aws-sdk-organizations 1.23.0 → 1.24.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 416ef78349bc6544aef01a5d92365de23ed2a3a5
4
- data.tar.gz: a07c880df90886d7b1a61261a99f8d37a5681062
3
+ metadata.gz: 55454738fb53470f1d66d7404f12c108f922cbad
4
+ data.tar.gz: 5829d0e1fe290e8e174ea870968dda8c0594f6ce
5
5
  SHA512:
6
- metadata.gz: 46595b04918d0d769100cd95d94299e79106d75a15f7da51b51fff1f332a89146c4f0b4d93524d36ea1c7bcbca72418b2ec5a4fa2ddaeebbf13aeff78bb92684
7
- data.tar.gz: bffc5e75ab865c83e8ab80afa77887ff5d8a70da6adaa38e47bbea43a0fee33355072e973da73da0a6c49e9d09db800fcc66b50774c4d370a0e441586f1cbf15
6
+ metadata.gz: '08273585cb641f79a1dd551d3556772bfc1036caf41a5dfb8fef69795e87eaad9968c16555a18c9f03f712ee14b1040de544580adbe184830828a130e013baec'
7
+ data.tar.gz: 358a3e2c38a7ed49b00f5d7098d86afc081936e4fdf11f9edc27731aeb12d3cfa75a89f064e7627cb2fc5dda6dfd41caabeaa893722cfec243ec2587b62496a2
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-organizations/customizations'
42
42
  # @service
43
43
  module Aws::Organizations
44
44
 
45
- GEM_VERSION = '1.23.0'
45
+ GEM_VERSION = '1.24.0'
46
46
 
47
47
  end
@@ -815,6 +815,7 @@ module Aws::Organizations
815
815
  # resp.create_account_status.requested_timestamp #=> Time
816
816
  # resp.create_account_status.completed_timestamp #=> Time
817
817
  # resp.create_account_status.account_id #=> String
818
+ # resp.create_account_status.gov_cloud_account_id #=> String
818
819
  # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
819
820
  #
820
821
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
@@ -826,6 +827,220 @@ module Aws::Organizations
826
827
  req.send_request(options)
827
828
  end
828
829
 
830
+ # This action is available if all of the following are true:
831
+ #
832
+ # * You are authorized to create accounts in the AWS GovCloud (US)
833
+ # Region. For more information on the AWS GovCloud (US) Region, see
834
+ # the [ *AWS GovCloud User Guide*.][1]
835
+ #
836
+ # * You already have an account in the AWS GovCloud (US) Region that is
837
+ # associated with your master account in the commercial Region.
838
+ #
839
+ # * You call this action from the master account of your organization in
840
+ # the commercial Region.
841
+ #
842
+ # * You have the `organizations:CreateGovCloudAccount` permission. AWS
843
+ # Organizations creates the required service-linked role named
844
+ # `AWSServiceRoleForOrganizations`. For more information, see [AWS
845
+ # Organizations and Service-Linked Roles][2] in the *AWS Organizations
846
+ # User Guide*.
847
+ #
848
+ # AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
849
+ # accounts, but you should also do the following:
850
+ #
851
+ # * Verify that AWS CloudTrail is enabled to store logs.
852
+ #
853
+ # * Create an S3 bucket for AWS CloudTrail log storage.
854
+ #
855
+ # For more information, see [Verifying AWS CloudTrail Is Enabled][3]
856
+ # in the *AWS GovCloud User Guide*.
857
+ #
858
+ # You call this action from the master account of your organization in
859
+ # the commercial Region to create a standalone AWS account in the AWS
860
+ # GovCloud (US) Region. After the account is created, the master account
861
+ # of an organization in the AWS GovCloud (US) Region can invite it to
862
+ # that organization. For more information on inviting standalone
863
+ # accounts in the AWS GovCloud (US) to join an organization, see [AWS
864
+ # Organizations][4] in the *AWS GovCloud User Guide.*
865
+ #
866
+ # Calling `CreateGovCloudAccount` is an asynchronous request that AWS
867
+ # performs in the background. Because `CreateGovCloudAccount` operates
868
+ # asynchronously, it can return a successful completion message even
869
+ # though account initialization might still be in progress. You might
870
+ # need to wait a few minutes before you can successfully access the
871
+ # account. To check the status of the request, do one of the following:
872
+ #
873
+ # * Use the `OperationId` response element from this operation to
874
+ # provide as a parameter to the DescribeCreateAccountStatus operation.
875
+ #
876
+ # * Check the AWS CloudTrail log for the `CreateAccountResult` event.
877
+ # For information on using AWS CloudTrail with Organizations, see
878
+ # [Monitoring the Activity in Your Organization][5] in the *AWS
879
+ # Organizations User Guide.*
880
+ #
881
+ #
882
+ #
883
+ # When you call the `CreateGovCloudAccount` action, you create two
884
+ # accounts: a standalone account in the AWS GovCloud (US) Region and an
885
+ # associated account in the commercial Region for billing and support
886
+ # purposes. The account in the commercial Region is automatically a
887
+ # member of the organization whose credentials made the request. Both
888
+ # accounts are associated with the same email address.
889
+ #
890
+ # A role is created in the new account in the commercial Region that
891
+ # allows the master account in the organization in the commercial Region
892
+ # to assume it. An AWS GovCloud (US) account is then created and
893
+ # associated with the commercial account that you just created. A role
894
+ # is created in the new AWS GovCloud (US) account that can be assumed by
895
+ # the AWS GovCloud (US) account that is associated with the master
896
+ # account of the commercial organization. For more information and to
897
+ # view a diagram that explains how account access works, see [AWS
898
+ # Organizations][4] in the *AWS GovCloud User Guide.*
899
+ #
900
+ # For more information about creating accounts, see [Creating an AWS
901
+ # Account in Your Organization][6] in the *AWS Organizations User
902
+ # Guide.*
903
+ #
904
+ # * When you create an account in an organization using the AWS
905
+ # Organizations console, API, or CLI commands, the information
906
+ # required for the account to operate as a standalone account, such as
907
+ # a payment method and signing the end user license agreement (EULA)
908
+ # is *not* automatically collected. If you must remove an account from
909
+ # your organization later, you can do so only after you provide the
910
+ # missing information. Follow the steps at [ To leave an organization
911
+ # as a member account][7] in the *AWS Organizations User Guide.*
912
+ #
913
+ # * If you get an exception that indicates that you exceeded your
914
+ # account limits for the organization, contact [AWS Support][8].
915
+ #
916
+ # * If you get an exception that indicates that the operation failed
917
+ # because your organization is still initializing, wait one hour and
918
+ # then try again. If the error persists, contact [AWS Support][8].
919
+ #
920
+ # * Using `CreateGovCloudAccount` to create multiple temporary accounts
921
+ # isn't recommended. You can only close an account from the AWS
922
+ # Billing and Cost Management console, and you must be signed in as
923
+ # the root user. For information on the requirements and process for
924
+ # closing an account, see [Closing an AWS Account][9] in the *AWS
925
+ # Organizations User Guide*.
926
+ #
927
+ # <note markdown="1"> When you create a member account with this operation, you can choose
928
+ # whether to create the account with the **IAM User and Role Access to
929
+ # Billing Information** switch enabled. If you enable it, IAM users and
930
+ # roles that have appropriate permissions can view billing information
931
+ # for the account. If you disable it, only the account root user can
932
+ # access billing information. For information about how to disable this
933
+ # switch for an account, see [Granting Access to Your Billing
934
+ # Information and Tools][10].
935
+ #
936
+ # </note>
937
+ #
938
+ #
939
+ #
940
+ # [1]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html
941
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
942
+ # [3]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html
943
+ # [4]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
944
+ # [5]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html
945
+ # [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
946
+ # [7]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
947
+ # [8]: https://console.aws.amazon.com/support/home#/
948
+ # [9]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
949
+ # [10]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
950
+ #
951
+ # @option params [required, String] :email
952
+ # The email address of the owner to assign to the new member account in
953
+ # the commercial Region. This email address must not already be
954
+ # associated with another AWS account. You must use a valid email
955
+ # address to complete account creation. You can't access the root user
956
+ # of the account or remove an account that was created with an invalid
957
+ # email address. Like all request parameters for
958
+ # `CreateGovCloudAccount`, the request for the email address for the AWS
959
+ # GovCloud (US) account originates from the commercial Region, not from
960
+ # the AWS GovCloud (US) Region.
961
+ #
962
+ # @option params [required, String] :account_name
963
+ # The friendly name of the member account.
964
+ #
965
+ # @option params [String] :role_name
966
+ # (Optional)
967
+ #
968
+ # The name of an IAM role that AWS Organizations automatically
969
+ # preconfigures in the new member accounts in both the AWS GovCloud (US)
970
+ # Region and in the commercial Region. This role trusts the master
971
+ # account, allowing users in the master account to assume the role, as
972
+ # permitted by the master account administrator. The role has
973
+ # administrator permissions in the new member account.
974
+ #
975
+ # If you don't specify this parameter, the role name defaults to
976
+ # `OrganizationAccountAccessRole`.
977
+ #
978
+ # For more information about how to use this role to access the member
979
+ # account, see [Accessing and Administering the Member Accounts in Your
980
+ # Organization][1] in the *AWS Organizations User Guide* and steps 2 and
981
+ # 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
982
+ # Roles][2] in the *IAM User Guide.*
983
+ #
984
+ # The [regex pattern][3] that is used to validate this parameter is a
985
+ # string of characters that can consist of uppercase letters, lowercase
986
+ # letters, digits with no spaces, and any of the following characters:
987
+ # =,.@-
988
+ #
989
+ #
990
+ #
991
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
992
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
993
+ # [3]: http://wikipedia.org/wiki/regex
994
+ #
995
+ # @option params [String] :iam_user_access_to_billing
996
+ # If set to `ALLOW`, the new linked account in the commercial Region
997
+ # enables IAM users to access account billing information *if* they have
998
+ # the required permissions. If set to `DENY`, only the root user of the
999
+ # new account can access account billing information. For more
1000
+ # information, see [Activating Access to the Billing and Cost Management
1001
+ # Console][1] in the *AWS Billing and Cost Management User Guide.*
1002
+ #
1003
+ # If you don't specify this parameter, the value defaults to `ALLOW`,
1004
+ # and IAM users and roles with the required permissions can access
1005
+ # billing information for the new account.
1006
+ #
1007
+ #
1008
+ #
1009
+ # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
1010
+ #
1011
+ # @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1012
+ #
1013
+ # * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
1014
+ #
1015
+ # @example Request syntax with placeholder values
1016
+ #
1017
+ # resp = client.create_gov_cloud_account({
1018
+ # email: "Email", # required
1019
+ # account_name: "AccountName", # required
1020
+ # role_name: "RoleName",
1021
+ # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
1022
+ # })
1023
+ #
1024
+ # @example Response structure
1025
+ #
1026
+ # resp.create_account_status.id #=> String
1027
+ # resp.create_account_status.account_name #=> String
1028
+ # resp.create_account_status.state #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED"
1029
+ # resp.create_account_status.requested_timestamp #=> Time
1030
+ # resp.create_account_status.completed_timestamp #=> Time
1031
+ # resp.create_account_status.account_id #=> String
1032
+ # resp.create_account_status.gov_cloud_account_id #=> String
1033
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1034
+ #
1035
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
1036
+ #
1037
+ # @overload create_gov_cloud_account(params = {})
1038
+ # @param [Hash] params ({})
1039
+ def create_gov_cloud_account(params = {}, options = {})
1040
+ req = build_request(:create_gov_cloud_account, params)
1041
+ req.send_request(options)
1042
+ end
1043
+
829
1044
  # Creates an AWS organization. The account whose user is calling the
830
1045
  # CreateOrganization operation automatically becomes the [master
831
1046
  # account][1] of the new organization.
@@ -855,6 +1070,9 @@ module Aws::Organizations
855
1070
  # information, see [Consolidated billing][1] in the *AWS Organizations
856
1071
  # User Guide*.
857
1072
  #
1073
+ # The consolidated billing feature subset isn't available for
1074
+ # organizations in the AWS GovCloud (US) Region.
1075
+ #
858
1076
  # * *ALL*\: In addition to all the features supported by the
859
1077
  # consolidated billing feature set, the master account can also apply
860
1078
  # any type of policy to any member account in the organization. For
@@ -1484,6 +1702,7 @@ module Aws::Organizations
1484
1702
  # resp.create_account_status.requested_timestamp #=> Time
1485
1703
  # resp.create_account_status.completed_timestamp #=> Time
1486
1704
  # resp.create_account_status.account_id #=> String
1705
+ # resp.create_account_status.gov_cloud_account_id #=> String
1487
1706
  # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1488
1707
  #
1489
1708
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
@@ -2974,6 +3193,7 @@ module Aws::Organizations
2974
3193
  # resp.create_account_statuses[0].requested_timestamp #=> Time
2975
3194
  # resp.create_account_statuses[0].completed_timestamp #=> Time
2976
3195
  # resp.create_account_statuses[0].account_id #=> String
3196
+ # resp.create_account_statuses[0].gov_cloud_account_id #=> String
2977
3197
  # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
2978
3198
  # resp.next_token #=> String
2979
3199
  #
@@ -4322,7 +4542,7 @@ module Aws::Organizations
4322
4542
  params: params,
4323
4543
  config: config)
4324
4544
  context[:gem_name] = 'aws-sdk-organizations'
4325
- context[:gem_version] = '1.23.0'
4545
+ context[:gem_version] = '1.24.0'
4326
4546
  Seahorse::Client::Request.new(handlers, context)
4327
4547
  end
4328
4548
 
@@ -49,6 +49,8 @@ module Aws::Organizations
49
49
  CreateAccountStatus = Shapes::StructureShape.new(name: 'CreateAccountStatus')
50
50
  CreateAccountStatusNotFoundException = Shapes::StructureShape.new(name: 'CreateAccountStatusNotFoundException')
51
51
  CreateAccountStatuses = Shapes::ListShape.new(name: 'CreateAccountStatuses')
52
+ CreateGovCloudAccountRequest = Shapes::StructureShape.new(name: 'CreateGovCloudAccountRequest')
53
+ CreateGovCloudAccountResponse = Shapes::StructureShape.new(name: 'CreateGovCloudAccountResponse')
52
54
  CreateOrganizationRequest = Shapes::StructureShape.new(name: 'CreateOrganizationRequest')
53
55
  CreateOrganizationResponse = Shapes::StructureShape.new(name: 'CreateOrganizationResponse')
54
56
  CreateOrganizationalUnitRequest = Shapes::StructureShape.new(name: 'CreateOrganizationalUnitRequest')
@@ -202,6 +204,7 @@ module Aws::Organizations
202
204
  TargetType = Shapes::StringShape.new(name: 'TargetType')
203
205
  Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
204
206
  TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
207
+ UnsupportedAPIEndpointException = Shapes::StructureShape.new(name: 'UnsupportedAPIEndpointException')
205
208
  UpdateOrganizationalUnitRequest = Shapes::StructureShape.new(name: 'UpdateOrganizationalUnitRequest')
206
209
  UpdateOrganizationalUnitResponse = Shapes::StructureShape.new(name: 'UpdateOrganizationalUnitResponse')
207
210
  UpdatePolicyRequest = Shapes::StructureShape.new(name: 'UpdatePolicyRequest')
@@ -257,11 +260,21 @@ module Aws::Organizations
257
260
  CreateAccountStatus.add_member(:requested_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "RequestedTimestamp"))
258
261
  CreateAccountStatus.add_member(:completed_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CompletedTimestamp"))
259
262
  CreateAccountStatus.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
263
+ CreateAccountStatus.add_member(:gov_cloud_account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "GovCloudAccountId"))
260
264
  CreateAccountStatus.add_member(:failure_reason, Shapes::ShapeRef.new(shape: CreateAccountFailureReason, location_name: "FailureReason"))
261
265
  CreateAccountStatus.struct_class = Types::CreateAccountStatus
262
266
 
263
267
  CreateAccountStatuses.member = Shapes::ShapeRef.new(shape: CreateAccountStatus)
264
268
 
269
+ CreateGovCloudAccountRequest.add_member(:email, Shapes::ShapeRef.new(shape: Email, required: true, location_name: "Email"))
270
+ CreateGovCloudAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
271
+ CreateGovCloudAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
272
+ CreateGovCloudAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
273
+ CreateGovCloudAccountRequest.struct_class = Types::CreateGovCloudAccountRequest
274
+
275
+ CreateGovCloudAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
276
+ CreateGovCloudAccountResponse.struct_class = Types::CreateGovCloudAccountResponse
277
+
265
278
  CreateOrganizationRequest.add_member(:feature_set, Shapes::ShapeRef.new(shape: OrganizationFeatureSet, location_name: "FeatureSet"))
266
279
  CreateOrganizationRequest.struct_class = Types::CreateOrganizationRequest
267
280
 
@@ -685,6 +698,24 @@ module Aws::Organizations
685
698
  o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
686
699
  o.errors << Shapes::ShapeRef.new(shape: ServiceException)
687
700
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
701
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
702
+ end)
703
+
704
+ api.add_operation(:create_gov_cloud_account, Seahorse::Model::Operation.new.tap do |o|
705
+ o.name = "CreateGovCloudAccount"
706
+ o.http_method = "POST"
707
+ o.http_request_uri = "/"
708
+ o.input = Shapes::ShapeRef.new(shape: CreateGovCloudAccountRequest)
709
+ o.output = Shapes::ShapeRef.new(shape: CreateGovCloudAccountResponse)
710
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
711
+ o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
712
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
713
+ o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
714
+ o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
715
+ o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
716
+ o.errors << Shapes::ShapeRef.new(shape: ServiceException)
717
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
718
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
688
719
  end)
689
720
 
690
721
  api.add_operation(:create_organization, Seahorse::Model::Operation.new.tap do |o|
@@ -827,6 +858,7 @@ module Aws::Organizations
827
858
  o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
828
859
  o.errors << Shapes::ShapeRef.new(shape: ServiceException)
829
860
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
861
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
830
862
  end)
831
863
 
832
864
  api.add_operation(:describe_handshake, Seahorse::Model::Operation.new.tap do |o|
@@ -1107,6 +1139,7 @@ module Aws::Organizations
1107
1139
  o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
1108
1140
  o.errors << Shapes::ShapeRef.new(shape: ServiceException)
1109
1141
  o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
1142
+ o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
1110
1143
  o[:pager] = Aws::Pager.new(
1111
1144
  limit_key: "max_results",
1112
1145
  tokens: {
@@ -342,8 +342,9 @@ module Aws::Organizations
342
342
  include Aws::Structure
343
343
  end
344
344
 
345
- # Contains the status about a CreateAccount request to create an AWS
346
- # account in an organization.
345
+ # Contains the status about a CreateAccount or CreateGovCloudAccount
346
+ # request to create an AWS account or an AWS GovCloud (US) account in an
347
+ # organization.
347
348
  #
348
349
  # @!attribute [rw] id
349
350
  # The unique identifier (ID) that references this request. You get
@@ -389,6 +390,9 @@ module Aws::Organizations
389
390
  # [1]: http://wikipedia.org/wiki/regex
390
391
  # @return [String]
391
392
  #
393
+ # @!attribute [rw] gov_cloud_account_id
394
+ # @return [String]
395
+ #
392
396
  # @!attribute [rw] failure_reason
393
397
  # If the request failed, a description of the reason for the failure.
394
398
  #
@@ -419,10 +423,109 @@ module Aws::Organizations
419
423
  :requested_timestamp,
420
424
  :completed_timestamp,
421
425
  :account_id,
426
+ :gov_cloud_account_id,
422
427
  :failure_reason)
423
428
  include Aws::Structure
424
429
  end
425
430
 
431
+ # @note When making an API call, you may pass CreateGovCloudAccountRequest
432
+ # data as a hash:
433
+ #
434
+ # {
435
+ # email: "Email", # required
436
+ # account_name: "AccountName", # required
437
+ # role_name: "RoleName",
438
+ # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
439
+ # }
440
+ #
441
+ # @!attribute [rw] email
442
+ # The email address of the owner to assign to the new member account
443
+ # in the commercial Region. This email address must not already be
444
+ # associated with another AWS account. You must use a valid email
445
+ # address to complete account creation. You can't access the root
446
+ # user of the account or remove an account that was created with an
447
+ # invalid email address. Like all request parameters for
448
+ # `CreateGovCloudAccount`, the request for the email address for the
449
+ # AWS GovCloud (US) account originates from the commercial Region, not
450
+ # from the AWS GovCloud (US) Region.
451
+ # @return [String]
452
+ #
453
+ # @!attribute [rw] account_name
454
+ # The friendly name of the member account.
455
+ # @return [String]
456
+ #
457
+ # @!attribute [rw] role_name
458
+ # (Optional)
459
+ #
460
+ # The name of an IAM role that AWS Organizations automatically
461
+ # preconfigures in the new member accounts in both the AWS GovCloud
462
+ # (US) Region and in the commercial Region. This role trusts the
463
+ # master account, allowing users in the master account to assume the
464
+ # role, as permitted by the master account administrator. The role has
465
+ # administrator permissions in the new member account.
466
+ #
467
+ # If you don't specify this parameter, the role name defaults to
468
+ # `OrganizationAccountAccessRole`.
469
+ #
470
+ # For more information about how to use this role to access the member
471
+ # account, see [Accessing and Administering the Member Accounts in
472
+ # Your Organization][1] in the *AWS Organizations User Guide* and
473
+ # steps 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts
474
+ # Using IAM Roles][2] in the *IAM User Guide.*
475
+ #
476
+ # The [regex pattern][3] that is used to validate this parameter is a
477
+ # string of characters that can consist of uppercase letters,
478
+ # lowercase letters, digits with no spaces, and any of the following
479
+ # characters: =,.@-
480
+ #
481
+ #
482
+ #
483
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
484
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
485
+ # [3]: http://wikipedia.org/wiki/regex
486
+ # @return [String]
487
+ #
488
+ # @!attribute [rw] iam_user_access_to_billing
489
+ # If set to `ALLOW`, the new linked account in the commercial Region
490
+ # enables IAM users to access account billing information *if* they
491
+ # have the required permissions. If set to `DENY`, only the root user
492
+ # of the new account can access account billing information. For more
493
+ # information, see [Activating Access to the Billing and Cost
494
+ # Management Console][1] in the *AWS Billing and Cost Management User
495
+ # Guide.*
496
+ #
497
+ # If you don't specify this parameter, the value defaults to `ALLOW`,
498
+ # and IAM users and roles with the required permissions can access
499
+ # billing information for the new account.
500
+ #
501
+ #
502
+ #
503
+ # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
504
+ # @return [String]
505
+ #
506
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountRequest AWS API Documentation
507
+ #
508
+ class CreateGovCloudAccountRequest < Struct.new(
509
+ :email,
510
+ :account_name,
511
+ :role_name,
512
+ :iam_user_access_to_billing)
513
+ include Aws::Structure
514
+ end
515
+
516
+ # @!attribute [rw] create_account_status
517
+ # Contains the status about a CreateAccount or CreateGovCloudAccount
518
+ # request to create an AWS account or an AWS GovCloud (US) account in
519
+ # an organization.
520
+ # @return [Types::CreateAccountStatus]
521
+ #
522
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountResponse AWS API Documentation
523
+ #
524
+ class CreateGovCloudAccountResponse < Struct.new(
525
+ :create_account_status)
526
+ include Aws::Structure
527
+ end
528
+
426
529
  # @note When making an API call, you may pass CreateOrganizationRequest
427
530
  # data as a hash:
428
531
  #
@@ -439,6 +542,9 @@ module Aws::Organizations
439
542
  # information, see [Consolidated billing][1] in the *AWS
440
543
  # Organizations User Guide*.
441
544
  #
545
+ # The consolidated billing feature subset isn't available for
546
+ # organizations in the AWS GovCloud (US) Region.
547
+ #
442
548
  # * *ALL*\: In addition to all the features supported by the
443
549
  # consolidated billing feature set, the master account can also
444
550
  # apply any type of policy to any member account in the
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-organizations
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.23.0
4
+ version: 1.24.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-16 00:00:00.000000000 Z
11
+ date: 2019-04-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -59,7 +59,7 @@ files:
59
59
  - lib/aws-sdk-organizations/errors.rb
60
60
  - lib/aws-sdk-organizations/resource.rb
61
61
  - lib/aws-sdk-organizations/types.rb
62
- homepage: http://github.com/aws/aws-sdk-ruby
62
+ homepage: https://github.com/aws/aws-sdk-ruby
63
63
  licenses:
64
64
  - Apache-2.0
65
65
  metadata: