aws-sdk-organizations 1.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/aws-sdk-organizations.rb +47 -0
- data/lib/aws-sdk-organizations/client.rb +2574 -0
- data/lib/aws-sdk-organizations/client_api.rb +1177 -0
- data/lib/aws-sdk-organizations/customizations.rb +0 -0
- data/lib/aws-sdk-organizations/errors.rb +14 -0
- data/lib/aws-sdk-organizations/resource.rb +23 -0
- data/lib/aws-sdk-organizations/types.rb +2743 -0
- metadata +80 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: e4b0c051b68380a1f255cbdbbf952376a659e43e
|
4
|
+
data.tar.gz: 6f1fc5673369b9d5afcb88fc5a7d99cda16cacfc
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 275054857f73a16d725c6813aeae431a924403d90bb17290c5432f4634c74da1f5e6ae59bb8d31280e5e8fd05d857385296b451d974d3392278865ae836d449f
|
7
|
+
data.tar.gz: 6981b9ea25e2242b43219b1ba06bbed13408796880682ace7ad83c6462e8aa62a1d4aefb911e5b6c46727c10ce04f0fb11ea10e5ec26665976dc1ebf755dd92f
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# WARNING ABOUT GENERATED CODE
|
2
|
+
#
|
3
|
+
# This file is generated. See the contributing guide for more information:
|
4
|
+
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
5
|
+
#
|
6
|
+
# WARNING ABOUT GENERATED CODE
|
7
|
+
|
8
|
+
require 'aws-sdk-core'
|
9
|
+
require 'aws-sigv4'
|
10
|
+
|
11
|
+
require_relative 'aws-sdk-organizations/types'
|
12
|
+
require_relative 'aws-sdk-organizations/client_api'
|
13
|
+
require_relative 'aws-sdk-organizations/client'
|
14
|
+
require_relative 'aws-sdk-organizations/errors'
|
15
|
+
require_relative 'aws-sdk-organizations/resource'
|
16
|
+
require_relative 'aws-sdk-organizations/customizations'
|
17
|
+
|
18
|
+
# This module provides support for AWS Organizations. This module is available in the
|
19
|
+
# `aws-sdk-organizations` gem.
|
20
|
+
#
|
21
|
+
# # Client
|
22
|
+
#
|
23
|
+
# The {Client} class provides one method for each API operation. Operation
|
24
|
+
# methods each accept a hash of request parameters and return a response
|
25
|
+
# structure.
|
26
|
+
#
|
27
|
+
# See {Client} for more information.
|
28
|
+
#
|
29
|
+
# # Errors
|
30
|
+
#
|
31
|
+
# Errors returned from AWS Organizations all
|
32
|
+
# extend {Errors::ServiceError}.
|
33
|
+
#
|
34
|
+
# begin
|
35
|
+
# # do stuff
|
36
|
+
# rescue Aws::Organizations::Errors::ServiceError
|
37
|
+
# # rescues all service API errors
|
38
|
+
# end
|
39
|
+
#
|
40
|
+
# See {Errors} for more information.
|
41
|
+
#
|
42
|
+
# @service
|
43
|
+
module Aws::Organizations
|
44
|
+
|
45
|
+
GEM_VERSION = '1.0.0.rc1'
|
46
|
+
|
47
|
+
end
|
@@ -0,0 +1,2574 @@
|
|
1
|
+
# WARNING ABOUT GENERATED CODE
|
2
|
+
#
|
3
|
+
# This file is generated. See the contributing guide for more information:
|
4
|
+
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
5
|
+
#
|
6
|
+
# WARNING ABOUT GENERATED CODE
|
7
|
+
|
8
|
+
require 'seahorse/client/plugins/content_length.rb'
|
9
|
+
require 'aws-sdk-core/plugins/credentials_configuration.rb'
|
10
|
+
require 'aws-sdk-core/plugins/logging.rb'
|
11
|
+
require 'aws-sdk-core/plugins/param_converter.rb'
|
12
|
+
require 'aws-sdk-core/plugins/param_validator.rb'
|
13
|
+
require 'aws-sdk-core/plugins/user_agent.rb'
|
14
|
+
require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
|
15
|
+
require 'aws-sdk-core/plugins/retry_errors.rb'
|
16
|
+
require 'aws-sdk-core/plugins/global_configuration.rb'
|
17
|
+
require 'aws-sdk-core/plugins/regional_endpoint.rb'
|
18
|
+
require 'aws-sdk-core/plugins/response_paging.rb'
|
19
|
+
require 'aws-sdk-core/plugins/stub_responses.rb'
|
20
|
+
require 'aws-sdk-core/plugins/idempotency_token.rb'
|
21
|
+
require 'aws-sdk-core/plugins/signature_v4.rb'
|
22
|
+
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
23
|
+
|
24
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:organizations)
|
25
|
+
|
26
|
+
module Aws::Organizations
|
27
|
+
class Client < Seahorse::Client::Base
|
28
|
+
|
29
|
+
include Aws::ClientStubs
|
30
|
+
|
31
|
+
@identifier = :organizations
|
32
|
+
|
33
|
+
set_api(ClientApi::API)
|
34
|
+
|
35
|
+
add_plugin(Seahorse::Client::Plugins::ContentLength)
|
36
|
+
add_plugin(Aws::Plugins::CredentialsConfiguration)
|
37
|
+
add_plugin(Aws::Plugins::Logging)
|
38
|
+
add_plugin(Aws::Plugins::ParamConverter)
|
39
|
+
add_plugin(Aws::Plugins::ParamValidator)
|
40
|
+
add_plugin(Aws::Plugins::UserAgent)
|
41
|
+
add_plugin(Aws::Plugins::HelpfulSocketErrors)
|
42
|
+
add_plugin(Aws::Plugins::RetryErrors)
|
43
|
+
add_plugin(Aws::Plugins::GlobalConfiguration)
|
44
|
+
add_plugin(Aws::Plugins::RegionalEndpoint)
|
45
|
+
add_plugin(Aws::Plugins::ResponsePaging)
|
46
|
+
add_plugin(Aws::Plugins::StubResponses)
|
47
|
+
add_plugin(Aws::Plugins::IdempotencyToken)
|
48
|
+
add_plugin(Aws::Plugins::SignatureV4)
|
49
|
+
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
50
|
+
|
51
|
+
# @option options [required, Aws::CredentialProvider] :credentials
|
52
|
+
# Your AWS credentials. This can be an instance of any one of the
|
53
|
+
# following classes:
|
54
|
+
#
|
55
|
+
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
56
|
+
# credentials.
|
57
|
+
#
|
58
|
+
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
59
|
+
# from an EC2 IMDS on an EC2 instance.
|
60
|
+
#
|
61
|
+
# * `Aws::SharedCredentials` - Used for loading credentials from a
|
62
|
+
# shared file, such as `~/.aws/config`.
|
63
|
+
#
|
64
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
65
|
+
#
|
66
|
+
# When `:credentials` are not configured directly, the following
|
67
|
+
# locations will be searched for credentials:
|
68
|
+
#
|
69
|
+
# * `Aws.config[:credentials]`
|
70
|
+
# * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
|
71
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
72
|
+
# * `~/.aws/credentials`
|
73
|
+
# * `~/.aws/config`
|
74
|
+
# * EC2 IMDS instance profile - When used by default, the timeouts are
|
75
|
+
# very aggressive. Construct and pass an instance of
|
76
|
+
# `Aws::InstanceProfileCredentails` to enable retries and extended
|
77
|
+
# timeouts.
|
78
|
+
#
|
79
|
+
# @option options [required, String] :region
|
80
|
+
# The AWS region to connect to. The configured `:region` is
|
81
|
+
# used to determine the service `:endpoint`. When not passed,
|
82
|
+
# a default `:region` is search for in the following locations:
|
83
|
+
#
|
84
|
+
# * `Aws.config[:region]`
|
85
|
+
# * `ENV['AWS_REGION']`
|
86
|
+
# * `ENV['AMAZON_REGION']`
|
87
|
+
# * `ENV['AWS_DEFAULT_REGION']`
|
88
|
+
# * `~/.aws/credentials`
|
89
|
+
# * `~/.aws/config`
|
90
|
+
#
|
91
|
+
# @option options [String] :access_key_id
|
92
|
+
#
|
93
|
+
# @option options [Boolean] :convert_params (true)
|
94
|
+
# When `true`, an attempt is made to coerce request parameters into
|
95
|
+
# the required types.
|
96
|
+
#
|
97
|
+
# @option options [String] :endpoint
|
98
|
+
# The client endpoint is normally constructed from the `:region`
|
99
|
+
# option. You should only configure an `:endpoint` when connecting
|
100
|
+
# to test endpoints. This should be avalid HTTP(S) URI.
|
101
|
+
#
|
102
|
+
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
103
|
+
# The log formatter.
|
104
|
+
#
|
105
|
+
# @option options [Symbol] :log_level (:info)
|
106
|
+
# The log level to send messages to the `:logger` at.
|
107
|
+
#
|
108
|
+
# @option options [Logger] :logger
|
109
|
+
# The Logger instance to send log messages to. If this option
|
110
|
+
# is not set, logging will be disabled.
|
111
|
+
#
|
112
|
+
# @option options [String] :profile ("default")
|
113
|
+
# Used when loading credentials from the shared credentials file
|
114
|
+
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
115
|
+
#
|
116
|
+
# @option options [Integer] :retry_limit (3)
|
117
|
+
# The maximum number of times to retry failed requests. Only
|
118
|
+
# ~ 500 level server errors and certain ~ 400 level client errors
|
119
|
+
# are retried. Generally, these are throttling errors, data
|
120
|
+
# checksum errors, networking errors, timeout errors and auth
|
121
|
+
# errors from expired credentials.
|
122
|
+
#
|
123
|
+
# @option options [String] :secret_access_key
|
124
|
+
#
|
125
|
+
# @option options [String] :session_token
|
126
|
+
#
|
127
|
+
# @option options [Boolean] :simple_json (false)
|
128
|
+
# Disables request parameter conversion, validation, and formatting.
|
129
|
+
# Also disable response data type conversions. This option is useful
|
130
|
+
# when you want to ensure the highest level of performance by
|
131
|
+
# avoiding overhead of walking request parameters and response data
|
132
|
+
# structures.
|
133
|
+
#
|
134
|
+
# When `:simple_json` is enabled, the request parameters hash must
|
135
|
+
# be formatted exactly as the DynamoDB API expects.
|
136
|
+
#
|
137
|
+
# @option options [Boolean] :stub_responses (false)
|
138
|
+
# Causes the client to return stubbed responses. By default
|
139
|
+
# fake responses are generated and returned. You can specify
|
140
|
+
# the response data to return or errors to raise by calling
|
141
|
+
# {ClientStubs#stub_responses}. See {ClientStubs} for more information.
|
142
|
+
#
|
143
|
+
# ** Please note ** When response stubbing is enabled, no HTTP
|
144
|
+
# requests are made, and retries are disabled.
|
145
|
+
#
|
146
|
+
# @option options [Boolean] :validate_params (true)
|
147
|
+
# When `true`, request parameters are validated before
|
148
|
+
# sending the request.
|
149
|
+
#
|
150
|
+
def initialize(*args)
|
151
|
+
super
|
152
|
+
end
|
153
|
+
|
154
|
+
# @!group API Operations
|
155
|
+
|
156
|
+
# Sends a response to the originator of a handshake agreeing to the
|
157
|
+
# action proposed by the handshake request.
|
158
|
+
#
|
159
|
+
# This operation can be called only by the following principals when
|
160
|
+
# they also have the relevant IAM permissions:
|
161
|
+
#
|
162
|
+
# * **Invitation to join** or **Approve all features request**
|
163
|
+
# handshakes: only a principal from the member account.
|
164
|
+
#
|
165
|
+
# * **Enable all features final confirmation** handshake: only a
|
166
|
+
# principal from the master account.
|
167
|
+
#
|
168
|
+
# For more information about invitations, see [Inviting an AWS Account
|
169
|
+
# to Join Your Organization][1] in the *AWS Organizations User Guide*.
|
170
|
+
# For more information about requests to enable all features in the
|
171
|
+
# organization, see [Enabling All Features in Your Organization][2] in
|
172
|
+
# the *AWS Organizations User Guide*.
|
173
|
+
#
|
174
|
+
#
|
175
|
+
#
|
176
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html
|
177
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
178
|
+
#
|
179
|
+
# @option params [required, String] :handshake_id
|
180
|
+
# The unique identifier (ID) of the handshake that you want to accept.
|
181
|
+
#
|
182
|
+
# The [regex pattern][1] for handshake ID string requires "h-"
|
183
|
+
# followed by from 8 to 32 lower-case letters or digits.
|
184
|
+
#
|
185
|
+
#
|
186
|
+
#
|
187
|
+
# [1]: http://wikipedia.org/wiki/regex
|
188
|
+
#
|
189
|
+
# @return [Types::AcceptHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
190
|
+
#
|
191
|
+
# * {Types::AcceptHandshakeResponse#handshake #handshake} => Types::Handshake
|
192
|
+
#
|
193
|
+
# @example Request syntax with placeholder values
|
194
|
+
#
|
195
|
+
# resp = client.accept_handshake({
|
196
|
+
# handshake_id: "HandshakeId", # required
|
197
|
+
# })
|
198
|
+
#
|
199
|
+
# @example Response structure
|
200
|
+
#
|
201
|
+
# resp.handshake.id #=> String
|
202
|
+
# resp.handshake.arn #=> String
|
203
|
+
# resp.handshake.parties #=> Array
|
204
|
+
# resp.handshake.parties[0].id #=> String
|
205
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
206
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
207
|
+
# resp.handshake.requested_timestamp #=> Time
|
208
|
+
# resp.handshake.expiration_timestamp #=> Time
|
209
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
210
|
+
# resp.handshake.resources #=> Array
|
211
|
+
# resp.handshake.resources[0].value #=> String
|
212
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
213
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
214
|
+
#
|
215
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake AWS API Documentation
|
216
|
+
#
|
217
|
+
# @overload accept_handshake(params = {})
|
218
|
+
# @param [Hash] params ({})
|
219
|
+
def accept_handshake(params = {}, options = {})
|
220
|
+
req = build_request(:accept_handshake, params)
|
221
|
+
req.send_request(options)
|
222
|
+
end
|
223
|
+
|
224
|
+
# Attaches a policy to a root, an organizational unit, or an individual
|
225
|
+
# account. How the policy affects accounts depends on the type of
|
226
|
+
# policy:
|
227
|
+
#
|
228
|
+
# * **Service control policy (SCP)** - An SCP specifies what permissions
|
229
|
+
# can be delegated to users in affected member accounts. The scope of
|
230
|
+
# influence for a policy depends on what you attach the policy to:
|
231
|
+
#
|
232
|
+
# * If you attach an SCP to a root, it affects all accounts in the
|
233
|
+
# organization.
|
234
|
+
#
|
235
|
+
# * If you attach an SCP to an OU, it affects all accounts in that OU
|
236
|
+
# and in any child OUs.
|
237
|
+
#
|
238
|
+
# * If you attach the policy directly to an account, then it affects
|
239
|
+
# only that account.
|
240
|
+
#
|
241
|
+
# SCPs essentially are permission "filters". When you attach one SCP
|
242
|
+
# to a higher level root or OU, and you also attach a different SCP to
|
243
|
+
# a child OU or to an account, the child policy can further restrict
|
244
|
+
# only the permissions that pass through the parent filter and are
|
245
|
+
# available to the child. An SCP that is attached to a child cannot
|
246
|
+
# grant a permission that is not already granted by the parent. For
|
247
|
+
# example, imagine that the parent SCP allows permissions A, B, C, D,
|
248
|
+
# and E. The child SCP allows C, D, E, F, and G. The result is that
|
249
|
+
# the accounts affected by the child SCP are allowed to use only C, D,
|
250
|
+
# and E. They cannot use A or B because they were filtered out by the
|
251
|
+
# child OU. They also cannot use F and G because they were filtered
|
252
|
+
# out by the parent OU. They cannot be granted back by the child SCP;
|
253
|
+
# child SCPs can only filter the permissions they receive from the
|
254
|
+
# parent SCP.
|
255
|
+
#
|
256
|
+
# AWS Organizations attaches a default SCP named `"FullAWSAccess` to
|
257
|
+
# every root, OU, and account. This default SCP allows all services
|
258
|
+
# and actions, enabling any new child OU or account to inherit the
|
259
|
+
# permissions of the parent root or OU. If you detach the default
|
260
|
+
# policy, you must replace it with a policy that specifies the
|
261
|
+
# permissions that you want to allow in that OU or account.
|
262
|
+
#
|
263
|
+
# For more information about how Organizations policies permissions
|
264
|
+
# work, see [Using Service Control Policies][1] in the *AWS
|
265
|
+
# Organizations User Guide*.
|
266
|
+
#
|
267
|
+
# This operation can be called only from the organization's master
|
268
|
+
# account.
|
269
|
+
#
|
270
|
+
#
|
271
|
+
#
|
272
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
273
|
+
#
|
274
|
+
# @option params [required, String] :policy_id
|
275
|
+
# The unique identifier (ID) of the policy that you want to attach to
|
276
|
+
# the target. You can get the ID for the policy by calling the
|
277
|
+
# ListPolicies operation.
|
278
|
+
#
|
279
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
280
|
+
# by from 8 to 128 lower-case letters or digits.
|
281
|
+
#
|
282
|
+
#
|
283
|
+
#
|
284
|
+
# [1]: http://wikipedia.org/wiki/regex
|
285
|
+
#
|
286
|
+
# @option params [required, String] :target_id
|
287
|
+
# The unique identifier (ID) of the root, OU, or account that you want
|
288
|
+
# to attach the policy to. You can get the ID by calling the ListRoots,
|
289
|
+
# ListOrganizationalUnitsForParent, or ListAccounts operations.
|
290
|
+
#
|
291
|
+
# The [regex pattern][1] for a target ID string requires one of the
|
292
|
+
# following:
|
293
|
+
#
|
294
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
295
|
+
# lower-case letters or digits.
|
296
|
+
#
|
297
|
+
# * Account: a string that consists of exactly 12 digits.
|
298
|
+
#
|
299
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
300
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
301
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
302
|
+
# additional lower-case letters or digits.
|
303
|
+
#
|
304
|
+
#
|
305
|
+
#
|
306
|
+
# [1]: http://wikipedia.org/wiki/regex
|
307
|
+
#
|
308
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
309
|
+
#
|
310
|
+
# @example Request syntax with placeholder values
|
311
|
+
#
|
312
|
+
# resp = client.attach_policy({
|
313
|
+
# policy_id: "PolicyId", # required
|
314
|
+
# target_id: "PolicyTargetId", # required
|
315
|
+
# })
|
316
|
+
#
|
317
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy AWS API Documentation
|
318
|
+
#
|
319
|
+
# @overload attach_policy(params = {})
|
320
|
+
# @param [Hash] params ({})
|
321
|
+
def attach_policy(params = {}, options = {})
|
322
|
+
req = build_request(:attach_policy, params)
|
323
|
+
req.send_request(options)
|
324
|
+
end
|
325
|
+
|
326
|
+
# Cancels a handshake. Canceling a handshake sets the handshake state to
|
327
|
+
# `CANCELED`.
|
328
|
+
#
|
329
|
+
# This operation can be called only from the account that originated the
|
330
|
+
# handshake. The recipient of the handshake can't cancel it, but can
|
331
|
+
# use DeclineHandshake instead. After a handshake is canceled, the
|
332
|
+
# recipient can no longer respond to that handshake.
|
333
|
+
#
|
334
|
+
# @option params [required, String] :handshake_id
|
335
|
+
# The unique identifier (ID) of the handshake that you want to cancel.
|
336
|
+
# You can get the ID from the ListHandshakesForOrganization operation.
|
337
|
+
#
|
338
|
+
# The [regex pattern][1] for handshake ID string requires "h-"
|
339
|
+
# followed by from 8 to 32 lower-case letters or digits.
|
340
|
+
#
|
341
|
+
#
|
342
|
+
#
|
343
|
+
# [1]: http://wikipedia.org/wiki/regex
|
344
|
+
#
|
345
|
+
# @return [Types::CancelHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
346
|
+
#
|
347
|
+
# * {Types::CancelHandshakeResponse#handshake #handshake} => Types::Handshake
|
348
|
+
#
|
349
|
+
# @example Request syntax with placeholder values
|
350
|
+
#
|
351
|
+
# resp = client.cancel_handshake({
|
352
|
+
# handshake_id: "HandshakeId", # required
|
353
|
+
# })
|
354
|
+
#
|
355
|
+
# @example Response structure
|
356
|
+
#
|
357
|
+
# resp.handshake.id #=> String
|
358
|
+
# resp.handshake.arn #=> String
|
359
|
+
# resp.handshake.parties #=> Array
|
360
|
+
# resp.handshake.parties[0].id #=> String
|
361
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
362
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
363
|
+
# resp.handshake.requested_timestamp #=> Time
|
364
|
+
# resp.handshake.expiration_timestamp #=> Time
|
365
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
366
|
+
# resp.handshake.resources #=> Array
|
367
|
+
# resp.handshake.resources[0].value #=> String
|
368
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
369
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
370
|
+
#
|
371
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake AWS API Documentation
|
372
|
+
#
|
373
|
+
# @overload cancel_handshake(params = {})
|
374
|
+
# @param [Hash] params ({})
|
375
|
+
def cancel_handshake(params = {}, options = {})
|
376
|
+
req = build_request(:cancel_handshake, params)
|
377
|
+
req.send_request(options)
|
378
|
+
end
|
379
|
+
|
380
|
+
# Creates an AWS account that is automatically a member of the
|
381
|
+
# organization whose credentials made the request. This is an
|
382
|
+
# asynchronous request that AWS performs in the background. If you want
|
383
|
+
# to check the status of the request later, you need the `OperationId`
|
384
|
+
# response element from this operation to provide as a parameter to the
|
385
|
+
# DescribeCreateAccountStatus operation.
|
386
|
+
#
|
387
|
+
# AWS Organizations preconfigures the new member account with a role
|
388
|
+
# (named `OrganizationAccountAccessRole` by default) that grants
|
389
|
+
# administrator permissions to the new account. Principals in the master
|
390
|
+
# account can assume the role. AWS Organizations clones the company name
|
391
|
+
# and address information for the new account from the organization's
|
392
|
+
# master account.
|
393
|
+
#
|
394
|
+
# For more information about creating accounts, see [Creating an AWS
|
395
|
+
# Account in Your Organization][1] in the *AWS Organizations User
|
396
|
+
# Guide*.
|
397
|
+
#
|
398
|
+
# You cannot remove accounts that are created with this operation from
|
399
|
+
# an organization. That also means that you cannot delete an
|
400
|
+
# organization that contains an account that is created with this
|
401
|
+
# operation.
|
402
|
+
#
|
403
|
+
# <note markdown="1"> When you create a member account with this operation, the account is
|
404
|
+
# created with the **IAM User and Role Access to Billing Information**
|
405
|
+
# switch enabled. This allows IAM users and roles that are granted
|
406
|
+
# appropriate permissions to view billing information. If this is
|
407
|
+
# disabled, then only the account root user can access billing
|
408
|
+
# information. For information about how to disable this for an account,
|
409
|
+
# see [Granting Access to Your Billing Information and Tools][2].
|
410
|
+
#
|
411
|
+
# </note>
|
412
|
+
#
|
413
|
+
# This operation can be called only from the organization's master
|
414
|
+
# account.
|
415
|
+
#
|
416
|
+
#
|
417
|
+
#
|
418
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
419
|
+
# [2]: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
|
420
|
+
#
|
421
|
+
# @option params [required, String] :email
|
422
|
+
# The email address of the owner to assign to the new member account.
|
423
|
+
# This email address must not already be associated with another AWS
|
424
|
+
# account.
|
425
|
+
#
|
426
|
+
# @option params [required, String] :account_name
|
427
|
+
# The friendly name of the member account.
|
428
|
+
#
|
429
|
+
# @option params [String] :role_name
|
430
|
+
# (Optional)
|
431
|
+
#
|
432
|
+
# The name of an IAM role that Organizations automatically preconfigures
|
433
|
+
# in the new member account. This role trusts the master account,
|
434
|
+
# allowing users in the master account to assume the role, as permitted
|
435
|
+
# by the master account administrator. The role has administrator
|
436
|
+
# permissions in the new member account.
|
437
|
+
#
|
438
|
+
# If you do not specify this parameter, the role name defaults to
|
439
|
+
# `OrganizationAccountAccessRole`.
|
440
|
+
#
|
441
|
+
# For more information about how to use this role to access the member
|
442
|
+
# account, see [Accessing and Administering the Member Accounts in Your
|
443
|
+
# Organization][1] in the *AWS Organizations User Guide*, and steps 2
|
444
|
+
# and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
445
|
+
# Roles][2] in the *IAM User Guide*.
|
446
|
+
#
|
447
|
+
# The [regex pattern][3] that is used to validate this parameter is a
|
448
|
+
# string of characters that can consist of uppercase letters, lowercase
|
449
|
+
# letters, digits with no spaces, and any of the following characters:
|
450
|
+
# =,.@-
|
451
|
+
#
|
452
|
+
#
|
453
|
+
#
|
454
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
|
455
|
+
# [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
|
456
|
+
# [3]: http://wikipedia.org/wiki/regex
|
457
|
+
#
|
458
|
+
# @option params [String] :iam_user_access_to_billing
|
459
|
+
# If set to `ALLOW`, the new account enables IAM users to access account
|
460
|
+
# billing information *if* they have the required permissions. If set to
|
461
|
+
# `DENY`, then only the root user of the new account can access account
|
462
|
+
# billing information. For more information, see [Activating Access to
|
463
|
+
# the Billing and Cost Management Console][1] in the *AWS Billing and
|
464
|
+
# Cost Management User Guide*.
|
465
|
+
#
|
466
|
+
#
|
467
|
+
#
|
468
|
+
# [1]: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
469
|
+
#
|
470
|
+
# @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
471
|
+
#
|
472
|
+
# * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
473
|
+
#
|
474
|
+
# @example Request syntax with placeholder values
|
475
|
+
#
|
476
|
+
# resp = client.create_account({
|
477
|
+
# email: "Email", # required
|
478
|
+
# account_name: "AccountName", # required
|
479
|
+
# role_name: "RoleName",
|
480
|
+
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
481
|
+
# })
|
482
|
+
#
|
483
|
+
# @example Response structure
|
484
|
+
#
|
485
|
+
# resp.create_account_status.id #=> String
|
486
|
+
# resp.create_account_status.account_name #=> String
|
487
|
+
# resp.create_account_status.state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
|
488
|
+
# resp.create_account_status.requested_timestamp #=> Time
|
489
|
+
# resp.create_account_status.completed_timestamp #=> Time
|
490
|
+
# resp.create_account_status.account_id #=> String
|
491
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
|
492
|
+
#
|
493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
494
|
+
#
|
495
|
+
# @overload create_account(params = {})
|
496
|
+
# @param [Hash] params ({})
|
497
|
+
def create_account(params = {}, options = {})
|
498
|
+
req = build_request(:create_account, params)
|
499
|
+
req.send_request(options)
|
500
|
+
end
|
501
|
+
|
502
|
+
# Creates an AWS organization. The account whose user is calling the
|
503
|
+
# CreateOrganization operation automatically becomes the [master
|
504
|
+
# account][1] of the new organization.
|
505
|
+
#
|
506
|
+
# This operation must be called using credentials from the account that
|
507
|
+
# is to become the new organization's master account. The principal
|
508
|
+
# must also have the relevant IAM permissions.
|
509
|
+
#
|
510
|
+
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
511
|
+
# new organization is created with all features enabled and service
|
512
|
+
# control policies automatically enabled in the root. If you instead
|
513
|
+
# choose to create the organization supporting only the consolidated
|
514
|
+
# billing features by setting the `FeatureSet` parameter to
|
515
|
+
# `CONSOLIDATED_BILLING"`, then no policy types are enabled by default
|
516
|
+
# and you cannot use organization policies.
|
517
|
+
#
|
518
|
+
#
|
519
|
+
#
|
520
|
+
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account
|
521
|
+
#
|
522
|
+
# @option params [String] :feature_set
|
523
|
+
# Specifies the feature set supported by the new organization. Each
|
524
|
+
# feature set supports different levels of functionality.
|
525
|
+
#
|
526
|
+
# * *CONSOLIDATED\_BILLING*\: All member accounts have their bills
|
527
|
+
# consolidated to and paid by the master account. For more
|
528
|
+
# information, see [Consolidated Billing][1] in the *AWS Organizations
|
529
|
+
# User Guide*.
|
530
|
+
#
|
531
|
+
# * *ALL*\: In addition to all the features supported by the
|
532
|
+
# consolidated billing feature set, the master account can also apply
|
533
|
+
# any type of policy to any member account in the organization. For
|
534
|
+
# more information, see [All features][2] in the *AWS Organizations
|
535
|
+
# User Guide*.
|
536
|
+
#
|
537
|
+
#
|
538
|
+
#
|
539
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only
|
540
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all
|
541
|
+
#
|
542
|
+
# @return [Types::CreateOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
543
|
+
#
|
544
|
+
# * {Types::CreateOrganizationResponse#organization #organization} => Types::Organization
|
545
|
+
#
|
546
|
+
# @example Request syntax with placeholder values
|
547
|
+
#
|
548
|
+
# resp = client.create_organization({
|
549
|
+
# feature_set: "ALL", # accepts ALL, CONSOLIDATED_BILLING
|
550
|
+
# })
|
551
|
+
#
|
552
|
+
# @example Response structure
|
553
|
+
#
|
554
|
+
# resp.organization.id #=> String
|
555
|
+
# resp.organization.arn #=> String
|
556
|
+
# resp.organization.feature_set #=> String, one of "ALL", "CONSOLIDATED_BILLING"
|
557
|
+
# resp.organization.master_account_arn #=> String
|
558
|
+
# resp.organization.master_account_id #=> String
|
559
|
+
# resp.organization.master_account_email #=> String
|
560
|
+
# resp.organization.available_policy_types #=> Array
|
561
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
562
|
+
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
563
|
+
#
|
564
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
|
565
|
+
#
|
566
|
+
# @overload create_organization(params = {})
|
567
|
+
# @param [Hash] params ({})
|
568
|
+
def create_organization(params = {}, options = {})
|
569
|
+
req = build_request(:create_organization, params)
|
570
|
+
req.send_request(options)
|
571
|
+
end
|
572
|
+
|
573
|
+
# Creates an organizational unit (OU) within a root or parent OU. An OU
|
574
|
+
# is a container for accounts that enables you to organize your accounts
|
575
|
+
# to apply policies according to your business requirements. The number
|
576
|
+
# of levels deep that you can nest OUs is dependent upon the policy
|
577
|
+
# types enabled for that root. For service control policies, the limit
|
578
|
+
# is five.
|
579
|
+
#
|
580
|
+
# For more information about OUs, see [Managing Organizational Units][1]
|
581
|
+
# in the *AWS Organizations User Guide*.
|
582
|
+
#
|
583
|
+
# This operation can be called only from the organization's master
|
584
|
+
# account.
|
585
|
+
#
|
586
|
+
#
|
587
|
+
#
|
588
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
|
589
|
+
#
|
590
|
+
# @option params [required, String] :parent_id
|
591
|
+
# The unique identifier (ID) of the parent root or OU in which you want
|
592
|
+
# to create the new OU.
|
593
|
+
#
|
594
|
+
# The [regex pattern][1] for a parent ID string requires one of the
|
595
|
+
# following:
|
596
|
+
#
|
597
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
598
|
+
# lower-case letters or digits.
|
599
|
+
#
|
600
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
601
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
602
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
603
|
+
# additional lower-case letters or digits.
|
604
|
+
#
|
605
|
+
#
|
606
|
+
#
|
607
|
+
# [1]: http://wikipedia.org/wiki/regex
|
608
|
+
#
|
609
|
+
# @option params [required, String] :name
|
610
|
+
# The friendly name to assign to the new OU.
|
611
|
+
#
|
612
|
+
# @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
613
|
+
#
|
614
|
+
# * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
615
|
+
#
|
616
|
+
# @example Request syntax with placeholder values
|
617
|
+
#
|
618
|
+
# resp = client.create_organizational_unit({
|
619
|
+
# parent_id: "ParentId", # required
|
620
|
+
# name: "OrganizationalUnitName", # required
|
621
|
+
# })
|
622
|
+
#
|
623
|
+
# @example Response structure
|
624
|
+
#
|
625
|
+
# resp.organizational_unit.id #=> String
|
626
|
+
# resp.organizational_unit.arn #=> String
|
627
|
+
# resp.organizational_unit.name #=> String
|
628
|
+
#
|
629
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit AWS API Documentation
|
630
|
+
#
|
631
|
+
# @overload create_organizational_unit(params = {})
|
632
|
+
# @param [Hash] params ({})
|
633
|
+
def create_organizational_unit(params = {}, options = {})
|
634
|
+
req = build_request(:create_organizational_unit, params)
|
635
|
+
req.send_request(options)
|
636
|
+
end
|
637
|
+
|
638
|
+
# Creates a policy of a specified type that you can attach to a root, an
|
639
|
+
# organizational unit (OU), or an individual AWS account.
|
640
|
+
#
|
641
|
+
# For more information about policies and their use, see [Managing
|
642
|
+
# Organization Policies][1].
|
643
|
+
#
|
644
|
+
# This operation can be called only from the organization's master
|
645
|
+
# account.
|
646
|
+
#
|
647
|
+
#
|
648
|
+
#
|
649
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
|
650
|
+
#
|
651
|
+
# @option params [required, String] :content
|
652
|
+
# The policy content to add to the new policy. For example, if you
|
653
|
+
# create a [service control policy][1] (SCP), this string must be JSON
|
654
|
+
# text that specifies the permissions that admins in attached accounts
|
655
|
+
# can delegate to their users, groups, and roles. For more information
|
656
|
+
# about the SCP syntax, see [Service Control Policy Syntax][2] in the
|
657
|
+
# *AWS Organizations User Guide*.
|
658
|
+
#
|
659
|
+
#
|
660
|
+
#
|
661
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
662
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
|
663
|
+
#
|
664
|
+
# @option params [required, String] :description
|
665
|
+
# An optional description to assign to the policy.
|
666
|
+
#
|
667
|
+
# @option params [required, String] :name
|
668
|
+
# The friendly name to assign to the policy.
|
669
|
+
#
|
670
|
+
# The [regex pattern][1] that is used to validate this parameter is a
|
671
|
+
# string of any of the characters in the ASCII character range.
|
672
|
+
#
|
673
|
+
#
|
674
|
+
#
|
675
|
+
# [1]: http://wikipedia.org/wiki/regex
|
676
|
+
#
|
677
|
+
# @option params [required, String] :type
|
678
|
+
# The type of policy to create.
|
679
|
+
#
|
680
|
+
# <note markdown="1"> In the current release, the only type of policy that you can create is
|
681
|
+
# a service control policy (SCP).
|
682
|
+
#
|
683
|
+
# </note>
|
684
|
+
#
|
685
|
+
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
686
|
+
#
|
687
|
+
# * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
|
688
|
+
#
|
689
|
+
# @example Request syntax with placeholder values
|
690
|
+
#
|
691
|
+
# resp = client.create_policy({
|
692
|
+
# content: "PolicyContent", # required
|
693
|
+
# description: "PolicyDescription", # required
|
694
|
+
# name: "PolicyName", # required
|
695
|
+
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
696
|
+
# })
|
697
|
+
#
|
698
|
+
# @example Response structure
|
699
|
+
#
|
700
|
+
# resp.policy.policy_summary.id #=> String
|
701
|
+
# resp.policy.policy_summary.arn #=> String
|
702
|
+
# resp.policy.policy_summary.name #=> String
|
703
|
+
# resp.policy.policy_summary.description #=> String
|
704
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
705
|
+
# resp.policy.policy_summary.aws_managed #=> Boolean
|
706
|
+
# resp.policy.content #=> String
|
707
|
+
#
|
708
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy AWS API Documentation
|
709
|
+
#
|
710
|
+
# @overload create_policy(params = {})
|
711
|
+
# @param [Hash] params ({})
|
712
|
+
def create_policy(params = {}, options = {})
|
713
|
+
req = build_request(:create_policy, params)
|
714
|
+
req.send_request(options)
|
715
|
+
end
|
716
|
+
|
717
|
+
# Declines a handshake request. This sets the handshake state to
|
718
|
+
# `DECLINED` and effectively deactivates the request.
|
719
|
+
#
|
720
|
+
# This operation can be called only from the account that received the
|
721
|
+
# handshake. The originator of the handshake can use CancelHandshake
|
722
|
+
# instead. The originator can't reactivate a declined request, but can
|
723
|
+
# re-initiate the process with a new handshake request.
|
724
|
+
#
|
725
|
+
# @option params [required, String] :handshake_id
|
726
|
+
# The unique identifier (ID) of the handshake that you want to decline.
|
727
|
+
# You can get the ID from the ListHandshakesForAccount operation.
|
728
|
+
#
|
729
|
+
# The [regex pattern][1] for handshake ID string requires "h-"
|
730
|
+
# followed by from 8 to 32 lower-case letters or digits.
|
731
|
+
#
|
732
|
+
#
|
733
|
+
#
|
734
|
+
# [1]: http://wikipedia.org/wiki/regex
|
735
|
+
#
|
736
|
+
# @return [Types::DeclineHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
737
|
+
#
|
738
|
+
# * {Types::DeclineHandshakeResponse#handshake #handshake} => Types::Handshake
|
739
|
+
#
|
740
|
+
# @example Request syntax with placeholder values
|
741
|
+
#
|
742
|
+
# resp = client.decline_handshake({
|
743
|
+
# handshake_id: "HandshakeId", # required
|
744
|
+
# })
|
745
|
+
#
|
746
|
+
# @example Response structure
|
747
|
+
#
|
748
|
+
# resp.handshake.id #=> String
|
749
|
+
# resp.handshake.arn #=> String
|
750
|
+
# resp.handshake.parties #=> Array
|
751
|
+
# resp.handshake.parties[0].id #=> String
|
752
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
753
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
754
|
+
# resp.handshake.requested_timestamp #=> Time
|
755
|
+
# resp.handshake.expiration_timestamp #=> Time
|
756
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
757
|
+
# resp.handshake.resources #=> Array
|
758
|
+
# resp.handshake.resources[0].value #=> String
|
759
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
760
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
761
|
+
#
|
762
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake AWS API Documentation
|
763
|
+
#
|
764
|
+
# @overload decline_handshake(params = {})
|
765
|
+
# @param [Hash] params ({})
|
766
|
+
def decline_handshake(params = {}, options = {})
|
767
|
+
req = build_request(:decline_handshake, params)
|
768
|
+
req.send_request(options)
|
769
|
+
end
|
770
|
+
|
771
|
+
# Deletes the organization. You can delete an organization only by using
|
772
|
+
# credentials from the master account. The organization must be empty of
|
773
|
+
# member accounts, OUs, and policies.
|
774
|
+
#
|
775
|
+
# If you create any accounts using Organizations operations or the
|
776
|
+
# Organizations console, you can't remove those accounts from the
|
777
|
+
# organization, which means that you can't delete the organization.
|
778
|
+
#
|
779
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
780
|
+
#
|
781
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization AWS API Documentation
|
782
|
+
#
|
783
|
+
# @overload delete_organization(params = {})
|
784
|
+
# @param [Hash] params ({})
|
785
|
+
def delete_organization(params = {}, options = {})
|
786
|
+
req = build_request(:delete_organization, params)
|
787
|
+
req.send_request(options)
|
788
|
+
end
|
789
|
+
|
790
|
+
# Deletes an organizational unit from a root or another OU. You must
|
791
|
+
# first remove all accounts and child OUs from the OU that you want to
|
792
|
+
# delete.
|
793
|
+
#
|
794
|
+
# This operation can be called only from the organization's master
|
795
|
+
# account.
|
796
|
+
#
|
797
|
+
# @option params [required, String] :organizational_unit_id
|
798
|
+
# The unique identifier (ID) of the organizational unit that you want to
|
799
|
+
# delete. You can get the ID from the ListOrganizationalUnitsForParent
|
800
|
+
# operation.
|
801
|
+
#
|
802
|
+
# The [regex pattern][1] for an organizational unit ID string requires
|
803
|
+
# "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
|
804
|
+
# of the root that contains the OU) followed by a second "-" dash and
|
805
|
+
# from 8 to 32 additional lower-case letters or digits.
|
806
|
+
#
|
807
|
+
#
|
808
|
+
#
|
809
|
+
# [1]: http://wikipedia.org/wiki/regex
|
810
|
+
#
|
811
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
812
|
+
#
|
813
|
+
# @example Request syntax with placeholder values
|
814
|
+
#
|
815
|
+
# resp = client.delete_organizational_unit({
|
816
|
+
# organizational_unit_id: "OrganizationalUnitId", # required
|
817
|
+
# })
|
818
|
+
#
|
819
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit AWS API Documentation
|
820
|
+
#
|
821
|
+
# @overload delete_organizational_unit(params = {})
|
822
|
+
# @param [Hash] params ({})
|
823
|
+
def delete_organizational_unit(params = {}, options = {})
|
824
|
+
req = build_request(:delete_organizational_unit, params)
|
825
|
+
req.send_request(options)
|
826
|
+
end
|
827
|
+
|
828
|
+
# Deletes the specified policy from your organization. Before you
|
829
|
+
# perform this operation, you must first detach the policy from all OUs,
|
830
|
+
# roots, and accounts.
|
831
|
+
#
|
832
|
+
# This operation can be called only from the organization's master
|
833
|
+
# account.
|
834
|
+
#
|
835
|
+
# @option params [required, String] :policy_id
|
836
|
+
# The unique identifier (ID) of the policy that you want to delete. You
|
837
|
+
# can get the ID from the ListPolicies or ListPoliciesForTarget
|
838
|
+
# operations.
|
839
|
+
#
|
840
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
841
|
+
# by from 8 to 128 lower-case letters or digits.
|
842
|
+
#
|
843
|
+
#
|
844
|
+
#
|
845
|
+
# [1]: http://wikipedia.org/wiki/regex
|
846
|
+
#
|
847
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
848
|
+
#
|
849
|
+
# @example Request syntax with placeholder values
|
850
|
+
#
|
851
|
+
# resp = client.delete_policy({
|
852
|
+
# policy_id: "PolicyId", # required
|
853
|
+
# })
|
854
|
+
#
|
855
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy AWS API Documentation
|
856
|
+
#
|
857
|
+
# @overload delete_policy(params = {})
|
858
|
+
# @param [Hash] params ({})
|
859
|
+
def delete_policy(params = {}, options = {})
|
860
|
+
req = build_request(:delete_policy, params)
|
861
|
+
req.send_request(options)
|
862
|
+
end
|
863
|
+
|
864
|
+
# Retrieves Organizations-related information about the specified
|
865
|
+
# account.
|
866
|
+
#
|
867
|
+
# This operation can be called only from the organization's master
|
868
|
+
# account.
|
869
|
+
#
|
870
|
+
# @option params [required, String] :account_id
|
871
|
+
# The unique identifier (ID) of the AWS account that you want
|
872
|
+
# information about. You can get the ID from the ListAccounts or
|
873
|
+
# ListAccountsForParent operations.
|
874
|
+
#
|
875
|
+
# The [regex pattern][1] for an account ID string requires exactly 12
|
876
|
+
# digits.
|
877
|
+
#
|
878
|
+
#
|
879
|
+
#
|
880
|
+
# [1]: http://wikipedia.org/wiki/regex
|
881
|
+
#
|
882
|
+
# @return [Types::DescribeAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
883
|
+
#
|
884
|
+
# * {Types::DescribeAccountResponse#account #account} => Types::Account
|
885
|
+
#
|
886
|
+
# @example Request syntax with placeholder values
|
887
|
+
#
|
888
|
+
# resp = client.describe_account({
|
889
|
+
# account_id: "AccountId", # required
|
890
|
+
# })
|
891
|
+
#
|
892
|
+
# @example Response structure
|
893
|
+
#
|
894
|
+
# resp.account.id #=> String
|
895
|
+
# resp.account.arn #=> String
|
896
|
+
# resp.account.name #=> String
|
897
|
+
# resp.account.status #=> String, one of "ACTIVE", "SUSPENDED"
|
898
|
+
# resp.account.joined_method #=> String, one of "INVITED", "CREATED"
|
899
|
+
# resp.account.joined_timestamp #=> Time
|
900
|
+
#
|
901
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount AWS API Documentation
|
902
|
+
#
|
903
|
+
# @overload describe_account(params = {})
|
904
|
+
# @param [Hash] params ({})
|
905
|
+
def describe_account(params = {}, options = {})
|
906
|
+
req = build_request(:describe_account, params)
|
907
|
+
req.send_request(options)
|
908
|
+
end
|
909
|
+
|
910
|
+
# Retrieves the current status of an asynchronous request to create an
|
911
|
+
# account.
|
912
|
+
#
|
913
|
+
# This operation can be called only from the organization's master
|
914
|
+
# account.
|
915
|
+
#
|
916
|
+
# @option params [required, String] :create_account_request_id
|
917
|
+
# Specifies the `operationId` that uniquely identifies the request. You
|
918
|
+
# can get the ID from the response to an earlier CreateAccount request,
|
919
|
+
# or from the ListCreateAccountStatus operation.
|
920
|
+
#
|
921
|
+
# The [regex pattern][1] for an create account request ID string
|
922
|
+
# requires "car-" followed by from 8 to 32 lower-case letters or
|
923
|
+
# digits.
|
924
|
+
#
|
925
|
+
#
|
926
|
+
#
|
927
|
+
# [1]: http://wikipedia.org/wiki/regex
|
928
|
+
#
|
929
|
+
# @return [Types::DescribeCreateAccountStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
930
|
+
#
|
931
|
+
# * {Types::DescribeCreateAccountStatusResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
932
|
+
#
|
933
|
+
# @example Request syntax with placeholder values
|
934
|
+
#
|
935
|
+
# resp = client.describe_create_account_status({
|
936
|
+
# create_account_request_id: "CreateAccountRequestId", # required
|
937
|
+
# })
|
938
|
+
#
|
939
|
+
# @example Response structure
|
940
|
+
#
|
941
|
+
# resp.create_account_status.id #=> String
|
942
|
+
# resp.create_account_status.account_name #=> String
|
943
|
+
# resp.create_account_status.state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
|
944
|
+
# resp.create_account_status.requested_timestamp #=> Time
|
945
|
+
# resp.create_account_status.completed_timestamp #=> Time
|
946
|
+
# resp.create_account_status.account_id #=> String
|
947
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
|
948
|
+
#
|
949
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
950
|
+
#
|
951
|
+
# @overload describe_create_account_status(params = {})
|
952
|
+
# @param [Hash] params ({})
|
953
|
+
def describe_create_account_status(params = {}, options = {})
|
954
|
+
req = build_request(:describe_create_account_status, params)
|
955
|
+
req.send_request(options)
|
956
|
+
end
|
957
|
+
|
958
|
+
# Retrieves information about a previously requested handshake. The
|
959
|
+
# handshake ID comes from the response to the original
|
960
|
+
# InviteAccountToOrganization operation that generated the handshake.
|
961
|
+
#
|
962
|
+
# This operation can be called from any account in the organization.
|
963
|
+
#
|
964
|
+
# @option params [required, String] :handshake_id
|
965
|
+
# The unique identifier (ID) of the handshake that you want information
|
966
|
+
# about. You can get the ID from the original call to
|
967
|
+
# InviteAccountToOrganization, or from a call to
|
968
|
+
# ListHandshakesForAccount or ListHandshakesForOrganization.
|
969
|
+
#
|
970
|
+
# The [regex pattern][1] for handshake ID string requires "h-"
|
971
|
+
# followed by from 8 to 32 lower-case letters or digits.
|
972
|
+
#
|
973
|
+
#
|
974
|
+
#
|
975
|
+
# [1]: http://wikipedia.org/wiki/regex
|
976
|
+
#
|
977
|
+
# @return [Types::DescribeHandshakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
978
|
+
#
|
979
|
+
# * {Types::DescribeHandshakeResponse#handshake #handshake} => Types::Handshake
|
980
|
+
#
|
981
|
+
# @example Request syntax with placeholder values
|
982
|
+
#
|
983
|
+
# resp = client.describe_handshake({
|
984
|
+
# handshake_id: "HandshakeId", # required
|
985
|
+
# })
|
986
|
+
#
|
987
|
+
# @example Response structure
|
988
|
+
#
|
989
|
+
# resp.handshake.id #=> String
|
990
|
+
# resp.handshake.arn #=> String
|
991
|
+
# resp.handshake.parties #=> Array
|
992
|
+
# resp.handshake.parties[0].id #=> String
|
993
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
994
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
995
|
+
# resp.handshake.requested_timestamp #=> Time
|
996
|
+
# resp.handshake.expiration_timestamp #=> Time
|
997
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
998
|
+
# resp.handshake.resources #=> Array
|
999
|
+
# resp.handshake.resources[0].value #=> String
|
1000
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
1001
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
1002
|
+
#
|
1003
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake AWS API Documentation
|
1004
|
+
#
|
1005
|
+
# @overload describe_handshake(params = {})
|
1006
|
+
# @param [Hash] params ({})
|
1007
|
+
def describe_handshake(params = {}, options = {})
|
1008
|
+
req = build_request(:describe_handshake, params)
|
1009
|
+
req.send_request(options)
|
1010
|
+
end
|
1011
|
+
|
1012
|
+
# Retrieves information about the organization that the user's account
|
1013
|
+
# belongs to.
|
1014
|
+
#
|
1015
|
+
# This operation can be called from any account in the organization.
|
1016
|
+
#
|
1017
|
+
# @return [Types::DescribeOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1018
|
+
#
|
1019
|
+
# * {Types::DescribeOrganizationResponse#organization #organization} => Types::Organization
|
1020
|
+
#
|
1021
|
+
# @example Response structure
|
1022
|
+
#
|
1023
|
+
# resp.organization.id #=> String
|
1024
|
+
# resp.organization.arn #=> String
|
1025
|
+
# resp.organization.feature_set #=> String, one of "ALL", "CONSOLIDATED_BILLING"
|
1026
|
+
# resp.organization.master_account_arn #=> String
|
1027
|
+
# resp.organization.master_account_id #=> String
|
1028
|
+
# resp.organization.master_account_email #=> String
|
1029
|
+
# resp.organization.available_policy_types #=> Array
|
1030
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1031
|
+
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1032
|
+
#
|
1033
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
|
1034
|
+
#
|
1035
|
+
# @overload describe_organization(params = {})
|
1036
|
+
# @param [Hash] params ({})
|
1037
|
+
def describe_organization(params = {}, options = {})
|
1038
|
+
req = build_request(:describe_organization, params)
|
1039
|
+
req.send_request(options)
|
1040
|
+
end
|
1041
|
+
|
1042
|
+
# Retrieves information about an organizational unit (OU).
|
1043
|
+
#
|
1044
|
+
# This operation can be called only from the organization's master
|
1045
|
+
# account.
|
1046
|
+
#
|
1047
|
+
# @option params [required, String] :organizational_unit_id
|
1048
|
+
# The unique identifier (ID) of the organizational unit that you want
|
1049
|
+
# details about. You can get the ID from the
|
1050
|
+
# ListOrganizationalUnitsForParent operation.
|
1051
|
+
#
|
1052
|
+
# The [regex pattern][1] for an organizational unit ID string requires
|
1053
|
+
# "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
|
1054
|
+
# of the root that contains the OU) followed by a second "-" dash and
|
1055
|
+
# from 8 to 32 additional lower-case letters or digits.
|
1056
|
+
#
|
1057
|
+
#
|
1058
|
+
#
|
1059
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1060
|
+
#
|
1061
|
+
# @return [Types::DescribeOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1062
|
+
#
|
1063
|
+
# * {Types::DescribeOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
1064
|
+
#
|
1065
|
+
# @example Request syntax with placeholder values
|
1066
|
+
#
|
1067
|
+
# resp = client.describe_organizational_unit({
|
1068
|
+
# organizational_unit_id: "OrganizationalUnitId", # required
|
1069
|
+
# })
|
1070
|
+
#
|
1071
|
+
# @example Response structure
|
1072
|
+
#
|
1073
|
+
# resp.organizational_unit.id #=> String
|
1074
|
+
# resp.organizational_unit.arn #=> String
|
1075
|
+
# resp.organizational_unit.name #=> String
|
1076
|
+
#
|
1077
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit AWS API Documentation
|
1078
|
+
#
|
1079
|
+
# @overload describe_organizational_unit(params = {})
|
1080
|
+
# @param [Hash] params ({})
|
1081
|
+
def describe_organizational_unit(params = {}, options = {})
|
1082
|
+
req = build_request(:describe_organizational_unit, params)
|
1083
|
+
req.send_request(options)
|
1084
|
+
end
|
1085
|
+
|
1086
|
+
# Retrieves information about a policy.
|
1087
|
+
#
|
1088
|
+
# This operation can be called only from the organization's master
|
1089
|
+
# account.
|
1090
|
+
#
|
1091
|
+
# @option params [required, String] :policy_id
|
1092
|
+
# The unique identifier (ID) of the policy that you want details about.
|
1093
|
+
# You can get the ID from the ListPolicies or ListPoliciesForTarget
|
1094
|
+
# operations.
|
1095
|
+
#
|
1096
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
1097
|
+
# by from 8 to 128 lower-case letters or digits.
|
1098
|
+
#
|
1099
|
+
#
|
1100
|
+
#
|
1101
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1102
|
+
#
|
1103
|
+
# @return [Types::DescribePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1104
|
+
#
|
1105
|
+
# * {Types::DescribePolicyResponse#policy #policy} => Types::Policy
|
1106
|
+
#
|
1107
|
+
# @example Request syntax with placeholder values
|
1108
|
+
#
|
1109
|
+
# resp = client.describe_policy({
|
1110
|
+
# policy_id: "PolicyId", # required
|
1111
|
+
# })
|
1112
|
+
#
|
1113
|
+
# @example Response structure
|
1114
|
+
#
|
1115
|
+
# resp.policy.policy_summary.id #=> String
|
1116
|
+
# resp.policy.policy_summary.arn #=> String
|
1117
|
+
# resp.policy.policy_summary.name #=> String
|
1118
|
+
# resp.policy.policy_summary.description #=> String
|
1119
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1120
|
+
# resp.policy.policy_summary.aws_managed #=> Boolean
|
1121
|
+
# resp.policy.content #=> String
|
1122
|
+
#
|
1123
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy AWS API Documentation
|
1124
|
+
#
|
1125
|
+
# @overload describe_policy(params = {})
|
1126
|
+
# @param [Hash] params ({})
|
1127
|
+
def describe_policy(params = {}, options = {})
|
1128
|
+
req = build_request(:describe_policy, params)
|
1129
|
+
req.send_request(options)
|
1130
|
+
end
|
1131
|
+
|
1132
|
+
# Detaches a policy from a target root, organizational unit, or account.
|
1133
|
+
# If the policy being detached is a service control policy (SCP), the
|
1134
|
+
# changes to permissions for IAM users and roles in affected accounts
|
1135
|
+
# are immediate.
|
1136
|
+
#
|
1137
|
+
# **Note:** Every root, OU, and account must have at least one SCP
|
1138
|
+
# attached. If you want to replace the default `FullAWSAccess` policy
|
1139
|
+
# with one that limits the permissions that can be delegated, then you
|
1140
|
+
# must attach the replacement policy before you can remove the default
|
1141
|
+
# one. This is the authorization strategy of [whitelisting][1]. If you
|
1142
|
+
# instead attach a second SCP and leave the `FullAWSAccess` SCP still
|
1143
|
+
# attached, and specify `"Effect": "Deny"` in the second SCP to override
|
1144
|
+
# the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
|
1145
|
+
# attached SCP), then you are using the authorization strategy of
|
1146
|
+
# [blacklisting][2].
|
1147
|
+
#
|
1148
|
+
# This operation can be called only from the organization's master
|
1149
|
+
# account.
|
1150
|
+
#
|
1151
|
+
#
|
1152
|
+
#
|
1153
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist
|
1154
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist
|
1155
|
+
#
|
1156
|
+
# @option params [required, String] :policy_id
|
1157
|
+
# The unique identifier (ID) of the policy you want to detach. You can
|
1158
|
+
# get the ID from the ListPolicies or ListPoliciesForTarget operations.
|
1159
|
+
#
|
1160
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
1161
|
+
# by from 8 to 128 lower-case letters or digits.
|
1162
|
+
#
|
1163
|
+
#
|
1164
|
+
#
|
1165
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1166
|
+
#
|
1167
|
+
# @option params [required, String] :target_id
|
1168
|
+
# The unique identifier (ID) of the root, OU, or account from which you
|
1169
|
+
# want to detach the policy. You can get the ID from the ListRoots,
|
1170
|
+
# ListOrganizationalUnitsForParent, or ListAccounts operations.
|
1171
|
+
#
|
1172
|
+
# The [regex pattern][1] for a target ID string requires one of the
|
1173
|
+
# following:
|
1174
|
+
#
|
1175
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
1176
|
+
# lower-case letters or digits.
|
1177
|
+
#
|
1178
|
+
# * Account: a string that consists of exactly 12 digits.
|
1179
|
+
#
|
1180
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
1181
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
1182
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
1183
|
+
# additional lower-case letters or digits.
|
1184
|
+
#
|
1185
|
+
#
|
1186
|
+
#
|
1187
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1188
|
+
#
|
1189
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1190
|
+
#
|
1191
|
+
# @example Request syntax with placeholder values
|
1192
|
+
#
|
1193
|
+
# resp = client.detach_policy({
|
1194
|
+
# policy_id: "PolicyId", # required
|
1195
|
+
# target_id: "PolicyTargetId", # required
|
1196
|
+
# })
|
1197
|
+
#
|
1198
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy AWS API Documentation
|
1199
|
+
#
|
1200
|
+
# @overload detach_policy(params = {})
|
1201
|
+
# @param [Hash] params ({})
|
1202
|
+
def detach_policy(params = {}, options = {})
|
1203
|
+
req = build_request(:detach_policy, params)
|
1204
|
+
req.send_request(options)
|
1205
|
+
end
|
1206
|
+
|
1207
|
+
# Disables an organizational control policy type in a root. A poicy of a
|
1208
|
+
# certain type can be attached to entities in a root only if that type
|
1209
|
+
# is enabled in the root. After you perform this operation, you no
|
1210
|
+
# longer can attach policies of the specified type to that root or to
|
1211
|
+
# any OU or account in that root. You can undo this by using the
|
1212
|
+
# EnablePolicyType operation.
|
1213
|
+
#
|
1214
|
+
# This operation can be called only from the organization's master
|
1215
|
+
# account.
|
1216
|
+
#
|
1217
|
+
# @option params [required, String] :root_id
|
1218
|
+
# The unique identifier (ID) of the root in which you want to disable a
|
1219
|
+
# policy type. You can get the ID from the ListPolicies operation.
|
1220
|
+
#
|
1221
|
+
# The [regex pattern][1] for a root ID string requires "r-" followed
|
1222
|
+
# by from 4 to 32 lower-case letters or digits.
|
1223
|
+
#
|
1224
|
+
#
|
1225
|
+
#
|
1226
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1227
|
+
#
|
1228
|
+
# @option params [required, String] :policy_type
|
1229
|
+
# The policy type that you want to disable in this root.
|
1230
|
+
#
|
1231
|
+
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1232
|
+
#
|
1233
|
+
# * {Types::DisablePolicyTypeResponse#root #root} => Types::Root
|
1234
|
+
#
|
1235
|
+
# @example Request syntax with placeholder values
|
1236
|
+
#
|
1237
|
+
# resp = client.disable_policy_type({
|
1238
|
+
# root_id: "RootId", # required
|
1239
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
1240
|
+
# })
|
1241
|
+
#
|
1242
|
+
# @example Response structure
|
1243
|
+
#
|
1244
|
+
# resp.root.id #=> String
|
1245
|
+
# resp.root.arn #=> String
|
1246
|
+
# resp.root.name #=> String
|
1247
|
+
# resp.root.policy_types #=> Array
|
1248
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1249
|
+
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1250
|
+
#
|
1251
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
|
1252
|
+
#
|
1253
|
+
# @overload disable_policy_type(params = {})
|
1254
|
+
# @param [Hash] params ({})
|
1255
|
+
def disable_policy_type(params = {}, options = {})
|
1256
|
+
req = build_request(:disable_policy_type, params)
|
1257
|
+
req.send_request(options)
|
1258
|
+
end
|
1259
|
+
|
1260
|
+
# Enables all features in an organization. This enables the use of
|
1261
|
+
# organization policies that can restrict the services and actions that
|
1262
|
+
# can be called in each account. Until you enable all features, you have
|
1263
|
+
# access only to consolidated billing, and you can't use any of the
|
1264
|
+
# advanced account administration features that AWS Organizations
|
1265
|
+
# supports. For more information, see [Enabling All Features in Your
|
1266
|
+
# Organization][1] in the *AWS Organizations User Guide*.
|
1267
|
+
#
|
1268
|
+
# This operation is required only for organizations that were created
|
1269
|
+
# explicitly with only the consolidated billing features enabled, or
|
1270
|
+
# that were migrated from a Consolidated Billing account family to
|
1271
|
+
# Organizations. Calling this operation sends a handshake to every
|
1272
|
+
# invited account in the organization. The feature set change can be
|
1273
|
+
# finalized and the additional features enabled only after all
|
1274
|
+
# administrators in the invited accounts approve the change by accepting
|
1275
|
+
# the handshake.
|
1276
|
+
#
|
1277
|
+
# After all invited member accounts accept the handshake, you finalize
|
1278
|
+
# the feature set change by accepting the handshake that contains
|
1279
|
+
# `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
|
1280
|
+
#
|
1281
|
+
# After you enable all features in your organization, the master account
|
1282
|
+
# in the organization can apply policies on all member accounts. These
|
1283
|
+
# policies can restrict what users and even administrators in those
|
1284
|
+
# accounts can do. The master account can apply policies that prevent
|
1285
|
+
# accounts from leaving the organization. Ensure that your account
|
1286
|
+
# administrators are aware of this.
|
1287
|
+
#
|
1288
|
+
# This operation can be called only from the organization's master
|
1289
|
+
# account.
|
1290
|
+
#
|
1291
|
+
#
|
1292
|
+
#
|
1293
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
1294
|
+
#
|
1295
|
+
# @return [Types::EnableAllFeaturesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1296
|
+
#
|
1297
|
+
# * {Types::EnableAllFeaturesResponse#handshake #handshake} => Types::Handshake
|
1298
|
+
#
|
1299
|
+
# @example Response structure
|
1300
|
+
#
|
1301
|
+
# resp.handshake.id #=> String
|
1302
|
+
# resp.handshake.arn #=> String
|
1303
|
+
# resp.handshake.parties #=> Array
|
1304
|
+
# resp.handshake.parties[0].id #=> String
|
1305
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
1306
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
1307
|
+
# resp.handshake.requested_timestamp #=> Time
|
1308
|
+
# resp.handshake.expiration_timestamp #=> Time
|
1309
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
1310
|
+
# resp.handshake.resources #=> Array
|
1311
|
+
# resp.handshake.resources[0].value #=> String
|
1312
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
1313
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
1314
|
+
#
|
1315
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures AWS API Documentation
|
1316
|
+
#
|
1317
|
+
# @overload enable_all_features(params = {})
|
1318
|
+
# @param [Hash] params ({})
|
1319
|
+
def enable_all_features(params = {}, options = {})
|
1320
|
+
req = build_request(:enable_all_features, params)
|
1321
|
+
req.send_request(options)
|
1322
|
+
end
|
1323
|
+
|
1324
|
+
# Enables a policy type in a root. After you enable a policy type in a
|
1325
|
+
# root, you can attach policies of that type to the root, any OU, or
|
1326
|
+
# account in that root. You can undo this by using the DisablePolicyType
|
1327
|
+
# operation.
|
1328
|
+
#
|
1329
|
+
# This operation can be called only from the organization's master
|
1330
|
+
# account.
|
1331
|
+
#
|
1332
|
+
# @option params [required, String] :root_id
|
1333
|
+
# The unique identifier (ID) of the root in which you want to enable a
|
1334
|
+
# policy type. You can get the ID from the ListRoots operation.
|
1335
|
+
#
|
1336
|
+
# The [regex pattern][1] for a root ID string requires "r-" followed
|
1337
|
+
# by from 4 to 32 lower-case letters or digits.
|
1338
|
+
#
|
1339
|
+
#
|
1340
|
+
#
|
1341
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1342
|
+
#
|
1343
|
+
# @option params [required, String] :policy_type
|
1344
|
+
# The policy type that you want to enable.
|
1345
|
+
#
|
1346
|
+
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1347
|
+
#
|
1348
|
+
# * {Types::EnablePolicyTypeResponse#root #root} => Types::Root
|
1349
|
+
#
|
1350
|
+
# @example Request syntax with placeholder values
|
1351
|
+
#
|
1352
|
+
# resp = client.enable_policy_type({
|
1353
|
+
# root_id: "RootId", # required
|
1354
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
1355
|
+
# })
|
1356
|
+
#
|
1357
|
+
# @example Response structure
|
1358
|
+
#
|
1359
|
+
# resp.root.id #=> String
|
1360
|
+
# resp.root.arn #=> String
|
1361
|
+
# resp.root.name #=> String
|
1362
|
+
# resp.root.policy_types #=> Array
|
1363
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1364
|
+
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1365
|
+
#
|
1366
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
|
1367
|
+
#
|
1368
|
+
# @overload enable_policy_type(params = {})
|
1369
|
+
# @param [Hash] params ({})
|
1370
|
+
def enable_policy_type(params = {}, options = {})
|
1371
|
+
req = build_request(:enable_policy_type, params)
|
1372
|
+
req.send_request(options)
|
1373
|
+
end
|
1374
|
+
|
1375
|
+
# Sends an invitation to another account to join your organization as a
|
1376
|
+
# member account. Organizations sends email on your behalf to the email
|
1377
|
+
# address that is associated with the other account's owner. The
|
1378
|
+
# invitation is implemented as a Handshake whose details are in the
|
1379
|
+
# response.
|
1380
|
+
#
|
1381
|
+
# This operation can be called only from the organization's master
|
1382
|
+
# account.
|
1383
|
+
#
|
1384
|
+
# @option params [required, Types::HandshakeParty] :target
|
1385
|
+
# The identifier (ID) of the AWS account that you want to invite to join
|
1386
|
+
# your organization. This is a JSON object that contains the following
|
1387
|
+
# elements:
|
1388
|
+
#
|
1389
|
+
# `\{ "Type": "ACCOUNT", "Id": "< account id number >" \}`
|
1390
|
+
#
|
1391
|
+
# If you use the AWS CLI, you can submit this as a single string,
|
1392
|
+
# similar to the following example:
|
1393
|
+
#
|
1394
|
+
# `--target id=123456789012,type=ACCOUNT`
|
1395
|
+
#
|
1396
|
+
# If you specify `"Type": "ACCOUNT"`, then you must provide the AWS
|
1397
|
+
# account ID number as the `Id`. If you specify `"Type": "EMAIL"`, then
|
1398
|
+
# you must specify the email address that is associated with the
|
1399
|
+
# account.
|
1400
|
+
#
|
1401
|
+
# `--target id=bill@example.com,type=EMAIL`
|
1402
|
+
#
|
1403
|
+
# @option params [String] :notes
|
1404
|
+
# Additional information that you want to include in the generated email
|
1405
|
+
# to the recipient account owner.
|
1406
|
+
#
|
1407
|
+
# @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1408
|
+
#
|
1409
|
+
# * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
|
1410
|
+
#
|
1411
|
+
# @example Request syntax with placeholder values
|
1412
|
+
#
|
1413
|
+
# resp = client.invite_account_to_organization({
|
1414
|
+
# target: { # required
|
1415
|
+
# id: "HandshakePartyId",
|
1416
|
+
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, EMAIL
|
1417
|
+
# },
|
1418
|
+
# notes: "HandshakeNotes",
|
1419
|
+
# })
|
1420
|
+
#
|
1421
|
+
# @example Response structure
|
1422
|
+
#
|
1423
|
+
# resp.handshake.id #=> String
|
1424
|
+
# resp.handshake.arn #=> String
|
1425
|
+
# resp.handshake.parties #=> Array
|
1426
|
+
# resp.handshake.parties[0].id #=> String
|
1427
|
+
# resp.handshake.parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
1428
|
+
# resp.handshake.state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
1429
|
+
# resp.handshake.requested_timestamp #=> Time
|
1430
|
+
# resp.handshake.expiration_timestamp #=> Time
|
1431
|
+
# resp.handshake.action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
1432
|
+
# resp.handshake.resources #=> Array
|
1433
|
+
# resp.handshake.resources[0].value #=> String
|
1434
|
+
# resp.handshake.resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
1435
|
+
# resp.handshake.resources[0].resources #=> Types::HandshakeResources
|
1436
|
+
#
|
1437
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization AWS API Documentation
|
1438
|
+
#
|
1439
|
+
# @overload invite_account_to_organization(params = {})
|
1440
|
+
# @param [Hash] params ({})
|
1441
|
+
def invite_account_to_organization(params = {}, options = {})
|
1442
|
+
req = build_request(:invite_account_to_organization, params)
|
1443
|
+
req.send_request(options)
|
1444
|
+
end
|
1445
|
+
|
1446
|
+
# Removes a member account from its parent organization. This version of
|
1447
|
+
# the operation is performed by the account that wants to leave. To
|
1448
|
+
# remove a member account as a user in the master account, use
|
1449
|
+
# RemoveAccountFromOrganization instead.
|
1450
|
+
#
|
1451
|
+
# This operation can be called only from a member account in the
|
1452
|
+
# organization.
|
1453
|
+
#
|
1454
|
+
# The master account in an organization with all features enabled can
|
1455
|
+
# set service control policies (SCPs) that can restrict what
|
1456
|
+
# administrators of member accounts can do, including preventing them
|
1457
|
+
# from successfully calling `LeaveOrganization` and leaving the
|
1458
|
+
# organization.
|
1459
|
+
#
|
1460
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1461
|
+
#
|
1462
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization AWS API Documentation
|
1463
|
+
#
|
1464
|
+
# @overload leave_organization(params = {})
|
1465
|
+
# @param [Hash] params ({})
|
1466
|
+
def leave_organization(params = {}, options = {})
|
1467
|
+
req = build_request(:leave_organization, params)
|
1468
|
+
req.send_request(options)
|
1469
|
+
end
|
1470
|
+
|
1471
|
+
# Lists all the accounts in the organization. To request only the
|
1472
|
+
# accounts in a root or OU, use the ListAccountsForParent operation
|
1473
|
+
# instead.
|
1474
|
+
#
|
1475
|
+
# This operation can be called only from the organization's master
|
1476
|
+
# account.
|
1477
|
+
#
|
1478
|
+
# @option params [String] :next_token
|
1479
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1480
|
+
# request that indicates that there is more output available. Set it to
|
1481
|
+
# the value of the previous call's `NextToken` response to indicate
|
1482
|
+
# where the output should continue from.
|
1483
|
+
#
|
1484
|
+
# @option params [Integer] :max_results
|
1485
|
+
# (Optional) Use this to limit the number of results you want included
|
1486
|
+
# in the response. If you do not include this parameter, it defaults to
|
1487
|
+
# a value that is specific to the operation. If additional items exist
|
1488
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1489
|
+
# present and has a value (is not null). Include that value as the
|
1490
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1491
|
+
# the next part of the results. Note that Organizations might return
|
1492
|
+
# fewer results than the maximum even when there are more results
|
1493
|
+
# available. You should check `NextToken` after every operation to
|
1494
|
+
# ensure that you receive all of the results.
|
1495
|
+
#
|
1496
|
+
# @return [Types::ListAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1497
|
+
#
|
1498
|
+
# * {Types::ListAccountsResponse#accounts #accounts} => Array<Types::Account>
|
1499
|
+
# * {Types::ListAccountsResponse#next_token #next_token} => String
|
1500
|
+
#
|
1501
|
+
# @example Request syntax with placeholder values
|
1502
|
+
#
|
1503
|
+
# resp = client.list_accounts({
|
1504
|
+
# next_token: "NextToken",
|
1505
|
+
# max_results: 1,
|
1506
|
+
# })
|
1507
|
+
#
|
1508
|
+
# @example Response structure
|
1509
|
+
#
|
1510
|
+
# resp.accounts #=> Array
|
1511
|
+
# resp.accounts[0].id #=> String
|
1512
|
+
# resp.accounts[0].arn #=> String
|
1513
|
+
# resp.accounts[0].name #=> String
|
1514
|
+
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
1515
|
+
# resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
|
1516
|
+
# resp.accounts[0].joined_timestamp #=> Time
|
1517
|
+
# resp.next_token #=> String
|
1518
|
+
#
|
1519
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts AWS API Documentation
|
1520
|
+
#
|
1521
|
+
# @overload list_accounts(params = {})
|
1522
|
+
# @param [Hash] params ({})
|
1523
|
+
def list_accounts(params = {}, options = {})
|
1524
|
+
req = build_request(:list_accounts, params)
|
1525
|
+
req.send_request(options)
|
1526
|
+
end
|
1527
|
+
|
1528
|
+
# Lists the accounts in an organization that are contained by the
|
1529
|
+
# specified target root or organizational unit (OU). If you specify the
|
1530
|
+
# root, you get a list of all the accounts that are not in any OU. If
|
1531
|
+
# you specify an OU, you get a list of all the accounts in only that OU,
|
1532
|
+
# and not in any child OUs. To get a list of all accounts in the
|
1533
|
+
# organization, use the ListAccounts operation.
|
1534
|
+
#
|
1535
|
+
# @option params [required, String] :parent_id
|
1536
|
+
# The unique identifier (ID) for the parent root or organization unit
|
1537
|
+
# (OU) whose accounts you want to list.
|
1538
|
+
#
|
1539
|
+
# @option params [String] :next_token
|
1540
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1541
|
+
# request that indicates that there is more output available. Set it to
|
1542
|
+
# the value of the previous call's `NextToken` response to indicate
|
1543
|
+
# where the output should continue from.
|
1544
|
+
#
|
1545
|
+
# @option params [Integer] :max_results
|
1546
|
+
# (Optional) Use this to limit the number of results you want included
|
1547
|
+
# in the response. If you do not include this parameter, it defaults to
|
1548
|
+
# a value that is specific to the operation. If additional items exist
|
1549
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1550
|
+
# present and has a value (is not null). Include that value as the
|
1551
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1552
|
+
# the next part of the results. Note that Organizations might return
|
1553
|
+
# fewer results than the maximum even when there are more results
|
1554
|
+
# available. You should check `NextToken` after every operation to
|
1555
|
+
# ensure that you receive all of the results.
|
1556
|
+
#
|
1557
|
+
# @return [Types::ListAccountsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1558
|
+
#
|
1559
|
+
# * {Types::ListAccountsForParentResponse#accounts #accounts} => Array<Types::Account>
|
1560
|
+
# * {Types::ListAccountsForParentResponse#next_token #next_token} => String
|
1561
|
+
#
|
1562
|
+
# @example Request syntax with placeholder values
|
1563
|
+
#
|
1564
|
+
# resp = client.list_accounts_for_parent({
|
1565
|
+
# parent_id: "ParentId", # required
|
1566
|
+
# next_token: "NextToken",
|
1567
|
+
# max_results: 1,
|
1568
|
+
# })
|
1569
|
+
#
|
1570
|
+
# @example Response structure
|
1571
|
+
#
|
1572
|
+
# resp.accounts #=> Array
|
1573
|
+
# resp.accounts[0].id #=> String
|
1574
|
+
# resp.accounts[0].arn #=> String
|
1575
|
+
# resp.accounts[0].name #=> String
|
1576
|
+
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
1577
|
+
# resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
|
1578
|
+
# resp.accounts[0].joined_timestamp #=> Time
|
1579
|
+
# resp.next_token #=> String
|
1580
|
+
#
|
1581
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent AWS API Documentation
|
1582
|
+
#
|
1583
|
+
# @overload list_accounts_for_parent(params = {})
|
1584
|
+
# @param [Hash] params ({})
|
1585
|
+
def list_accounts_for_parent(params = {}, options = {})
|
1586
|
+
req = build_request(:list_accounts_for_parent, params)
|
1587
|
+
req.send_request(options)
|
1588
|
+
end
|
1589
|
+
|
1590
|
+
# Lists all of the OUs or accounts that are contained in the specified
|
1591
|
+
# parent OU or root. This operation, along with ListParents enables you
|
1592
|
+
# to traverse the tree structure that makes up this root.
|
1593
|
+
#
|
1594
|
+
# @option params [required, String] :parent_id
|
1595
|
+
# The unique identifier (ID) for the parent root or OU whose children
|
1596
|
+
# you want to list.
|
1597
|
+
#
|
1598
|
+
# The [regex pattern][1] for a parent ID string requires one of the
|
1599
|
+
# following:
|
1600
|
+
#
|
1601
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
1602
|
+
# lower-case letters or digits.
|
1603
|
+
#
|
1604
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
1605
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
1606
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
1607
|
+
# additional lower-case letters or digits.
|
1608
|
+
#
|
1609
|
+
#
|
1610
|
+
#
|
1611
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1612
|
+
#
|
1613
|
+
# @option params [required, String] :child_type
|
1614
|
+
# Filters the output to include only the specified child type.
|
1615
|
+
#
|
1616
|
+
# @option params [String] :next_token
|
1617
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1618
|
+
# request that indicates that there is more output available. Set it to
|
1619
|
+
# the value of the previous call's `NextToken` response to indicate
|
1620
|
+
# where the output should continue from.
|
1621
|
+
#
|
1622
|
+
# @option params [Integer] :max_results
|
1623
|
+
# (Optional) Use this to limit the number of results you want included
|
1624
|
+
# in the response. If you do not include this parameter, it defaults to
|
1625
|
+
# a value that is specific to the operation. If additional items exist
|
1626
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1627
|
+
# present and has a value (is not null). Include that value as the
|
1628
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1629
|
+
# the next part of the results. Note that Organizations might return
|
1630
|
+
# fewer results than the maximum even when there are more results
|
1631
|
+
# available. You should check `NextToken` after every operation to
|
1632
|
+
# ensure that you receive all of the results.
|
1633
|
+
#
|
1634
|
+
# @return [Types::ListChildrenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1635
|
+
#
|
1636
|
+
# * {Types::ListChildrenResponse#children #children} => Array<Types::Child>
|
1637
|
+
# * {Types::ListChildrenResponse#next_token #next_token} => String
|
1638
|
+
#
|
1639
|
+
# @example Request syntax with placeholder values
|
1640
|
+
#
|
1641
|
+
# resp = client.list_children({
|
1642
|
+
# parent_id: "ParentId", # required
|
1643
|
+
# child_type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATIONAL_UNIT
|
1644
|
+
# next_token: "NextToken",
|
1645
|
+
# max_results: 1,
|
1646
|
+
# })
|
1647
|
+
#
|
1648
|
+
# @example Response structure
|
1649
|
+
#
|
1650
|
+
# resp.children #=> Array
|
1651
|
+
# resp.children[0].id #=> String
|
1652
|
+
# resp.children[0].type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
1653
|
+
# resp.next_token #=> String
|
1654
|
+
#
|
1655
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren AWS API Documentation
|
1656
|
+
#
|
1657
|
+
# @overload list_children(params = {})
|
1658
|
+
# @param [Hash] params ({})
|
1659
|
+
def list_children(params = {}, options = {})
|
1660
|
+
req = build_request(:list_children, params)
|
1661
|
+
req.send_request(options)
|
1662
|
+
end
|
1663
|
+
|
1664
|
+
# Lists the account creation requests that match the specified status
|
1665
|
+
# that is currently being tracked for the organization.
|
1666
|
+
#
|
1667
|
+
# This operation can be called only from the organization's master
|
1668
|
+
# account.
|
1669
|
+
#
|
1670
|
+
# @option params [Array<String>] :states
|
1671
|
+
# A list of one or more states that you want included in the response.
|
1672
|
+
# If this parameter is not present, then all requests are included in
|
1673
|
+
# the response.
|
1674
|
+
#
|
1675
|
+
# @option params [String] :next_token
|
1676
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1677
|
+
# request that indicates that there is more output available. Set it to
|
1678
|
+
# the value of the previous call's `NextToken` response to indicate
|
1679
|
+
# where the output should continue from.
|
1680
|
+
#
|
1681
|
+
# @option params [Integer] :max_results
|
1682
|
+
# (Optional) Use this to limit the number of results you want included
|
1683
|
+
# in the response. If you do not include this parameter, it defaults to
|
1684
|
+
# a value that is specific to the operation. If additional items exist
|
1685
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1686
|
+
# present and has a value (is not null). Include that value as the
|
1687
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1688
|
+
# the next part of the results. Note that Organizations might return
|
1689
|
+
# fewer results than the maximum even when there are more results
|
1690
|
+
# available. You should check `NextToken` after every operation to
|
1691
|
+
# ensure that you receive all of the results.
|
1692
|
+
#
|
1693
|
+
# @return [Types::ListCreateAccountStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1694
|
+
#
|
1695
|
+
# * {Types::ListCreateAccountStatusResponse#create_account_statuses #create_account_statuses} => Array<Types::CreateAccountStatus>
|
1696
|
+
# * {Types::ListCreateAccountStatusResponse#next_token #next_token} => String
|
1697
|
+
#
|
1698
|
+
# @example Request syntax with placeholder values
|
1699
|
+
#
|
1700
|
+
# resp = client.list_create_account_status({
|
1701
|
+
# states: ["IN_PROGRESS"], # accepts IN_PROGRESS, SUCCEEDED, FAILED
|
1702
|
+
# next_token: "NextToken",
|
1703
|
+
# max_results: 1,
|
1704
|
+
# })
|
1705
|
+
#
|
1706
|
+
# @example Response structure
|
1707
|
+
#
|
1708
|
+
# resp.create_account_statuses #=> Array
|
1709
|
+
# resp.create_account_statuses[0].id #=> String
|
1710
|
+
# resp.create_account_statuses[0].account_name #=> String
|
1711
|
+
# resp.create_account_statuses[0].state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
|
1712
|
+
# resp.create_account_statuses[0].requested_timestamp #=> Time
|
1713
|
+
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
1714
|
+
# resp.create_account_statuses[0].account_id #=> String
|
1715
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INTERNAL_FAILURE"
|
1716
|
+
# resp.next_token #=> String
|
1717
|
+
#
|
1718
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
1719
|
+
#
|
1720
|
+
# @overload list_create_account_status(params = {})
|
1721
|
+
# @param [Hash] params ({})
|
1722
|
+
def list_create_account_status(params = {}, options = {})
|
1723
|
+
req = build_request(:list_create_account_status, params)
|
1724
|
+
req.send_request(options)
|
1725
|
+
end
|
1726
|
+
|
1727
|
+
# Lists the current handshakes that are associated with the account of
|
1728
|
+
# the requesting user.
|
1729
|
+
#
|
1730
|
+
# This operation can be called from any account in the organization.
|
1731
|
+
#
|
1732
|
+
# @option params [Types::HandshakeFilter] :filter
|
1733
|
+
# Filters the handshakes that you want included in the response. The
|
1734
|
+
# default is all types. Use the `ActionType` element to limit the output
|
1735
|
+
# to only a specified type, such as `INVITE`, `ENABLE-FULL-CONTROL`, or
|
1736
|
+
# `APPROVE-FULL-CONTROL`. Alternatively, for the `ENABLE-FULL-CONTROL`
|
1737
|
+
# handshake that generates a separate child handshake for each member
|
1738
|
+
# account, you can specify `ParentHandshakeId` to see only the
|
1739
|
+
# handshakes that were generated by that parent request.
|
1740
|
+
#
|
1741
|
+
# @option params [String] :next_token
|
1742
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1743
|
+
# request that indicates that there is more output available. Set it to
|
1744
|
+
# the value of the previous call's `NextToken` response to indicate
|
1745
|
+
# where the output should continue from.
|
1746
|
+
#
|
1747
|
+
# @option params [Integer] :max_results
|
1748
|
+
# (Optional) Use this to limit the number of results you want included
|
1749
|
+
# in the response. If you do not include this parameter, it defaults to
|
1750
|
+
# a value that is specific to the operation. If additional items exist
|
1751
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1752
|
+
# present and has a value (is not null). Include that value as the
|
1753
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1754
|
+
# the next part of the results. Note that Organizations might return
|
1755
|
+
# fewer results than the maximum even when there are more results
|
1756
|
+
# available. You should check `NextToken` after every operation to
|
1757
|
+
# ensure that you receive all of the results.
|
1758
|
+
#
|
1759
|
+
# @return [Types::ListHandshakesForAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1760
|
+
#
|
1761
|
+
# * {Types::ListHandshakesForAccountResponse#handshakes #handshakes} => Array<Types::Handshake>
|
1762
|
+
# * {Types::ListHandshakesForAccountResponse#next_token #next_token} => String
|
1763
|
+
#
|
1764
|
+
# @example Request syntax with placeholder values
|
1765
|
+
#
|
1766
|
+
# resp = client.list_handshakes_for_account({
|
1767
|
+
# filter: {
|
1768
|
+
# action_type: "INVITE", # accepts INVITE, ENABLE_ALL_FEATURES, APPROVE_ALL_FEATURES
|
1769
|
+
# parent_handshake_id: "HandshakeId",
|
1770
|
+
# },
|
1771
|
+
# next_token: "NextToken",
|
1772
|
+
# max_results: 1,
|
1773
|
+
# })
|
1774
|
+
#
|
1775
|
+
# @example Response structure
|
1776
|
+
#
|
1777
|
+
# resp.handshakes #=> Array
|
1778
|
+
# resp.handshakes[0].id #=> String
|
1779
|
+
# resp.handshakes[0].arn #=> String
|
1780
|
+
# resp.handshakes[0].parties #=> Array
|
1781
|
+
# resp.handshakes[0].parties[0].id #=> String
|
1782
|
+
# resp.handshakes[0].parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
1783
|
+
# resp.handshakes[0].state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
1784
|
+
# resp.handshakes[0].requested_timestamp #=> Time
|
1785
|
+
# resp.handshakes[0].expiration_timestamp #=> Time
|
1786
|
+
# resp.handshakes[0].action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
1787
|
+
# resp.handshakes[0].resources #=> Array
|
1788
|
+
# resp.handshakes[0].resources[0].value #=> String
|
1789
|
+
# resp.handshakes[0].resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
1790
|
+
# resp.handshakes[0].resources[0].resources #=> Types::HandshakeResources
|
1791
|
+
# resp.next_token #=> String
|
1792
|
+
#
|
1793
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount AWS API Documentation
|
1794
|
+
#
|
1795
|
+
# @overload list_handshakes_for_account(params = {})
|
1796
|
+
# @param [Hash] params ({})
|
1797
|
+
def list_handshakes_for_account(params = {}, options = {})
|
1798
|
+
req = build_request(:list_handshakes_for_account, params)
|
1799
|
+
req.send_request(options)
|
1800
|
+
end
|
1801
|
+
|
1802
|
+
# Lists the handshakes that are associated with the organization that
|
1803
|
+
# the requesting user is part of. The `ListHandshakesForOrganization`
|
1804
|
+
# operation returns a list of handshake structures. Each structure
|
1805
|
+
# contains details and status about a handshake.
|
1806
|
+
#
|
1807
|
+
# This operation can be called only from the organization's master
|
1808
|
+
# account.
|
1809
|
+
#
|
1810
|
+
# @option params [Types::HandshakeFilter] :filter
|
1811
|
+
# A filter of the handshakes that you want included in the response. The
|
1812
|
+
# default is all types. Use the `ActionType` element to limit the output
|
1813
|
+
# to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
|
1814
|
+
# `APPROVE-ALL-FEATURES`. Alternatively, for the `ENABLE-ALL-FEATURES`
|
1815
|
+
# handshake that generates a separate child handshake for each member
|
1816
|
+
# account, you can specify the `ParentHandshakeId` to see only the
|
1817
|
+
# handshakes that were generated by that parent request.
|
1818
|
+
#
|
1819
|
+
# @option params [String] :next_token
|
1820
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1821
|
+
# request that indicates that there is more output available. Set it to
|
1822
|
+
# the value of the previous call's `NextToken` response to indicate
|
1823
|
+
# where the output should continue from.
|
1824
|
+
#
|
1825
|
+
# @option params [Integer] :max_results
|
1826
|
+
# (Optional) Use this to limit the number of results you want included
|
1827
|
+
# in the response. If you do not include this parameter, it defaults to
|
1828
|
+
# a value that is specific to the operation. If additional items exist
|
1829
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1830
|
+
# present and has a value (is not null). Include that value as the
|
1831
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1832
|
+
# the next part of the results. Note that Organizations might return
|
1833
|
+
# fewer results than the maximum even when there are more results
|
1834
|
+
# available. You should check `NextToken` after every operation to
|
1835
|
+
# ensure that you receive all of the results.
|
1836
|
+
#
|
1837
|
+
# @return [Types::ListHandshakesForOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1838
|
+
#
|
1839
|
+
# * {Types::ListHandshakesForOrganizationResponse#handshakes #handshakes} => Array<Types::Handshake>
|
1840
|
+
# * {Types::ListHandshakesForOrganizationResponse#next_token #next_token} => String
|
1841
|
+
#
|
1842
|
+
# @example Request syntax with placeholder values
|
1843
|
+
#
|
1844
|
+
# resp = client.list_handshakes_for_organization({
|
1845
|
+
# filter: {
|
1846
|
+
# action_type: "INVITE", # accepts INVITE, ENABLE_ALL_FEATURES, APPROVE_ALL_FEATURES
|
1847
|
+
# parent_handshake_id: "HandshakeId",
|
1848
|
+
# },
|
1849
|
+
# next_token: "NextToken",
|
1850
|
+
# max_results: 1,
|
1851
|
+
# })
|
1852
|
+
#
|
1853
|
+
# @example Response structure
|
1854
|
+
#
|
1855
|
+
# resp.handshakes #=> Array
|
1856
|
+
# resp.handshakes[0].id #=> String
|
1857
|
+
# resp.handshakes[0].arn #=> String
|
1858
|
+
# resp.handshakes[0].parties #=> Array
|
1859
|
+
# resp.handshakes[0].parties[0].id #=> String
|
1860
|
+
# resp.handshakes[0].parties[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "EMAIL"
|
1861
|
+
# resp.handshakes[0].state #=> String, one of "REQUESTED", "OPEN", "CANCELED", "ACCEPTED", "DECLINED", "EXPIRED"
|
1862
|
+
# resp.handshakes[0].requested_timestamp #=> Time
|
1863
|
+
# resp.handshakes[0].expiration_timestamp #=> Time
|
1864
|
+
# resp.handshakes[0].action #=> String, one of "INVITE", "ENABLE_ALL_FEATURES", "APPROVE_ALL_FEATURES"
|
1865
|
+
# resp.handshakes[0].resources #=> Array
|
1866
|
+
# resp.handshakes[0].resources[0].value #=> String
|
1867
|
+
# resp.handshakes[0].resources[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ORGANIZATION_FEATURE_SET", "EMAIL", "MASTER_EMAIL", "MASTER_NAME", "NOTES", "PARENT_HANDSHAKE"
|
1868
|
+
# resp.handshakes[0].resources[0].resources #=> Types::HandshakeResources
|
1869
|
+
# resp.next_token #=> String
|
1870
|
+
#
|
1871
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization AWS API Documentation
|
1872
|
+
#
|
1873
|
+
# @overload list_handshakes_for_organization(params = {})
|
1874
|
+
# @param [Hash] params ({})
|
1875
|
+
def list_handshakes_for_organization(params = {}, options = {})
|
1876
|
+
req = build_request(:list_handshakes_for_organization, params)
|
1877
|
+
req.send_request(options)
|
1878
|
+
end
|
1879
|
+
|
1880
|
+
# Lists the organizational units (OUs) in a parent organizational unit
|
1881
|
+
# or root.
|
1882
|
+
#
|
1883
|
+
# This operation can be called only from the organization's master
|
1884
|
+
# account.
|
1885
|
+
#
|
1886
|
+
# @option params [required, String] :parent_id
|
1887
|
+
# The unique identifier (ID) of the root or OU whose child OUs you want
|
1888
|
+
# to list.
|
1889
|
+
#
|
1890
|
+
# The [regex pattern][1] for a parent ID string requires one of the
|
1891
|
+
# following:
|
1892
|
+
#
|
1893
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
1894
|
+
# lower-case letters or digits.
|
1895
|
+
#
|
1896
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
1897
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
1898
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
1899
|
+
# additional lower-case letters or digits.
|
1900
|
+
#
|
1901
|
+
#
|
1902
|
+
#
|
1903
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1904
|
+
#
|
1905
|
+
# @option params [String] :next_token
|
1906
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1907
|
+
# request that indicates that there is more output available. Set it to
|
1908
|
+
# the value of the previous call's `NextToken` response to indicate
|
1909
|
+
# where the output should continue from.
|
1910
|
+
#
|
1911
|
+
# @option params [Integer] :max_results
|
1912
|
+
# (Optional) Use this to limit the number of results you want included
|
1913
|
+
# in the response. If you do not include this parameter, it defaults to
|
1914
|
+
# a value that is specific to the operation. If additional items exist
|
1915
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1916
|
+
# present and has a value (is not null). Include that value as the
|
1917
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1918
|
+
# the next part of the results. Note that Organizations might return
|
1919
|
+
# fewer results than the maximum even when there are more results
|
1920
|
+
# available. You should check `NextToken` after every operation to
|
1921
|
+
# ensure that you receive all of the results.
|
1922
|
+
#
|
1923
|
+
# @return [Types::ListOrganizationalUnitsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1924
|
+
#
|
1925
|
+
# * {Types::ListOrganizationalUnitsForParentResponse#organizational_units #organizational_units} => Array<Types::OrganizationalUnit>
|
1926
|
+
# * {Types::ListOrganizationalUnitsForParentResponse#next_token #next_token} => String
|
1927
|
+
#
|
1928
|
+
# @example Request syntax with placeholder values
|
1929
|
+
#
|
1930
|
+
# resp = client.list_organizational_units_for_parent({
|
1931
|
+
# parent_id: "ParentId", # required
|
1932
|
+
# next_token: "NextToken",
|
1933
|
+
# max_results: 1,
|
1934
|
+
# })
|
1935
|
+
#
|
1936
|
+
# @example Response structure
|
1937
|
+
#
|
1938
|
+
# resp.organizational_units #=> Array
|
1939
|
+
# resp.organizational_units[0].id #=> String
|
1940
|
+
# resp.organizational_units[0].arn #=> String
|
1941
|
+
# resp.organizational_units[0].name #=> String
|
1942
|
+
# resp.next_token #=> String
|
1943
|
+
#
|
1944
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent AWS API Documentation
|
1945
|
+
#
|
1946
|
+
# @overload list_organizational_units_for_parent(params = {})
|
1947
|
+
# @param [Hash] params ({})
|
1948
|
+
def list_organizational_units_for_parent(params = {}, options = {})
|
1949
|
+
req = build_request(:list_organizational_units_for_parent, params)
|
1950
|
+
req.send_request(options)
|
1951
|
+
end
|
1952
|
+
|
1953
|
+
# Lists the root or organizational units (OUs) that serve as the
|
1954
|
+
# immediate parent of the specified child OU or account. This operation,
|
1955
|
+
# along with ListChildren enables you to traverse the tree structure
|
1956
|
+
# that makes up this root.
|
1957
|
+
#
|
1958
|
+
# This operation can be called only from the organization's master
|
1959
|
+
# account.
|
1960
|
+
#
|
1961
|
+
# <note markdown="1"> In the current release, a child can have only a single parent.
|
1962
|
+
#
|
1963
|
+
# </note>
|
1964
|
+
#
|
1965
|
+
# @option params [required, String] :child_id
|
1966
|
+
# The unique identifier (ID) of the OU or account whose parent
|
1967
|
+
# containers you want to list. Do not specify a root.
|
1968
|
+
#
|
1969
|
+
# The [regex pattern][1] for a child ID string requires one of the
|
1970
|
+
# following:
|
1971
|
+
#
|
1972
|
+
# * Account: a string that consists of exactly 12 digits.
|
1973
|
+
#
|
1974
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
1975
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
1976
|
+
# that contains the OU) followed by a second "-" dash and from 8 to
|
1977
|
+
# 32 additional lower-case letters or digits.
|
1978
|
+
#
|
1979
|
+
#
|
1980
|
+
#
|
1981
|
+
# [1]: http://wikipedia.org/wiki/regex
|
1982
|
+
#
|
1983
|
+
# @option params [String] :next_token
|
1984
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
1985
|
+
# request that indicates that there is more output available. Set it to
|
1986
|
+
# the value of the previous call's `NextToken` response to indicate
|
1987
|
+
# where the output should continue from.
|
1988
|
+
#
|
1989
|
+
# @option params [Integer] :max_results
|
1990
|
+
# (Optional) Use this to limit the number of results you want included
|
1991
|
+
# in the response. If you do not include this parameter, it defaults to
|
1992
|
+
# a value that is specific to the operation. If additional items exist
|
1993
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
1994
|
+
# present and has a value (is not null). Include that value as the
|
1995
|
+
# `NextToken` request parameter in the next call to the operation to get
|
1996
|
+
# the next part of the results. Note that Organizations might return
|
1997
|
+
# fewer results than the maximum even when there are more results
|
1998
|
+
# available. You should check `NextToken` after every operation to
|
1999
|
+
# ensure that you receive all of the results.
|
2000
|
+
#
|
2001
|
+
# @return [Types::ListParentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2002
|
+
#
|
2003
|
+
# * {Types::ListParentsResponse#parents #parents} => Array<Types::Parent>
|
2004
|
+
# * {Types::ListParentsResponse#next_token #next_token} => String
|
2005
|
+
#
|
2006
|
+
# @example Request syntax with placeholder values
|
2007
|
+
#
|
2008
|
+
# resp = client.list_parents({
|
2009
|
+
# child_id: "ChildId", # required
|
2010
|
+
# next_token: "NextToken",
|
2011
|
+
# max_results: 1,
|
2012
|
+
# })
|
2013
|
+
#
|
2014
|
+
# @example Response structure
|
2015
|
+
#
|
2016
|
+
# resp.parents #=> Array
|
2017
|
+
# resp.parents[0].id #=> String
|
2018
|
+
# resp.parents[0].type #=> String, one of "ROOT", "ORGANIZATIONAL_UNIT"
|
2019
|
+
# resp.next_token #=> String
|
2020
|
+
#
|
2021
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents AWS API Documentation
|
2022
|
+
#
|
2023
|
+
# @overload list_parents(params = {})
|
2024
|
+
# @param [Hash] params ({})
|
2025
|
+
def list_parents(params = {}, options = {})
|
2026
|
+
req = build_request(:list_parents, params)
|
2027
|
+
req.send_request(options)
|
2028
|
+
end
|
2029
|
+
|
2030
|
+
# Retrieves the list of all policies in an organization of a specified
|
2031
|
+
# type.
|
2032
|
+
#
|
2033
|
+
# This operation can be called only from the organization's master
|
2034
|
+
# account.
|
2035
|
+
#
|
2036
|
+
# @option params [required, String] :filter
|
2037
|
+
# Specifies the type of policy that you want to include in the response.
|
2038
|
+
#
|
2039
|
+
# @option params [String] :next_token
|
2040
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
2041
|
+
# request that indicates that there is more output available. Set it to
|
2042
|
+
# the value of the previous call's `NextToken` response to indicate
|
2043
|
+
# where the output should continue from.
|
2044
|
+
#
|
2045
|
+
# @option params [Integer] :max_results
|
2046
|
+
# (Optional) Use this to limit the number of results you want included
|
2047
|
+
# in the response. If you do not include this parameter, it defaults to
|
2048
|
+
# a value that is specific to the operation. If additional items exist
|
2049
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
2050
|
+
# present and has a value (is not null). Include that value as the
|
2051
|
+
# `NextToken` request parameter in the next call to the operation to get
|
2052
|
+
# the next part of the results. Note that Organizations might return
|
2053
|
+
# fewer results than the maximum even when there are more results
|
2054
|
+
# available. You should check `NextToken` after every operation to
|
2055
|
+
# ensure that you receive all of the results.
|
2056
|
+
#
|
2057
|
+
# @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2058
|
+
#
|
2059
|
+
# * {Types::ListPoliciesResponse#policies #policies} => Array<Types::PolicySummary>
|
2060
|
+
# * {Types::ListPoliciesResponse#next_token #next_token} => String
|
2061
|
+
#
|
2062
|
+
# @example Request syntax with placeholder values
|
2063
|
+
#
|
2064
|
+
# resp = client.list_policies({
|
2065
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
2066
|
+
# next_token: "NextToken",
|
2067
|
+
# max_results: 1,
|
2068
|
+
# })
|
2069
|
+
#
|
2070
|
+
# @example Response structure
|
2071
|
+
#
|
2072
|
+
# resp.policies #=> Array
|
2073
|
+
# resp.policies[0].id #=> String
|
2074
|
+
# resp.policies[0].arn #=> String
|
2075
|
+
# resp.policies[0].name #=> String
|
2076
|
+
# resp.policies[0].description #=> String
|
2077
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2078
|
+
# resp.policies[0].aws_managed #=> Boolean
|
2079
|
+
# resp.next_token #=> String
|
2080
|
+
#
|
2081
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies AWS API Documentation
|
2082
|
+
#
|
2083
|
+
# @overload list_policies(params = {})
|
2084
|
+
# @param [Hash] params ({})
|
2085
|
+
def list_policies(params = {}, options = {})
|
2086
|
+
req = build_request(:list_policies, params)
|
2087
|
+
req.send_request(options)
|
2088
|
+
end
|
2089
|
+
|
2090
|
+
# Lists the policies that are directly attached to the specified target
|
2091
|
+
# root, organizational unit (OU), or account. You must specify the
|
2092
|
+
# policy type that you want included in the returned list.
|
2093
|
+
#
|
2094
|
+
# This operation can be called only from the organization's master
|
2095
|
+
# account.
|
2096
|
+
#
|
2097
|
+
# @option params [required, String] :target_id
|
2098
|
+
# The unique identifier (ID) of the root, organizational unit, or
|
2099
|
+
# account whose policies you want to list.
|
2100
|
+
#
|
2101
|
+
# The [regex pattern][1] for a target ID string requires one of the
|
2102
|
+
# following:
|
2103
|
+
#
|
2104
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
2105
|
+
# lower-case letters or digits.
|
2106
|
+
#
|
2107
|
+
# * Account: a string that consists of exactly 12 digits.
|
2108
|
+
#
|
2109
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
2110
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
2111
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
2112
|
+
# additional lower-case letters or digits.
|
2113
|
+
#
|
2114
|
+
#
|
2115
|
+
#
|
2116
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2117
|
+
#
|
2118
|
+
# @option params [required, String] :filter
|
2119
|
+
# The type of policy that you want to include in the returned list.
|
2120
|
+
#
|
2121
|
+
# @option params [String] :next_token
|
2122
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
2123
|
+
# request that indicates that there is more output available. Set it to
|
2124
|
+
# the value of the previous call's `NextToken` response to indicate
|
2125
|
+
# where the output should continue from.
|
2126
|
+
#
|
2127
|
+
# @option params [Integer] :max_results
|
2128
|
+
# (Optional) Use this to limit the number of results you want included
|
2129
|
+
# in the response. If you do not include this parameter, it defaults to
|
2130
|
+
# a value that is specific to the operation. If additional items exist
|
2131
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
2132
|
+
# present and has a value (is not null). Include that value as the
|
2133
|
+
# `NextToken` request parameter in the next call to the operation to get
|
2134
|
+
# the next part of the results. Note that Organizations might return
|
2135
|
+
# fewer results than the maximum even when there are more results
|
2136
|
+
# available. You should check `NextToken` after every operation to
|
2137
|
+
# ensure that you receive all of the results.
|
2138
|
+
#
|
2139
|
+
# @return [Types::ListPoliciesForTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2140
|
+
#
|
2141
|
+
# * {Types::ListPoliciesForTargetResponse#policies #policies} => Array<Types::PolicySummary>
|
2142
|
+
# * {Types::ListPoliciesForTargetResponse#next_token #next_token} => String
|
2143
|
+
#
|
2144
|
+
# @example Request syntax with placeholder values
|
2145
|
+
#
|
2146
|
+
# resp = client.list_policies_for_target({
|
2147
|
+
# target_id: "PolicyTargetId", # required
|
2148
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
2149
|
+
# next_token: "NextToken",
|
2150
|
+
# max_results: 1,
|
2151
|
+
# })
|
2152
|
+
#
|
2153
|
+
# @example Response structure
|
2154
|
+
#
|
2155
|
+
# resp.policies #=> Array
|
2156
|
+
# resp.policies[0].id #=> String
|
2157
|
+
# resp.policies[0].arn #=> String
|
2158
|
+
# resp.policies[0].name #=> String
|
2159
|
+
# resp.policies[0].description #=> String
|
2160
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2161
|
+
# resp.policies[0].aws_managed #=> Boolean
|
2162
|
+
# resp.next_token #=> String
|
2163
|
+
#
|
2164
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget AWS API Documentation
|
2165
|
+
#
|
2166
|
+
# @overload list_policies_for_target(params = {})
|
2167
|
+
# @param [Hash] params ({})
|
2168
|
+
def list_policies_for_target(params = {}, options = {})
|
2169
|
+
req = build_request(:list_policies_for_target, params)
|
2170
|
+
req.send_request(options)
|
2171
|
+
end
|
2172
|
+
|
2173
|
+
# Lists the roots that are defined in the current organization.
|
2174
|
+
#
|
2175
|
+
# This operation can be called only from the organization's master
|
2176
|
+
# account.
|
2177
|
+
#
|
2178
|
+
# @option params [String] :next_token
|
2179
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
2180
|
+
# request that indicates that there is more output available. Set it to
|
2181
|
+
# the value of the previous call's `NextToken` response to indicate
|
2182
|
+
# where the output should continue from.
|
2183
|
+
#
|
2184
|
+
# @option params [Integer] :max_results
|
2185
|
+
# (Optional) Use this to limit the number of results you want included
|
2186
|
+
# in the response. If you do not include this parameter, it defaults to
|
2187
|
+
# a value that is specific to the operation. If additional items exist
|
2188
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
2189
|
+
# present and has a value (is not null). Include that value as the
|
2190
|
+
# `NextToken` request parameter in the next call to the operation to get
|
2191
|
+
# the next part of the results. Note that Organizations might return
|
2192
|
+
# fewer results than the maximum even when there are more results
|
2193
|
+
# available. You should check `NextToken` after every operation to
|
2194
|
+
# ensure that you receive all of the results.
|
2195
|
+
#
|
2196
|
+
# @return [Types::ListRootsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2197
|
+
#
|
2198
|
+
# * {Types::ListRootsResponse#roots #roots} => Array<Types::Root>
|
2199
|
+
# * {Types::ListRootsResponse#next_token #next_token} => String
|
2200
|
+
#
|
2201
|
+
# @example Request syntax with placeholder values
|
2202
|
+
#
|
2203
|
+
# resp = client.list_roots({
|
2204
|
+
# next_token: "NextToken",
|
2205
|
+
# max_results: 1,
|
2206
|
+
# })
|
2207
|
+
#
|
2208
|
+
# @example Response structure
|
2209
|
+
#
|
2210
|
+
# resp.roots #=> Array
|
2211
|
+
# resp.roots[0].id #=> String
|
2212
|
+
# resp.roots[0].arn #=> String
|
2213
|
+
# resp.roots[0].name #=> String
|
2214
|
+
# resp.roots[0].policy_types #=> Array
|
2215
|
+
# resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2216
|
+
# resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2217
|
+
# resp.next_token #=> String
|
2218
|
+
#
|
2219
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots AWS API Documentation
|
2220
|
+
#
|
2221
|
+
# @overload list_roots(params = {})
|
2222
|
+
# @param [Hash] params ({})
|
2223
|
+
def list_roots(params = {}, options = {})
|
2224
|
+
req = build_request(:list_roots, params)
|
2225
|
+
req.send_request(options)
|
2226
|
+
end
|
2227
|
+
|
2228
|
+
# Lists all the roots, OUs, and accounts to which the specified policy
|
2229
|
+
# is attached.
|
2230
|
+
#
|
2231
|
+
# This operation can be called only from the organization's master
|
2232
|
+
# account.
|
2233
|
+
#
|
2234
|
+
# @option params [required, String] :policy_id
|
2235
|
+
# The unique identifier (ID) of the policy for which you want to know
|
2236
|
+
# its attachments.
|
2237
|
+
#
|
2238
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
2239
|
+
# by from 8 to 128 lower-case letters or digits.
|
2240
|
+
#
|
2241
|
+
#
|
2242
|
+
#
|
2243
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2244
|
+
#
|
2245
|
+
# @option params [String] :next_token
|
2246
|
+
# Use this parameter if you receive a `NextToken` response in a previous
|
2247
|
+
# request that indicates that there is more output available. Set it to
|
2248
|
+
# the value of the previous call's `NextToken` response to indicate
|
2249
|
+
# where the output should continue from.
|
2250
|
+
#
|
2251
|
+
# @option params [Integer] :max_results
|
2252
|
+
# (Optional) Use this to limit the number of results you want included
|
2253
|
+
# in the response. If you do not include this parameter, it defaults to
|
2254
|
+
# a value that is specific to the operation. If additional items exist
|
2255
|
+
# beyond the maximum you specify, the `NextToken` response element is
|
2256
|
+
# present and has a value (is not null). Include that value as the
|
2257
|
+
# `NextToken` request parameter in the next call to the operation to get
|
2258
|
+
# the next part of the results. Note that Organizations might return
|
2259
|
+
# fewer results than the maximum even when there are more results
|
2260
|
+
# available. You should check `NextToken` after every operation to
|
2261
|
+
# ensure that you receive all of the results.
|
2262
|
+
#
|
2263
|
+
# @return [Types::ListTargetsForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2264
|
+
#
|
2265
|
+
# * {Types::ListTargetsForPolicyResponse#targets #targets} => Array<Types::PolicyTargetSummary>
|
2266
|
+
# * {Types::ListTargetsForPolicyResponse#next_token #next_token} => String
|
2267
|
+
#
|
2268
|
+
# @example Request syntax with placeholder values
|
2269
|
+
#
|
2270
|
+
# resp = client.list_targets_for_policy({
|
2271
|
+
# policy_id: "PolicyId", # required
|
2272
|
+
# next_token: "NextToken",
|
2273
|
+
# max_results: 1,
|
2274
|
+
# })
|
2275
|
+
#
|
2276
|
+
# @example Response structure
|
2277
|
+
#
|
2278
|
+
# resp.targets #=> Array
|
2279
|
+
# resp.targets[0].target_id #=> String
|
2280
|
+
# resp.targets[0].arn #=> String
|
2281
|
+
# resp.targets[0].name #=> String
|
2282
|
+
# resp.targets[0].type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT", "ROOT"
|
2283
|
+
# resp.next_token #=> String
|
2284
|
+
#
|
2285
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy AWS API Documentation
|
2286
|
+
#
|
2287
|
+
# @overload list_targets_for_policy(params = {})
|
2288
|
+
# @param [Hash] params ({})
|
2289
|
+
def list_targets_for_policy(params = {}, options = {})
|
2290
|
+
req = build_request(:list_targets_for_policy, params)
|
2291
|
+
req.send_request(options)
|
2292
|
+
end
|
2293
|
+
|
2294
|
+
# Moves an account from its current source parent root or OU to the
|
2295
|
+
# specified destination parent root or OU.
|
2296
|
+
#
|
2297
|
+
# This operation can be called only from the organization's master
|
2298
|
+
# account.
|
2299
|
+
#
|
2300
|
+
# @option params [required, String] :account_id
|
2301
|
+
# The unique identifier (ID) of the account that you want to move.
|
2302
|
+
#
|
2303
|
+
# The [regex pattern][1] for an account ID string requires exactly 12
|
2304
|
+
# digits.
|
2305
|
+
#
|
2306
|
+
#
|
2307
|
+
#
|
2308
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2309
|
+
#
|
2310
|
+
# @option params [required, String] :source_parent_id
|
2311
|
+
# The unique identifier (ID) of the root or organizational unit that you
|
2312
|
+
# want to move the account from.
|
2313
|
+
#
|
2314
|
+
# The [regex pattern][1] for a parent ID string requires one of the
|
2315
|
+
# following:
|
2316
|
+
#
|
2317
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
2318
|
+
# lower-case letters or digits.
|
2319
|
+
#
|
2320
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
2321
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
2322
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
2323
|
+
# additional lower-case letters or digits.
|
2324
|
+
#
|
2325
|
+
#
|
2326
|
+
#
|
2327
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2328
|
+
#
|
2329
|
+
# @option params [required, String] :destination_parent_id
|
2330
|
+
# The unique identifier (ID) of the root or organizational unit that you
|
2331
|
+
# want to move the account to.
|
2332
|
+
#
|
2333
|
+
# The [regex pattern][1] for a parent ID string requires one of the
|
2334
|
+
# following:
|
2335
|
+
#
|
2336
|
+
# * Root: a string that begins with "r-" followed by from 4 to 32
|
2337
|
+
# lower-case letters or digits.
|
2338
|
+
#
|
2339
|
+
# * Organizational unit (OU): a string that begins with "ou-" followed
|
2340
|
+
# by from 4 to 32 lower-case letters or digits (the ID of the root
|
2341
|
+
# that the OU is in) followed by a second "-" dash and from 8 to 32
|
2342
|
+
# additional lower-case letters or digits.
|
2343
|
+
#
|
2344
|
+
#
|
2345
|
+
#
|
2346
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2347
|
+
#
|
2348
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2349
|
+
#
|
2350
|
+
# @example Request syntax with placeholder values
|
2351
|
+
#
|
2352
|
+
# resp = client.move_account({
|
2353
|
+
# account_id: "AccountId", # required
|
2354
|
+
# source_parent_id: "ParentId", # required
|
2355
|
+
# destination_parent_id: "ParentId", # required
|
2356
|
+
# })
|
2357
|
+
#
|
2358
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount AWS API Documentation
|
2359
|
+
#
|
2360
|
+
# @overload move_account(params = {})
|
2361
|
+
# @param [Hash] params ({})
|
2362
|
+
def move_account(params = {}, options = {})
|
2363
|
+
req = build_request(:move_account, params)
|
2364
|
+
req.send_request(options)
|
2365
|
+
end
|
2366
|
+
|
2367
|
+
# Removes the specified account from the organization.
|
2368
|
+
#
|
2369
|
+
# The removed account becomes a stand-alone account that is not a member
|
2370
|
+
# of any organization. It is no longer subject to any policies and is
|
2371
|
+
# responsible for its own bill payments. The organization's master
|
2372
|
+
# account is no longer charged for any expenses accrued by the member
|
2373
|
+
# account after it is removed from the organization.
|
2374
|
+
#
|
2375
|
+
# This operation can be called only from the organization's master
|
2376
|
+
# account. Member accounts can remove themselves with LeaveOrganization
|
2377
|
+
# instead.
|
2378
|
+
#
|
2379
|
+
# You can remove only existing accounts that were invited to join the
|
2380
|
+
# organization. You cannot remove accounts that were created by AWS
|
2381
|
+
# Organizations.
|
2382
|
+
#
|
2383
|
+
# @option params [required, String] :account_id
|
2384
|
+
# The unique identifier (ID) of the member account that you want to
|
2385
|
+
# remove from the organization.
|
2386
|
+
#
|
2387
|
+
# The [regex pattern][1] for an account ID string requires exactly 12
|
2388
|
+
# digits.
|
2389
|
+
#
|
2390
|
+
#
|
2391
|
+
#
|
2392
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2393
|
+
#
|
2394
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2395
|
+
#
|
2396
|
+
# @example Request syntax with placeholder values
|
2397
|
+
#
|
2398
|
+
# resp = client.remove_account_from_organization({
|
2399
|
+
# account_id: "AccountId", # required
|
2400
|
+
# })
|
2401
|
+
#
|
2402
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization AWS API Documentation
|
2403
|
+
#
|
2404
|
+
# @overload remove_account_from_organization(params = {})
|
2405
|
+
# @param [Hash] params ({})
|
2406
|
+
def remove_account_from_organization(params = {}, options = {})
|
2407
|
+
req = build_request(:remove_account_from_organization, params)
|
2408
|
+
req.send_request(options)
|
2409
|
+
end
|
2410
|
+
|
2411
|
+
# Renames the specified organizational unit (OU). The ID and ARN do not
|
2412
|
+
# change. The child OUs and accounts remain in place, and any attached
|
2413
|
+
# policies of the OU remain attached.
|
2414
|
+
#
|
2415
|
+
# This operation can be called only from the organization's master
|
2416
|
+
# account.
|
2417
|
+
#
|
2418
|
+
# @option params [required, String] :organizational_unit_id
|
2419
|
+
# The unique identifier (ID) of the OU that you want to rename. You can
|
2420
|
+
# get the ID from the ListOrganizationalUnitsForParent operation.
|
2421
|
+
#
|
2422
|
+
# The [regex pattern][1] for an organizational unit ID string requires
|
2423
|
+
# "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
|
2424
|
+
# of the root that contains the OU) followed by a second "-" dash and
|
2425
|
+
# from 8 to 32 additional lower-case letters or digits.
|
2426
|
+
#
|
2427
|
+
#
|
2428
|
+
#
|
2429
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2430
|
+
#
|
2431
|
+
# @option params [String] :name
|
2432
|
+
# The new name that you want to assign to the OU.
|
2433
|
+
#
|
2434
|
+
# The [regex pattern][1] that is used to validate this parameter is a
|
2435
|
+
# string of any of the characters in the ASCII character range.
|
2436
|
+
#
|
2437
|
+
#
|
2438
|
+
#
|
2439
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2440
|
+
#
|
2441
|
+
# @return [Types::UpdateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2442
|
+
#
|
2443
|
+
# * {Types::UpdateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
2444
|
+
#
|
2445
|
+
# @example Request syntax with placeholder values
|
2446
|
+
#
|
2447
|
+
# resp = client.update_organizational_unit({
|
2448
|
+
# organizational_unit_id: "OrganizationalUnitId", # required
|
2449
|
+
# name: "OrganizationalUnitName",
|
2450
|
+
# })
|
2451
|
+
#
|
2452
|
+
# @example Response structure
|
2453
|
+
#
|
2454
|
+
# resp.organizational_unit.id #=> String
|
2455
|
+
# resp.organizational_unit.arn #=> String
|
2456
|
+
# resp.organizational_unit.name #=> String
|
2457
|
+
#
|
2458
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit AWS API Documentation
|
2459
|
+
#
|
2460
|
+
# @overload update_organizational_unit(params = {})
|
2461
|
+
# @param [Hash] params ({})
|
2462
|
+
def update_organizational_unit(params = {}, options = {})
|
2463
|
+
req = build_request(:update_organizational_unit, params)
|
2464
|
+
req.send_request(options)
|
2465
|
+
end
|
2466
|
+
|
2467
|
+
# Updates an existing policy with a new name, description, or content.
|
2468
|
+
# If any parameter is not supplied, that value remains unchanged. Note
|
2469
|
+
# that you cannot change a policy's type.
|
2470
|
+
#
|
2471
|
+
# This operation can be called only from the organization's master
|
2472
|
+
# account.
|
2473
|
+
#
|
2474
|
+
# @option params [required, String] :policy_id
|
2475
|
+
# The unique identifier (ID) of the policy that you want to update.
|
2476
|
+
#
|
2477
|
+
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
2478
|
+
# by from 8 to 128 lower-case letters or digits.
|
2479
|
+
#
|
2480
|
+
#
|
2481
|
+
#
|
2482
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2483
|
+
#
|
2484
|
+
# @option params [String] :name
|
2485
|
+
# If provided, the new name for the policy.
|
2486
|
+
#
|
2487
|
+
# The [regex pattern][1] that is used to validate this parameter is a
|
2488
|
+
# string of any of the characters in the ASCII character range.
|
2489
|
+
#
|
2490
|
+
#
|
2491
|
+
#
|
2492
|
+
# [1]: http://wikipedia.org/wiki/regex
|
2493
|
+
#
|
2494
|
+
# @option params [String] :description
|
2495
|
+
# If provided, the new description for the policy.
|
2496
|
+
#
|
2497
|
+
# @option params [String] :content
|
2498
|
+
# If provided, the new content for the policy. The text must be
|
2499
|
+
# correctly formatted JSON that complies with the syntax for the
|
2500
|
+
# policy's type. For more information, see [Service Control Policy
|
2501
|
+
# Syntax][1] in the *AWS Organizations User Guide*.
|
2502
|
+
#
|
2503
|
+
#
|
2504
|
+
#
|
2505
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
|
2506
|
+
#
|
2507
|
+
# @return [Types::UpdatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2508
|
+
#
|
2509
|
+
# * {Types::UpdatePolicyResponse#policy #policy} => Types::Policy
|
2510
|
+
#
|
2511
|
+
# @example Request syntax with placeholder values
|
2512
|
+
#
|
2513
|
+
# resp = client.update_policy({
|
2514
|
+
# policy_id: "PolicyId", # required
|
2515
|
+
# name: "PolicyName",
|
2516
|
+
# description: "PolicyDescription",
|
2517
|
+
# content: "PolicyContent",
|
2518
|
+
# })
|
2519
|
+
#
|
2520
|
+
# @example Response structure
|
2521
|
+
#
|
2522
|
+
# resp.policy.policy_summary.id #=> String
|
2523
|
+
# resp.policy.policy_summary.arn #=> String
|
2524
|
+
# resp.policy.policy_summary.name #=> String
|
2525
|
+
# resp.policy.policy_summary.description #=> String
|
2526
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2527
|
+
# resp.policy.policy_summary.aws_managed #=> Boolean
|
2528
|
+
# resp.policy.content #=> String
|
2529
|
+
#
|
2530
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy AWS API Documentation
|
2531
|
+
#
|
2532
|
+
# @overload update_policy(params = {})
|
2533
|
+
# @param [Hash] params ({})
|
2534
|
+
def update_policy(params = {}, options = {})
|
2535
|
+
req = build_request(:update_policy, params)
|
2536
|
+
req.send_request(options)
|
2537
|
+
end
|
2538
|
+
|
2539
|
+
# @!endgroup
|
2540
|
+
|
2541
|
+
# @param params ({})
|
2542
|
+
# @api private
|
2543
|
+
def build_request(operation_name, params = {})
|
2544
|
+
handlers = @handlers.for(operation_name)
|
2545
|
+
context = Seahorse::Client::RequestContext.new(
|
2546
|
+
operation_name: operation_name,
|
2547
|
+
operation: config.api.operation(operation_name),
|
2548
|
+
client: self,
|
2549
|
+
params: params,
|
2550
|
+
config: config)
|
2551
|
+
context[:gem_name] = 'aws-sdk-organizations'
|
2552
|
+
context[:gem_version] = '1.0.0.rc1'
|
2553
|
+
Seahorse::Client::Request.new(handlers, context)
|
2554
|
+
end
|
2555
|
+
|
2556
|
+
# @api private
|
2557
|
+
# @deprecated
|
2558
|
+
def waiter_names
|
2559
|
+
[]
|
2560
|
+
end
|
2561
|
+
|
2562
|
+
class << self
|
2563
|
+
|
2564
|
+
# @api private
|
2565
|
+
attr_reader :identifier
|
2566
|
+
|
2567
|
+
# @api private
|
2568
|
+
def errors_module
|
2569
|
+
Errors
|
2570
|
+
end
|
2571
|
+
|
2572
|
+
end
|
2573
|
+
end
|
2574
|
+
end
|