.requested_timestamp #=> Time
996
+ # resp.handshake.expiration_timestamp #=> Time
997
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
998
+ # resp.handshake.resources #=> Array
999
+ # resp.handshake.resources[0].value #=> String
1000
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
1001
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
1002
+ #
1003
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake AWS API Documentation
1004
+ #
1005
+ # @overload describe_handshake(params = {})
1006
+ # @param [Hash] params ({})
1007
+ def describe_handshake(params = {}, options = {})
1008
+ req = build_request(:describe_handshake, params)
1009
+ req.send_request(options)
1010
+ end
1011
+
1012
+ # Retrieves information about the organization that the user's account
1013
+ # belongs to.
1014
+ #
1015
+ # This operation can be called from any account in the organization.
1016
+ #
1017
+ # @return [Types::DescribeOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1018
+ #
1019
+ # * {Types::DescribeOrganizationResponse#organization #organization} => Types::Organization
1020
+ #
1021
+ # @example Response structure
1022
+ #
1023
+ # resp.organization.id #=> String
1024
+ # resp.organization.arn #=> String
1025
+ # resp.organization.feature_set #=> String, one of "ALL", "CONSOLIDATED_BILLING"
1026
+ # resp.organization.master_account_arn #=> String
1027
+ # resp.organization.master_account_id #=> String
1028
+ # resp.organization.master_account_email #=> String
1029
+ # resp.organization.available_policy_types #=> Array
1030
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1031
+ # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1032
+ #
1033
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
1034
+ #
1035
+ # @overload describe_organization(params = {})
1036
+ # @param [Hash] params ({})
1037
+ def describe_organization(params = {}, options = {})
1038
+ req = build_request(:describe_organization, params)
1039
+ req.send_request(options)
1040
+ end
1041
+
1042
+ # Retrieves information about an organizational unit (OU).
1043
+ #
1044
+ # This operation can be called only from the organization's master
1045
+ # account.
1046
+ #
1047
+ # @option params [required, String] :organizational_unit_id
1048
+ # The unique identifier (ID) of the organizational unit that you want
1049
+ # details about. You can get the ID from the
1050
+ # ListOrganizationalUnitsForParent operation.
1051
+ #
1052
+ # The [regex pattern][1] for an organizational unit ID string requires
1053
+ # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
1054
+ # of the root that contains the OU) followed by a second "-" dash and
1055
+ # from 8 to 32 additional lower-case letters or digits.
1056
+ #
1057
+ #
1058
+ #
1059
+ # [1]: http://wikipedia.org/wiki/regex
1060
+ #
1061
+ # @return [Types::DescribeOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1062
+ #
1063
+ # * {Types::DescribeOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
1064
+ #
1065
+ # @example Request syntax with placeholder values
1066
+ #
1067
+ # resp = client.describe_organizational_unit({
1068
+ # organizational_unit_id: "OrganizationalUnitId", # required
1069
+ # })
1070
+ #
1071
+ # @example Response structure
1072
+ #
1073
+ # resp.organizational_unit.id #=> String
1074
+ # resp.organizational_unit.arn #=> String
1075
+ # resp.organizational_unit.name #=> String
1076
+ #
1077
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit AWS API Documentation
1078
+ #
1079
+ # @overload describe_organizational_unit(params = {})
1080
+ # @param [Hash] params ({})
1081
+ def describe_organizational_unit(params = {}, options = {})
1082
+ req = build_request(:describe_organizational_unit, params)
1083
+ req.send_request(options)
1084
+ end
1085
+
1086
+ # Retrieves information about a policy.
1087
+ #
1088
+ # This operation can be called only from the organization's master
1089
+ # account.
1090
+ #
1091
+ # @option params [required, String] :policy_id
1092
+ # The unique identifier (ID) of the policy that you want details about.
1093
+ # You can get the ID from the ListPolicies or ListPoliciesForTarget
1094
+ # operations.
1095
+ #
1096
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
1097
+ # by from 8 to 128 lower-case letters or digits.
1098
+ #
1099
+ #
1100
+ #
1101
+ # [1]: http://wikipedia.org/wiki/regex
1102
+ #
1103
+ # @return [Types::DescribePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1104
+ #
1105
+ # * {Types::DescribePolicyResponse#policy #policy} => Types::Policy
1106
+ #
1107
+ # @example Request syntax with placeholder values
1108
+ #
1109
+ # resp = client.describe_policy({
1110
+ # policy_id: "PolicyId", # required
1111
+ # })
1112
+ #
1113
+ # @example Response structure
1114
+ #
1115
+ # resp.policy.policy_summary.id #=> String
1116
+ # resp.policy.policy_summary.arn #=> String
1117
+ # resp.policy.policy_summary.name #=> String
1118
+ # resp.policy.policy_summary.description #=> String
1119
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
1120
+ # resp.policy.policy_summary.aws_managed #=> Boolean
1121
+ # resp.policy.content #=> String
1122
+ #
1123
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy AWS API Documentation
1124
+ #
1125
+ # @overload describe_policy(params = {})
1126
+ # @param [Hash] params ({})
1127
+ def describe_policy(params = {}, options = {})
1128
+ req = build_request(:describe_policy, params)
1129
+ req.send_request(options)
1130
+ end
1131
+
1132
+ # Detaches a policy from a target root, organizational unit, or account.
1133
+ # If the policy being detached is a service control policy (SCP), the
1134
+ # changes to permissions for IAM users and roles in affected accounts
1135
+ # are immediate.
1136
+ #
1137
+ # **Note:** Every root, OU, and account must have at least one SCP
1138
+ # attached. If you want to replace the default `FullAWSAccess` policy
1139
+ # with one that limits the permissions that can be delegated, then you
1140
+ # must attach the replacement policy before you can remove the default
1141
+ # one. This is the authorization strategy of [whitelisting][1]. If you
1142
+ # instead attach a second SCP and leave the `FullAWSAccess` SCP still
1143
+ # attached, and specify `"Effect": "Deny"` in the second SCP to override
1144
+ # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
1145
+ # attached SCP), then you are using the authorization strategy of
1146
+ # [blacklisting][2].
1147
+ #
1148
+ # This operation can be called only from the organization's master
1149
+ # account.
1150
+ #
1151
+ #
1152
+ #
1153
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist
1154
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist
1155
+ #
1156
+ # @option params [required, String] :policy_id
1157
+ # The unique identifier (ID) of the policy you want to detach. You can
1158
+ # get the ID from the ListPolicies or ListPoliciesForTarget operations.
1159
+ #
1160
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
1161
+ # by from 8 to 128 lower-case letters or digits.
1162
+ #
1163
+ #
1164
+ #
1165
+ # [1]: http://wikipedia.org/wiki/regex
1166
+ #
1167
+ # @option params [required, String] :target_id
1168
+ # The unique identifier (ID) of the root, OU, or account from which you
1169
+ # want to detach the policy. You can get the ID from the ListRoots,
1170
+ # ListOrganizationalUnitsForParent, or ListAccounts operations.
1171
+ #
1172
+ # The [regex pattern][1] for a target ID string requires one of the
1173
+ # following:
1174
+ #
1175
+ # * Root: a string that begins with "r-" followed by from 4 to 32
1176
+ # lower-case letters or digits.
1177
+ #
1178
+ # * Account: a string that consists of exactly 12 digits.
1179
+ #
1180
+ # * Organizational unit (OU): a string that begins with "ou-" followed
1181
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
1182
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
1183
+ # additional lower-case letters or digits.
1184
+ #
1185
+ #
1186
+ #
1187
+ # [1]: http://wikipedia.org/wiki/regex
1188
+ #
1189
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1190
+ #
1191
+ # @example Request syntax with placeholder values
1192
+ #
1193
+ # resp = client.detach_policy({
1194
+ # policy_id: "PolicyId", # required
1195
+ # target_id: "PolicyTargetId", # required
1196
+ # })
1197
+ #
1198
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy AWS API Documentation
1199
+ #
1200
+ # @overload detach_policy(params = {})
1201
+ # @param [Hash] params ({})
1202
+ def detach_policy(params = {}, options = {})
1203
+ req = build_request(:detach_policy, params)
1204
+ req.send_request(options)
1205
+ end
1206
+
1207
+ # Disables an organizational control policy type in a root. A poicy of a
1208
+ # certain type can be attached to entities in a root only if that type
1209
+ # is enabled in the root. After you perform this operation, you no
1210
+ # longer can attach policies of the specified type to that root or to
1211
+ # any OU or account in that root. You can undo this by using the
1212
+ # EnablePolicyType operation.
1213
+ #
1214
+ # This operation can be called only from the organization's master
1215
+ # account.
1216
+ #
1217
+ # @option params [required, String] :root_id
1218
+ # The unique identifier (ID) of the root in which you want to disable a
1219
+ # policy type. You can get the ID from the ListPolicies operation.
1220
+ #
1221
+ # The [regex pattern][1] for a root ID string requires "r-" followed
1222
+ # by from 4 to 32 lower-case letters or digits.
1223
+ #
1224
+ #
1225
+ #
1226
+ # [1]: http://wikipedia.org/wiki/regex
1227
+ #
1228
+ # @option params [required, String] :policy_type
1229
+ # The policy type that you want to disable in this root.
1230
+ #
1231
+ # @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1232
+ #
1233
+ # * {Types::DisablePolicyTypeResponse#root #root} => Types::Root
1234
+ #
1235
+ # @example Request syntax with placeholder values
1236
+ #
1237
+ # resp = client.disable_policy_type({
1238
+ # root_id: "RootId", # required
1239
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
1240
+ # })
1241
+ #
1242
+ # @example Response structure
1243
+ #
1244
+ # resp.root.id #=> String
1245
+ # resp.root.arn #=> String
1246
+ # resp.root.name #=> String
1247
+ # resp.root.policy_types #=> Array
1248
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1249
+ # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1250
+ #
1251
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
1252
+ #
1253
+ # @overload disable_policy_type(params = {})
1254
+ # @param [Hash] params ({})
1255
+ def disable_policy_type(params = {}, options = {})
1256
+ req = build_request(:disable_policy_type, params)
1257
+ req.send_request(options)
1258
+ end
1259
+
1260
+ # Enables all features in an organization. This enables the use of
1261
+ # organization policies that can restrict the services and actions that
1262
+ # can be called in each account. Until you enable all features, you have
1263
+ # access only to consolidated billing, and you can't use any of the
1264
+ # advanced account administration features that AWS Organizations
1265
+ # supports. For more information, see [Enabling All Features in Your
1266
+ # Organization][1] in the *AWS Organizations User Guide*.
1267
+ #
1268
+ # This operation is required only for organizations that were created
1269
+ # explicitly with only the consolidated billing features enabled, or
1270
+ # that were migrated from a Consolidated Billing account family to
1271
+ # Organizations. Calling this operation sends a handshake to every
1272
+ # invited account in the organization. The feature set change can be
1273
+ # finalized and the additional features enabled only after all
1274
+ # administrators in the invited accounts approve the change by accepting
1275
+ # the handshake.
1276
+ #
1277
+ # After all invited member accounts accept the handshake, you finalize
1278
+ # the feature set change by accepting the handshake that contains
1279
+ # `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
1280
+ #
1281
+ # After you enable all features in your organization, the master account
1282
+ # in the organization can apply policies on all member accounts. These
1283
+ # policies can restrict what users and even administrators in those
1284
+ # accounts can do. The master account can apply policies that prevent
1285
+ # accounts from leaving the organization. Ensure that your account
1286
+ # administrators are aware of this.
1287
+ #
1288
+ # This operation can be called only from the organization's master
1289
+ # account.
1290
+ #
1291
+ #
1292
+ #
1293
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
1294
+ #
1295
+ # @return [Types::EnableAllFeaturesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1296
+ #
1297
+ # * {Types::EnableAllFeaturesResponse#handshake #handshake} => Types::Handshake
1298
+ #
1299
+ # @example Response structure
1300
+ #
1301
+ # resp.handshake.id #=> String
1302
+ # resp.handshake.arn #=> String
1303
+ # resp.handshake.parties #=> Array
1304
+ # resp.handshake.parties[0].id #=> String
1305
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
1306
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
1307
+ # resp.handshake.requested_timestamp #=> Time
1308
+ # resp.handshake.expiration_timestamp #=> Time
1309
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
1310
+ # resp.handshake.resources #=> Array
1311
+ # resp.handshake.resources[0].value #=> String
1312
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
1313
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
1314
+ #
1315
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures AWS API Documentation
1316
+ #
1317
+ # @overload enable_all_features(params = {})
1318
+ # @param [Hash] params ({})
1319
+ def enable_all_features(params = {}, options = {})
1320
+ req = build_request(:enable_all_features, params)
1321
+ req.send_request(options)
1322
+ end
1323
+
1324
+ # Enables a policy type in a root. After you enable a policy type in a
1325
+ # root, you can attach policies of that type to the root, any OU, or
1326
+ # account in that root. You can undo this by using the DisablePolicyType
1327
+ # operation.
1328
+ #
1329
+ # This operation can be called only from the organization's master
1330
+ # account.
1331
+ #
1332
+ # @option params [required, String] :root_id
1333
+ # The unique identifier (ID) of the root in which you want to enable a
1334
+ # policy type. You can get the ID from the ListRoots operation.
1335
+ #
1336
+ # The [regex pattern][1] for a root ID string requires "r-" followed
1337
+ # by from 4 to 32 lower-case letters or digits.
1338
+ #
1339
+ #
1340
+ #
1341
+ # [1]: http://wikipedia.org/wiki/regex
1342
+ #
1343
+ # @option params [required, String] :policy_type
1344
+ # The policy type that you want to enable.
1345
+ #
1346
+ # @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1347
+ #
1348
+ # * {Types::EnablePolicyTypeResponse#root #root} => Types::Root
1349
+ #
1350
+ # @example Request syntax with placeholder values
1351
+ #
1352
+ # resp = client.enable_policy_type({
1353
+ # root_id: "RootId", # required
1354
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
1355
+ # })
1356
+ #
1357
+ # @example Response structure
1358
+ #
1359
+ # resp.root.id #=> String
1360
+ # resp.root.arn #=> String
1361
+ # resp.root.name #=> String
1362
+ # resp.root.policy_types #=> Array
1363
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1364
+ # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1365
+ #
1366
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
1367
+ #
1368
+ # @overload enable_policy_type(params = {})
1369
+ # @param [Hash] params ({})
1370
+ def enable_policy_type(params = {}, options = {})
1371
+ req = build_request(:enable_policy_type, params)
1372
+ req.send_request(options)
1373
+ end
1374
+
1375
+ # Sends an invitation to another account to join your organization as a
1376
+ # member account. Organizations sends email on your behalf to the email
1377
+ # address that is associated with the other account's owner. The
1378
+ # invitation is implemented as a Handshake whose details are in the
1379
+ # response.
1380
+ #
1381
+ # This operation can be called only from the organization's master
1382
+ # account.
1383
+ #
1384
+ # @option params [required, Types::HandshakeParty] :target
1385
+ # The identifier (ID) of the AWS account that you want to invite to join
1386
+ # your organization. This is a JSON object that contains the following
1387
+ # elements:
1388
+ #
1389
+ # `\{ "Type": "ACCOUNT", "Id": "< account id number >" \}`
1390
+ #
1391
+ # If you use the AWS CLI, you can submit this as a single string,
1392
+ # similar to the following example:
1393
+ #
1394
+ # `--target id=123456789012,type=ACCOUNT`
1395
+ #
1396
+ # If you specify `"Type": "ACCOUNT"`, then you must provide the AWS
1397
+ # account ID number as the `Id`. If you specify `"Type": "EMAIL"`, then
1398
+ # you must specify the email address that is associated with the
1399
+ # account.
1400
+ #
1401
+ # `--target id=bill@example.com,type=EMAIL`
1402
+ #
1403
+ # @option params [String] :notes
1404
+ # Additional information that you want to include in the generated email
1405
+ # to the recipient account owner.
1406
+ #
1407
+ # @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1408
+ #
1409
+ # * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
1410
+ #
1411
+ # @example Request syntax with placeholder values
1412
+ #
1413
+ # resp = client.invite_account_to_organization({
1414
+ # target: { # required
1415
+ # id: "HandshakePartyId",
1416
+ # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, EMAIL
1417
+ # },
1418
+ # notes: "HandshakeNotes",
1419
+ # })
1420
+ #
1421
+ # @example Response structure
1422
+ #
1423
+ # resp.handshake.id #=> String
1424
+ # resp.handshake.arn #=> String
1425
+ # resp.handshake.parties #=> Array
1426
+ # resp.handshake.parties[0].id #=> String
1427
+ # resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
1428
+ # resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
1429
+ # resp.handshake.requested_timestamp #=> Time
1430
+ # resp.handshake.expiration_timestamp #=> Time
1431
+ # resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
1432
+ # resp.handshake.resources #=> Array
1433
+ # resp.handshake.resources[0].value #=> String
1434
+ # resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
1435
+ # resp.handshake.resources[0].resources #=> Types::HandshakeResources
1436
+ #
1437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization AWS API Documentation
1438
+ #
1439
+ # @overload invite_account_to_organization(params = {})
1440
+ # @param [Hash] params ({})
1441
+ def invite_account_to_organization(params = {}, options = {})
1442
+ req = build_request(:invite_account_to_organization, params)
1443
+ req.send_request(options)
1444
+ end
1445
+
1446
+ # Removes a member account from its parent organization. This version of
1447
+ # the operation is performed by the account that wants to leave. To
1448
+ # remove a member account as a user in the master account, use
1449
+ # RemoveAccountFromOrganization instead.
1450
+ #
1451
+ # This operation can be called only from a member account in the
1452
+ # organization.
1453
+ #
1454
+ # The master account in an organization with all features enabled can
1455
+ # set service control policies (SCPs) that can restrict what
1456
+ # administrators of member accounts can do, including preventing them
1457
+ # from successfully calling `LeaveOrganization` and leaving the
1458
+ # organization.
1459
+ #
1460
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1461
+ #
1462
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization AWS API Documentation
1463
+ #
1464
+ # @overload leave_organization(params = {})
1465
+ # @param [Hash] params ({})
1466
+ def leave_organization(params = {}, options = {})
1467
+ req = build_request(:leave_organization, params)
1468
+ req.send_request(options)
1469
+ end
1470
+
1471
+ # Lists all the accounts in the organization. To request only the
1472
+ # accounts in a root or OU, use the ListAccountsForParent operation
1473
+ # instead.
1474
+ #
1475
+ # This operation can be called only from the organization's master
1476
+ # account.
1477
+ #
1478
+ # @option params [String] :next_token
1479
+ # Use this parameter if you receive a `NextToken` response in a previous
1480
+ # request that indicates that there is more output available. Set it to
1481
+ # the value of the previous call's `NextToken` response to indicate
1482
+ # where the output should continue from.
1483
+ #
1484
+ # @option params [Integer] :max_results
1485
+ # (Optional) Use this to limit the number of results you want included
1486
+ # in the response. If you do not include this parameter, it defaults to
1487
+ # a value that is specific to the operation. If additional items exist
1488
+ # beyond the maximum you specify, the `NextToken` response element is
1489
+ # present and has a value (is not null). Include that value as the
1490
+ # `NextToken` request parameter in the next call to the operation to get
1491
+ # the next part of the results. Note that Organizations might return
1492
+ # fewer results than the maximum even when there are more results
1493
+ # available. You should check `NextToken` after every operation to
1494
+ # ensure that you receive all of the results.
1495
+ #
1496
+ # @return [Types::ListAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1497
+ #
1498
+ # * {Types::ListAccountsResponse#accounts #accounts} => Array&lt;Types::Account&gt;
1499
+ # * {Types::ListAccountsResponse#next_token #next_token} => String
1500
+ #
1501
+ # @example Request syntax with placeholder values
1502
+ #
1503
+ # resp = client.list_accounts({
1504
+ # next_token: "NextToken",
1505
+ # max_results: 1,
1506
+ # })
1507
+ #
1508
+ # @example Response structure
1509
+ #
1510
+ # resp.accounts #=> Array
1511
+ # resp.accounts[0].id #=> String
1512
+ # resp.accounts[0].arn #=> String
1513
+ # resp.accounts[0].name #=> String
1514
+ # resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
1515
+ # resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
1516
+ # resp.accounts[0].joined_timestamp #=> Time
1517
+ # resp.next_token #=> String
1518
+ #
1519
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts AWS API Documentation
1520
+ #
1521
+ # @overload list_accounts(params = {})
1522
+ # @param [Hash] params ({})
1523
+ def list_accounts(params = {}, options = {})
1524
+ req = build_request(:list_accounts, params)
1525
+ req.send_request(options)
1526
+ end
1527
+
1528
+ # Lists the accounts in an organization that are contained by the
1529
+ # specified target root or organizational unit (OU). If you specify the
1530
+ # root, you get a list of all the accounts that are not in any OU. If
1531
+ # you specify an OU, you get a list of all the accounts in only that OU,
1532
+ # and not in any child OUs. To get a list of all accounts in the
1533
+ # organization, use the ListAccounts operation.
1534
+ #
1535
+ # @option params [required, String] :parent_id
1536
+ # The unique identifier (ID) for the parent root or organization unit
1537
+ # (OU) whose accounts you want to list.
1538
+ #
1539
+ # @option params [String] :next_token
1540
+ # Use this parameter if you receive a `NextToken` response in a previous
1541
+ # request that indicates that there is more output available. Set it to
1542
+ # the value of the previous call's `NextToken` response to indicate
1543
+ # where the output should continue from.
1544
+ #
1545
+ # @option params [Integer] :max_results
1546
+ # (Optional) Use this to limit the number of results you want included
1547
+ # in the response. If you do not include this parameter, it defaults to
1548
+ # a value that is specific to the operation. If additional items exist
1549
+ # beyond the maximum you specify, the `NextToken` response element is
1550
+ # present and has a value (is not null). Include that value as the
1551
+ # `NextToken` request parameter in the next call to the operation to get
1552
+ # the next part of the results. Note that Organizations might return
1553
+ # fewer results than the maximum even when there are more results
1554
+ # available. You should check `NextToken` after every operation to
1555
+ # ensure that you receive all of the results.
1556
+ #
1557
+ # @return [Types::ListAccountsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1558
+ #
1559
+ # * {Types::ListAccountsForParentResponse#accounts #accounts} => Array&lt;Types::Account&gt;
1560
+ # * {Types::ListAccountsForParentResponse#next_token #next_token} => String
1561
+ #
1562
+ # @example Request syntax with placeholder values
1563
+ #
1564
+ # resp = client.list_accounts_for_parent({
1565
+ # parent_id: "ParentId", # required
1566
+ # next_token: "NextToken",
1567
+ # max_results: 1,
1568
+ # })
1569
+ #
1570
+ # @example Response structure
1571
+ #
1572
+ # resp.accounts #=> Array
1573
+ # resp.accounts[0].id #=> String
1574
+ # resp.accounts[0].arn #=> String
1575
+ # resp.accounts[0].name #=> String
1576
+ # resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
1577
+ # resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
1578
+ # resp.accounts[0].joined_timestamp #=> Time
1579
+ # resp.next_token #=> String
1580
+ #
1581
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent AWS API Documentation
1582
+ #
1583
+ # @overload list_accounts_for_parent(params = {})
1584
+ # @param [Hash] params ({})
1585
+ def list_accounts_for_parent(params = {}, options = {})
1586
+ req = build_request(:list_accounts_for_parent, params)
1587
+ req.send_request(options)
1588
+ end
1589
+
1590
+ # Lists all of the OUs or accounts that are contained in the specified
1591
+ # parent OU or root. This operation, along with ListParents enables you
1592
+ # to traverse the tree structure that makes up this root.
1593
+ #
1594
+ # @option params [required, String] :parent_id
1595
+ # The unique identifier (ID) for the parent root or OU whose children
1596
+ # you want to list.
1597
+ #
1598
+ # The [regex pattern][1] for a parent ID string requires one of the
1599
+ # following:
1600
+ #
1601
+ # * Root: a string that begins with "r-" followed by from 4 to 32
1602
+ # lower-case letters or digits.
1603
+ #
1604
+ # * Organizational unit (OU): a string that begins with "ou-" followed
1605
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
1606
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
1607
+ # additional lower-case letters or digits.
1608
+ #
1609
+ #
1610
+ #
1611
+ # [1]: http://wikipedia.org/wiki/regex
1612
+ #
1613
+ # @option params [required, String] :child_type
1614
+ # Filters the output to include only the specified child type.
1615
+ #
1616
+ # @option params [String] :next_token
1617
+ # Use this parameter if you receive a `NextToken` response in a previous
1618
+ # request that indicates that there is more output available. Set it to
1619
+ # the value of the previous call's `NextToken` response to indicate
1620
+ # where the output should continue from.
1621
+ #
1622
+ # @option params [Integer] :max_results
1623
+ # (Optional) Use this to limit the number of results you want included
1624
+ # in the response. If you do not include this parameter, it defaults to
1625
+ # a value that is specific to the operation. If additional items exist
1626
+ # beyond the maximum you specify, the `NextToken` response element is
1627
+ # present and has a value (is not null). Include that value as the
1628
+ # `NextToken` request parameter in the next call to the operation to get
1629
+ # the next part of the results. Note that Organizations might return
1630
+ # fewer results than the maximum even when there are more results
1631
+ # available. You should check `NextToken` after every operation to
1632
+ # ensure that you receive all of the results.
1633
+ #
1634
+ # @return [Types::ListChildrenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1635
+ #
1636
+ # * {Types::ListChildrenResponse#children #children} => Array&lt;Types::Child&gt;
1637
+ # * {Types::ListChildrenResponse#next_token #next_token} => String
1638
+ #
1639
+ # @example Request syntax with placeholder values
1640
+ #
1641
+ # resp = client.list_children({
1642
+ # parent_id: "ParentId", # required
1643
+ # child_type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATIONAL_UNIT
1644
+ # next_token: "NextToken",
1645
+ # max_results: 1,
1646
+ # })
1647
+ #
1648
+ # @example Response structure
1649
+ #
1650
+ # resp.children #=> Array
1651
+ # resp.children[0].id #=> String
1652
+ # resp.children[0].type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
1653
+ # resp.next_token #=> String
1654
+ #
1655
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren AWS API Documentation
1656
+ #
1657
+ # @overload list_children(params = {})
1658
+ # @param [Hash] params ({})
1659
+ def list_children(params = {}, options = {})
1660
+ req = build_request(:list_children, params)
1661
+ req.send_request(options)
1662
+ end
1663
+
1664
+ # Lists the account creation requests that match the specified status
1665
+ # that is currently being tracked for the organization.
1666
+ #
1667
+ # This operation can be called only from the organization's master
1668
+ # account.
1669
+ #
1670
+ # @option params [Array<String>] :states
1671
+ # A list of one or more states that you want included in the response.
1672
+ # If this parameter is not present, then all requests are included in
1673
+ # the response.
1674
+ #
1675
+ # @option params [String] :next_token
1676
+ # Use this parameter if you receive a `NextToken` response in a previous
1677
+ # request that indicates that there is more output available. Set it to
1678
+ # the value of the previous call's `NextToken` response to indicate
1679
+ # where the output should continue from.
1680
+ #
1681
+ # @option params [Integer] :max_results
1682
+ # (Optional) Use this to limit the number of results you want included
1683
+ # in the response. If you do not include this parameter, it defaults to
1684
+ # a value that is specific to the operation. If additional items exist
1685
+ # beyond the maximum you specify, the `NextToken` response element is
1686
+ # present and has a value (is not null). Include that value as the
1687
+ # `NextToken` request parameter in the next call to the operation to get
1688
+ # the next part of the results. Note that Organizations might return
1689
+ # fewer results than the maximum even when there are more results
1690
+ # available. You should check `NextToken` after every operation to
1691
+ # ensure that you receive all of the results.
1692
+ #
1693
+ # @return [Types::ListCreateAccountStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1694
+ #
1695
+ # * {Types::ListCreateAccountStatusResponse#create_account_statuses #create_account_statuses} => Array&lt;Types::CreateAccountStatus&gt;
1696
+ # * {Types::ListCreateAccountStatusResponse#next_token #next_token} => String
1697
+ #
1698
+ # @example Request syntax with placeholder values
1699
+ #
1700
+ # resp = client.list_create_account_status({
1701
+ # states: ["IN_PROGRESS"], # accepts IN_PROGRESS, SUCCEEDED, FAILED
1702
+ # next_token: "NextToken",
1703
+ # max_results: 1,
1704
+ # })
1705
+ #
1706
+ # @example Response structure
1707
+ #
1708
+ # resp.create_account_statuses #=> Array
1709
+ # resp.create_account_statuses[0].id #=> String
1710
+ # resp.create_account_statuses[0].account_name #=> String
1711
+ # resp.create_account_statuses[0].state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
1712
+ # resp.create_account_statuses[0].requested_timestamp #=> Time
1713
+ # resp.create_account_statuses[0].completed_timestamp #=> Time
1714
+ # resp.create_account_statuses[0].account_id #=> String
1715
+ # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
1716
+ # resp.next_token #=> String
1717
+ #
1718
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
1719
+ #
1720
+ # @overload list_create_account_status(params = {})
1721
+ # @param [Hash] params ({})
1722
+ def list_create_account_status(params = {}, options = {})
1723
+ req = build_request(:list_create_account_status, params)
1724
+ req.send_request(options)
1725
+ end
1726
+
1727
+ # Lists the current handshakes that are associated with the account of
1728
+ # the requesting user.
1729
+ #
1730
+ # This operation can be called from any account in the organization.
1731
+ #
1732
+ # @option params [Types::HandshakeFilter] :filter
1733
+ # Filters the handshakes that you want included in the response. The
1734
+ # default is all types. Use the `ActionType` element to limit the output
1735
+ # to only a specified type, such as `INVITE`, `ENABLE-FULL-CONTROL`, or
1736
+ # `APPROVE-FULL-CONTROL`. Alternatively, for the `ENABLE-FULL-CONTROL`
1737
+ # handshake that generates a separate child handshake for each member
1738
+ # account, you can specify `ParentHandshakeId` to see only the
1739
+ # handshakes that were generated by that parent request.
1740
+ #
1741
+ # @option params [String] :next_token
1742
+ # Use this parameter if you receive a `NextToken` response in a previous
1743
+ # request that indicates that there is more output available. Set it to
1744
+ # the value of the previous call's `NextToken` response to indicate
1745
+ # where the output should continue from.
1746
+ #
1747
+ # @option params [Integer] :max_results
1748
+ # (Optional) Use this to limit the number of results you want included
1749
+ # in the response. If you do not include this parameter, it defaults to
1750
+ # a value that is specific to the operation. If additional items exist
1751
+ # beyond the maximum you specify, the `NextToken` response element is
1752
+ # present and has a value (is not null). Include that value as the
1753
+ # `NextToken` request parameter in the next call to the operation to get
1754
+ # the next part of the results. Note that Organizations might return
1755
+ # fewer results than the maximum even when there are more results
1756
+ # available. You should check `NextToken` after every operation to
1757
+ # ensure that you receive all of the results.
1758
+ #
1759
+ # @return [Types::ListHandshakesForAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1760
+ #
1761
+ # * {Types::ListHandshakesForAccountResponse#handshakes #handshakes} => Array&lt;Types::Handshake&gt;
1762
+ # * {Types::ListHandshakesForAccountResponse#next_token #next_token} => String
1763
+ #
1764
+ # @example Request syntax with placeholder values
1765
+ #
1766
+ # resp = client.list_handshakes_for_account({
1767
+ # filter: {
1768
+ # action_type: "INVITE", # accepts INVITE, ENABLE_ALL_FEATURES, APPROVE_ALL_FEATURES
1769
+ # parent_handshake_id: "HandshakeId",
1770
+ # },
1771
+ # next_token: "NextToken",
1772
+ # max_results: 1,
1773
+ # })
1774
+ #
1775
+ # @example Response structure
1776
+ #
1777
+ # resp.handshakes #=> Array
1778
+ # resp.handshakes[0].id #=> String
1779
+ # resp.handshakes[0].arn #=> String
1780
+ # resp.handshakes[0].parties #=> Array
1781
+ # resp.handshakes[0].parties[0].id #=> String
1782
+ # resp.handshakes[0].parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
1783
+ # resp.handshakes[0].state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
1784
+ # resp.handshakes[0].requested_timestamp #=> Time
1785
+ # resp.handshakes[0].expiration_timestamp #=> Time
1786
+ # resp.handshakes[0].action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
1787
+ # resp.handshakes[0].resources #=> Array
1788
+ # resp.handshakes[0].resources[0].value #=> String
1789
+ # resp.handshakes[0].resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
1790
+ # resp.handshakes[0].resources[0].resources #=> Types::HandshakeResources
1791
+ # resp.next_token #=> String
1792
+ #
1793
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount AWS API Documentation
1794
+ #
1795
+ # @overload list_handshakes_for_account(params = {})
1796
+ # @param [Hash] params ({})
1797
+ def list_handshakes_for_account(params = {}, options = {})
1798
+ req = build_request(:list_handshakes_for_account, params)
1799
+ req.send_request(options)
1800
+ end
1801
+
1802
+ # Lists the handshakes that are associated with the organization that
1803
+ # the requesting user is part of. The `ListHandshakesForOrganization`
1804
+ # operation returns a list of handshake structures. Each structure
1805
+ # contains details and status about a handshake.
1806
+ #
1807
+ # This operation can be called only from the organization's master
1808
+ # account.
1809
+ #
1810
+ # @option params [Types::HandshakeFilter] :filter
1811
+ # A filter of the handshakes that you want included in the response. The
1812
+ # default is all types. Use the `ActionType` element to limit the output
1813
+ # to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
1814
+ # `APPROVE-ALL-FEATURES`. Alternatively, for the `ENABLE-ALL-FEATURES`
1815
+ # handshake that generates a separate child handshake for each member
1816
+ # account, you can specify the `ParentHandshakeId` to see only the
1817
+ # handshakes that were generated by that parent request.
1818
+ #
1819
+ # @option params [String] :next_token
1820
+ # Use this parameter if you receive a `NextToken` response in a previous
1821
+ # request that indicates that there is more output available. Set it to
1822
+ # the value of the previous call's `NextToken` response to indicate
1823
+ # where the output should continue from.
1824
+ #
1825
+ # @option params [Integer] :max_results
1826
+ # (Optional) Use this to limit the number of results you want included
1827
+ # in the response. If you do not include this parameter, it defaults to
1828
+ # a value that is specific to the operation. If additional items exist
1829
+ # beyond the maximum you specify, the `NextToken` response element is
1830
+ # present and has a value (is not null). Include that value as the
1831
+ # `NextToken` request parameter in the next call to the operation to get
1832
+ # the next part of the results. Note that Organizations might return
1833
+ # fewer results than the maximum even when there are more results
1834
+ # available. You should check `NextToken` after every operation to
1835
+ # ensure that you receive all of the results.
1836
+ #
1837
+ # @return [Types::ListHandshakesForOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1838
+ #
1839
+ # * {Types::ListHandshakesForOrganizationResponse#handshakes #handshakes} => Array&lt;Types::Handshake&gt;
1840
+ # * {Types::ListHandshakesForOrganizationResponse#next_token #next_token} => String
1841
+ #
1842
+ # @example Request syntax with placeholder values
1843
+ #
1844
+ # resp = client.list_handshakes_for_organization({
1845
+ # filter: {
1846
+ # action_type: "INVITE", # accepts INVITE, ENABLE_ALL_FEATURES, APPROVE_ALL_FEATURES
1847
+ # parent_handshake_id: "HandshakeId",
1848
+ # },
1849
+ # next_token: "NextToken",
1850
+ # max_results: 1,
1851
+ # })
1852
+ #
1853
+ # @example Response structure
1854
+ #
1855
+ # resp.handshakes #=> Array
1856
+ # resp.handshakes[0].id #=> String
1857
+ # resp.handshakes[0].arn #=> String
1858
+ # resp.handshakes[0].parties #=> Array
1859
+ # resp.handshakes[0].parties[0].id #=> String
1860
+ # resp.handshakes[0].parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
1861
+ # resp.handshakes[0].state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
1862
+ # resp.handshakes[0].requested_timestamp #=> Time
1863
+ # resp.handshakes[0].expiration_timestamp #=> Time
1864
+ # resp.handshakes[0].action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
1865
+ # resp.handshakes[0].resources #=> Array
1866
+ # resp.handshakes[0].resources[0].value #=> String
1867
+ # resp.handshakes[0].resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
1868
+ # resp.handshakes[0].resources[0].resources #=> Types::HandshakeResources
1869
+ # resp.next_token #=> String
1870
+ #
1871
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization AWS API Documentation
1872
+ #
1873
+ # @overload list_handshakes_for_organization(params = {})
1874
+ # @param [Hash] params ({})
1875
+ def list_handshakes_for_organization(params = {}, options = {})
1876
+ req = build_request(:list_handshakes_for_organization, params)
1877
+ req.send_request(options)
1878
+ end
1879
+
1880
+ # Lists the organizational units (OUs) in a parent organizational unit
1881
+ # or root.
1882
+ #
1883
+ # This operation can be called only from the organization's master
1884
+ # account.
1885
+ #
1886
+ # @option params [required, String] :parent_id
1887
+ # The unique identifier (ID) of the root or OU whose child OUs you want
1888
+ # to list.
1889
+ #
1890
+ # The [regex pattern][1] for a parent ID string requires one of the
1891
+ # following:
1892
+ #
1893
+ # * Root: a string that begins with "r-" followed by from 4 to 32
1894
+ # lower-case letters or digits.
1895
+ #
1896
+ # * Organizational unit (OU): a string that begins with "ou-" followed
1897
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
1898
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
1899
+ # additional lower-case letters or digits.
1900
+ #
1901
+ #
1902
+ #
1903
+ # [1]: http://wikipedia.org/wiki/regex
1904
+ #
1905
+ # @option params [String] :next_token
1906
+ # Use this parameter if you receive a `NextToken` response in a previous
1907
+ # request that indicates that there is more output available. Set it to
1908
+ # the value of the previous call's `NextToken` response to indicate
1909
+ # where the output should continue from.
1910
+ #
1911
+ # @option params [Integer] :max_results
1912
+ # (Optional) Use this to limit the number of results you want included
1913
+ # in the response. If you do not include this parameter, it defaults to
1914
+ # a value that is specific to the operation. If additional items exist
1915
+ # beyond the maximum you specify, the `NextToken` response element is
1916
+ # present and has a value (is not null). Include that value as the
1917
+ # `NextToken` request parameter in the next call to the operation to get
1918
+ # the next part of the results. Note that Organizations might return
1919
+ # fewer results than the maximum even when there are more results
1920
+ # available. You should check `NextToken` after every operation to
1921
+ # ensure that you receive all of the results.
1922
+ #
1923
+ # @return [Types::ListOrganizationalUnitsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1924
+ #
1925
+ # * {Types::ListOrganizationalUnitsForParentResponse#organizational_units #organizational_units} => Array&lt;Types::OrganizationalUnit&gt;
1926
+ # * {Types::ListOrganizationalUnitsForParentResponse#next_token #next_token} => String
1927
+ #
1928
+ # @example Request syntax with placeholder values
1929
+ #
1930
+ # resp = client.list_organizational_units_for_parent({
1931
+ # parent_id: "ParentId", # required
1932
+ # next_token: "NextToken",
1933
+ # max_results: 1,
1934
+ # })
1935
+ #
1936
+ # @example Response structure
1937
+ #
1938
+ # resp.organizational_units #=> Array
1939
+ # resp.organizational_units[0].id #=> String
1940
+ # resp.organizational_units[0].arn #=> String
1941
+ # resp.organizational_units[0].name #=> String
1942
+ # resp.next_token #=> String
1943
+ #
1944
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent AWS API Documentation
1945
+ #
1946
+ # @overload list_organizational_units_for_parent(params = {})
1947
+ # @param [Hash] params ({})
1948
+ def list_organizational_units_for_parent(params = {}, options = {})
1949
+ req = build_request(:list_organizational_units_for_parent, params)
1950
+ req.send_request(options)
1951
+ end
1952
+
1953
+ # Lists the root or organizational units (OUs) that serve as the
1954
+ # immediate parent of the specified child OU or account. This operation,
1955
+ # along with ListChildren enables you to traverse the tree structure
1956
+ # that makes up this root.
1957
+ #
1958
+ # This operation can be called only from the organization's master
1959
+ # account.
1960
+ #
1961
+ # <note markdown="1"> In the current release, a child can have only a single parent.
1962
+ #
1963
+ # </note>
1964
+ #
1965
+ # @option params [required, String] :child_id
1966
+ # The unique identifier (ID) of the OU or account whose parent
1967
+ # containers you want to list. Do not specify a root.
1968
+ #
1969
+ # The [regex pattern][1] for a child ID string requires one of the
1970
+ # following:
1971
+ #
1972
+ # * Account: a string that consists of exactly 12 digits.
1973
+ #
1974
+ # * Organizational unit (OU): a string that begins with "ou-" followed
1975
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
1976
+ # that contains the OU) followed by a second "-" dash and from 8 to
1977
+ # 32 additional lower-case letters or digits.
1978
+ #
1979
+ #
1980
+ #
1981
+ # [1]: http://wikipedia.org/wiki/regex
1982
+ #
1983
+ # @option params [String] :next_token
1984
+ # Use this parameter if you receive a `NextToken` response in a previous
1985
+ # request that indicates that there is more output available. Set it to
1986
+ # the value of the previous call's `NextToken` response to indicate
1987
+ # where the output should continue from.
1988
+ #
1989
+ # @option params [Integer] :max_results
1990
+ # (Optional) Use this to limit the number of results you want included
1991
+ # in the response. If you do not include this parameter, it defaults to
1992
+ # a value that is specific to the operation. If additional items exist
1993
+ # beyond the maximum you specify, the `NextToken` response element is
1994
+ # present and has a value (is not null). Include that value as the
1995
+ # `NextToken` request parameter in the next call to the operation to get
1996
+ # the next part of the results. Note that Organizations might return
1997
+ # fewer results than the maximum even when there are more results
1998
+ # available. You should check `NextToken` after every operation to
1999
+ # ensure that you receive all of the results.
2000
+ #
2001
+ # @return [Types::ListParentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2002
+ #
2003
+ # * {Types::ListParentsResponse#parents #parents} => Array&lt;Types::Parent&gt;
2004
+ # * {Types::ListParentsResponse#next_token #next_token} => String
2005
+ #
2006
+ # @example Request syntax with placeholder values
2007
+ #
2008
+ # resp = client.list_parents({
2009
+ # child_id: "ChildId", # required
2010
+ # next_token: "NextToken",
2011
+ # max_results: 1,
2012
+ # })
2013
+ #
2014
+ # @example Response structure
2015
+ #
2016
+ # resp.parents #=> Array
2017
+ # resp.parents[0].id #=> String
2018
+ # resp.parents[0].type #=> String, one of "ROOT", "ORGANIZATIONAL_UNIT"
2019
+ # resp.next_token #=> String
2020
+ #
2021
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents AWS API Documentation
2022
+ #
2023
+ # @overload list_parents(params = {})
2024
+ # @param [Hash] params ({})
2025
+ def list_parents(params = {}, options = {})
2026
+ req = build_request(:list_parents, params)
2027
+ req.send_request(options)
2028
+ end
2029
+
2030
+ # Retrieves the list of all policies in an organization of a specified
2031
+ # type.
2032
+ #
2033
+ # This operation can be called only from the organization's master
2034
+ # account.
2035
+ #
2036
+ # @option params [required, String] :filter
2037
+ # Specifies the type of policy that you want to include in the response.
2038
+ #
2039
+ # @option params [String] :next_token
2040
+ # Use this parameter if you receive a `NextToken` response in a previous
2041
+ # request that indicates that there is more output available. Set it to
2042
+ # the value of the previous call's `NextToken` response to indicate
2043
+ # where the output should continue from.
2044
+ #
2045
+ # @option params [Integer] :max_results
2046
+ # (Optional) Use this to limit the number of results you want included
2047
+ # in the response. If you do not include this parameter, it defaults to
2048
+ # a value that is specific to the operation. If additional items exist
2049
+ # beyond the maximum you specify, the `NextToken` response element is
2050
+ # present and has a value (is not null). Include that value as the
2051
+ # `NextToken` request parameter in the next call to the operation to get
2052
+ # the next part of the results. Note that Organizations might return
2053
+ # fewer results than the maximum even when there are more results
2054
+ # available. You should check `NextToken` after every operation to
2055
+ # ensure that you receive all of the results.
2056
+ #
2057
+ # @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2058
+ #
2059
+ # * {Types::ListPoliciesResponse#policies #policies} => Array&lt;Types::PolicySummary&gt;
2060
+ # * {Types::ListPoliciesResponse#next_token #next_token} => String
2061
+ #
2062
+ # @example Request syntax with placeholder values
2063
+ #
2064
+ # resp = client.list_policies({
2065
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2066
+ # next_token: "NextToken",
2067
+ # max_results: 1,
2068
+ # })
2069
+ #
2070
+ # @example Response structure
2071
+ #
2072
+ # resp.policies #=> Array
2073
+ # resp.policies[0].id #=> String
2074
+ # resp.policies[0].arn #=> String
2075
+ # resp.policies[0].name #=> String
2076
+ # resp.policies[0].description #=> String
2077
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2078
+ # resp.policies[0].aws_managed #=> Boolean
2079
+ # resp.next_token #=> String
2080
+ #
2081
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies AWS API Documentation
2082
+ #
2083
+ # @overload list_policies(params = {})
2084
+ # @param [Hash] params ({})
2085
+ def list_policies(params = {}, options = {})
2086
+ req = build_request(:list_policies, params)
2087
+ req.send_request(options)
2088
+ end
2089
+
2090
+ # Lists the policies that are directly attached to the specified target
2091
+ # root, organizational unit (OU), or account. You must specify the
2092
+ # policy type that you want included in the returned list.
2093
+ #
2094
+ # This operation can be called only from the organization's master
2095
+ # account.
2096
+ #
2097
+ # @option params [required, String] :target_id
2098
+ # The unique identifier (ID) of the root, organizational unit, or
2099
+ # account whose policies you want to list.
2100
+ #
2101
+ # The [regex pattern][1] for a target ID string requires one of the
2102
+ # following:
2103
+ #
2104
+ # * Root: a string that begins with "r-" followed by from 4 to 32
2105
+ # lower-case letters or digits.
2106
+ #
2107
+ # * Account: a string that consists of exactly 12 digits.
2108
+ #
2109
+ # * Organizational unit (OU): a string that begins with "ou-" followed
2110
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
2111
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
2112
+ # additional lower-case letters or digits.
2113
+ #
2114
+ #
2115
+ #
2116
+ # [1]: http://wikipedia.org/wiki/regex
2117
+ #
2118
+ # @option params [required, String] :filter
2119
+ # The type of policy that you want to include in the returned list.
2120
+ #
2121
+ # @option params [String] :next_token
2122
+ # Use this parameter if you receive a `NextToken` response in a previous
2123
+ # request that indicates that there is more output available. Set it to
2124
+ # the value of the previous call's `NextToken` response to indicate
2125
+ # where the output should continue from.
2126
+ #
2127
+ # @option params [Integer] :max_results
2128
+ # (Optional) Use this to limit the number of results you want included
2129
+ # in the response. If you do not include this parameter, it defaults to
2130
+ # a value that is specific to the operation. If additional items exist
2131
+ # beyond the maximum you specify, the `NextToken` response element is
2132
+ # present and has a value (is not null). Include that value as the
2133
+ # `NextToken` request parameter in the next call to the operation to get
2134
+ # the next part of the results. Note that Organizations might return
2135
+ # fewer results than the maximum even when there are more results
2136
+ # available. You should check `NextToken` after every operation to
2137
+ # ensure that you receive all of the results.
2138
+ #
2139
+ # @return [Types::ListPoliciesForTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2140
+ #
2141
+ # * {Types::ListPoliciesForTargetResponse#policies #policies} => Array&lt;Types::PolicySummary&gt;
2142
+ # * {Types::ListPoliciesForTargetResponse#next_token #next_token} => String
2143
+ #
2144
+ # @example Request syntax with placeholder values
2145
+ #
2146
+ # resp = client.list_policies_for_target({
2147
+ # target_id: "PolicyTargetId", # required
2148
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2149
+ # next_token: "NextToken",
2150
+ # max_results: 1,
2151
+ # })
2152
+ #
2153
+ # @example Response structure
2154
+ #
2155
+ # resp.policies #=> Array
2156
+ # resp.policies[0].id #=> String
2157
+ # resp.policies[0].arn #=> String
2158
+ # resp.policies[0].name #=> String
2159
+ # resp.policies[0].description #=> String
2160
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2161
+ # resp.policies[0].aws_managed #=> Boolean
2162
+ # resp.next_token #=> String
2163
+ #
2164
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget AWS API Documentation
2165
+ #
2166
+ # @overload list_policies_for_target(params = {})
2167
+ # @param [Hash] params ({})
2168
+ def list_policies_for_target(params = {}, options = {})
2169
+ req = build_request(:list_policies_for_target, params)
2170
+ req.send_request(options)
2171
+ end
2172
+
2173
+ # Lists the roots that are defined in the current organization.
2174
+ #
2175
+ # This operation can be called only from the organization's master
2176
+ # account.
2177
+ #
2178
+ # @option params [String] :next_token
2179
+ # Use this parameter if you receive a `NextToken` response in a previous
2180
+ # request that indicates that there is more output available. Set it to
2181
+ # the value of the previous call's `NextToken` response to indicate
2182
+ # where the output should continue from.
2183
+ #
2184
+ # @option params [Integer] :max_results
2185
+ # (Optional) Use this to limit the number of results you want included
2186
+ # in the response. If you do not include this parameter, it defaults to
2187
+ # a value that is specific to the operation. If additional items exist
2188
+ # beyond the maximum you specify, the `NextToken` response element is
2189
+ # present and has a value (is not null). Include that value as the
2190
+ # `NextToken` request parameter in the next call to the operation to get
2191
+ # the next part of the results. Note that Organizations might return
2192
+ # fewer results than the maximum even when there are more results
2193
+ # available. You should check `NextToken` after every operation to
2194
+ # ensure that you receive all of the results.
2195
+ #
2196
+ # @return [Types::ListRootsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2197
+ #
2198
+ # * {Types::ListRootsResponse#roots #roots} => Array&lt;Types::Root&gt;
2199
+ # * {Types::ListRootsResponse#next_token #next_token} => String
2200
+ #
2201
+ # @example Request syntax with placeholder values
2202
+ #
2203
+ # resp = client.list_roots({
2204
+ # next_token: "NextToken",
2205
+ # max_results: 1,
2206
+ # })
2207
+ #
2208
+ # @example Response structure
2209
+ #
2210
+ # resp.roots #=> Array
2211
+ # resp.roots[0].id #=> String
2212
+ # resp.roots[0].arn #=> String
2213
+ # resp.roots[0].name #=> String
2214
+ # resp.roots[0].policy_types #=> Array
2215
+ # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2216
+ # resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2217
+ # resp.next_token #=> String
2218
+ #
2219
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots AWS API Documentation
2220
+ #
2221
+ # @overload list_roots(params = {})
2222
+ # @param [Hash] params ({})
2223
+ def list_roots(params = {}, options = {})
2224
+ req = build_request(:list_roots, params)
2225
+ req.send_request(options)
2226
+ end
2227
+
2228
+ # Lists all the roots, OUs, and accounts to which the specified policy
2229
+ # is attached.
2230
+ #
2231
+ # This operation can be called only from the organization's master
2232
+ # account.
2233
+ #
2234
+ # @option params [required, String] :policy_id
2235
+ # The unique identifier (ID) of the policy for which you want to know
2236
+ # its attachments.
2237
+ #
2238
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
2239
+ # by from 8 to 128 lower-case letters or digits.
2240
+ #
2241
+ #
2242
+ #
2243
+ # [1]: http://wikipedia.org/wiki/regex
2244
+ #
2245
+ # @option params [String] :next_token
2246
+ # Use this parameter if you receive a `NextToken` response in a previous
2247
+ # request that indicates that there is more output available. Set it to
2248
+ # the value of the previous call's `NextToken` response to indicate
2249
+ # where the output should continue from.
2250
+ #
2251
+ # @option params [Integer] :max_results
2252
+ # (Optional) Use this to limit the number of results you want included
2253
+ # in the response. If you do not include this parameter, it defaults to
2254
+ # a value that is specific to the operation. If additional items exist
2255
+ # beyond the maximum you specify, the `NextToken` response element is
2256
+ # present and has a value (is not null). Include that value as the
2257
+ # `NextToken` request parameter in the next call to the operation to get
2258
+ # the next part of the results. Note that Organizations might return
2259
+ # fewer results than the maximum even when there are more results
2260
+ # available. You should check `NextToken` after every operation to
2261
+ # ensure that you receive all of the results.
2262
+ #
2263
+ # @return [Types::ListTargetsForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2264
+ #
2265
+ # * {Types::ListTargetsForPolicyResponse#targets #targets} => Array&lt;Types::PolicyTargetSummary&gt;
2266
+ # * {Types::ListTargetsForPolicyResponse#next_token #next_token} => String
2267
+ #
2268
+ # @example Request syntax with placeholder values
2269
+ #
2270
+ # resp = client.list_targets_for_policy({
2271
+ # policy_id: "PolicyId", # required
2272
+ # next_token: "NextToken",
2273
+ # max_results: 1,
2274
+ # })
2275
+ #
2276
+ # @example Response structure
2277
+ #
2278
+ # resp.targets #=> Array
2279
+ # resp.targets[0].target_id #=> String
2280
+ # resp.targets[0].arn #=> String
2281
+ # resp.targets[0].name #=> String
2282
+ # resp.targets[0].type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
2283
+ # resp.next_token #=> String
2284
+ #
2285
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy AWS API Documentation
2286
+ #
2287
+ # @overload list_targets_for_policy(params = {})
2288
+ # @param [Hash] params ({})
2289
+ def list_targets_for_policy(params = {}, options = {})
2290
+ req = build_request(:list_targets_for_policy, params)
2291
+ req.send_request(options)
2292
+ end
2293
+
2294
+ # Moves an account from its current source parent root or OU to the
2295
+ # specified destination parent root or OU.
2296
+ #
2297
+ # This operation can be called only from the organization's master
2298
+ # account.
2299
+ #
2300
+ # @option params [required, String] :account_id
2301
+ # The unique identifier (ID) of the account that you want to move.
2302
+ #
2303
+ # The [regex pattern][1] for an account ID string requires exactly 12
2304
+ # digits.
2305
+ #
2306
+ #
2307
+ #
2308
+ # [1]: http://wikipedia.org/wiki/regex
2309
+ #
2310
+ # @option params [required, String] :source_parent_id
2311
+ # The unique identifier (ID) of the root or organizational unit that you
2312
+ # want to move the account from.
2313
+ #
2314
+ # The [regex pattern][1] for a parent ID string requires one of the
2315
+ # following:
2316
+ #
2317
+ # * Root: a string that begins with "r-" followed by from 4 to 32
2318
+ # lower-case letters or digits.
2319
+ #
2320
+ # * Organizational unit (OU): a string that begins with "ou-" followed
2321
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
2322
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
2323
+ # additional lower-case letters or digits.
2324
+ #
2325
+ #
2326
+ #
2327
+ # [1]: http://wikipedia.org/wiki/regex
2328
+ #
2329
+ # @option params [required, String] :destination_parent_id
2330
+ # The unique identifier (ID) of the root or organizational unit that you
2331
+ # want to move the account to.
2332
+ #
2333
+ # The [regex pattern][1] for a parent ID string requires one of the
2334
+ # following:
2335
+ #
2336
+ # * Root: a string that begins with "r-" followed by from 4 to 32
2337
+ # lower-case letters or digits.
2338
+ #
2339
+ # * Organizational unit (OU): a string that begins with "ou-" followed
2340
+ # by from 4 to 32 lower-case letters or digits (the ID of the root
2341
+ # that the OU is in) followed by a second "-" dash and from 8 to 32
2342
+ # additional lower-case letters or digits.
2343
+ #
2344
+ #
2345
+ #
2346
+ # [1]: http://wikipedia.org/wiki/regex
2347
+ #
2348
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2349
+ #
2350
+ # @example Request syntax with placeholder values
2351
+ #
2352
+ # resp = client.move_account({
2353
+ # account_id: "AccountId", # required
2354
+ # source_parent_id: "ParentId", # required
2355
+ # destination_parent_id: "ParentId", # required
2356
+ # })
2357
+ #
2358
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount AWS API Documentation
2359
+ #
2360
+ # @overload move_account(params = {})
2361
+ # @param [Hash] params ({})
2362
+ def move_account(params = {}, options = {})
2363
+ req = build_request(:move_account, params)
2364
+ req.send_request(options)
2365
+ end
2366
+
2367
+ # Removes the specified account from the organization.
2368
+ #
2369
+ # The removed account becomes a stand-alone account that is not a member
2370
+ # of any organization. It is no longer subject to any policies and is
2371
+ # responsible for its own bill payments. The organization's master
2372
+ # account is no longer charged for any expenses accrued by the member
2373
+ # account after it is removed from the organization.
2374
+ #
2375
+ # This operation can be called only from the organization's master
2376
+ # account. Member accounts can remove themselves with LeaveOrganization
2377
+ # instead.
2378
+ #
2379
+ # You can remove only existing accounts that were invited to join the
2380
+ # organization. You cannot remove accounts that were created by AWS
2381
+ # Organizations.
2382
+ #
2383
+ # @option params [required, String] :account_id
2384
+ # The unique identifier (ID) of the member account that you want to
2385
+ # remove from the organization.
2386
+ #
2387
+ # The [regex pattern][1] for an account ID string requires exactly 12
2388
+ # digits.
2389
+ #
2390
+ #
2391
+ #
2392
+ # [1]: http://wikipedia.org/wiki/regex
2393
+ #
2394
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2395
+ #
2396
+ # @example Request syntax with placeholder values
2397
+ #
2398
+ # resp = client.remove_account_from_organization({
2399
+ # account_id: "AccountId", # required
2400
+ # })
2401
+ #
2402
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization AWS API Documentation
2403
+ #
2404
+ # @overload remove_account_from_organization(params = {})
2405
+ # @param [Hash] params ({})
2406
+ def remove_account_from_organization(params = {}, options = {})
2407
+ req = build_request(:remove_account_from_organization, params)
2408
+ req.send_request(options)
2409
+ end
2410
+
2411
+ # Renames the specified organizational unit (OU). The ID and ARN do not
2412
+ # change. The child OUs and accounts remain in place, and any attached
2413
+ # policies of the OU remain attached.
2414
+ #
2415
+ # This operation can be called only from the organization's master
2416
+ # account.
2417
+ #
2418
+ # @option params [required, String] :organizational_unit_id
2419
+ # The unique identifier (ID) of the OU that you want to rename. You can
2420
+ # get the ID from the ListOrganizationalUnitsForParent operation.
2421
+ #
2422
+ # The [regex pattern][1] for an organizational unit ID string requires
2423
+ # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
2424
+ # of the root that contains the OU) followed by a second "-" dash and
2425
+ # from 8 to 32 additional lower-case letters or digits.
2426
+ #
2427
+ #
2428
+ #
2429
+ # [1]: http://wikipedia.org/wiki/regex
2430
+ #
2431
+ # @option params [String] :name
2432
+ # The new name that you want to assign to the OU.
2433
+ #
2434
+ # The [regex pattern][1] that is used to validate this parameter is a
2435
+ # string of any of the characters in the ASCII character range.
2436
+ #
2437
+ #
2438
+ #
2439
+ # [1]: http://wikipedia.org/wiki/regex
2440
+ #
2441
+ # @return [Types::UpdateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2442
+ #
2443
+ # * {Types::UpdateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
2444
+ #
2445
+ # @example Request syntax with placeholder values
2446
+ #
2447
+ # resp = client.update_organizational_unit({
2448
+ # organizational_unit_id: "OrganizationalUnitId", # required
2449
+ # name: "OrganizationalUnitName",
2450
+ # })
2451
+ #
2452
+ # @example Response structure
2453
+ #
2454
+ # resp.organizational_unit.id #=> String
2455
+ # resp.organizational_unit.arn #=> String
2456
+ # resp.organizational_unit.name #=> String
2457
+ #
2458
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit AWS API Documentation
2459
+ #
2460
+ # @overload update_organizational_unit(params = {})
2461
+ # @param [Hash] params ({})
2462
+ def update_organizational_unit(params = {}, options = {})
2463
+ req = build_request(:update_organizational_unit, params)
2464
+ req.send_request(options)
2465
+ end
2466
+
2467
+ # Updates an existing policy with a new name, description, or content.
2468
+ # If any parameter is not supplied, that value remains unchanged. Note
2469
+ # that you cannot change a policy's type.
2470
+ #
2471
+ # This operation can be called only from the organization's master
2472
+ # account.
2473
+ #
2474
+ # @option params [required, String] :policy_id
2475
+ # The unique identifier (ID) of the policy that you want to update.
2476
+ #
2477
+ # The [regex pattern][1] for a policy ID string requires "p-" followed
2478
+ # by from 8 to 128 lower-case letters or digits.
2479
+ #
2480
+ #
2481
+ #
2482
+ # [1]: http://wikipedia.org/wiki/regex
2483
+ #
2484
+ # @option params [String] :name
2485
+ # If provided, the new name for the policy.
2486
+ #
2487
+ # The [regex pattern][1] that is used to validate this parameter is a
2488
+ # string of any of the characters in the ASCII character range.
2489
+ #
2490
+ #
2491
+ #
2492
+ # [1]: http://wikipedia.org/wiki/regex
2493
+ #
2494
+ # @option params [String] :description
2495
+ # If provided, the new description for the policy.
2496
+ #
2497
+ # @option params [String] :content
2498
+ # If provided, the new content for the policy. The text must be
2499
+ # correctly formatted JSON that complies with the syntax for the
2500
+ # policy's type. For more information, see [Service Control Policy
2501
+ # Syntax][1] in the *AWS Organizations User Guide*.
2502
+ #
2503
+ #
2504
+ #
2505
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
2506
+ #
2507
+ # @return [Types::UpdatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2508
+ #
2509
+ # * {Types::UpdatePolicyResponse#policy #policy} => Types::Policy
2510
+ #
2511
+ # @example Request syntax with placeholder values
2512
+ #
2513
+ # resp = client.update_policy({
2514
+ # policy_id: "PolicyId", # required
2515
+ # name: "PolicyName",
2516
+ # description: "PolicyDescription",
2517
+ # content: "PolicyContent",
2518
+ # })
2519
+ #
2520
+ # @example Response structure
2521
+ #
2522
+ # resp.policy.policy_summary.id #=> String
2523
+ # resp.policy.policy_summary.arn #=> String
2524
+ # resp.policy.policy_summary.name #=> String
2525
+ # resp.policy.policy_summary.description #=> String
2526
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
2527
+ # resp.policy.policy_summary.aws_managed #=> Boolean
2528
+ # resp.policy.content #=> String
2529
+ #
2530
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy AWS API Documentation
2531
+ #
2532
+ # @overload update_policy(params = {})
2533
+ # @param [Hash] params ({})
2534
+ def update_policy(params = {}, options = {})
2535
+ req = build_request(:update_policy, params)
2536
+ req.send_request(options)
2537
+ end
2538
+
2539
+ # @!endgroup
2540
+
2541
+ # @param params ({})
2542
+ # @api private
2543
+ def build_request(operation_name, params = {})
2544
+ handlers = @handlers.for(operation_name)
2545
+ context = Seahorse::Client::RequestContext.new(
2546
+ operation_name: operation_name,
2547
+ operation: config.api.operation(operation_name),
2548
+ client: self,
2549
+ params: params,
2550
+ config: config)
2551
+ context[:gem_name] = 'aws-sdk-organizations'
2552
+ context[:gem_version] = '1.0.0.rc1'
2553
+ Seahorse::Client::Request.new(handlers, context)
2554
+ end
2555
+
2556
+ # @api private
2557
+ # @deprecated
2558
+ def waiter_names
2559
+ []
2560
+ end
2561
+
2562
+ class << self
2563
+
2564
+ # @api private
2565
+ attr_reader :identifier
2566
+
2567
+ # @api private
2568
+ def errors_module
2569
+ Errors
2570
+ end
2571
+
2572
+ end
2573
+ end
2574
+ end