aws-sdk-organizations 1.34.0 → 1.35.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1839fa2f91c699ed20b4c9a7dea17ed77d4900e9
4
- data.tar.gz: d4f3225f49573fbd0e5af751a8c9669fd97d5d42
3
+ metadata.gz: ca2aa56827f96c8148f0962e35b1703dc5d802f9
4
+ data.tar.gz: e844782734f24f8de7378ab43d8d0c54805c4e40
5
5
  SHA512:
6
- metadata.gz: 13690cc3c7f616a7acf2d67fa6e36c797442d0bd54d0e71817fbac9813c1184ad5557c503c07876c39683b391cda7dcbfd07184392ad757acacde233800e1e95
7
- data.tar.gz: 5ab194b630f40e959dfbd997b3f2f3b9e67e0c180ba9f2a9ef4ea74ef7504cbb2e8dfa89fc97a313131036a32ad6765c9d3194a01d479d0af47c29a6cb51ab3a
6
+ metadata.gz: 00b78b726380de427a1ab756f0cc1e3e31fd2253096c756a87ba007cd2a2f23db62c266ca4a05492bd1148f17954c7bdb03a1494f179f55e5cc3496ac122f861
7
+ data.tar.gz: 693bf2298c46a3aa57700887f7be339754bf4b0e8000f31f444a98d98c6fb7e62cb2a4c3fb232e4c35e3ccb2ae304a0e0052442c01f5d417efd0a2afb7c8b444
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-organizations/customizations'
42
42
  # @service
43
43
  module Aws::Organizations
44
44
 
45
- GEM_VERSION = '1.34.0'
45
+ GEM_VERSION = '1.35.0'
46
46
 
47
47
  end
@@ -304,7 +304,7 @@ module Aws::Organizations
304
304
  # The unique identifier (ID) of the handshake that you want to accept.
305
305
  #
306
306
  # The [regex pattern][1] for handshake ID string requires "h-"
307
- # followed by from 8 to 32 lower-case letters or digits.
307
+ # followed by from 8 to 32 lowercase letters or digits.
308
308
  #
309
309
  #
310
310
  #
@@ -402,54 +402,23 @@ module Aws::Organizations
402
402
  end
403
403
 
404
404
  # Attaches a policy to a root, an organizational unit (OU), or an
405
- # individual account. How the policy affects accounts depends on the
406
- # type of policy:
407
- #
408
- # * **Service control policy (SCP)** - An SCP specifies what permissions
409
- # can be delegated to users in affected member accounts. The scope of
410
- # influence for a policy depends on what you attach the policy to:
411
- #
412
- # * If you attach an SCP to a root, it affects all accounts in the
413
- # organization.
414
- #
415
- # * If you attach an SCP to an OU, it affects all accounts in that OU
416
- # and in any child OUs.
417
- #
418
- # * If you attach the policy directly to an account, it affects only
419
- # that account.
420
- #
421
- # SCPs are JSON policies that specify the maximum permissions for an
422
- # organization or organizational unit (OU). You can attach one SCP to
423
- # a higher level root or OU, and a different SCP to a child OU or to
424
- # an account. The child policy can further restrict only the
425
- # permissions that pass through the parent filter and are available to
426
- # the child. An SCP that is attached to a child can't grant a
427
- # permission that the parent hasn't already granted. For example,
428
- # imagine that the parent SCP allows permissions A, B, C, D, and E.
429
- # The child SCP allows C, D, E, F, and G. The result is that the
430
- # accounts affected by the child SCP are allowed to use only C, D, and
431
- # E. They can't use A or B because the child OU filtered them out.
432
- # They also can't use F and G because the parent OU filtered them
433
- # out. They can't be granted back by the child SCP; child SCPs can
434
- # only filter the permissions they receive from the parent SCP.
435
- #
436
- # AWS Organizations attaches a default SCP named `"FullAWSAccess` to
437
- # every root, OU, and account. This default SCP allows all services
438
- # and actions, enabling any new child OU or account to inherit the
439
- # permissions of the parent root or OU. If you detach the default
440
- # policy, you must replace it with a policy that specifies the
441
- # permissions that you want to allow in that OU or account.
442
- #
443
- # For more information about how AWS Organizations policies
444
- # permissions work, see [Using Service Control Policies][1] in the
445
- # *AWS Organizations User Guide.*
405
+ # individual account.
406
+ #
407
+ # How the policy affects accounts depends on the type of policy:
408
+ #
409
+ # * For more information about attaching SCPs, see [How SCPs Work][1] in
410
+ # the *AWS Organizations User Guide.*
411
+ #
412
+ # * For information about attaching tag policies, see [How Policy
413
+ # Inheritance Works][2] in the *AWS Organizations User Guide.*
446
414
  #
447
415
  # This operation can be called only from the organization's master
448
416
  # account.
449
417
  #
450
418
  #
451
419
  #
452
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
420
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html
421
+ # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
453
422
  #
454
423
  # @option params [required, String] :policy_id
455
424
  # The unique identifier (ID) of the policy that you want to attach to
@@ -457,7 +426,7 @@ module Aws::Organizations
457
426
  # ListPolicies operation.
458
427
  #
459
428
  # The [regex pattern][1] for a policy ID string requires "p-" followed
460
- # by from 8 to 128 lower-case letters or digits.
429
+ # by from 8 to 128 lowercase letters or digits.
461
430
  #
462
431
  #
463
432
  #
@@ -472,14 +441,14 @@ module Aws::Organizations
472
441
  # following:
473
442
  #
474
443
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
475
- # lower-case letters or digits.
444
+ # lowercase letters or digits.
476
445
  #
477
446
  # * **Account** - A string that consists of exactly 12 digits.
478
447
  #
479
448
  # * **Organizational unit (OU)** - A string that begins with "ou-"
480
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
481
- # root that the OU is in) followed by a second "-" dash and from 8
482
- # to 32 additional lower-case letters or digits.
449
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
450
+ # root that the OU is in). This string is followed by a second "-"
451
+ # dash and from 8 to 32 additional lowercase letters or digits.
483
452
  #
484
453
  #
485
454
  #
@@ -538,7 +507,7 @@ module Aws::Organizations
538
507
  # You can get the ID from the ListHandshakesForOrganization operation.
539
508
  #
540
509
  # The [regex pattern][1] for handshake ID string requires "h-"
541
- # followed by from 8 to 32 lower-case letters or digits.
510
+ # followed by from 8 to 32 lowercase letters or digits.
542
511
  #
543
512
  #
544
513
  #
@@ -679,14 +648,14 @@ module Aws::Organizations
679
648
  # Account in Your Organization][3] in the *AWS Organizations User
680
649
  # Guide.*
681
650
  #
682
- # * When you create an account in an organization using the AWS
683
- # Organizations console, API, or CLI commands, the information
684
- # required for the account to operate as a standalone account, such as
685
- # a payment method and signing the end user license agreement (EULA)
686
- # is *not* automatically collected. If you must remove an account from
687
- # your organization later, you can do so only after you provide the
688
- # missing information. Follow the steps at [ To leave an organization
689
- # as a member account][4] in the *AWS Organizations User Guide*.
651
+ # * When you create an account in an organization, the information
652
+ # required for the account to operate as a standalone account is *not*
653
+ # automatically collected. For example, information about the payment
654
+ # method and signing the end user license agreement (EULA) is not
655
+ # collected. If you must remove an account from your organization
656
+ # later, you can do so only after you provide the missing information.
657
+ # Follow the steps at [ To leave an organization as a member
658
+ # account][4] in the *AWS Organizations User Guide*.
690
659
  #
691
660
  # * If you get an exception that indicates that you exceeded your
692
661
  # account limits for the organization, contact [AWS Support][5].
@@ -747,14 +716,13 @@ module Aws::Organizations
747
716
  #
748
717
  # For more information about how to use this role to access the member
749
718
  # account, see [Accessing and Administering the Member Accounts in Your
750
- # Organization][1] in the *AWS Organizations User Guide*, and steps 2
751
- # and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
719
+ # Organization][1] in the *AWS Organizations User Guide*. Also see steps
720
+ # 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
752
721
  # Roles][2] in the *IAM User Guide.*
753
722
  #
754
- # The [regex pattern][3] that is used to validate this parameter is a
755
- # string of characters that can consist of uppercase letters, lowercase
756
- # letters, digits with no spaces, and any of the following characters:
757
- # =,.@-
723
+ # The [regex pattern][3] that is used to validate this parameter. The
724
+ # pattern can include uppercase letters, lowercase letters, digits with
725
+ # no spaces, and any of the following characters: =,.@-
758
726
  #
759
727
  #
760
728
  #
@@ -770,9 +738,9 @@ module Aws::Organizations
770
738
  # the Billing and Cost Management Console][1] in the *AWS Billing and
771
739
  # Cost Management User Guide*.
772
740
  #
773
- # If you don't specify this parameter, the value defaults to `ALLOW`,
774
- # and IAM users and roles with the required permissions can access
775
- # billing information for the new account.
741
+ # If you don't specify this parameter, the value defaults to `ALLOW`.
742
+ # This value allows IAM users and roles with the required permissions to
743
+ # access billing information for the new account.
776
744
  #
777
745
  #
778
746
  #
@@ -821,7 +789,7 @@ module Aws::Organizations
821
789
  # resp.create_account_status.completed_timestamp #=> Time
822
790
  # resp.create_account_status.account_id #=> String
823
791
  # resp.create_account_status.gov_cloud_account_id #=> String
824
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
792
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
825
793
  #
826
794
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
827
795
  #
@@ -896,24 +864,24 @@ module Aws::Organizations
896
864
  # allows the master account in the organization in the commercial Region
897
865
  # to assume it. An AWS GovCloud (US) account is then created and
898
866
  # associated with the commercial account that you just created. A role
899
- # is created in the new AWS GovCloud (US) account that can be assumed by
900
- # the AWS GovCloud (US) account that is associated with the master
901
- # account of the commercial organization. For more information and to
902
- # view a diagram that explains how account access works, see [AWS
867
+ # is created in the new AWS GovCloud (US) account. This role can be
868
+ # assumed by the AWS GovCloud (US) account that is associated with the
869
+ # master account of the commercial organization. For more information
870
+ # and to view a diagram that explains how account access works, see [AWS
903
871
  # Organizations][4] in the *AWS GovCloud User Guide.*
904
872
  #
905
873
  # For more information about creating accounts, see [Creating an AWS
906
874
  # Account in Your Organization][6] in the *AWS Organizations User
907
875
  # Guide.*
908
876
  #
909
- # * When you create an account in an organization using the AWS
910
- # Organizations console, API, or CLI commands, the information
911
- # required for the account to operate as a standalone account, such as
912
- # a payment method and signing the end user license agreement (EULA)
913
- # is *not* automatically collected. If you must remove an account from
914
- # your organization later, you can do so only after you provide the
915
- # missing information. Follow the steps at [ To leave an organization
916
- # as a member account][7] in the *AWS Organizations User Guide.*
877
+ # * You can create an account in an organization using the AWS
878
+ # Organizations console, API, or CLI commands. When you do, the
879
+ # information required for the account to operate as a standalone
880
+ # account, such as a payment method, is *not* automatically collected.
881
+ # If you must remove an account from your organization later, you can
882
+ # do so only after you provide the missing information. Follow the
883
+ # steps at [ To leave an organization as a member account][7] in the
884
+ # *AWS Organizations User Guide.*
917
885
  #
918
886
  # * If you get an exception that indicates that you exceeded your
919
887
  # account limits for the organization, contact [AWS Support][8].
@@ -961,8 +929,8 @@ module Aws::Organizations
961
929
  # of the account or remove an account that was created with an invalid
962
930
  # email address. Like all request parameters for
963
931
  # `CreateGovCloudAccount`, the request for the email address for the AWS
964
- # GovCloud (US) account originates from the commercial Region, not from
965
- # the AWS GovCloud (US) Region.
932
+ # GovCloud (US) account originates from the commercial Region. It does
933
+ # not come from the AWS GovCloud (US) Region.
966
934
  #
967
935
  # @option params [required, String] :account_name
968
936
  # The friendly name of the member account.
@@ -982,14 +950,13 @@ module Aws::Organizations
982
950
  #
983
951
  # For more information about how to use this role to access the member
984
952
  # account, see [Accessing and Administering the Member Accounts in Your
985
- # Organization][1] in the *AWS Organizations User Guide* and steps 2 and
986
- # 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
953
+ # Organization][1] in the *AWS Organizations User Guide*. See also steps
954
+ # 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
987
955
  # Roles][2] in the *IAM User Guide.*
988
956
  #
989
- # The [regex pattern][3] that is used to validate this parameter is a
990
- # string of characters that can consist of uppercase letters, lowercase
991
- # letters, digits with no spaces, and any of the following characters:
992
- # =,.@-
957
+ # The [regex pattern][3] that is used to validate this parameter. The
958
+ # pattern can include uppercase letters, lowercase letters, digits with
959
+ # no spaces, and any of the following characters: =,.@-
993
960
  #
994
961
  #
995
962
  #
@@ -1035,7 +1002,7 @@ module Aws::Organizations
1035
1002
  # resp.create_account_status.completed_timestamp #=> Time
1036
1003
  # resp.create_account_status.account_id #=> String
1037
1004
  # resp.create_account_status.gov_cloud_account_id #=> String
1038
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1005
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1039
1006
  #
1040
1007
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
1041
1008
  #
@@ -1055,12 +1022,11 @@ module Aws::Organizations
1055
1022
  # must also have the relevant IAM permissions.
1056
1023
  #
1057
1024
  # By default (or if you set the `FeatureSet` parameter to `ALL`), the
1058
- # new organization is created with all features enabled and service
1059
- # control policies automatically enabled in the root. If you instead
1060
- # choose to create the organization supporting only the consolidated
1061
- # billing features by setting the `FeatureSet` parameter to
1062
- # `CONSOLIDATED_BILLING"`, no policy types are enabled by default, and
1063
- # you can't use organization policies.
1025
+ # new organization is created with all features enabled. In addition,
1026
+ # service control policies are automatically enabled in the root. If you
1027
+ # instead create the organization supporting only the consolidated
1028
+ # billing features, no policy types are enabled by default, and you
1029
+ # can't use organization policies.
1064
1030
  #
1065
1031
  #
1066
1032
  #
@@ -1078,9 +1044,9 @@ module Aws::Organizations
1078
1044
  # The consolidated billing feature subset isn't available for
1079
1045
  # organizations in the AWS GovCloud (US) Region.
1080
1046
  #
1081
- # * `ALL`\: In addition to all the features supported by the
1082
- # consolidated billing feature set, the master account can also apply
1083
- # any policy type to any member account in the organization. For more
1047
+ # * `ALL`\: In addition to all the features that consolidated billing
1048
+ # feature set supports, the master account can also apply any policy
1049
+ # type to any member account in the organization. For more
1084
1050
  # information, see [All features][2] in the *AWS Organizations User
1085
1051
  # Guide.*
1086
1052
  #
@@ -1159,7 +1125,7 @@ module Aws::Organizations
1159
1125
  # resp.organization.master_account_id #=> String
1160
1126
  # resp.organization.master_account_email #=> String
1161
1127
  # resp.organization.available_policy_types #=> Array
1162
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1128
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1163
1129
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1164
1130
  #
1165
1131
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
@@ -1196,12 +1162,12 @@ module Aws::Organizations
1196
1162
  # following:
1197
1163
  #
1198
1164
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
1199
- # lower-case letters or digits.
1165
+ # lowercase letters or digits.
1200
1166
  #
1201
1167
  # * **Organizational unit (OU)** - A string that begins with "ou-"
1202
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
1203
- # root that the OU is in) followed by a second "-" dash and from 8
1204
- # to 32 additional lower-case letters or digits.
1168
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
1169
+ # root that the OU is in). This string is followed by a second "-"
1170
+ # dash and from 8 to 32 additional lowercase letters or digits.
1205
1171
  #
1206
1172
  #
1207
1173
  #
@@ -1269,12 +1235,12 @@ module Aws::Organizations
1269
1235
  # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
1270
1236
  #
1271
1237
  # @option params [required, String] :content
1272
- # The policy content to add to the new policy. For example, if you
1273
- # create a [service control policy][1] (SCP), this string must be JSON
1274
- # text that specifies the permissions that admins in attached accounts
1275
- # can delegate to their users, groups, and roles. For more information
1276
- # about the SCP syntax, see [Service Control Policy Syntax][2] in the
1277
- # *AWS Organizations User Guide.*
1238
+ # The policy content to add to the new policy. For example, you could
1239
+ # create a [service control policy][1] (SCP) that specifies the
1240
+ # permissions that administrators in attached accounts can delegate to
1241
+ # their users, groups, and roles. The string for this SCP must be JSON
1242
+ # text. For more information about the SCP syntax, see [Service Control
1243
+ # Policy Syntax][2] in the *AWS Organizations User Guide.*
1278
1244
  #
1279
1245
  #
1280
1246
  #
@@ -1297,11 +1263,6 @@ module Aws::Organizations
1297
1263
  # @option params [required, String] :type
1298
1264
  # The type of policy to create.
1299
1265
  #
1300
- # <note markdown="1"> In the current release, the only type of policy that you can create is
1301
- # a service control policy (SCP).
1302
- #
1303
- # </note>
1304
- #
1305
1266
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1306
1267
  #
1307
1268
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1340,7 +1301,7 @@ module Aws::Organizations
1340
1301
  # content: "PolicyContent", # required
1341
1302
  # description: "PolicyDescription", # required
1342
1303
  # name: "PolicyName", # required
1343
- # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
1304
+ # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1344
1305
  # })
1345
1306
  #
1346
1307
  # @example Response structure
@@ -1349,7 +1310,7 @@ module Aws::Organizations
1349
1310
  # resp.policy.policy_summary.arn #=> String
1350
1311
  # resp.policy.policy_summary.name #=> String
1351
1312
  # resp.policy.policy_summary.description #=> String
1352
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
1313
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1353
1314
  # resp.policy.policy_summary.aws_managed #=> Boolean
1354
1315
  # resp.policy.content #=> String
1355
1316
  #
@@ -1371,14 +1332,15 @@ module Aws::Organizations
1371
1332
  # reinitiate the process with a new handshake request.
1372
1333
  #
1373
1334
  # After you decline a handshake, it continues to appear in the results
1374
- # of relevant APIs for only 30 days. After that, it's deleted.
1335
+ # of relevant API operations for only 30 days. After that, it's
1336
+ # deleted.
1375
1337
  #
1376
1338
  # @option params [required, String] :handshake_id
1377
1339
  # The unique identifier (ID) of the handshake that you want to decline.
1378
1340
  # You can get the ID from the ListHandshakesForAccount operation.
1379
1341
  #
1380
1342
  # The [regex pattern][1] for handshake ID string requires "h-"
1381
- # followed by from 8 to 32 lower-case letters or digits.
1343
+ # followed by from 8 to 32 lowercase letters or digits.
1382
1344
  #
1383
1345
  #
1384
1346
  #
@@ -1503,9 +1465,9 @@ module Aws::Organizations
1503
1465
  # operation.
1504
1466
  #
1505
1467
  # The [regex pattern][1] for an organizational unit ID string requires
1506
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
1507
- # of the root that contains the OU) followed by a second "-" dash and
1508
- # from 8 to 32 additional lower-case letters or digits.
1468
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
1469
+ # of the root that contains the OU). This string is followed by a second
1470
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
1509
1471
  #
1510
1472
  #
1511
1473
  #
@@ -1551,7 +1513,7 @@ module Aws::Organizations
1551
1513
  # operations.
1552
1514
  #
1553
1515
  # The [regex pattern][1] for a policy ID string requires "p-" followed
1554
- # by from 8 to 128 lower-case letters or digits.
1516
+ # by from 8 to 128 lowercase letters or digits.
1555
1517
  #
1556
1518
  #
1557
1519
  #
@@ -1584,7 +1546,7 @@ module Aws::Organizations
1584
1546
  req.send_request(options)
1585
1547
  end
1586
1548
 
1587
- # Retrieves AWS Organizations-related information about the specified
1549
+ # Retrieves AWS Organizations related information about the specified
1588
1550
  # account.
1589
1551
  #
1590
1552
  # This operation can be called only from the organization's master
@@ -1662,7 +1624,7 @@ module Aws::Organizations
1662
1624
  # or from the ListCreateAccountStatus operation.
1663
1625
  #
1664
1626
  # The [regex pattern][1] for a create account request ID string requires
1665
- # "car-" followed by from 8 to 32 lower-case letters or digits.
1627
+ # "car-" followed by from 8 to 32 lowercase letters or digits.
1666
1628
  #
1667
1629
  #
1668
1630
  #
@@ -1707,7 +1669,7 @@ module Aws::Organizations
1707
1669
  # resp.create_account_status.completed_timestamp #=> Time
1708
1670
  # resp.create_account_status.account_id #=> String
1709
1671
  # resp.create_account_status.gov_cloud_account_id #=> String
1710
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
1672
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1711
1673
  #
1712
1674
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
1713
1675
  #
@@ -1718,6 +1680,57 @@ module Aws::Organizations
1718
1680
  req.send_request(options)
1719
1681
  end
1720
1682
 
1683
+ # Returns the contents of the effective tag policy for the account. The
1684
+ # effective tag policy is the aggregation of any tag policies the
1685
+ # account inherits, plus any policy directly that is attached to the
1686
+ # account.
1687
+ #
1688
+ # This action returns information on tag policies only.
1689
+ #
1690
+ # For more information on policy inheritance, see [How Policy
1691
+ # Inheritance Works][1] in the *AWS Organizations User Guide*.
1692
+ #
1693
+ # This operation can be called from any account in the organization.
1694
+ #
1695
+ #
1696
+ #
1697
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
1698
+ #
1699
+ # @option params [required, String] :policy_type
1700
+ # The type of policy that you want information about.
1701
+ #
1702
+ # @option params [String] :target_id
1703
+ # When you're signed in as the master account, specify the ID of the
1704
+ # account that you want details about. Specifying an organization root
1705
+ # or OU as the target is not supported.
1706
+ #
1707
+ # @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1708
+ #
1709
+ # * {Types::DescribeEffectivePolicyResponse#effective_policy #effective_policy} => Types::EffectivePolicy
1710
+ #
1711
+ # @example Request syntax with placeholder values
1712
+ #
1713
+ # resp = client.describe_effective_policy({
1714
+ # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
1715
+ # target_id: "PolicyTargetId",
1716
+ # })
1717
+ #
1718
+ # @example Response structure
1719
+ #
1720
+ # resp.effective_policy.policy_content #=> String
1721
+ # resp.effective_policy.last_updated_timestamp #=> Time
1722
+ # resp.effective_policy.target_id #=> String
1723
+ # resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
1724
+ #
1725
+ # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
1726
+ #
1727
+ # @overload describe_effective_policy(params = {})
1728
+ # @param [Hash] params ({})
1729
+ def describe_effective_policy(params = {}, options = {})
1730
+ req = build_request(:describe_effective_policy, params)
1731
+ req.send_request(options)
1732
+ end
1733
+
1721
1734
  # Retrieves information about a previously requested handshake. The
1722
1735
  # handshake ID comes from the response to the original
1723
1736
  # InviteAccountToOrganization operation that generated the handshake.
@@ -1735,7 +1748,7 @@ module Aws::Organizations
1735
1748
  # ListHandshakesForAccount or ListHandshakesForOrganization.
1736
1749
  #
1737
1750
  # The [regex pattern][1] for handshake ID string requires "h-"
1738
- # followed by from 8 to 32 lower-case letters or digits.
1751
+ # followed by from 8 to 32 lowercase letters or digits.
1739
1752
  #
1740
1753
  #
1741
1754
  #
@@ -1878,7 +1891,7 @@ module Aws::Organizations
1878
1891
  # resp.organization.master_account_id #=> String
1879
1892
  # resp.organization.master_account_email #=> String
1880
1893
  # resp.organization.available_policy_types #=> Array
1881
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
1894
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1882
1895
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1883
1896
  #
1884
1897
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
@@ -1901,9 +1914,9 @@ module Aws::Organizations
1901
1914
  # ListOrganizationalUnitsForParent operation.
1902
1915
  #
1903
1916
  # The [regex pattern][1] for an organizational unit ID string requires
1904
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
1905
- # of the root that contains the OU) followed by a second "-" dash and
1906
- # from 8 to 32 additional lower-case letters or digits.
1917
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
1918
+ # of the root that contains the OU). This string is followed by a second
1919
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
1907
1920
  #
1908
1921
  #
1909
1922
  #
@@ -1963,7 +1976,7 @@ module Aws::Organizations
1963
1976
  # operations.
1964
1977
  #
1965
1978
  # The [regex pattern][1] for a policy ID string requires "p-" followed
1966
- # by from 8 to 128 lower-case letters or digits.
1979
+ # by from 8 to 128 lowercase letters or digits.
1967
1980
  #
1968
1981
  #
1969
1982
  #
@@ -2009,7 +2022,7 @@ module Aws::Organizations
2009
2022
  # resp.policy.policy_summary.arn #=> String
2010
2023
  # resp.policy.policy_summary.name #=> String
2011
2024
  # resp.policy.policy_summary.description #=> String
2012
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
2025
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2013
2026
  # resp.policy.policy_summary.aws_managed #=> Boolean
2014
2027
  # resp.policy.content #=> String
2015
2028
  #
@@ -2028,15 +2041,15 @@ module Aws::Organizations
2028
2041
  # accounts are immediate.
2029
2042
  #
2030
2043
  # **Note:** Every root, OU, and account must have at least one SCP
2031
- # attached. If you want to replace the default `FullAWSAccess` policy
2032
- # with one that limits the permissions that can be delegated, you must
2033
- # attach the replacement policy before you can remove the default one.
2034
- # This is the authorization strategy of [whitelisting][1]. If you
2035
- # instead attach a second SCP and leave the `FullAWSAccess` SCP still
2036
- # attached, and specify `"Effect": "Deny"` in the second SCP to override
2037
- # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
2038
- # attached SCP), you're using the authorization strategy of
2039
- # [blacklisting][2] .
2044
+ # attached. You can replace the default `FullAWSAccess` policy with one
2045
+ # that limits the permissions that can be delegated. To do that, you
2046
+ # must attach the replacement policy before you can remove the default
2047
+ # one. This is the authorization strategy of using an [allow list][1].
2048
+ # You could instead attach a second SCP and leave the `FullAWSAccess`
2049
+ # SCP still attached. You could then specify `"Effect": "Deny"` in the
2050
+ # second SCP to override the `"Effect": "Allow"` in the `FullAWSAccess`
2051
+ # policy (or any other attached SCP). If you take these steps, you're
2052
+ # using the authorization strategy of a [deny list][2].
2040
2053
  #
2041
2054
  # This operation can be called only from the organization's master
2042
2055
  # account.
@@ -2051,7 +2064,7 @@ module Aws::Organizations
2051
2064
  # get the ID from the ListPolicies or ListPoliciesForTarget operations.
2052
2065
  #
2053
2066
  # The [regex pattern][1] for a policy ID string requires "p-" followed
2054
- # by from 8 to 128 lower-case letters or digits.
2067
+ # by from 8 to 128 lowercase letters or digits.
2055
2068
  #
2056
2069
  #
2057
2070
  #
@@ -2066,14 +2079,14 @@ module Aws::Organizations
2066
2079
  # following:
2067
2080
  #
2068
2081
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
2069
- # lower-case letters or digits.
2082
+ # lowercase letters or digits.
2070
2083
  #
2071
2084
  # * **Account** - A string that consists of exactly 12 digits.
2072
2085
  #
2073
2086
  # * **Organizational unit (OU)** - A string that begins with "ou-"
2074
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
2075
- # root that the OU is in) followed by a second "-" dash and from 8
2076
- # to 32 additional lower-case letters or digits.
2087
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
2088
+ # root that the OU is in). This string is followed by a second "-"
2089
+ # dash and from 8 to 32 additional lowercase letters or digits.
2077
2090
  #
2078
2091
  #
2079
2092
  #
@@ -2128,8 +2141,9 @@ module Aws::Organizations
2128
2141
  #
2129
2142
  # After you perform the `DisableAWSServiceAccess` operation, the
2130
2143
  # specified service can no longer perform operations in your
2131
- # organization's accounts unless the operations are explicitly
2132
- # permitted by the IAM policies that are attached to your roles.
2144
+ # organization's accounts. The only exception is when the operations
2145
+ # are explicitly permitted by IAM policies that are attached to your
2146
+ # roles.
2133
2147
  #
2134
2148
  # For more information about integrating other services with AWS
2135
2149
  # Organizations, including the list of services that work with
@@ -2166,12 +2180,13 @@ module Aws::Organizations
2166
2180
  req.send_request(options)
2167
2181
  end
2168
2182
 
2169
- # Disables an organizational control policy type in a root. A policy of
2170
- # a certain type can be attached to entities in a root only if that type
2171
- # is enabled in the root. After you perform this operation, you no
2172
- # longer can attach policies of the specified type to that root or to
2173
- # any organizational unit (OU) or account in that root. You can undo
2174
- # this by using the EnablePolicyType operation.
2183
+ # Disables an organizational control policy type in a root and detaches
2184
+ # all policies of that type from the organization root, OUs, and
2185
+ # accounts. A policy of a certain type can be attached to entities in a
2186
+ # root only if that type is enabled in the root. After you perform this
2187
+ # operation, you no longer can attach policies of the specified type to
2188
+ # that root or to any organizational unit (OU) or account in that root.
2189
+ # You can undo this by using the EnablePolicyType operation.
2175
2190
  #
2176
2191
  # This is an asynchronous request that AWS performs in the background.
2177
2192
  # If you disable a policy for a root, it still appears enabled for the
@@ -2194,7 +2209,7 @@ module Aws::Organizations
2194
2209
  # policy type. You can get the ID from the ListRoots operation.
2195
2210
  #
2196
2211
  # The [regex pattern][1] for a root ID string requires "r-" followed
2197
- # by from 4 to 32 lower-case letters or digits.
2212
+ # by from 4 to 32 lowercase letters or digits.
2198
2213
  #
2199
2214
  #
2200
2215
  #
@@ -2233,7 +2248,7 @@ module Aws::Organizations
2233
2248
  #
2234
2249
  # resp = client.disable_policy_type({
2235
2250
  # root_id: "RootId", # required
2236
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2251
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2237
2252
  # })
2238
2253
  #
2239
2254
  # @example Response structure
@@ -2242,7 +2257,7 @@ module Aws::Organizations
2242
2257
  # resp.root.arn #=> String
2243
2258
  # resp.root.name #=> String
2244
2259
  # resp.root.policy_types #=> Array
2245
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2260
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2246
2261
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2247
2262
  #
2248
2263
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
@@ -2307,7 +2322,7 @@ module Aws::Organizations
2307
2322
  # Enables all features in an organization. This enables the use of
2308
2323
  # organization policies that can restrict the services and actions that
2309
2324
  # can be called in each account. Until you enable all features, you have
2310
- # access only to consolidated billing, and you can't use any of the
2325
+ # access only to consolidated billing. You can't use any of the
2311
2326
  # advanced account administration features that AWS Organizations
2312
2327
  # supports. For more information, see [Enabling All Features in Your
2313
2328
  # Organization][1] in the *AWS Organizations User Guide.*
@@ -2317,7 +2332,8 @@ module Aws::Organizations
2317
2332
  # Calling this operation sends a handshake to every invited account in
2318
2333
  # the organization. The feature set change can be finalized and the
2319
2334
  # additional features enabled only after all administrators in the
2320
- # invited accounts approve the change by accepting the handshake.
2335
+ # invited accounts approve the change. Accepting the handshake approves
2336
+ # the change.
2321
2337
  #
2322
2338
  # After you enable all features, you can separately enable or disable
2323
2339
  # individual policy types in a root using EnablePolicyType and
@@ -2428,7 +2444,7 @@ module Aws::Organizations
2428
2444
  # policy type. You can get the ID from the ListRoots operation.
2429
2445
  #
2430
2446
  # The [regex pattern][1] for a root ID string requires "r-" followed
2431
- # by from 4 to 32 lower-case letters or digits.
2447
+ # by from 4 to 32 lowercase letters or digits.
2432
2448
  #
2433
2449
  #
2434
2450
  #
@@ -2471,7 +2487,7 @@ module Aws::Organizations
2471
2487
  #
2472
2488
  # resp = client.enable_policy_type({
2473
2489
  # root_id: "RootId", # required
2474
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
2490
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2475
2491
  # })
2476
2492
  #
2477
2493
  # @example Response structure
@@ -2480,7 +2496,7 @@ module Aws::Organizations
2480
2496
  # resp.root.arn #=> String
2481
2497
  # resp.root.name #=> String
2482
2498
  # resp.root.policy_types #=> Array
2483
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
2499
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2484
2500
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2485
2501
  #
2486
2502
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
@@ -2499,18 +2515,18 @@ module Aws::Organizations
2499
2515
  # response.
2500
2516
  #
2501
2517
  # * You can invite AWS accounts only from the same seller as the master
2502
- # account. For example, if your organization's master account was
2503
- # created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller
2504
- # in India, you can invite only other AISPL accounts to your
2505
- # organization. You can't combine accounts from AISPL and AWS or from
2506
- # any other AWS seller. For more information, see [Consolidated
2518
+ # account. For example, assume that your organization's master
2519
+ # account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
2520
+ # AWS seller in India. You can invite only other AISPL accounts to
2521
+ # your organization. You can't combine accounts from AISPL and AWS or
2522
+ # from any other AWS seller. For more information, see [Consolidated
2507
2523
  # Billing in India][1].
2508
2524
  #
2509
- # * If you receive an exception that indicates that you exceeded your
2525
+ # * You might receive an exception that indicates that you exceeded your
2510
2526
  # account limits for the organization or that the operation failed
2511
- # because your organization is still initializing, wait one hour and
2512
- # then try again. If the error persists after an hour, contact [AWS
2513
- # Support][2].
2527
+ # because your organization is still initializing. If so, wait one
2528
+ # hour and then try again. If the error persists after an hour,
2529
+ # contact [AWS Support][2].
2514
2530
  #
2515
2531
  # This operation can be called only from the organization's master
2516
2532
  # account.
@@ -2651,19 +2667,19 @@ module Aws::Organizations
2651
2667
  #
2652
2668
  # * The master account in an organization with all features enabled can
2653
2669
  # set service control policies (SCPs) that can restrict what
2654
- # administrators of member accounts can do, including preventing them
2655
- # from successfully calling `LeaveOrganization` and leaving the
2656
- # organization.
2670
+ # administrators of member accounts can do. These restrictions can
2671
+ # include preventing member accounts from successfully calling
2672
+ # `LeaveOrganization`.
2657
2673
  #
2658
2674
  # * You can leave an organization as a member account only if the
2659
2675
  # account is configured with the information required to operate as a
2660
2676
  # standalone account. When you create an account in an organization
2661
- # using the AWS Organizations console, API, or CLI commands, the
2662
- # information required of standalone accounts is *not* automatically
2663
- # collected. For each account that you want to make standalone, you
2664
- # must accept the end user license agreement (EULA), choose a support
2665
- # plan, provide and verify the required contact information, and
2666
- # provide a current payment method. AWS uses the payment method to
2677
+ # using the AWS Organizations console, API, or CLI, the information
2678
+ # required of standalone accounts is *not* automatically collected.
2679
+ # For each account that you want to make standalone, you must accept
2680
+ # the end user license agreement (EULA). You must also choose a
2681
+ # support plan, provide and verify the required contact information,
2682
+ # and provide a current payment method. AWS uses the payment method to
2667
2683
  # charge for any billable (not free tier) AWS activity that occurs
2668
2684
  # while the account isn't attached to an organization. Follow the
2669
2685
  # steps at [ To leave an organization when all required account
@@ -3009,12 +3025,12 @@ module Aws::Organizations
3009
3025
  # following:
3010
3026
  #
3011
3027
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3012
- # lower-case letters or digits.
3028
+ # lowercase letters or digits.
3013
3029
  #
3014
3030
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3015
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3016
- # root that the OU is in) followed by a second "-" dash and from 8
3017
- # to 32 additional lower-case letters or digits.
3031
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3032
+ # root that the OU is in). This string is followed by a second "-"
3033
+ # dash and from 8 to 32 additional lowercase letters or digits.
3018
3034
  #
3019
3035
  #
3020
3036
  #
@@ -3204,7 +3220,7 @@ module Aws::Organizations
3204
3220
  # resp.create_account_statuses[0].completed_timestamp #=> Time
3205
3221
  # resp.create_account_statuses[0].account_id #=> String
3206
3222
  # resp.create_account_statuses[0].gov_cloud_account_id #=> String
3207
- # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
3223
+ # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
3208
3224
  # resp.next_token #=> String
3209
3225
  #
3210
3226
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -3237,10 +3253,11 @@ module Aws::Organizations
3237
3253
  # Filters the handshakes that you want included in the response. The
3238
3254
  # default is all types. Use the `ActionType` element to limit the output
3239
3255
  # to only a specified type, such as `INVITE`, `ENABLE_ALL_FEATURES`, or
3240
- # `APPROVE_ALL_FEATURES`. Alternatively, for the `ENABLE_ALL_FEATURES`
3241
- # handshake that generates a separate child handshake for each member
3242
- # account, you can specify `ParentHandshakeId` to see only the
3243
- # handshakes that were generated by that parent request.
3256
+ # `APPROVE_ALL_FEATURES`. Alternatively, you can specify the
3257
+ # `ENABLE_ALL_FEATURES` handshake, which generates a separate child
3258
+ # handshake for each member account. When you do specify
3259
+ # `ParentHandshakeId` to see only the handshakes that were generated by
3260
+ # that parent request.
3244
3261
  #
3245
3262
  # @option params [String] :next_token
3246
3263
  # Use this parameter if you receive a `NextToken` response in a previous
@@ -3384,10 +3401,11 @@ module Aws::Organizations
3384
3401
  # A filter of the handshakes that you want included in the response. The
3385
3402
  # default is all types. Use the `ActionType` element to limit the output
3386
3403
  # to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
3387
- # `APPROVE-ALL-FEATURES`. Alternatively, for the `ENABLE-ALL-FEATURES`
3388
- # handshake that generates a separate child handshake for each member
3389
- # account, you can specify the `ParentHandshakeId` to see only the
3390
- # handshakes that were generated by that parent request.
3404
+ # `APPROVE-ALL-FEATURES`. Alternatively, you can specify the
3405
+ # `ENABLE-ALL-FEATURES` handshake, which generates a separate child
3406
+ # handshake for each member account. When you do, specify the
3407
+ # `ParentHandshakeId` to see only the handshakes that were generated by
3408
+ # that parent request.
3391
3409
  #
3392
3410
  # @option params [String] :next_token
3393
3411
  # Use this parameter if you receive a `NextToken` response in a previous
@@ -3570,12 +3588,12 @@ module Aws::Organizations
3570
3588
  # following:
3571
3589
  #
3572
3590
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3573
- # lower-case letters or digits.
3591
+ # lowercase letters or digits.
3574
3592
  #
3575
3593
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3576
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3577
- # root that the OU is in) followed by a second "-" dash and from 8
3578
- # to 32 additional lower-case letters or digits.
3594
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3595
+ # root that the OU is in). This string is followed by a second "-"
3596
+ # dash and from 8 to 32 additional lowercase letters or digits.
3579
3597
  #
3580
3598
  #
3581
3599
  #
@@ -3684,9 +3702,9 @@ module Aws::Organizations
3684
3702
  # * **Account** - A string that consists of exactly 12 digits.
3685
3703
  #
3686
3704
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3687
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3688
- # root that contains the OU) followed by a second "-" dash and from
3689
- # 8 to 32 additional lower-case letters or digits.
3705
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3706
+ # root that contains the OU). This string is followed by a second
3707
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
3690
3708
  #
3691
3709
  #
3692
3710
  #
@@ -3840,7 +3858,7 @@ module Aws::Organizations
3840
3858
  # @example Request syntax with placeholder values
3841
3859
  #
3842
3860
  # resp = client.list_policies({
3843
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
3861
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3844
3862
  # next_token: "NextToken",
3845
3863
  # max_results: 1,
3846
3864
  # })
@@ -3852,7 +3870,7 @@ module Aws::Organizations
3852
3870
  # resp.policies[0].arn #=> String
3853
3871
  # resp.policies[0].name #=> String
3854
3872
  # resp.policies[0].description #=> String
3855
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
3873
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
3856
3874
  # resp.policies[0].aws_managed #=> Boolean
3857
3875
  # resp.next_token #=> String
3858
3876
  #
@@ -3888,14 +3906,14 @@ module Aws::Organizations
3888
3906
  # following:
3889
3907
  #
3890
3908
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
3891
- # lower-case letters or digits.
3909
+ # lowercase letters or digits.
3892
3910
  #
3893
3911
  # * **Account** - A string that consists of exactly 12 digits.
3894
3912
  #
3895
3913
  # * **Organizational unit (OU)** - A string that begins with "ou-"
3896
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
3897
- # root that the OU is in) followed by a second "-" dash and from 8
3898
- # to 32 additional lower-case letters or digits.
3914
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
3915
+ # root that the OU is in). This string is followed by a second "-"
3916
+ # dash and from 8 to 32 additional lowercase letters or digits.
3899
3917
  #
3900
3918
  #
3901
3919
  #
@@ -3957,7 +3975,7 @@ module Aws::Organizations
3957
3975
  #
3958
3976
  # resp = client.list_policies_for_target({
3959
3977
  # target_id: "PolicyTargetId", # required
3960
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
3978
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3961
3979
  # next_token: "NextToken",
3962
3980
  # max_results: 1,
3963
3981
  # })
@@ -3969,7 +3987,7 @@ module Aws::Organizations
3969
3987
  # resp.policies[0].arn #=> String
3970
3988
  # resp.policies[0].name #=> String
3971
3989
  # resp.policies[0].description #=> String
3972
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
3990
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
3973
3991
  # resp.policies[0].aws_managed #=> Boolean
3974
3992
  # resp.next_token #=> String
3975
3993
  #
@@ -4066,7 +4084,7 @@ module Aws::Organizations
4066
4084
  # resp.roots[0].arn #=> String
4067
4085
  # resp.roots[0].name #=> String
4068
4086
  # resp.roots[0].policy_types #=> Array
4069
- # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
4087
+ # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4070
4088
  # resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
4071
4089
  # resp.next_token #=> String
4072
4090
  #
@@ -4142,7 +4160,7 @@ module Aws::Organizations
4142
4160
  # know.
4143
4161
  #
4144
4162
  # The [regex pattern][1] for a policy ID string requires "p-" followed
4145
- # by from 8 to 128 lower-case letters or digits.
4163
+ # by from 8 to 128 lowercase letters or digits.
4146
4164
  #
4147
4165
  #
4148
4166
  #
@@ -4255,12 +4273,12 @@ module Aws::Organizations
4255
4273
  # following:
4256
4274
  #
4257
4275
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
4258
- # lower-case letters or digits.
4276
+ # lowercase letters or digits.
4259
4277
  #
4260
4278
  # * **Organizational unit (OU)** - A string that begins with "ou-"
4261
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
4262
- # root that the OU is in) followed by a second "-" dash and from 8
4263
- # to 32 additional lower-case letters or digits.
4279
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
4280
+ # root that the OU is in). This string is followed by a second "-"
4281
+ # dash and from 8 to 32 additional lowercase letters or digits.
4264
4282
  #
4265
4283
  #
4266
4284
  #
@@ -4274,12 +4292,12 @@ module Aws::Organizations
4274
4292
  # following:
4275
4293
  #
4276
4294
  # * **Root** - A string that begins with "r-" followed by from 4 to 32
4277
- # lower-case letters or digits.
4295
+ # lowercase letters or digits.
4278
4296
  #
4279
4297
  # * **Organizational unit (OU)** - A string that begins with "ou-"
4280
- # followed by from 4 to 32 lower-case letters or digits (the ID of the
4281
- # root that the OU is in) followed by a second "-" dash and from 8
4282
- # to 32 additional lower-case letters or digits.
4298
+ # followed by from 4 to 32 lowercase letters or digits (the ID of the
4299
+ # root that the OU is in). This string is followed by a second "-"
4300
+ # dash and from 8 to 32 additional lowercase letters or digits.
4283
4301
  #
4284
4302
  #
4285
4303
  #
@@ -4330,15 +4348,15 @@ module Aws::Organizations
4330
4348
  # You can remove an account from your organization only if the account
4331
4349
  # is configured with the information required to operate as a standalone
4332
4350
  # account. When you create an account in an organization using the AWS
4333
- # Organizations console, API, or CLI commands, the information required
4334
- # of standalone accounts is *not* automatically collected. For an
4335
- # account that you want to make standalone, you must accept the end user
4336
- # license agreement (EULA), choose a support plan, provide and verify
4337
- # the required contact information, and provide a current payment
4351
+ # Organizations console, API, or CLI, the information required of
4352
+ # standalone accounts is *not* automatically collected. For an account
4353
+ # that you want to make standalone, you must accept the end user license
4354
+ # agreement (EULA). You must also choose a support plan, provide and
4355
+ # verify the required contact information, and provide a current payment
4338
4356
  # method. AWS uses the payment method to charge for any billable (not
4339
4357
  # free tier) AWS activity that occurs while the account isn't attached
4340
4358
  # to an organization. To remove an account that doesn't yet have this
4341
- # information, you must sign in as the member account and follow the
4359
+ # information, you must sign in as the member account. Then follow the
4342
4360
  # steps at [ To leave an organization when all required account
4343
4361
  # information has not yet been provided][1] in the *AWS Organizations
4344
4362
  # User Guide.*
@@ -4465,9 +4483,9 @@ module Aws::Organizations
4465
4483
  # get the ID from the ListOrganizationalUnitsForParent operation.
4466
4484
  #
4467
4485
  # The [regex pattern][1] for an organizational unit ID string requires
4468
- # "ou-" followed by from 4 to 32 lower-case letters or digits (the ID
4469
- # of the root that contains the OU) followed by a second "-" dash and
4470
- # from 8 to 32 additional lower-case letters or digits.
4486
+ # "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
4487
+ # of the root that contains the OU). This string is followed by a second
4488
+ # "-" dash and from 8 to 32 additional lowercase letters or digits.
4471
4489
  #
4472
4490
  #
4473
4491
  #
@@ -4539,7 +4557,7 @@ module Aws::Organizations
4539
4557
  # The unique identifier (ID) of the policy that you want to update.
4540
4558
  #
4541
4559
  # The [regex pattern][1] for a policy ID string requires "p-" followed
4542
- # by from 8 to 128 lower-case letters or digits.
4560
+ # by from 8 to 128 lowercase letters or digits.
4543
4561
  #
4544
4562
  #
4545
4563
  #
@@ -4639,7 +4657,7 @@ module Aws::Organizations
4639
4657
  # resp.policy.policy_summary.arn #=> String
4640
4658
  # resp.policy.policy_summary.name #=> String
4641
4659
  # resp.policy.policy_summary.description #=> String
4642
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
4660
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4643
4661
  # resp.policy.policy_summary.aws_managed #=> Boolean
4644
4662
  # resp.policy.content #=> String
4645
4663
  #
@@ -4665,7 +4683,7 @@ module Aws::Organizations
4665
4683
  params: params,
4666
4684
  config: config)
4667
4685
  context[:gem_name] = 'aws-sdk-organizations'
4668
- context[:gem_version] = '1.34.0'
4686
+ context[:gem_version] = '1.35.0'
4669
4687
  Seahorse::Client::Request.new(handlers, context)
4670
4688
  end
4671
4689