aws-sdk-organizations 1.34.0 → 1.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1839fa2f91c699ed20b4c9a7dea17ed77d4900e9
4
- data.tar.gz: d4f3225f49573fbd0e5af751a8c9669fd97d5d42
3
+ metadata.gz: ca2aa56827f96c8148f0962e35b1703dc5d802f9
4
+ data.tar.gz: e844782734f24f8de7378ab43d8d0c54805c4e40
5
5
  SHA512:
6
- metadata.gz: 13690cc3c7f616a7acf2d67fa6e36c797442d0bd54d0e71817fbac9813c1184ad5557c503c07876c39683b391cda7dcbfd07184392ad757acacde233800e1e95
7
- data.tar.gz: 5ab194b630f40e959dfbd997b3f2f3b9e67e0c180ba9f2a9ef4ea74ef7504cbb2e8dfa89fc97a313131036a32ad6765c9d3194a01d479d0af47c29a6cb51ab3a
6
+ metadata.gz: 00b78b726380de427a1ab756f0cc1e3e31fd2253096c756a87ba007cd2a2f23db62c266ca4a05492bd1148f17954c7bdb03a1494f179f55e5cc3496ac122f861
7
+ data.tar.gz: 693bf2298c46a3aa57700887f7be339754bf4b0e8000f31f444a98d98c6fb7e62cb2a4c3fb232e4c35e3ccb2ae304a0e0052442c01f5d417efd0a2afb7c8b444
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-organizations/customizations'
42
42
  # @service
43
43
  module Aws::Organizations
44
44
 
45
- GEM_VERSION = '1.34.0'
45
+ GEM_VERSION = '1.35.0'
46
46
 
47
47
  end
@@ -304,7 +304,7 @@ module Aws::Organizations
304
304
  # The unique identifier (ID) of the handshake that you want to accept.
305
305
  #
306
306
  # The [regex pattern][1] for handshake ID string requires "h-"
307
- # followed by from 8 to 32 lower-case letters or digits.
307
+ # followed by from 8 to 32 lowercase letters or digits.
308
308
  #
309
309
  #
310
310
  #
@@ -402,54 +402,23 @@ module Aws::Organizations
402
402
  end
403
403
 
404
404
  # Attaches a policy to a root, an organizational unit (OU), or an
405
- # individual account. How the policy affects accounts depends on the
406
- # type of policy:
407
- #
408
- # * **Service control policy (SCP)** - An SCP specifies what permissions
409
- # can be delegated to users in affected member accounts. The scope of
410
- # influence for a policy depends on what you attach the policy to:
411
- #
412
- # * If you attach an SCP to a root, it affects all accounts in the
413
- # organization.
414
- #
415
- # * If you attach an SCP to an OU, it affects all accounts in that OU
416
- # and in any child OUs.
417
- #
418
- # * If you attach the policy directly to an account, it affects only
419
- # that account.
420
- #
421
- # SCPs are JSON policies that specify the maximum permissions for an
422
- # organization or organizational unit (OU). You can attach one SCP to
423
- # a higher level root or OU, and a different SCP to a child OU or to
424
- # an account. The child policy can further restrict only the
425
- # permissions that pass through the parent filter and are available to
426
- # the child. An SCP that is attached to a child can't grant a
427
- # permission that the parent hasn't already granted. For example,
428
- # imagine that the parent SCP allows permissions A, B, C, D, and E.
429
- # The child SCP allows C, D, E, F, and G. The result is that the
430
- # accounts affected by the child SCP are allowed to use only C, D, and
431
- # E. They can't use A or B because the child OU filtered them out.
432
- # They also can't use F and G because the parent OU filtered them
433
- # out. They can't be granted back by the child SCP; child SCPs can
434
- # only filter the permissions they receive from the parent SCP.
435
- #
436
- # AWS Organizations attaches a default SCP named `"FullAWSAccess` to
437
- # every root, OU, and account. This default SCP allows all services
438
- # and actions, enabling any new child OU or account to inherit the
439
- # permissions of the parent root or OU. If you detach the default
440
- # policy, you must replace it with a policy that specifies the
441
- # permissions that you want to allow in that OU or account.
442
- #
443
- # For more information about how AWS Organizations policies
444
- # permissions work, see [Using Service Control Policies][1] in the
445
- # *AWS Organizations User Guide.*
405
+ # individual account.
406
+ #
407
+ # How the policy affects accounts depends on the type of policy:
408
+ #
409
+ # * For more information about attaching SCPs, see [How SCPs Work][1] in
410
+ # the *AWS Organizations User Guide.*
411
+ #
412
+ # * For information about attaching tag policies, see [How Policy
413
+ # Inheritance Works][2] in the *AWS Organizations User Guide.*
446
414
  #
447
415
  # This operation can be called only from the organization's master
448
416
  # account.
449
417
  #
450
418
  #
451
419
  #
452
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
420
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html
421
+ # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
453
422
  #
454
423
  # @option params [required, String] :policy_id
455
424
  # The unique identifier (ID) of the policy that you want to attach to
@@ -457,7 +426,7 @@ module Aws::Organizations
457
426
  # ListPolicies operation.
458
427
  #
459
428
  # The [regex pattern][1] for a policy ID string requires "p-" followed
460
- # by from 8 to 128 lower-case letters or digits.
429
+ # by from 8 to 128 lowercase letters or digits.
461
430
  #
462
431
  #
463
432
  #
@@ -472,14 +441,14 @@ module Aws::Organizations
472
441
  # following:
473
442
  #
474
443
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
475
- # lower-case letters or digits.
444
+ # lowercase letters or digits.
476
445
  #
477
446
  # * **Account** - A string that consists of exactly 12 digits.
478
447
  #
479
448
  # * **Organizational unit (OU)** - A string that begins with "ou-"
480
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
481
- # root that the OU is in) followed by a second "-" dash and from 8
482
- # to 32 additional lower-case letters or digits.
449
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
450
+ # root that the OU is in). This string is followed by a second "-"
451
+ # dash and from 8 to 32 additional lowercase letters or digits.
483
452
  #
484
453
  #
485
454
  #
@@ -538,7 +507,7 @@ module Aws::Organizations
538
507
  # You can get the ID from the ListHandshakesForOrganization operation.
539
508
  #
540
509
  # The [regex pattern][1] for handshake ID string requires "h-"
541
- # followed by from 8 to 32 lower-case letters or digits.
510
+ # followed by from 8 to 32 lowercase letters or digits.
542
511
  #
543
512
  #
544
513
  #
@@ -679,14 +648,14 @@ module Aws::Organizations
679
648
  # Account in Your Organization][3] in the *AWS Organizations User
680
649
  # Guide.*
681
650
  #
682
- # * When you create an account in an organization using the AWS
683
- # Organizations console, API, or CLI commands, the information
684
- # required for the account to operate as a standalone account, such as
685
- # a payment method and signing the end user license agreement (EULA)
686
- # is *not* automatically collected. If you must remove an account from
687
- # your organization later, you can do so only after you provide the
688
- # missing information. Follow the steps at [ To leave an organization
689
- # as a member account][4] in the *AWS Organizations User Guide*.
651
+ # * When you create an account in an organization, the information
652
+ # required for the account to operate as a standalone account is *not*
653
+ # automatically collected. For example, information about the payment
654
+ # method and signing the end user license agreement (EULA) is not
655
+ # collected. If you must remove an account from your organization
656
+ # later, you can do so only after you provide the missing information.
657
+ # Follow the steps at [ To leave an organization as a member
658
+ # account][4] in the *AWS Organizations User Guide*.
690
659
  #
691
660
  # * If you get an exception that indicates that you exceeded your
692
661
  # account limits for the organization, contact [AWS Support][5].
@@ -747,14 +716,13 @@ module Aws::Organizations
747
716
  #
748
717
  # For more information about how to use this role to access the member
749
718
  # account, see [Accessing and Administering the Member Accounts in Your
750
- # Organization][1] in the *AWS Organizations User Guide*, and steps 2
751
- # and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
719
+ # Organization][1] in the *AWS Organizations User Guide*. Also see steps
720
+ # 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
752
721
  # Roles][2] in the *IAM User Guide.*
753
722
  #
754
- # The [regex pattern][3] that is used to validate this parameter is a
755
- # string of characters that can consist of uppercase letters, lowercase
756
- # letters, digits with no spaces, and any of the following characters:
757
- # =,.@-
723
+ # The [regex pattern][3] that is used to validate this parameter. The
724
+ # pattern can include uppercase letters, lowercase letters, digits with
725
+ # no spaces, and any of the following characters: =,.@-
758
726
  #
759
727
  #
760
728
  #
@@ -770,9 +738,9 @@ module Aws::Organizations
770
738
  # the Billing and Cost Management Console][1] in the *AWS Billing and
771
739
  # Cost Management User Guide*.
772
740
  #
773
- # If you don't specify this parameter, the value defaults to `ALLOW`,
774
- # and IAM users and roles with the required permissions can access
775
- # billing information for the new account.
741
+ # If you don't specify this parameter, the value defaults to `ALLOW`.
742
+ # This value allows IAM users and roles with the required permissions to
743
+ # access billing information for the new account.
776
744
  #
777
745
  #
778
746
  #
@@ -821,7 +789,7 @@ module Aws::Organizations
821
789
  # resp.create_account_status.completed_timestamp #=> Time
822
790
  # resp.create_account_status.account_id #=> String
823
791
  # resp.create_account_status.gov_cloud_account_id #=> String
824
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
792
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
825
793
  #
826
794
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
827
795
  #
@@ -896,24 +864,24 @@ module Aws::Organizations
896
864
  # allows the master account in the organization in the commercial Region
897
865
  # to assume it. An AWS GovCloud (US) account is then created and
898
866
  # associated with the commercial account that you just created. A role
899
- # is created in the new AWS GovCloud (US) account that can be assumed by
900
- # the AWS GovCloud (US) account that is associated with the master
901
- # account of the commercial organization. For more information and to
902
- # view a diagram that explains how account access works, see [AWS
867
+ # is created in the new AWS GovCloud (US) account. This role can be
868
+ # assumed by the AWS GovCloud (US) account that is associated with the
869
+ # master account of the commercial organization. For more information
870
+ # and to view a diagram that explains how account access works, see [AWS
903
871
  # Organizations][4] in the *AWS GovCloud User Guide.*
904
872
  #
905
873
  # For more information about creating accounts, see [Creating an AWS
906
874
  # Account in Your Organization][6] in the *AWS Organizations User
907
875
  # Guide.*
908
876
  #
909
- # * When you create an account in an organization using the AWS
910
- # Organizations console, API, or CLI commands, the information
911
- # required for the account to operate as a standalone account, such as
912
- # a payment method and signing the end user license agreement (EULA)
913
- # is *not* automatically collected. If you must remove an account from
914
- # your organization later, you can do so only after you provide the
915
- # missing information. Follow the steps at [ To leave an organization
916
- # as a member account][7] in the *AWS Organizations User Guide.*
877
+ # * You can create an account in an organization using the AWS
878
+ # Organizations console, API, or CLI commands. When you do, the
879
+ # information required for the account to operate as a standalone
880
+ # account, such as a payment method, is *not* automatically collected.
881
+ # If you must remove an account from your organization later, you can
882
+ # do so only after you provide the missing information. Follow the
883
+ # steps at [ To leave an organization as a member account][7] in the
884
+ # *AWS Organizations User Guide.*
917
885
  #
918
886
  # * If you get an exception that indicates that you exceeded your
919
887
  # account limits for the organization, contact [AWS Support][8].
@@ -961,8 +929,8 @@ module Aws::Organizations
961
929
  # of the account or remove an account that was created with an invalid
962
930
  # email address. Like all request parameters for
963
931
  # `CreateGovCloudAccount`, the request for the email address for the AWS
964
- # GovCloud (US) account originates from the commercial Region, not from
965
- # the AWS GovCloud (US) Region.
932
+ # GovCloud (US) account originates from the commercial Region. It does
933
+ # not come from the AWS GovCloud (US) Region.
966
934
  #
967
935
  # @option params [required, String] :account_name
968
936
  # The friendly name of the member account.
@@ -982,14 +950,13 @@ module Aws::Organizations
982
950
  #
983
951
  # For more information about how to use this role to access the member
984
952
  # account, see [Accessing and Administering the Member Accounts in Your
985
- # Organization][1] in the *AWS Organizations User Guide* and steps 2 and
986
- # 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
953
+ # Organization][1] in the *AWS Organizations User Guide*. See also steps
954
+ # 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
987
955
  # Roles][2] in the *IAM User Guide.*
988
956
  #
989
- # The [regex pattern][3] that is used to validate this parameter is a
990
- # string of characters that can consist of uppercase letters, lowercase
991
- # letters, digits with no spaces, and any of the following characters:
992
- # =,.@-
957
+ # The [regex pattern][3] that is used to validate this parameter. The
958
+ # pattern can include uppercase letters, lowercase letters, digits with
959
+ # no spaces, and any of the following characters: =,.@-
993
960
  #
994
961
  #
995
962
  #
@@ -1035,7 +1002,7 @@ module Aws::Organizations
1035
1002
  # resp.create_account_status.completed_timestamp #=> Time
1036
1003
  # resp.create_account_status.account_id #=> String
1037
1004
  # resp.create_account_status.gov_cloud_account_id #=> String
1038
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1005
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1039
1006
  #
1040
1007
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
1041
1008
  #
@@ -1055,12 +1022,11 @@ module Aws::Organizations
1055
1022
  # must also have the relevant IAM permissions.
1056
1023
  #
1057
1024
  # By default (or if you set the `FeatureSet` parameter to `ALL`), the
1058
- # new organization is created with all features enabled and service
1059
- # control policies automatically enabled in the root. If you instead
1060
- # choose to create the organization supporting only the consolidated
1061
- # billing features by setting the `FeatureSet` parameter to
1062
- # `CONSOLIDATED_BILLING"`, no policy types are enabled by default, and
1063
- # you can't use organization policies.
1025
+ # new organization is created with all features enabled. In addition,
1026
+ # service control policies are automatically enabled in the root. If you
1027
+ # instead create the organization supporting only the consolidated
1028
+ # billing features, no policy types are enabled by default, and you
1029
+ # can't use organization policies.
1064
1030
  #
1065
1031
  #
1066
1032
  #
@@ -1078,9 +1044,9 @@ module Aws::Organizations
1078
1044
  # The consolidated billing feature subset isn't available for
1079
1045
  # organizations in the AWS GovCloud (US) Region.
1080
1046
  #
1081
- # * `ALL`\: In addition to all the features supported by the
1082
- # consolidated billing feature set, the master account can also apply
1083
- # any policy type to any member account in the organization. For more
1047
+ # * `ALL`\: In addition to all the features that consolidated billing
1048
+ # feature set supports, the master account can also apply any policy
1049
+ # type to any member account in the organization. For more
1084
1050
  # information, see [All features][2] in the *AWS Organizations User
1085
1051
  # Guide.*
1086
1052
  #
@@ -1159,7 +1125,7 @@ module Aws::Organizations
1159
1125
  # resp.organization.master_account_id #=> String
1160
1126
  # resp.organization.master_account_email #=> String
1161
1127
  # resp.organization.available_policy_types #=> Array
1162
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1128
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1163
1129
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1164
1130
  #
1165
1131
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
@@ -1196,12 +1162,12 @@ module Aws::Organizations
1196
1162
  # following:
1197
1163
  #
1198
1164
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
1199
- # lower-case letters or digits.
1165
+ # lowercase letters or digits.
1200
1166
  #
1201
1167
  # * **Organizational unit (OU)** - A string that begins with "ou-"
1202
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
1203
- # root that the OU is in) followed by a second "-" dash and from 8
1204
- # to 32 additional lower-case letters or digits.
1168
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
1169
+ # root that the OU is in). This string is followed by a second "-"
1170
+ # dash and from 8 to 32 additional lowercase letters or digits.
1205
1171
  #
1206
1172
  #
1207
1173
  #
@@ -1269,12 +1235,12 @@ module Aws::Organizations
1269
1235
  # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
1270
1236
  #
1271
1237
  # @option params [required, String] :content
1272
- # The policy content to add to the new policy. For example, if you
1273
- # create a [service control policy][1] (SCP), this string must be JSON
1274
- # text that specifies the permissions that admins in attached accounts
1275
- # can delegate to their users, groups, and roles. For more information
1276
- # about the SCP syntax, see [Service Control Policy Syntax][2] in the
1277
- # *AWS Organizations User Guide.*
1238
+ # The policy content to add to the new policy. For example, you could
1239
+ # create a [service control policy][1] (SCP) that specifies the
1240
+ # permissions that administrators in attached accounts can delegate to
1241
+ # their users, groups, and roles. The string for this SCP must be JSON
1242
+ # text. For more information about the SCP syntax, see [Service Control
1243
+ # Policy Syntax][2] in the *AWS Organizations User Guide.*
1278
1244
  #
1279
1245
  #
1280
1246
  #
@@ -1297,11 +1263,6 @@ module Aws::Organizations
1297
1263
  # @option params [required, String] :type
1298
1264
  # The type of policy to create.
1299
1265
  #
1300
- # <note markdown="1"> In the current release, the only type of policy that you can create is
1301
- # a service control policy (SCP).
1302
- #
1303
- # </note>
1304
- #
1305
1266
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1306
1267
  #
1307
1268
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1340,7 +1301,7 @@ module Aws::Organizations
1340
1301
  # content: "PolicyContent", # required
1341
1302
  # description: "PolicyDescription", # required
1342
1303
  # name: "PolicyName", # required
1343
- # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
1304
+ # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1344
1305
  # })
1345
1306
  #
1346
1307
  # @example Response structure
@@ -1349,7 +1310,7 @@ module Aws::Organizations
1349
1310
  # resp.policy.policy_summary.arn #=> String
1350
1311
  # resp.policy.policy_summary.name #=> String
1351
1312
  # resp.policy.policy_summary.description #=> String
1352
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
1313
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1353
1314
  # resp.policy.policy_summary.aws_managed #=> Boolean
1354
1315
  # resp.policy.content #=> String
1355
1316
  #
@@ -1371,14 +1332,15 @@ module Aws::Organizations
1371
1332
  # reinitiate the process with a new handshake request.
1372
1333
  #
1373
1334
  # After you decline a handshake, it continues to appear in the results
1374
- # of relevant APIs for only 30 days. After that, it's deleted.
1335
+ # of relevant API operations for only 30 days. After that, it's
1336
+ # deleted.
1375
1337
  #
1376
1338
  # @option params [required, String] :handshake_id
1377
1339
  # The unique identifier (ID) of the handshake that you want to decline.
1378
1340
  # You can get the ID from the ListHandshakesForAccount operation.
1379
1341
  #
1380
1342
  # The [regex pattern][1] for handshake ID string requires "h-"
1381
- # followed by from 8 to 32 lower-case letters or digits.
1343
+ # followed by from 8 to 32 lowercase letters or digits.
1382
1344
  #
1383
1345
  #
1384
1346
  #
@@ -1503,9 +1465,9 @@ module Aws::Organizations
1503
1465
  # operation.
1504
1466
  #
1505
1467
  # The [regex pattern][1] for an organizational unit ID string requires
1506
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
1507
- # of the root that contains the OU) followed by a second "-" dash and
1508
- # from 8 to 32 additional lower-case letters or digits.
1468
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
1469
+ # of the root that contains the OU). This string is followed by a second
1470
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
1509
1471
  #
1510
1472
  #
1511
1473
  #
@@ -1551,7 +1513,7 @@ module Aws::Organizations
1551
1513
  # operations.
1552
1514
  #
1553
1515
  # The [regex pattern][1] for a policy ID string requires "p-" followed
1554
- # by from 8 to 128 lower-case letters or digits.
1516
+ # by from 8 to 128 lowercase letters or digits.
1555
1517
  #
1556
1518
  #
1557
1519
  #
@@ -1584,7 +1546,7 @@ module Aws::Organizations
1584
1546
  req.send_request(options)
1585
1547
  end
1586
1548
 
1587
- # Retrieves AWS Organizations-related information about the specified
1549
+ # Retrieves AWS Organizations related information about the specified
1588
1550
  # account.
1589
1551
  #
1590
1552
  # This operation can be called only from the organization's master
@@ -1662,7 +1624,7 @@ module Aws::Organizations
1662
1624
  # or from the ListCreateAccountStatus operation.
1663
1625
  #
1664
1626
  # The [regex pattern][1] for a create account request ID string requires
1665
- # "car-" followed by from 8 to 32 lower-case letters or digits.
1627
+ # "car-" followed by from 8 to 32 lowercase letters or digits.
1666
1628
  #
1667
1629
  #
1668
1630
  #
@@ -1707,7 +1669,7 @@ module Aws::Organizations
1707
1669
  # resp.create_account_status.completed_timestamp #=> Time
1708
1670
  # resp.create_account_status.account_id #=> String
1709
1671
  # resp.create_account_status.gov_cloud_account_id #=> String
1710
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1672
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1711
1673
  #
1712
1674
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
1713
1675
  #
@@ -1718,6 +1680,57 @@ module Aws::Organizations
1718
1680
  req.send_request(options)
1719
1681
  end
1720
1682
 
1683
+ # Returns the contents of the effective tag policy for the account. The
1684
+ # effective tag policy is the aggregation of any tag policies the
1685
+ # account inherits, plus any policy directly that is attached to the
1686
+ # account.
1687
+ #
1688
+ # This action returns information on tag policies only.
1689
+ #
1690
+ # For more information on policy inheritance, see [How Policy
1691
+ # Inheritance Works][1] in the *AWS Organizations User Guide*.
1692
+ #
1693
+ # This operation can be called from any account in the organization.
1694
+ #
1695
+ #
1696
+ #
1697
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
1698
+ #
1699
+ # @option params [required, String] :policy_type
1700
+ # The type of policy that you want information about.
1701
+ #
1702
+ # @option params [String] :target_id
1703
+ # When you're signed in as the master account, specify the ID of the
1704
+ # account that you want details about. Specifying an organization root
1705
+ # or OU as the target is not supported.
1706
+ #
1707
+ # @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1708
+ #
1709
+ # * {Types::DescribeEffectivePolicyResponse#effective_policy #effective_policy} => Types::EffectivePolicy
1710
+ #
1711
+ # @example Request syntax with placeholder values
1712
+ #
1713
+ # resp = client.describe_effective_policy({
1714
+ # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
1715
+ # target_id: "PolicyTargetId",
1716
+ # })
1717
+ #
1718
+ # @example Response structure
1719
+ #
1720
+ # resp.effective_policy.policy_content #=> String
1721
+ # resp.effective_policy.last_updated_timestamp #=> Time
1722
+ # resp.effective_policy.target_id #=> String
1723
+ # resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
1724
+ #
1725
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
1726
+ #
1727
+ # @overload describe_effective_policy(params = {})
1728
+ # @param [Hash] params ({})
1729
+ def describe_effective_policy(params = {}, options = {})
1730
+ req = build_request(:describe_effective_policy, params)
1731
+ req.send_request(options)
1732
+ end
1733
+
1721
1734
  # Retrieves information about a previously requested handshake. The
1722
1735
  # handshake ID comes from the response to the original
1723
1736
  # InviteAccountToOrganization operation that generated the handshake.
@@ -1735,7 +1748,7 @@ module Aws::Organizations
1735
1748
  # ListHandshakesForAccount or ListHandshakesForOrganization.
1736
1749
  #
1737
1750
  # The [regex pattern][1] for handshake ID string requires "h-"
1738
- # followed by from 8 to 32 lower-case letters or digits.
1751
+ # followed by from 8 to 32 lowercase letters or digits.
1739
1752
  #
1740
1753
  #
1741
1754
  #
@@ -1878,7 +1891,7 @@ module Aws::Organizations
1878
1891
  # resp.organization.master_account_id #=> String
1879
1892
  # resp.organization.master_account_email #=> String
1880
1893
  # resp.organization.available_policy_types #=> Array
1881
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1894
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1882
1895
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1883
1896
  #
1884
1897
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
@@ -1901,9 +1914,9 @@ module Aws::Organizations
1901
1914
  # ListOrganizationalUnitsForParent operation.
1902
1915
  #
1903
1916
  # The [regex pattern][1] for an organizational unit ID string requires
1904
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
1905
- # of the root that contains the OU) followed by a second "-" dash and
1906
- # from 8 to 32 additional lower-case letters or digits.
1917
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
1918
+ # of the root that contains the OU). This string is followed by a second
1919
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
1907
1920
  #
1908
1921
  #
1909
1922
  #
@@ -1963,7 +1976,7 @@ module Aws::Organizations
1963
1976
  # operations.
1964
1977
  #
1965
1978
  # The [regex pattern][1] for a policy ID string requires "p-" followed
1966
- # by from 8 to 128 lower-case letters or digits.
1979
+ # by from 8 to 128 lowercase letters or digits.
1967
1980
  #
1968
1981
  #
1969
1982
  #
@@ -2009,7 +2022,7 @@ module Aws::Organizations
2009
2022
  # resp.policy.policy_summary.arn #=> String
2010
2023
  # resp.policy.policy_summary.name #=> String
2011
2024
  # resp.policy.policy_summary.description #=> String
2012
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
2025
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2013
2026
  # resp.policy.policy_summary.aws_managed #=> Boolean
2014
2027
  # resp.policy.content #=> String
2015
2028
  #
@@ -2028,15 +2041,15 @@ module Aws::Organizations
2028
2041
  # accounts are immediate.
2029
2042
  #
2030
2043
  # **Note:** Every root, OU, and account must have at least one SCP
2031
- # attached. If you want to replace the default `FullAWSAccess` policy
2032
- # with one that limits the permissions that can be delegated, you must
2033
- # attach the replacement policy before you can remove the default one.
2034
- # This is the authorization strategy of [whitelisting][1]. If you
2035
- # instead attach a second SCP and leave the `FullAWSAccess` SCP still
2036
- # attached, and specify `"Effect": "Deny"` in the second SCP to override
2037
- # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
2038
- # attached SCP), you're using the authorization strategy of
2039
- # [blacklisting][2] .
2044
+ # attached. You can replace the default `FullAWSAccess` policy with one
2045
+ # that limits the permissions that can be delegated. To do that, you
2046
+ # must attach the replacement policy before you can remove the default
2047
+ # one. This is the authorization strategy of using an [allow list][1].
2048
+ # You could instead attach a second SCP and leave the `FullAWSAccess`
2049
+ # SCP still attached. You could then specify `"Effect": "Deny"` in the
2050
+ # second SCP to override the `"Effect": "Allow"` in the `FullAWSAccess`
2051
+ # policy (or any other attached SCP). If you take these steps, you're
2052
+ # using the authorization strategy of a [deny list][2].
2040
2053
  #
2041
2054
  # This operation can be called only from the organization's master
2042
2055
  # account.
@@ -2051,7 +2064,7 @@ module Aws::Organizations
2051
2064
  # get the ID from the ListPolicies or ListPoliciesForTarget operations.
2052
2065
  #
2053
2066
  # The [regex pattern][1] for a policy ID string requires "p-" followed
2054
- # by from 8 to 128 lower-case letters or digits.
2067
+ # by from 8 to 128 lowercase letters or digits.
2055
2068
  #
2056
2069
  #
2057
2070
  #
@@ -2066,14 +2079,14 @@ module Aws::Organizations
2066
2079
  # following:
2067
2080
  #
2068
2081
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
2069
- # lower-case letters or digits.
2082
+ # lowercase letters or digits.
2070
2083
  #
2071
2084
  # * **Account** - A string that consists of exactly 12 digits.
2072
2085
  #
2073
2086
  # * **Organizational unit (OU)** - A string that begins with "ou-"
2074
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
2075
- # root that the OU is in) followed by a second "-" dash and from 8
2076
- # to 32 additional lower-case letters or digits.
2087
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
2088
+ # root that the OU is in). This string is followed by a second "-"
2089
+ # dash and from 8 to 32 additional lowercase letters or digits.
2077
2090
  #
2078
2091
  #
2079
2092
  #
@@ -2128,8 +2141,9 @@ module Aws::Organizations
2128
2141
  #
2129
2142
  # After you perform the `DisableAWSServiceAccess` operation, the
2130
2143
  # specified service can no longer perform operations in your
2131
- # organization's accounts unless the operations are explicitly
2132
- # permitted by the IAM policies that are attached to your roles.
2144
+ # organization's accounts. The only exception is when the operations
2145
+ # are explicitly permitted by IAM policies that are attached to your
2146
+ # roles.
2133
2147
  #
2134
2148
  # For more information about integrating other services with AWS
2135
2149
  # Organizations, including the list of services that work with
@@ -2166,12 +2180,13 @@ module Aws::Organizations
2166
2180
  req.send_request(options)
2167
2181
  end
2168
2182
 
2169
- # Disables an organizational control policy type in a root. A policy of
2170
- # a certain type can be attached to entities in a root only if that type
2171
- # is enabled in the root. After you perform this operation, you no
2172
- # longer can attach policies of the specified type to that root or to
2173
- # any organizational unit (OU) or account in that root. You can undo
2174
- # this by using the EnablePolicyType operation.
2183
+ # Disables an organizational control policy type in a root and detaches
2184
+ # all policies of that type from the organization root, OUs, and
2185
+ # accounts. A policy of a certain type can be attached to entities in a
2186
+ # root only if that type is enabled in the root. After you perform this
2187
+ # operation, you no longer can attach policies of the specified type to
2188
+ # that root or to any organizational unit (OU) or account in that root.
2189
+ # You can undo this by using the EnablePolicyType operation.
2175
2190
  #
2176
2191
  # This is an asynchronous request that AWS performs in the background.
2177
2192
  # If you disable a policy for a root, it still appears enabled for the
@@ -2194,7 +2209,7 @@ module Aws::Organizations
2194
2209
  # policy type. You can get the ID from the ListRoots operation.
2195
2210
  #
2196
2211
  # The [regex pattern][1] for a root ID string requires "r-" followed
2197
- # by from 4 to 32 lower-case letters or digits.
2212
+ # by from 4 to 32 lowercase letters or digits.
2198
2213
  #
2199
2214
  #
2200
2215
  #
@@ -2233,7 +2248,7 @@ module Aws::Organizations
2233
2248
  #
2234
2249
  # resp = client.disable_policy_type({
2235
2250
  # root_id: "RootId", # required
2236
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2251
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2237
2252
  # })
2238
2253
  #
2239
2254
  # @example Response structure
@@ -2242,7 +2257,7 @@ module Aws::Organizations
2242
2257
  # resp.root.arn #=> String
2243
2258
  # resp.root.name #=> String
2244
2259
  # resp.root.policy_types #=> Array
2245
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2260
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2246
2261
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2247
2262
  #
2248
2263
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
@@ -2307,7 +2322,7 @@ module Aws::Organizations
2307
2322
  # Enables all features in an organization. This enables the use of
2308
2323
  # organization policies that can restrict the services and actions that
2309
2324
  # can be called in each account. Until you enable all features, you have
2310
- # access only to consolidated billing, and you can't use any of the
2325
+ # access only to consolidated billing. You can't use any of the
2311
2326
  # advanced account administration features that AWS Organizations
2312
2327
  # supports. For more information, see [Enabling All Features in Your
2313
2328
  # Organization][1] in the *AWS Organizations User Guide.*
@@ -2317,7 +2332,8 @@ module Aws::Organizations
2317
2332
  # Calling this operation sends a handshake to every invited account in
2318
2333
  # the organization. The feature set change can be finalized and the
2319
2334
  # additional features enabled only after all administrators in the
2320
- # invited accounts approve the change by accepting the handshake.
2335
+ # invited accounts approve the change. Accepting the handshake approves
2336
+ # the change.
2321
2337
  #
2322
2338
  # After you enable all features, you can separately enable or disable
2323
2339
  # individual policy types in a root using EnablePolicyType and
@@ -2428,7 +2444,7 @@ module Aws::Organizations
2428
2444
  # policy type. You can get the ID from the ListRoots operation.
2429
2445
  #
2430
2446
  # The [regex pattern][1] for a root ID string requires "r-" followed
2431
- # by from 4 to 32 lower-case letters or digits.
2447
+ # by from 4 to 32 lowercase letters or digits.
2432
2448
  #
2433
2449
  #
2434
2450
  #
@@ -2471,7 +2487,7 @@ module Aws::Organizations
2471
2487
  #
2472
2488
  # resp = client.enable_policy_type({
2473
2489
  # root_id: "RootId", # required
2474
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2490
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2475
2491
  # })
2476
2492
  #
2477
2493
  # @example Response structure
@@ -2480,7 +2496,7 @@ module Aws::Organizations
2480
2496
  # resp.root.arn #=> String
2481
2497
  # resp.root.name #=> String
2482
2498
  # resp.root.policy_types #=> Array
2483
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2499
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2484
2500
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2485
2501
  #
2486
2502
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
@@ -2499,18 +2515,18 @@ module Aws::Organizations
2499
2515
  # response.
2500
2516
  #
2501
2517
  # * You can invite AWS accounts only from the same seller as the master
2502
- # account. For example, if your organization's master account was
2503
- # created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller
2504
- # in India, you can invite only other AISPL accounts to your
2505
- # organization. You can't combine accounts from AISPL and AWS or from
2506
- # any other AWS seller. For more information, see [Consolidated
2518
+ # account. For example, assume that your organization's master
2519
+ # account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
2520
+ # AWS seller in India. You can invite only other AISPL accounts to
2521
+ # your organization. You can't combine accounts from AISPL and AWS or
2522
+ # from any other AWS seller. For more information, see [Consolidated
2507
2523
  # Billing in India][1].
2508
2524
  #
2509
- # * If you receive an exception that indicates that you exceeded your
2525
+ # * You might receive an exception that indicates that you exceeded your
2510
2526
  # account limits for the organization or that the operation failed
2511
- # because your organization is still initializing, wait one hour and
2512
- # then try again. If the error persists after an hour, contact [AWS
2513
- # Support][2].
2527
+ # because your organization is still initializing. If so, wait one
2528
+ # hour and then try again. If the error persists after an hour,
2529
+ # contact [AWS Support][2].
2514
2530
  #
2515
2531
  # This operation can be called only from the organization's master
2516
2532
  # account.
@@ -2651,19 +2667,19 @@ module Aws::Organizations
2651
2667
  #
2652
2668
  # * The master account in an organization with all features enabled can
2653
2669
  # set service control policies (SCPs) that can restrict what
2654
- # administrators of member accounts can do, including preventing them
2655
- # from successfully calling `LeaveOrganization` and leaving the
2656
- # organization.
2670
+ # administrators of member accounts can do. These restrictions can
2671
+ # include preventing member accounts from successfully calling
2672
+ # `LeaveOrganization`.
2657
2673
  #
2658
2674
  # * You can leave an organization as a member account only if the
2659
2675
  # account is configured with the information required to operate as a
2660
2676
  # standalone account. When you create an account in an organization
2661
- # using the AWS Organizations console, API, or CLI commands, the
2662
- # information required of standalone accounts is *not* automatically
2663
- # collected. For each account that you want to make standalone, you
2664
- # must accept the end user license agreement (EULA), choose a support
2665
- # plan, provide and verify the required contact information, and
2666
- # provide a current payment method. AWS uses the payment method to
2677
+ # using the AWS Organizations console, API, or CLI, the information
2678
+ # required of standalone accounts is *not* automatically collected.
2679
+ # For each account that you want to make standalone, you must accept
2680
+ # the end user license agreement (EULA). You must also choose a
2681
+ # support plan, provide and verify the required contact information,
2682
+ # and provide a current payment method. AWS uses the payment method to
2667
2683
  # charge for any billable (not free tier) AWS activity that occurs
2668
2684
  # while the account isn't attached to an organization. Follow the
2669
2685
  # steps at [ To leave an organization when all required account
@@ -3009,12 +3025,12 @@ module Aws::Organizations
3009
3025
  # following:
3010
3026
  #
3011
3027
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3012
- # lower-case letters or digits.
3028
+ # lowercase letters or digits.
3013
3029
  #
3014
3030
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3015
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3016
- # root that the OU is in) followed by a second "-" dash and from 8
3017
- # to 32 additional lower-case letters or digits.
3031
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3032
+ # root that the OU is in). This string is followed by a second "-"
3033
+ # dash and from 8 to 32 additional lowercase letters or digits.
3018
3034
  #
3019
3035
  #
3020
3036
  #
@@ -3204,7 +3220,7 @@ module Aws::Organizations
3204
3220
  # resp.create_account_statuses[0].completed_timestamp #=> Time
3205
3221
  # resp.create_account_statuses[0].account_id #=> String
3206
3222
  # resp.create_account_statuses[0].gov_cloud_account_id #=> String
3207
- # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
3223
+ # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
3208
3224
  # resp.next_token #=> String
3209
3225
  #
3210
3226
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -3237,10 +3253,11 @@ module Aws::Organizations
3237
3253
  # Filters the handshakes that you want included in the response. The
3238
3254
  # default is all types. Use the `ActionType` element to limit the output
3239
3255
  # to only a specified type, such as `INVITE`, `ENABLE_ALL_FEATURES`, or
3240
- # `APPROVE_ALL_FEATURES`. Alternatively, for the `ENABLE_ALL_FEATURES`
3241
- # handshake that generates a separate child handshake for each member
3242
- # account, you can specify `ParentHandshakeId` to see only the
3243
- # handshakes that were generated by that parent request.
3256
+ # `APPROVE_ALL_FEATURES`. Alternatively, you can specify the
3257
+ # `ENABLE_ALL_FEATURES` handshake, which generates a separate child
3258
+ # handshake for each member account. When you do specify
3259
+ # `ParentHandshakeId` to see only the handshakes that were generated by
3260
+ # that parent request.
3244
3261
  #
3245
3262
  # @option params [String] :next_token
3246
3263
  # Use this parameter if you receive a `NextToken` response in a previous
@@ -3384,10 +3401,11 @@ module Aws::Organizations
3384
3401
  # A filter of the handshakes that you want included in the response. The
3385
3402
  # default is all types. Use the `ActionType` element to limit the output
3386
3403
  # to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
3387
- # `APPROVE-ALL-FEATURES`. Alternatively, for the `ENABLE-ALL-FEATURES`
3388
- # handshake that generates a separate child handshake for each member
3389
- # account, you can specify the `ParentHandshakeId` to see only the
3390
- # handshakes that were generated by that parent request.
3404
+ # `APPROVE-ALL-FEATURES`. Alternatively, you can specify the
3405
+ # `ENABLE-ALL-FEATURES` handshake, which generates a separate child
3406
+ # handshake for each member account. When you do, specify the
3407
+ # `ParentHandshakeId` to see only the handshakes that were generated by
3408
+ # that parent request.
3391
3409
  #
3392
3410
  # @option params [String] :next_token
3393
3411
  # Use this parameter if you receive a `NextToken` response in a previous
@@ -3570,12 +3588,12 @@ module Aws::Organizations
3570
3588
  # following:
3571
3589
  #
3572
3590
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3573
- # lower-case letters or digits.
3591
+ # lowercase letters or digits.
3574
3592
  #
3575
3593
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3576
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3577
- # root that the OU is in) followed by a second "-" dash and from 8
3578
- # to 32 additional lower-case letters or digits.
3594
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3595
+ # root that the OU is in). This string is followed by a second "-"
3596
+ # dash and from 8 to 32 additional lowercase letters or digits.
3579
3597
  #
3580
3598
  #
3581
3599
  #
@@ -3684,9 +3702,9 @@ module Aws::Organizations
3684
3702
  # * **Account** - A string that consists of exactly 12 digits.
3685
3703
  #
3686
3704
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3687
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3688
- # root that contains the OU) followed by a second "-" dash and from
3689
- # 8 to 32 additional lower-case letters or digits.
3705
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3706
+ # root that contains the OU). This string is followed by a second
3707
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
3690
3708
  #
3691
3709
  #
3692
3710
  #
@@ -3840,7 +3858,7 @@ module Aws::Organizations
3840
3858
  # @example Request syntax with placeholder values
3841
3859
  #
3842
3860
  # resp = client.list_policies({
3843
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
3861
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3844
3862
  # next_token: "NextToken",
3845
3863
  # max_results: 1,
3846
3864
  # })
@@ -3852,7 +3870,7 @@ module Aws::Organizations
3852
3870
  # resp.policies[0].arn #=> String
3853
3871
  # resp.policies[0].name #=> String
3854
3872
  # resp.policies[0].description #=> String
3855
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
3873
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
3856
3874
  # resp.policies[0].aws_managed #=> Boolean
3857
3875
  # resp.next_token #=> String
3858
3876
  #
@@ -3888,14 +3906,14 @@ module Aws::Organizations
3888
3906
  # following:
3889
3907
  #
3890
3908
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3891
- # lower-case letters or digits.
3909
+ # lowercase letters or digits.
3892
3910
  #
3893
3911
  # * **Account** - A string that consists of exactly 12 digits.
3894
3912
  #
3895
3913
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3896
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3897
- # root that the OU is in) followed by a second "-" dash and from 8
3898
- # to 32 additional lower-case letters or digits.
3914
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3915
+ # root that the OU is in). This string is followed by a second "-"
3916
+ # dash and from 8 to 32 additional lowercase letters or digits.
3899
3917
  #
3900
3918
  #
3901
3919
  #
@@ -3957,7 +3975,7 @@ module Aws::Organizations
3957
3975
  #
3958
3976
  # resp = client.list_policies_for_target({
3959
3977
  # target_id: "PolicyTargetId", # required
3960
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
3978
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3961
3979
  # next_token: "NextToken",
3962
3980
  # max_results: 1,
3963
3981
  # })
@@ -3969,7 +3987,7 @@ module Aws::Organizations
3969
3987
  # resp.policies[0].arn #=> String
3970
3988
  # resp.policies[0].name #=> String
3971
3989
  # resp.policies[0].description #=> String
3972
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
3990
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
3973
3991
  # resp.policies[0].aws_managed #=> Boolean
3974
3992
  # resp.next_token #=> String
3975
3993
  #
@@ -4066,7 +4084,7 @@ module Aws::Organizations
4066
4084
  # resp.roots[0].arn #=> String
4067
4085
  # resp.roots[0].name #=> String
4068
4086
  # resp.roots[0].policy_types #=> Array
4069
- # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
4087
+ # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4070
4088
  # resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
4071
4089
  # resp.next_token #=> String
4072
4090
  #
@@ -4142,7 +4160,7 @@ module Aws::Organizations
4142
4160
  # know.
4143
4161
  #
4144
4162
  # The [regex pattern][1] for a policy ID string requires "p-" followed
4145
- # by from 8 to 128 lower-case letters or digits.
4163
+ # by from 8 to 128 lowercase letters or digits.
4146
4164
  #
4147
4165
  #
4148
4166
  #
@@ -4255,12 +4273,12 @@ module Aws::Organizations
4255
4273
  # following:
4256
4274
  #
4257
4275
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
4258
- # lower-case letters or digits.
4276
+ # lowercase letters or digits.
4259
4277
  #
4260
4278
  # * **Organizational unit (OU)** - A string that begins with "ou-"
4261
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
4262
- # root that the OU is in) followed by a second "-" dash and from 8
4263
- # to 32 additional lower-case letters or digits.
4279
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
4280
+ # root that the OU is in). This string is followed by a second "-"
4281
+ # dash and from 8 to 32 additional lowercase letters or digits.
4264
4282
  #
4265
4283
  #
4266
4284
  #
@@ -4274,12 +4292,12 @@ module Aws::Organizations
4274
4292
  # following:
4275
4293
  #
4276
4294
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
4277
- # lower-case letters or digits.
4295
+ # lowercase letters or digits.
4278
4296
  #
4279
4297
  # * **Organizational unit (OU)** - A string that begins with "ou-"
4280
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
4281
- # root that the OU is in) followed by a second "-" dash and from 8
4282
- # to 32 additional lower-case letters or digits.
4298
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
4299
+ # root that the OU is in). This string is followed by a second "-"
4300
+ # dash and from 8 to 32 additional lowercase letters or digits.
4283
4301
  #
4284
4302
  #
4285
4303
  #
@@ -4330,15 +4348,15 @@ module Aws::Organizations
4330
4348
  # You can remove an account from your organization only if the account
4331
4349
  # is configured with the information required to operate as a standalone
4332
4350
  # account. When you create an account in an organization using the AWS
4333
- # Organizations console, API, or CLI commands, the information required
4334
- # of standalone accounts is *not* automatically collected. For an
4335
- # account that you want to make standalone, you must accept the end user
4336
- # license agreement (EULA), choose a support plan, provide and verify
4337
- # the required contact information, and provide a current payment
4351
+ # Organizations console, API, or CLI, the information required of
4352
+ # standalone accounts is *not* automatically collected. For an account
4353
+ # that you want to make standalone, you must accept the end user license
4354
+ # agreement (EULA). You must also choose a support plan, provide and
4355
+ # verify the required contact information, and provide a current payment
4338
4356
  # method. AWS uses the payment method to charge for any billable (not
4339
4357
  # free tier) AWS activity that occurs while the account isn't attached
4340
4358
  # to an organization. To remove an account that doesn't yet have this
4341
- # information, you must sign in as the member account and follow the
4359
+ # information, you must sign in as the member account. Then follow the
4342
4360
  # steps at [ To leave an organization when all required account
4343
4361
  # information has not yet been provided][1] in the *AWS Organizations
4344
4362
  # User Guide.*
@@ -4465,9 +4483,9 @@ module Aws::Organizations
4465
4483
  # get the ID from the ListOrganizationalUnitsForParent operation.
4466
4484
  #
4467
4485
  # The [regex pattern][1] for an organizational unit ID string requires
4468
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
4469
- # of the root that contains the OU) followed by a second "-" dash and
4470
- # from 8 to 32 additional lower-case letters or digits.
4486
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
4487
+ # of the root that contains the OU). This string is followed by a second
4488
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
4471
4489
  #
4472
4490
  #
4473
4491
  #
@@ -4539,7 +4557,7 @@ module Aws::Organizations
4539
4557
  # The unique identifier (ID) of the policy that you want to update.
4540
4558
  #
4541
4559
  # The [regex pattern][1] for a policy ID string requires "p-" followed
4542
- # by from 8 to 128 lower-case letters or digits.
4560
+ # by from 8 to 128 lowercase letters or digits.
4543
4561
  #
4544
4562
  #
4545
4563
  #
@@ -4639,7 +4657,7 @@ module Aws::Organizations
4639
4657
  # resp.policy.policy_summary.arn #=> String
4640
4658
  # resp.policy.policy_summary.name #=> String
4641
4659
  # resp.policy.policy_summary.description #=> String
4642
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
4660
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4643
4661
  # resp.policy.policy_summary.aws_managed #=> Boolean
4644
4662
  # resp.policy.content #=> String
4645
4663
  #
@@ -4665,7 +4683,7 @@ module Aws::Organizations
4665
4683
  params: params,
4666
4684
  config: config)
4667
4685
  context[:gem_name] = 'aws-sdk-organizations'
4668
- context[:gem_version] = '1.34.0'
4686
+ context[:gem_version] = '1.35.0'
4669
4687
  Seahorse::Client::Request.new(handlers, context)
4670
4688
  end
4671
4689