aws-sdk-organizations 1.27.0 → 1.28.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bcef5b01e9b656a0bf72e152f3b9f44f219b9343
4
- data.tar.gz: 3917e43583f6ae6c4c79bd12e66f5acb1171eb66
3
+ metadata.gz: a406882217258a69ff6ba372d42f71931d583336
4
+ data.tar.gz: 974b0d742476938d15954380d5a742e24f2538d8
5
5
  SHA512:
6
- metadata.gz: 504c0418a363eaf3acbba3e194ee115c337bf2614a730de265085aa0184f834d6cb0a7945a9d0cdc1e2c5af28ffe6c6b7678984b9eea8cb13dcd5bb6117a544a
7
- data.tar.gz: b8d606087a9be5b410bcd366e947f8b8332590ec8ce9006472f9298d9d904b2e1b0d3529720579c815abe038ca7338603e1837fe7552388ff49b0039b8e07ddd
6
+ metadata.gz: 7c202c23a5bdf988cec2001541badfc989b16d2a36ec3ece2b192a0251780ccb30bf598aca694df9f7a92f83842665db6771e8ebc70d7df1d931b30c669fc1b3
7
+ data.tar.gz: c8738c6ed61fe57b6c01a91df6206a951597c6d2be2cf706fc4fb133d0c9e73f9c49f1dabf73b638d68ec9cbca59d63addd85e253c97a7bc491b4059ec0532c2
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-organizations/customizations'
42
42
  # @service
43
43
  module Aws::Organizations
44
44
 
45
- GEM_VERSION = '1.27.0'
45
+ GEM_VERSION = '1.28.0'
46
46
 
47
47
  end
@@ -271,10 +271,10 @@ module Aws::Organizations
271
271
  #
272
272
  # The user who calls the API for an invitation to join must have the
273
273
  # `organizations:AcceptHandshake` permission. If you enabled all
274
- # features in the organization, then the user must also have the
275
- # `iam:CreateServiceLinkedRole` permission so that Organizations can
276
- # create the required service-linked role named
277
- # *AWSServiceRoleForOrganizations*. For more information, see [AWS
274
+ # features in the organization, the user must also have the
275
+ # `iam:CreateServiceLinkedRole` permission so that AWS Organizations
276
+ # can create the required service-linked role named
277
+ # `AWSServiceRoleForOrganizations`. For more information, see [AWS
278
278
  # Organizations and Service-Linked Roles][1] in the *AWS Organizations
279
279
  # User Guide*.
280
280
  #
@@ -282,13 +282,13 @@ module Aws::Organizations
282
282
  # principal from the master account.
283
283
  #
284
284
  # For more information about invitations, see [Inviting an AWS Account
285
- # to Join Your Organization][2] in the *AWS Organizations User Guide*.
285
+ # to Join Your Organization][2] in the *AWS Organizations User Guide.*
286
286
  # For more information about requests to enable all features in the
287
287
  # organization, see [Enabling All Features in Your Organization][3] in
288
- # the *AWS Organizations User Guide*.
288
+ # the *AWS Organizations User Guide.*
289
289
  #
290
290
  # After you accept a handshake, it continues to appear in the results of
291
- # relevant APIs for only 30 days. After that it is deleted.
291
+ # relevant APIs for only 30 days. After that, it's deleted.
292
292
  #
293
293
  #
294
294
  #
@@ -406,29 +406,28 @@ module Aws::Organizations
406
406
  # influence for a policy depends on what you attach the policy to:
407
407
  #
408
408
  # * If you attach an SCP to a root, it affects all accounts in the
409
- # organization.
409
+ # organization
410
410
  #
411
411
  # * If you attach an SCP to an OU, it affects all accounts in that OU
412
- # and in any child OUs.
412
+ # and in any child OUs
413
413
  #
414
- # * If you attach the policy directly to an account, then it affects
415
- # only that account.
414
+ # * If you attach the policy directly to an account, it affects only
415
+ # that account
416
416
  #
417
417
  # SCPs are JSON policies that specify the maximum permissions for an
418
418
  # organization or organizational unit (OU). When you attach one SCP to
419
419
  # a higher level root or OU, and you also attach a different SCP to a
420
420
  # child OU or to an account, the child policy can further restrict
421
421
  # only the permissions that pass through the parent filter and are
422
- # available to the child. An SCP that is attached to a child cannot
423
- # grant a permission that is not already granted by the parent. For
422
+ # available to the child. An SCP that is attached to a child can't
423
+ # grant a permission that the paren't hasn't already granted. For
424
424
  # example, imagine that the parent SCP allows permissions A, B, C, D,
425
425
  # and E. The child SCP allows C, D, E, F, and G. The result is that
426
426
  # the accounts affected by the child SCP are allowed to use only C, D,
427
- # and E. They cannot use A or B because they were filtered out by the
428
- # child OU. They also cannot use F and G because they were filtered
429
- # out by the parent OU. They cannot be granted back by the child SCP;
430
- # child SCPs can only filter the permissions they receive from the
431
- # parent SCP.
427
+ # and E. They can't use A or B because the child OU filtered them
428
+ # out. They also can't use F and G because the parent OU filtered
429
+ # them out. They can't be granted back by the child SCP; child SCPs
430
+ # can only filter the permissions they receive from the parent SCP.
432
431
  #
433
432
  # AWS Organizations attaches a default SCP named `"FullAWSAccess` to
434
433
  # every root, OU, and account. This default SCP allows all services
@@ -437,9 +436,9 @@ module Aws::Organizations
437
436
  # policy, you must replace it with a policy that specifies the
438
437
  # permissions that you want to allow in that OU or account.
439
438
  #
440
- # For more information about how Organizations policies permissions
441
- # work, see [Using Service Control Policies][1] in the *AWS
442
- # Organizations User Guide*.
439
+ # For more information about how AWS Organizations policies
440
+ # permissions work, see [Using Service Control Policies][1] in the
441
+ # *AWS Organizations User Guide.*
443
442
  #
444
443
  # This operation can be called only from the organization's master
445
444
  # account.
@@ -528,7 +527,7 @@ module Aws::Organizations
528
527
  # recipient can no longer respond to that handshake.
529
528
  #
530
529
  # After you cancel a handshake, it continues to appear in the results of
531
- # relevant APIs for only 30 days. After that it is deleted.
530
+ # relevant APIs for only 30 days. After that, it's deleted.
532
531
  #
533
532
  # @option params [required, String] :handshake_id
534
533
  # The unique identifier (ID) of the handshake that you want to cancel.
@@ -649,7 +648,7 @@ module Aws::Organizations
649
648
  # provide as a parameter to the DescribeCreateAccountStatus operation.
650
649
  #
651
650
  # * Check the AWS CloudTrail log for the `CreateAccountResult` event.
652
- # For information on using AWS CloudTrail with Organizations, see
651
+ # For information on using AWS CloudTrail with AWS Organizations, see
653
652
  # [Monitoring the Activity in Your Organization][1] in the *AWS
654
653
  # Organizations User Guide.*
655
654
  #
@@ -692,7 +691,7 @@ module Aws::Organizations
692
691
  # because your organization is still initializing, wait one hour and
693
692
  # then try again. If the error persists, contact [AWS Support][5].
694
693
  #
695
- # * Using CreateAccount to create multiple temporary accounts isn't
694
+ # * Using `CreateAccount` to create multiple temporary accounts isn't
696
695
  # recommended. You can only close an account from the Billing and Cost
697
696
  # Management Console, and you must be signed in as the root user. For
698
697
  # information on the requirements and process for closing an account,
@@ -746,7 +745,7 @@ module Aws::Organizations
746
745
  # account, see [Accessing and Administering the Member Accounts in Your
747
746
  # Organization][1] in the *AWS Organizations User Guide*, and steps 2
748
747
  # and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
749
- # Roles][2] in the *IAM User Guide*.
748
+ # Roles][2] in the *IAM User Guide.*
750
749
  #
751
750
  # The [regex pattern][3] that is used to validate this parameter is a
752
751
  # string of characters that can consist of uppercase letters, lowercase
@@ -831,7 +830,7 @@ module Aws::Organizations
831
830
 
832
831
  # This action is available if all of the following are true:
833
832
  #
834
- # * You are authorized to create accounts in the AWS GovCloud (US)
833
+ # * You're authorized to create accounts in the AWS GovCloud (US)
835
834
  # Region. For more information on the AWS GovCloud (US) Region, see
836
835
  # the [ *AWS GovCloud User Guide*.][1]
837
836
  #
@@ -845,7 +844,7 @@ module Aws::Organizations
845
844
  # Organizations creates the required service-linked role named
846
845
  # `AWSServiceRoleForOrganizations`. For more information, see [AWS
847
846
  # Organizations and Service-Linked Roles][2] in the *AWS Organizations
848
- # User Guide*.
847
+ # User Guide.*
849
848
  #
850
849
  # AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
851
850
  # accounts, but you should also do the following:
@@ -1044,7 +1043,7 @@ module Aws::Organizations
1044
1043
  end
1045
1044
 
1046
1045
  # Creates an AWS organization. The account whose user is calling the
1047
- # CreateOrganization operation automatically becomes the [master
1046
+ # `CreateOrganization` operation automatically becomes the [master
1048
1047
  # account][1] of the new organization.
1049
1048
  #
1050
1049
  # This operation must be called using credentials from the account that
@@ -1056,8 +1055,8 @@ module Aws::Organizations
1056
1055
  # control policies automatically enabled in the root. If you instead
1057
1056
  # choose to create the organization supporting only the consolidated
1058
1057
  # billing features by setting the `FeatureSet` parameter to
1059
- # `CONSOLIDATED_BILLING"`, then no policy types are enabled by default
1060
- # and you cannot use organization policies.
1058
+ # `CONSOLIDATED_BILLING"`, no policy types are enabled by default, and
1059
+ # you can't use organization policies.
1061
1060
  #
1062
1061
  #
1063
1062
  #
@@ -1067,19 +1066,19 @@ module Aws::Organizations
1067
1066
  # Specifies the feature set supported by the new organization. Each
1068
1067
  # feature set supports different levels of functionality.
1069
1068
  #
1070
- # * *CONSOLIDATED\_BILLING*\: All member accounts have their bills
1069
+ # * `CONSOLIDATED_BILLING`\: All member accounts have their bills
1071
1070
  # consolidated to and paid by the master account. For more
1072
1071
  # information, see [Consolidated billing][1] in the *AWS Organizations
1073
- # User Guide*.
1072
+ # User Guide.*
1074
1073
  #
1075
1074
  # The consolidated billing feature subset isn't available for
1076
1075
  # organizations in the AWS GovCloud (US) Region.
1077
1076
  #
1078
- # * *ALL*\: In addition to all the features supported by the
1077
+ # * `ALL`\: In addition to all the features supported by the
1079
1078
  # consolidated billing feature set, the master account can also apply
1080
1079
  # any type of policy to any member account in the organization. For
1081
1080
  # more information, see [All features][2] in the *AWS Organizations
1082
- # User Guide*.
1081
+ # User Guide.*
1083
1082
  #
1084
1083
  #
1085
1084
  #
@@ -1176,7 +1175,7 @@ module Aws::Organizations
1176
1175
  # is five.
1177
1176
  #
1178
1177
  # For more information about OUs, see [Managing Organizational Units][1]
1179
- # in the *AWS Organizations User Guide*.
1178
+ # in the *AWS Organizations User Guide.*
1180
1179
  #
1181
1180
  # This operation can be called only from the organization's master
1182
1181
  # account.
@@ -1186,8 +1185,8 @@ module Aws::Organizations
1186
1185
  # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
1187
1186
  #
1188
1187
  # @option params [required, String] :parent_id
1189
- # The unique identifier (ID) of the parent root or OU in which you want
1190
- # to create the new OU.
1188
+ # The unique identifier (ID) of the parent root or OU that you want to
1189
+ # create the new OU in.
1191
1190
  #
1192
1191
  # The [regex pattern][1] for a parent ID string requires one of the
1193
1192
  # following:
@@ -1271,7 +1270,7 @@ module Aws::Organizations
1271
1270
  # text that specifies the permissions that admins in attached accounts
1272
1271
  # can delegate to their users, groups, and roles. For more information
1273
1272
  # about the SCP syntax, see [Service Control Policy Syntax][2] in the
1274
- # *AWS Organizations User Guide*.
1273
+ # *AWS Organizations User Guide.*
1275
1274
  #
1276
1275
  #
1277
1276
  #
@@ -1365,10 +1364,10 @@ module Aws::Organizations
1365
1364
  # This operation can be called only from the account that received the
1366
1365
  # handshake. The originator of the handshake can use CancelHandshake
1367
1366
  # instead. The originator can't reactivate a declined request, but can
1368
- # re-initiate the process with a new handshake request.
1367
+ # reinitiate the process with a new handshake request.
1369
1368
  #
1370
1369
  # After you decline a handshake, it continues to appear in the results
1371
- # of relevant APIs for only 30 days. After that it is deleted.
1370
+ # of relevant APIs for only 30 days. After that, it's deleted.
1372
1371
  #
1373
1372
  # @option params [required, String] :handshake_id
1374
1373
  # The unique identifier (ID) of the handshake that you want to decline.
@@ -1581,7 +1580,7 @@ module Aws::Organizations
1581
1580
  req.send_request(options)
1582
1581
  end
1583
1582
 
1584
- # Retrieves Organizations-related information about the specified
1583
+ # Retrieves AWS Organizations-related information about the specified
1585
1584
  # account.
1586
1585
  #
1587
1586
  # This operation can be called only from the organization's master
@@ -1720,9 +1719,9 @@ module Aws::Organizations
1720
1719
  # handshake ID comes from the response to the original
1721
1720
  # InviteAccountToOrganization operation that generated the handshake.
1722
1721
  #
1723
- # You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for
1724
- # only 30 days after they change to that state. They are then deleted
1725
- # and no longer accessible.
1722
+ # You can access handshakes that are `ACCEPTED`, `DECLINED`, or
1723
+ # `CANCELED` for only 30 days after they change to that state. They're
1724
+ # then deleted and no longer accessible.
1726
1725
  #
1727
1726
  # This operation can be called from any account in the organization.
1728
1727
  #
@@ -1832,8 +1831,8 @@ module Aws::Organizations
1832
1831
  #
1833
1832
  # This operation can be called from any account in the organization.
1834
1833
  #
1835
- # <note markdown="1"> Even if a policy type is shown as available in the organization, it
1836
- # can be disabled separately at the root level with DisablePolicyType.
1834
+ # <note markdown="1"> Even if a policy type is shown as available in the organization, you
1835
+ # can disable it separately at the root level with DisablePolicyType.
1837
1836
  # Use ListRoots to see the status of policy types for a specified root.
1838
1837
  #
1839
1838
  # </note>
@@ -2027,13 +2026,13 @@ module Aws::Organizations
2027
2026
  #
2028
2027
  # **Note:** Every root, OU, and account must have at least one SCP
2029
2028
  # attached. If you want to replace the default `FullAWSAccess` policy
2030
- # with one that limits the permissions that can be delegated, then you
2031
- # must attach the replacement policy before you can remove the default
2032
- # one. This is the authorization strategy of [whitelisting][1]. If you
2029
+ # with one that limits the permissions that can be delegated, you must
2030
+ # attach the replacement policy before you can remove the default one.
2031
+ # This is the authorization strategy of [whitelisting][1]. If you
2033
2032
  # instead attach a second SCP and leave the `FullAWSAccess` SCP still
2034
2033
  # attached, and specify `"Effect": "Deny"` in the second SCP to override
2035
2034
  # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
2036
- # attached SCP), then you are using the authorization strategy of
2035
+ # attached SCP), you're using the authorization strategy of
2037
2036
  # [blacklisting][2].
2038
2037
  #
2039
2038
  # This operation can be called only from the organization's master
@@ -2056,8 +2055,8 @@ module Aws::Organizations
2056
2055
  # [1]: http://wikipedia.org/wiki/regex
2057
2056
  #
2058
2057
  # @option params [required, String] :target_id
2059
- # The unique identifier (ID) of the root, OU, or account from which you
2060
- # want to detach the policy. You can get the ID from the ListRoots,
2058
+ # The unique identifier (ID) of the root, OU, or account that you want
2059
+ # to detach the policy from. You can get the ID from the ListRoots,
2061
2060
  # ListOrganizationalUnitsForParent, or ListAccounts operations.
2062
2061
  #
2063
2062
  # The [regex pattern][1] for a target ID string requires one of the
@@ -2132,7 +2131,7 @@ module Aws::Organizations
2132
2131
  # For more information about integrating other services with AWS
2133
2132
  # Organizations, including the list of services that work with
2134
2133
  # Organizations, see [Integrating AWS Organizations with Other AWS
2135
- # Services][2] in the *AWS Organizations User Guide*.
2134
+ # Services][2] in the *AWS Organizations User Guide.*
2136
2135
  #
2137
2136
  # This operation can be called only from the organization's master
2138
2137
  # account.
@@ -2264,7 +2263,7 @@ module Aws::Organizations
2264
2263
  #
2265
2264
  # For more information about enabling services to integrate with AWS
2266
2265
  # Organizations, see [Integrating AWS Organizations with Other AWS
2267
- # Services][2] in the *AWS Organizations User Guide*.
2266
+ # Services][2] in the *AWS Organizations User Guide.*
2268
2267
  #
2269
2268
  # This operation can be called only from the organization's master
2270
2269
  # account and only if the organization has [enabled all features][3].
@@ -2303,7 +2302,7 @@ module Aws::Organizations
2303
2302
  # access only to consolidated billing, and you can't use any of the
2304
2303
  # advanced account administration features that AWS Organizations
2305
2304
  # supports. For more information, see [Enabling All Features in Your
2306
- # Organization][1] in the *AWS Organizations User Guide*.
2305
+ # Organization][1] in the *AWS Organizations User Guide.*
2307
2306
  #
2308
2307
  # This operation is required only for organizations that were created
2309
2308
  # explicitly with only the consolidated billing features enabled.
@@ -2484,24 +2483,24 @@ module Aws::Organizations
2484
2483
  end
2485
2484
 
2486
2485
  # Sends an invitation to another account to join your organization as a
2487
- # member account. Organizations sends email on your behalf to the email
2488
- # address that is associated with the other account's owner. The
2486
+ # member account. AWS Organizations sends email on your behalf to the
2487
+ # email address that is associated with the other account's owner. The
2489
2488
  # invitation is implemented as a Handshake whose details are in the
2490
2489
  # response.
2491
2490
  #
2492
2491
  # * You can invite AWS accounts only from the same seller as the master
2493
2492
  # account. For example, if your organization's master account was
2494
2493
  # created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller
2495
- # in India, then you can only invite other AISPL accounts to your
2496
- # organization. You can't combine accounts from AISPL and AWS, or any
2497
- # other AWS seller. For more information, see [Consolidated Billing in
2498
- # India][1].
2494
+ # in India, you can invite only other AISPL accounts to your
2495
+ # organization. You can't combine accounts from AISPL and AWS or from
2496
+ # any other AWS seller. For more information, see [Consolidated
2497
+ # Billing in India][1].
2499
2498
  #
2500
2499
  # * If you receive an exception that indicates that you exceeded your
2501
2500
  # account limits for the organization or that the operation failed
2502
2501
  # because your organization is still initializing, wait one hour and
2503
- # then try again. If the error persists after an hour, then contact
2504
- # [AWS Customer Support][2].
2502
+ # then try again. If the error persists after an hour, contact [AWS
2503
+ # Support][2].
2505
2504
  #
2506
2505
  # This operation can be called only from the organization's master
2507
2506
  # account.
@@ -2523,10 +2522,9 @@ module Aws::Organizations
2523
2522
  #
2524
2523
  # `--target Id=123456789012,Type=ACCOUNT`
2525
2524
  #
2526
- # If you specify `"Type": "ACCOUNT"`, then you must provide the AWS
2527
- # account ID number as the `Id`. If you specify `"Type": "EMAIL"`, then
2528
- # you must specify the email address that is associated with the
2529
- # account.
2525
+ # If you specify `"Type": "ACCOUNT"`, you must provide the AWS account
2526
+ # ID number as the `Id`. If you specify `"Type": "EMAIL"`, you must
2527
+ # specify the email address that is associated with the account.
2530
2528
  #
2531
2529
  # `--target Id=diego@example.com,Type=EMAIL`
2532
2530
  #
@@ -2653,19 +2651,19 @@ module Aws::Organizations
2653
2651
  # using the AWS Organizations console, API, or CLI commands, the
2654
2652
  # information required of standalone accounts is *not* automatically
2655
2653
  # collected. For each account that you want to make standalone, you
2656
- # must accept the End User License Agreement (EULA), choose a support
2654
+ # must accept the end user license agreement (EULA), choose a support
2657
2655
  # plan, provide and verify the required contact information, and
2658
2656
  # provide a current payment method. AWS uses the payment method to
2659
2657
  # charge for any billable (not free tier) AWS activity that occurs
2660
- # while the account is not attached to an organization. Follow the
2658
+ # while the account isn't attached to an organization. Follow the
2661
2659
  # steps at [ To leave an organization when all required account
2662
2660
  # information has not yet been provided][1] in the *AWS Organizations
2663
- # User Guide*.
2661
+ # User Guide.*
2664
2662
  #
2665
2663
  # * You can leave an organization only after you enable IAM user access
2666
2664
  # to billing in your account. For more information, see [Activating
2667
2665
  # Access to the Billing and Cost Management Console][2] in the *AWS
2668
- # Billing and Cost Management User Guide*.
2666
+ # Billing and Cost Management User Guide.*
2669
2667
  #
2670
2668
  #
2671
2669
  #
@@ -2699,7 +2697,7 @@ module Aws::Organizations
2699
2697
  # For more information about integrating other services with AWS
2700
2698
  # Organizations, including the list of services that currently work with
2701
2699
  # Organizations, see [Integrating AWS Organizations with Other AWS
2702
- # Services][1] in the *AWS Organizations User Guide*.
2700
+ # Services][1] in the *AWS Organizations User Guide.*
2703
2701
  #
2704
2702
  # This operation can be called only from the organization's master
2705
2703
  # account.
@@ -2872,8 +2870,8 @@ module Aws::Organizations
2872
2870
 
2873
2871
  # Lists the accounts in an organization that are contained by the
2874
2872
  # specified target root or organizational unit (OU). If you specify the
2875
- # root, you get a list of all the accounts that are not in any OU. If
2876
- # you specify an OU, you get a list of all the accounts in only that OU,
2873
+ # root, you get a list of all the accounts that aren't in any OU. If
2874
+ # you specify an OU, you get a list of all the accounts in only that OU
2877
2875
  # and not in any child OUs. To get a list of all accounts in the
2878
2876
  # organization, use the ListAccounts operation.
2879
2877
  #
@@ -3103,8 +3101,8 @@ module Aws::Organizations
3103
3101
  #
3104
3102
  # @option params [Array<String>] :states
3105
3103
  # A list of one or more states that you want included in the response.
3106
- # If this parameter is not present, then all requests are included in
3107
- # the response.
3104
+ # If this parameter isn't present, all requests are included in the
3105
+ # response.
3108
3106
  #
3109
3107
  # @option params [String] :next_token
3110
3108
  # Use this parameter if you receive a `NextToken` response in a previous
@@ -3211,9 +3209,9 @@ module Aws::Organizations
3211
3209
  # Lists the current handshakes that are associated with the account of
3212
3210
  # the requesting user.
3213
3211
  #
3214
- # Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the
3215
- # results of this API for only 30 days after changing to that state.
3216
- # After that they are deleted and no longer accessible.
3212
+ # Handshakes that are `ACCEPTED`, `DECLINED`, or `CANCELED` appear in
3213
+ # the results of this API for only 30 days after changing to that state.
3214
+ # After that, they're deleted and no longer accessible.
3217
3215
  #
3218
3216
  # <note markdown="1"> Always check the `NextToken` response parameter for a `null` value
3219
3217
  # when calling a `List*` operation. These operations can occasionally
@@ -3357,9 +3355,9 @@ module Aws::Organizations
3357
3355
  # operation returns a list of handshake structures. Each structure
3358
3356
  # contains details and status about a handshake.
3359
3357
  #
3360
- # Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the
3361
- # results of this API for only 30 days after changing to that state.
3362
- # After that they are deleted and no longer accessible.
3358
+ # Handshakes that are `ACCEPTED`, `DECLINED`, or `CANCELED` appear in
3359
+ # the results of this API for only 30 days after changing to that state.
3360
+ # After that, they're deleted and no longer accessible.
3363
3361
  #
3364
3362
  # <note markdown="1"> Always check the `NextToken` response parameter for a `null` value
3365
3363
  # when calling a `List*` operation. These operations can occasionally
@@ -3668,7 +3666,7 @@ module Aws::Organizations
3668
3666
  #
3669
3667
  # @option params [required, String] :child_id
3670
3668
  # The unique identifier (ID) of the OU or account whose parent
3671
- # containers you want to list. Do not specify a root.
3669
+ # containers you want to list. Don't specify a root.
3672
3670
  #
3673
3671
  # The [regex pattern][1] for a child ID string requires one of the
3674
3672
  # following:
@@ -3988,7 +3986,7 @@ module Aws::Organizations
3988
3986
  # account.
3989
3987
  #
3990
3988
  # <note markdown="1"> Policy types can be enabled and disabled in roots. This is distinct
3991
- # from whether they are available in the organization. When you enable
3989
+ # from whether they're available in the organization. When you enable
3992
3990
  # all features, you make policy types available for use in that
3993
3991
  # organization. Individual policy types can then be enabled and disabled
3994
3992
  # in a root. To see the availability of a policy type in an
@@ -4071,8 +4069,49 @@ module Aws::Organizations
4071
4069
  req.send_request(options)
4072
4070
  end
4073
4071
 
4074
- # Lists all the roots, organizational units (OUs), and accounts to which
4075
- # the specified policy is attached.
4072
+ # Lists tags for the specified resource.
4073
+ #
4074
+ # Currently, you can list tags on an account in AWS Organizations.
4075
+ #
4076
+ # @option params [required, String] :resource_id
4077
+ # The ID of the resource that you want to retrieve tags for.
4078
+ #
4079
+ # @option params [String] :next_token
4080
+ # Use this parameter if you receive a `NextToken` response in a previous
4081
+ # request that indicates that there is more output available. Set it to
4082
+ # the value of the previous call's `NextToken` response to indicate
4083
+ # where the output should continue from.
4084
+ #
4085
+ # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4086
+ #
4087
+ # * {Types::ListTagsForResourceResponse#tags #tags} => Array&lt;Types::Tag&gt;
4088
+ # * {Types::ListTagsForResourceResponse#next_token #next_token} => String
4089
+ #
4090
+ # @example Request syntax with placeholder values
4091
+ #
4092
+ # resp = client.list_tags_for_resource({
4093
+ # resource_id: "TaggableResourceId", # required
4094
+ # next_token: "NextToken",
4095
+ # })
4096
+ #
4097
+ # @example Response structure
4098
+ #
4099
+ # resp.tags #=> Array
4100
+ # resp.tags[0].key #=> String
4101
+ # resp.tags[0].value #=> String
4102
+ # resp.next_token #=> String
4103
+ #
4104
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource AWS API Documentation
4105
+ #
4106
+ # @overload list_tags_for_resource(params = {})
4107
+ # @param [Hash] params ({})
4108
+ def list_tags_for_resource(params = {}, options = {})
4109
+ req = build_request(:list_tags_for_resource, params)
4110
+ req.send_request(options)
4111
+ end
4112
+
4113
+ # Lists all the roots, organizational units (OUs), and accounts that the
4114
+ # specified policy is attached to.
4076
4115
  #
4077
4116
  # <note markdown="1"> Always check the `NextToken` response parameter for a `null` value
4078
4117
  # when calling a `List*` operation. These operations can occasionally
@@ -4086,8 +4125,8 @@ module Aws::Organizations
4086
4125
  # account.
4087
4126
  #
4088
4127
  # @option params [required, String] :policy_id
4089
- # The unique identifier (ID) of the policy for which you want to know
4090
- # its attachments.
4128
+ # The unique identifier (ID) of the policy whose attachments you want to
4129
+ # know.
4091
4130
  #
4092
4131
  # The [regex pattern][1] for a policy ID string requires "p-" followed
4093
4132
  # by from 8 to 128 lower-case letters or digits.
@@ -4265,11 +4304,11 @@ module Aws::Organizations
4265
4304
 
4266
4305
  # Removes the specified account from the organization.
4267
4306
  #
4268
- # The removed account becomes a stand-alone account that is not a member
4269
- # of any organization. It is no longer subject to any policies and is
4307
+ # The removed account becomes a standalone account that isn't a member
4308
+ # of any organization. It's no longer subject to any policies and is
4270
4309
  # responsible for its own bill payments. The organization's master
4271
4310
  # account is no longer charged for any expenses accrued by the member
4272
- # account after it is removed from the organization.
4311
+ # account after it's removed from the organization.
4273
4312
  #
4274
4313
  # This operation can be called only from the organization's master
4275
4314
  # account. Member accounts can remove themselves with LeaveOrganization
@@ -4280,16 +4319,16 @@ module Aws::Organizations
4280
4319
  # account. When you create an account in an organization using the AWS
4281
4320
  # Organizations console, API, or CLI commands, the information required
4282
4321
  # of standalone accounts is *not* automatically collected. For an
4283
- # account that you want to make standalone, you must accept the End User
4284
- # License Agreement (EULA), choose a support plan, provide and verify
4322
+ # account that you want to make standalone, you must accept the end user
4323
+ # license agreement (EULA), choose a support plan, provide and verify
4285
4324
  # the required contact information, and provide a current payment
4286
4325
  # method. AWS uses the payment method to charge for any billable (not
4287
- # free tier) AWS activity that occurs while the account is not attached
4288
- # to an organization. To remove an account that does not yet have this
4326
+ # free tier) AWS activity that occurs while the account isn't attached
4327
+ # to an organization. To remove an account that doesn't yet have this
4289
4328
  # information, you must sign in as the member account and follow the
4290
4329
  # steps at [ To leave an organization when all required account
4291
4330
  # information has not yet been provided][1] in the *AWS Organizations
4292
- # User Guide*.
4331
+ # User Guide.*
4293
4332
  #
4294
4333
  #
4295
4334
  #
@@ -4332,7 +4371,68 @@ module Aws::Organizations
4332
4371
  req.send_request(options)
4333
4372
  end
4334
4373
 
4335
- # Renames the specified organizational unit (OU). The ID and ARN do not
4374
+ # Adds one or more tags to the specified resource.
4375
+ #
4376
+ # Currently, you can tag and untag accounts in AWS Organizations.
4377
+ #
4378
+ # @option params [required, String] :resource_id
4379
+ # The ID of the resource to add a tag to.
4380
+ #
4381
+ # @option params [required, Array<Types::Tag>] :tags
4382
+ # The tag to add to the specified resource.
4383
+ #
4384
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4385
+ #
4386
+ # @example Request syntax with placeholder values
4387
+ #
4388
+ # resp = client.tag_resource({
4389
+ # resource_id: "TaggableResourceId", # required
4390
+ # tags: [ # required
4391
+ # {
4392
+ # key: "TagKey",
4393
+ # value: "TagValue",
4394
+ # },
4395
+ # ],
4396
+ # })
4397
+ #
4398
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource AWS API Documentation
4399
+ #
4400
+ # @overload tag_resource(params = {})
4401
+ # @param [Hash] params ({})
4402
+ def tag_resource(params = {}, options = {})
4403
+ req = build_request(:tag_resource, params)
4404
+ req.send_request(options)
4405
+ end
4406
+
4407
+ # Removes a tag from the specified resource.
4408
+ #
4409
+ # Currently, you can tag and untag accounts in AWS Organizations.
4410
+ #
4411
+ # @option params [required, String] :resource_id
4412
+ # The ID of the resource to remove the tag from.
4413
+ #
4414
+ # @option params [required, Array<String>] :tag_keys
4415
+ # The tag to remove from the specified resource.
4416
+ #
4417
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4418
+ #
4419
+ # @example Request syntax with placeholder values
4420
+ #
4421
+ # resp = client.untag_resource({
4422
+ # resource_id: "TaggableResourceId", # required
4423
+ # tag_keys: ["TagKey"], # required
4424
+ # })
4425
+ #
4426
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource AWS API Documentation
4427
+ #
4428
+ # @overload untag_resource(params = {})
4429
+ # @param [Hash] params ({})
4430
+ def untag_resource(params = {}, options = {})
4431
+ req = build_request(:untag_resource, params)
4432
+ req.send_request(options)
4433
+ end
4434
+
4435
+ # Renames the specified organizational unit (OU). The ID and ARN don't
4336
4436
  # change. The child OUs and accounts remain in place, and any attached
4337
4437
  # policies of the OU remain attached.
4338
4438
  #
@@ -4408,8 +4508,8 @@ module Aws::Organizations
4408
4508
  end
4409
4509
 
4410
4510
  # Updates an existing policy with a new name, description, or content.
4411
- # If any parameter is not supplied, that value remains unchanged. Note
4412
- # that you cannot change a policy's type.
4511
+ # If you don't supply any parameter, that value remains unchanged. You
4512
+ # can't change a policy's type.
4413
4513
  #
4414
4514
  # This operation can be called only from the organization's master
4415
4515
  # account.
@@ -4441,7 +4541,7 @@ module Aws::Organizations
4441
4541
  # If provided, the new content for the policy. The text must be
4442
4542
  # correctly formatted JSON that complies with the syntax for the
4443
4543
  # policy's type. For more information, see [Service Control Policy
4444
- # Syntax][1] in the *AWS Organizations User Guide*.
4544
+ # Syntax][1] in the *AWS Organizations User Guide.*
4445
4545
  #
4446
4546
  #
4447
4547
  #
@@ -4544,7 +4644,7 @@ module Aws::Organizations
4544
4644
  params: params,
4545
4645
  config: config)
4546
4646
  context[:gem_name] = 'aws-sdk-organizations'
4547
- context[:gem_version] = '1.27.0'
4647
+ context[:gem_version] = '1.28.0'
4548
4648
  Seahorse::Client::Request.new(handlers, context)
4549
4649
  end
4550
4650