aws-sdk-organizations 1.34.0 → 1.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +1 -1
- data/lib/aws-sdk-organizations/client.rb +247 -229
- data/lib/aws-sdk-organizations/client_api.rb +58 -0
- data/lib/aws-sdk-organizations/errors.rb +32 -0
- data/lib/aws-sdk-organizations/types.rb +249 -143
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ca2aa56827f96c8148f0962e35b1703dc5d802f9
|
4
|
+
data.tar.gz: e844782734f24f8de7378ab43d8d0c54805c4e40
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00b78b726380de427a1ab756f0cc1e3e31fd2253096c756a87ba007cd2a2f23db62c266ca4a05492bd1148f17954c7bdb03a1494f179f55e5cc3496ac122f861
|
7
|
+
data.tar.gz: 693bf2298c46a3aa57700887f7be339754bf4b0e8000f31f444a98d98c6fb7e62cb2a4c3fb232e4c35e3ccb2ae304a0e0052442c01f5d417efd0a2afb7c8b444
|
@@ -304,7 +304,7 @@ module Aws::Organizations
|
|
304
304
|
# The unique identifier (ID) of the handshake that you want to accept.
|
305
305
|
#
|
306
306
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
307
|
-
# followed by from 8 to 32
|
307
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
308
308
|
#
|
309
309
|
#
|
310
310
|
#
|
@@ -402,54 +402,23 @@ module Aws::Organizations
|
|
402
402
|
end
|
403
403
|
|
404
404
|
# Attaches a policy to a root, an organizational unit (OU), or an
|
405
|
-
# individual account.
|
406
|
-
#
|
407
|
-
#
|
408
|
-
#
|
409
|
-
#
|
410
|
-
#
|
411
|
-
#
|
412
|
-
#
|
413
|
-
#
|
414
|
-
#
|
415
|
-
# * If you attach an SCP to an OU, it affects all accounts in that OU
|
416
|
-
# and in any child OUs.
|
417
|
-
#
|
418
|
-
# * If you attach the policy directly to an account, it affects only
|
419
|
-
# that account.
|
420
|
-
#
|
421
|
-
# SCPs are JSON policies that specify the maximum permissions for an
|
422
|
-
# organization or organizational unit (OU). You can attach one SCP to
|
423
|
-
# a higher level root or OU, and a different SCP to a child OU or to
|
424
|
-
# an account. The child policy can further restrict only the
|
425
|
-
# permissions that pass through the parent filter and are available to
|
426
|
-
# the child. An SCP that is attached to a child can't grant a
|
427
|
-
# permission that the parent hasn't already granted. For example,
|
428
|
-
# imagine that the parent SCP allows permissions A, B, C, D, and E.
|
429
|
-
# The child SCP allows C, D, E, F, and G. The result is that the
|
430
|
-
# accounts affected by the child SCP are allowed to use only C, D, and
|
431
|
-
# E. They can't use A or B because the child OU filtered them out.
|
432
|
-
# They also can't use F and G because the parent OU filtered them
|
433
|
-
# out. They can't be granted back by the child SCP; child SCPs can
|
434
|
-
# only filter the permissions they receive from the parent SCP.
|
435
|
-
#
|
436
|
-
# AWS Organizations attaches a default SCP named `"FullAWSAccess` to
|
437
|
-
# every root, OU, and account. This default SCP allows all services
|
438
|
-
# and actions, enabling any new child OU or account to inherit the
|
439
|
-
# permissions of the parent root or OU. If you detach the default
|
440
|
-
# policy, you must replace it with a policy that specifies the
|
441
|
-
# permissions that you want to allow in that OU or account.
|
442
|
-
#
|
443
|
-
# For more information about how AWS Organizations policies
|
444
|
-
# permissions work, see [Using Service Control Policies][1] in the
|
445
|
-
# *AWS Organizations User Guide.*
|
405
|
+
# individual account.
|
406
|
+
#
|
407
|
+
# How the policy affects accounts depends on the type of policy:
|
408
|
+
#
|
409
|
+
# * For more information about attaching SCPs, see [How SCPs Work][1] in
|
410
|
+
# the *AWS Organizations User Guide.*
|
411
|
+
#
|
412
|
+
# * For information about attaching tag policies, see [How Policy
|
413
|
+
# Inheritance Works][2] in the *AWS Organizations User Guide.*
|
446
414
|
#
|
447
415
|
# This operation can be called only from the organization's master
|
448
416
|
# account.
|
449
417
|
#
|
450
418
|
#
|
451
419
|
#
|
452
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
420
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html
|
421
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
|
453
422
|
#
|
454
423
|
# @option params [required, String] :policy_id
|
455
424
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -457,7 +426,7 @@ module Aws::Organizations
|
|
457
426
|
# ListPolicies operation.
|
458
427
|
#
|
459
428
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
460
|
-
# by from 8 to 128
|
429
|
+
# by from 8 to 128 lowercase letters or digits.
|
461
430
|
#
|
462
431
|
#
|
463
432
|
#
|
@@ -472,14 +441,14 @@ module Aws::Organizations
|
|
472
441
|
# following:
|
473
442
|
#
|
474
443
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
475
|
-
#
|
444
|
+
# lowercase letters or digits.
|
476
445
|
#
|
477
446
|
# * **Account** - A string that consists of exactly 12 digits.
|
478
447
|
#
|
479
448
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
480
|
-
# followed by from 4 to 32
|
481
|
-
# root that the OU is in) followed by a second "-"
|
482
|
-
# to 32 additional
|
449
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
450
|
+
# root that the OU is in). This string is followed by a second "-"
|
451
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
483
452
|
#
|
484
453
|
#
|
485
454
|
#
|
@@ -538,7 +507,7 @@ module Aws::Organizations
|
|
538
507
|
# You can get the ID from the ListHandshakesForOrganization operation.
|
539
508
|
#
|
540
509
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
541
|
-
# followed by from 8 to 32
|
510
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
542
511
|
#
|
543
512
|
#
|
544
513
|
#
|
@@ -679,14 +648,14 @@ module Aws::Organizations
|
|
679
648
|
# Account in Your Organization][3] in the *AWS Organizations User
|
680
649
|
# Guide.*
|
681
650
|
#
|
682
|
-
# * When you create an account in an organization
|
683
|
-
#
|
684
|
-
#
|
685
|
-
#
|
686
|
-
#
|
687
|
-
#
|
688
|
-
#
|
689
|
-
#
|
651
|
+
# * When you create an account in an organization, the information
|
652
|
+
# required for the account to operate as a standalone account is *not*
|
653
|
+
# automatically collected. For example, information about the payment
|
654
|
+
# method and signing the end user license agreement (EULA) is not
|
655
|
+
# collected. If you must remove an account from your organization
|
656
|
+
# later, you can do so only after you provide the missing information.
|
657
|
+
# Follow the steps at [ To leave an organization as a member
|
658
|
+
# account][4] in the *AWS Organizations User Guide*.
|
690
659
|
#
|
691
660
|
# * If you get an exception that indicates that you exceeded your
|
692
661
|
# account limits for the organization, contact [AWS Support][5].
|
@@ -747,14 +716,13 @@ module Aws::Organizations
|
|
747
716
|
#
|
748
717
|
# For more information about how to use this role to access the member
|
749
718
|
# account, see [Accessing and Administering the Member Accounts in Your
|
750
|
-
# Organization][1] in the *AWS Organizations User Guide
|
751
|
-
# and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
719
|
+
# Organization][1] in the *AWS Organizations User Guide*. Also see steps
|
720
|
+
# 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
752
721
|
# Roles][2] in the *IAM User Guide.*
|
753
722
|
#
|
754
|
-
# The [regex pattern][3] that is used to validate this parameter
|
755
|
-
#
|
756
|
-
#
|
757
|
-
# =,.@-
|
723
|
+
# The [regex pattern][3] that is used to validate this parameter. The
|
724
|
+
# pattern can include uppercase letters, lowercase letters, digits with
|
725
|
+
# no spaces, and any of the following characters: =,.@-
|
758
726
|
#
|
759
727
|
#
|
760
728
|
#
|
@@ -770,9 +738,9 @@ module Aws::Organizations
|
|
770
738
|
# the Billing and Cost Management Console][1] in the *AWS Billing and
|
771
739
|
# Cost Management User Guide*.
|
772
740
|
#
|
773
|
-
# If you don't specify this parameter, the value defaults to `ALLOW
|
774
|
-
#
|
775
|
-
# billing information for the new account.
|
741
|
+
# If you don't specify this parameter, the value defaults to `ALLOW`.
|
742
|
+
# This value allows IAM users and roles with the required permissions to
|
743
|
+
# access billing information for the new account.
|
776
744
|
#
|
777
745
|
#
|
778
746
|
#
|
@@ -821,7 +789,7 @@ module Aws::Organizations
|
|
821
789
|
# resp.create_account_status.completed_timestamp #=> Time
|
822
790
|
# resp.create_account_status.account_id #=> String
|
823
791
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
824
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
|
792
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
825
793
|
#
|
826
794
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
827
795
|
#
|
@@ -896,24 +864,24 @@ module Aws::Organizations
|
|
896
864
|
# allows the master account in the organization in the commercial Region
|
897
865
|
# to assume it. An AWS GovCloud (US) account is then created and
|
898
866
|
# associated with the commercial account that you just created. A role
|
899
|
-
# is created in the new AWS GovCloud (US) account
|
900
|
-
# the AWS GovCloud (US) account that is associated with the
|
901
|
-
# account of the commercial organization. For more information
|
902
|
-
# view a diagram that explains how account access works, see [AWS
|
867
|
+
# is created in the new AWS GovCloud (US) account. This role can be
|
868
|
+
# assumed by the AWS GovCloud (US) account that is associated with the
|
869
|
+
# master account of the commercial organization. For more information
|
870
|
+
# and to view a diagram that explains how account access works, see [AWS
|
903
871
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
904
872
|
#
|
905
873
|
# For more information about creating accounts, see [Creating an AWS
|
906
874
|
# Account in Your Organization][6] in the *AWS Organizations User
|
907
875
|
# Guide.*
|
908
876
|
#
|
909
|
-
# *
|
910
|
-
# Organizations console, API, or CLI commands, the
|
911
|
-
# required for the account to operate as a standalone
|
912
|
-
# a payment method
|
913
|
-
#
|
914
|
-
#
|
915
|
-
#
|
916
|
-
#
|
877
|
+
# * You can create an account in an organization using the AWS
|
878
|
+
# Organizations console, API, or CLI commands. When you do, the
|
879
|
+
# information required for the account to operate as a standalone
|
880
|
+
# account, such as a payment method, is *not* automatically collected.
|
881
|
+
# If you must remove an account from your organization later, you can
|
882
|
+
# do so only after you provide the missing information. Follow the
|
883
|
+
# steps at [ To leave an organization as a member account][7] in the
|
884
|
+
# *AWS Organizations User Guide.*
|
917
885
|
#
|
918
886
|
# * If you get an exception that indicates that you exceeded your
|
919
887
|
# account limits for the organization, contact [AWS Support][8].
|
@@ -961,8 +929,8 @@ module Aws::Organizations
|
|
961
929
|
# of the account or remove an account that was created with an invalid
|
962
930
|
# email address. Like all request parameters for
|
963
931
|
# `CreateGovCloudAccount`, the request for the email address for the AWS
|
964
|
-
# GovCloud (US) account originates from the commercial Region
|
965
|
-
# the AWS GovCloud (US) Region.
|
932
|
+
# GovCloud (US) account originates from the commercial Region. It does
|
933
|
+
# not come from the AWS GovCloud (US) Region.
|
966
934
|
#
|
967
935
|
# @option params [required, String] :account_name
|
968
936
|
# The friendly name of the member account.
|
@@ -982,14 +950,13 @@ module Aws::Organizations
|
|
982
950
|
#
|
983
951
|
# For more information about how to use this role to access the member
|
984
952
|
# account, see [Accessing and Administering the Member Accounts in Your
|
985
|
-
# Organization][1] in the *AWS Organizations User Guide
|
986
|
-
# 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
953
|
+
# Organization][1] in the *AWS Organizations User Guide*. See also steps
|
954
|
+
# 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
987
955
|
# Roles][2] in the *IAM User Guide.*
|
988
956
|
#
|
989
|
-
# The [regex pattern][3] that is used to validate this parameter
|
990
|
-
#
|
991
|
-
#
|
992
|
-
# =,.@-
|
957
|
+
# The [regex pattern][3] that is used to validate this parameter. The
|
958
|
+
# pattern can include uppercase letters, lowercase letters, digits with
|
959
|
+
# no spaces, and any of the following characters: =,.@-
|
993
960
|
#
|
994
961
|
#
|
995
962
|
#
|
@@ -1035,7 +1002,7 @@ module Aws::Organizations
|
|
1035
1002
|
# resp.create_account_status.completed_timestamp #=> Time
|
1036
1003
|
# resp.create_account_status.account_id #=> String
|
1037
1004
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1038
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
|
1005
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1039
1006
|
#
|
1040
1007
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
|
1041
1008
|
#
|
@@ -1055,12 +1022,11 @@ module Aws::Organizations
|
|
1055
1022
|
# must also have the relevant IAM permissions.
|
1056
1023
|
#
|
1057
1024
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
1058
|
-
# new organization is created with all features enabled
|
1059
|
-
# control policies automatically enabled in the root. If you
|
1060
|
-
#
|
1061
|
-
# billing features
|
1062
|
-
#
|
1063
|
-
# you can't use organization policies.
|
1025
|
+
# new organization is created with all features enabled. In addition,
|
1026
|
+
# service control policies are automatically enabled in the root. If you
|
1027
|
+
# instead create the organization supporting only the consolidated
|
1028
|
+
# billing features, no policy types are enabled by default, and you
|
1029
|
+
# can't use organization policies.
|
1064
1030
|
#
|
1065
1031
|
#
|
1066
1032
|
#
|
@@ -1078,9 +1044,9 @@ module Aws::Organizations
|
|
1078
1044
|
# The consolidated billing feature subset isn't available for
|
1079
1045
|
# organizations in the AWS GovCloud (US) Region.
|
1080
1046
|
#
|
1081
|
-
# * `ALL`\: In addition to all the features
|
1082
|
-
#
|
1083
|
-
#
|
1047
|
+
# * `ALL`\: In addition to all the features that consolidated billing
|
1048
|
+
# feature set supports, the master account can also apply any policy
|
1049
|
+
# type to any member account in the organization. For more
|
1084
1050
|
# information, see [All features][2] in the *AWS Organizations User
|
1085
1051
|
# Guide.*
|
1086
1052
|
#
|
@@ -1159,7 +1125,7 @@ module Aws::Organizations
|
|
1159
1125
|
# resp.organization.master_account_id #=> String
|
1160
1126
|
# resp.organization.master_account_email #=> String
|
1161
1127
|
# resp.organization.available_policy_types #=> Array
|
1162
|
-
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1128
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
1163
1129
|
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1164
1130
|
#
|
1165
1131
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
|
@@ -1196,12 +1162,12 @@ module Aws::Organizations
|
|
1196
1162
|
# following:
|
1197
1163
|
#
|
1198
1164
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
1199
|
-
#
|
1165
|
+
# lowercase letters or digits.
|
1200
1166
|
#
|
1201
1167
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
1202
|
-
# followed by from 4 to 32
|
1203
|
-
# root that the OU is in) followed by a second "-"
|
1204
|
-
# to 32 additional
|
1168
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
1169
|
+
# root that the OU is in). This string is followed by a second "-"
|
1170
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
1205
1171
|
#
|
1206
1172
|
#
|
1207
1173
|
#
|
@@ -1269,12 +1235,12 @@ module Aws::Organizations
|
|
1269
1235
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
|
1270
1236
|
#
|
1271
1237
|
# @option params [required, String] :content
|
1272
|
-
# The policy content to add to the new policy. For example,
|
1273
|
-
# create a [service control policy][1] (SCP)
|
1274
|
-
#
|
1275
|
-
#
|
1276
|
-
# about the SCP syntax, see [Service Control
|
1277
|
-
# *AWS Organizations User Guide.*
|
1238
|
+
# The policy content to add to the new policy. For example, you could
|
1239
|
+
# create a [service control policy][1] (SCP) that specifies the
|
1240
|
+
# permissions that administrators in attached accounts can delegate to
|
1241
|
+
# their users, groups, and roles. The string for this SCP must be JSON
|
1242
|
+
# text. For more information about the SCP syntax, see [Service Control
|
1243
|
+
# Policy Syntax][2] in the *AWS Organizations User Guide.*
|
1278
1244
|
#
|
1279
1245
|
#
|
1280
1246
|
#
|
@@ -1297,11 +1263,6 @@ module Aws::Organizations
|
|
1297
1263
|
# @option params [required, String] :type
|
1298
1264
|
# The type of policy to create.
|
1299
1265
|
#
|
1300
|
-
# <note markdown="1"> In the current release, the only type of policy that you can create is
|
1301
|
-
# a service control policy (SCP).
|
1302
|
-
#
|
1303
|
-
# </note>
|
1304
|
-
#
|
1305
1266
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1306
1267
|
#
|
1307
1268
|
# * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
|
@@ -1340,7 +1301,7 @@ module Aws::Organizations
|
|
1340
1301
|
# content: "PolicyContent", # required
|
1341
1302
|
# description: "PolicyDescription", # required
|
1342
1303
|
# name: "PolicyName", # required
|
1343
|
-
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
1304
|
+
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
1344
1305
|
# })
|
1345
1306
|
#
|
1346
1307
|
# @example Response structure
|
@@ -1349,7 +1310,7 @@ module Aws::Organizations
|
|
1349
1310
|
# resp.policy.policy_summary.arn #=> String
|
1350
1311
|
# resp.policy.policy_summary.name #=> String
|
1351
1312
|
# resp.policy.policy_summary.description #=> String
|
1352
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1313
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
1353
1314
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
1354
1315
|
# resp.policy.content #=> String
|
1355
1316
|
#
|
@@ -1371,14 +1332,15 @@ module Aws::Organizations
|
|
1371
1332
|
# reinitiate the process with a new handshake request.
|
1372
1333
|
#
|
1373
1334
|
# After you decline a handshake, it continues to appear in the results
|
1374
|
-
# of relevant
|
1335
|
+
# of relevant API operations for only 30 days. After that, it's
|
1336
|
+
# deleted.
|
1375
1337
|
#
|
1376
1338
|
# @option params [required, String] :handshake_id
|
1377
1339
|
# The unique identifier (ID) of the handshake that you want to decline.
|
1378
1340
|
# You can get the ID from the ListHandshakesForAccount operation.
|
1379
1341
|
#
|
1380
1342
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
1381
|
-
# followed by from 8 to 32
|
1343
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
1382
1344
|
#
|
1383
1345
|
#
|
1384
1346
|
#
|
@@ -1503,9 +1465,9 @@ module Aws::Organizations
|
|
1503
1465
|
# operation.
|
1504
1466
|
#
|
1505
1467
|
# The [regex pattern][1] for an organizational unit ID string requires
|
1506
|
-
# "ou-" followed by from 4 to 32
|
1507
|
-
# of the root that contains the OU) followed by a second
|
1508
|
-
# from 8 to 32 additional
|
1468
|
+
# "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
|
1469
|
+
# of the root that contains the OU). This string is followed by a second
|
1470
|
+
# "-" dash and from 8 to 32 additional lowercase letters or digits.
|
1509
1471
|
#
|
1510
1472
|
#
|
1511
1473
|
#
|
@@ -1551,7 +1513,7 @@ module Aws::Organizations
|
|
1551
1513
|
# operations.
|
1552
1514
|
#
|
1553
1515
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
1554
|
-
# by from 8 to 128
|
1516
|
+
# by from 8 to 128 lowercase letters or digits.
|
1555
1517
|
#
|
1556
1518
|
#
|
1557
1519
|
#
|
@@ -1584,7 +1546,7 @@ module Aws::Organizations
|
|
1584
1546
|
req.send_request(options)
|
1585
1547
|
end
|
1586
1548
|
|
1587
|
-
# Retrieves AWS Organizations
|
1549
|
+
# Retrieves AWS Organizations related information about the specified
|
1588
1550
|
# account.
|
1589
1551
|
#
|
1590
1552
|
# This operation can be called only from the organization's master
|
@@ -1662,7 +1624,7 @@ module Aws::Organizations
|
|
1662
1624
|
# or from the ListCreateAccountStatus operation.
|
1663
1625
|
#
|
1664
1626
|
# The [regex pattern][1] for a create account request ID string requires
|
1665
|
-
# "car-" followed by from 8 to 32
|
1627
|
+
# "car-" followed by from 8 to 32 lowercase letters or digits.
|
1666
1628
|
#
|
1667
1629
|
#
|
1668
1630
|
#
|
@@ -1707,7 +1669,7 @@ module Aws::Organizations
|
|
1707
1669
|
# resp.create_account_status.completed_timestamp #=> Time
|
1708
1670
|
# resp.create_account_status.account_id #=> String
|
1709
1671
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1710
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
|
1672
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1711
1673
|
#
|
1712
1674
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
1713
1675
|
#
|
@@ -1718,6 +1680,57 @@ module Aws::Organizations
|
|
1718
1680
|
req.send_request(options)
|
1719
1681
|
end
|
1720
1682
|
|
1683
|
+
# Returns the contents of the effective tag policy for the account. The
|
1684
|
+
# effective tag policy is the aggregation of any tag policies the
|
1685
|
+
# account inherits, plus any policy directly that is attached to the
|
1686
|
+
# account.
|
1687
|
+
#
|
1688
|
+
# This action returns information on tag policies only.
|
1689
|
+
#
|
1690
|
+
# For more information on policy inheritance, see [How Policy
|
1691
|
+
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1692
|
+
#
|
1693
|
+
# This operation can be called from any account in the organization.
|
1694
|
+
#
|
1695
|
+
#
|
1696
|
+
#
|
1697
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
|
1698
|
+
#
|
1699
|
+
# @option params [required, String] :policy_type
|
1700
|
+
# The type of policy that you want information about.
|
1701
|
+
#
|
1702
|
+
# @option params [String] :target_id
|
1703
|
+
# When you're signed in as the master account, specify the ID of the
|
1704
|
+
# account that you want details about. Specifying an organization root
|
1705
|
+
# or OU as the target is not supported.
|
1706
|
+
#
|
1707
|
+
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1708
|
+
#
|
1709
|
+
# * {Types::DescribeEffectivePolicyResponse#effective_policy #effective_policy} => Types::EffectivePolicy
|
1710
|
+
#
|
1711
|
+
# @example Request syntax with placeholder values
|
1712
|
+
#
|
1713
|
+
# resp = client.describe_effective_policy({
|
1714
|
+
# policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
|
1715
|
+
# target_id: "PolicyTargetId",
|
1716
|
+
# })
|
1717
|
+
#
|
1718
|
+
# @example Response structure
|
1719
|
+
#
|
1720
|
+
# resp.effective_policy.policy_content #=> String
|
1721
|
+
# resp.effective_policy.last_updated_timestamp #=> Time
|
1722
|
+
# resp.effective_policy.target_id #=> String
|
1723
|
+
# resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
|
1724
|
+
#
|
1725
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
|
1726
|
+
#
|
1727
|
+
# @overload describe_effective_policy(params = {})
|
1728
|
+
# @param [Hash] params ({})
|
1729
|
+
def describe_effective_policy(params = {}, options = {})
|
1730
|
+
req = build_request(:describe_effective_policy, params)
|
1731
|
+
req.send_request(options)
|
1732
|
+
end
|
1733
|
+
|
1721
1734
|
# Retrieves information about a previously requested handshake. The
|
1722
1735
|
# handshake ID comes from the response to the original
|
1723
1736
|
# InviteAccountToOrganization operation that generated the handshake.
|
@@ -1735,7 +1748,7 @@ module Aws::Organizations
|
|
1735
1748
|
# ListHandshakesForAccount or ListHandshakesForOrganization.
|
1736
1749
|
#
|
1737
1750
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
1738
|
-
# followed by from 8 to 32
|
1751
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
1739
1752
|
#
|
1740
1753
|
#
|
1741
1754
|
#
|
@@ -1878,7 +1891,7 @@ module Aws::Organizations
|
|
1878
1891
|
# resp.organization.master_account_id #=> String
|
1879
1892
|
# resp.organization.master_account_email #=> String
|
1880
1893
|
# resp.organization.available_policy_types #=> Array
|
1881
|
-
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
1894
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
1882
1895
|
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1883
1896
|
#
|
1884
1897
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
|
@@ -1901,9 +1914,9 @@ module Aws::Organizations
|
|
1901
1914
|
# ListOrganizationalUnitsForParent operation.
|
1902
1915
|
#
|
1903
1916
|
# The [regex pattern][1] for an organizational unit ID string requires
|
1904
|
-
# "ou-" followed by from 4 to 32
|
1905
|
-
# of the root that contains the OU) followed by a second
|
1906
|
-
# from 8 to 32 additional
|
1917
|
+
# "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
|
1918
|
+
# of the root that contains the OU). This string is followed by a second
|
1919
|
+
# "-" dash and from 8 to 32 additional lowercase letters or digits.
|
1907
1920
|
#
|
1908
1921
|
#
|
1909
1922
|
#
|
@@ -1963,7 +1976,7 @@ module Aws::Organizations
|
|
1963
1976
|
# operations.
|
1964
1977
|
#
|
1965
1978
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
1966
|
-
# by from 8 to 128
|
1979
|
+
# by from 8 to 128 lowercase letters or digits.
|
1967
1980
|
#
|
1968
1981
|
#
|
1969
1982
|
#
|
@@ -2009,7 +2022,7 @@ module Aws::Organizations
|
|
2009
2022
|
# resp.policy.policy_summary.arn #=> String
|
2010
2023
|
# resp.policy.policy_summary.name #=> String
|
2011
2024
|
# resp.policy.policy_summary.description #=> String
|
2012
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2025
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2013
2026
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
2014
2027
|
# resp.policy.content #=> String
|
2015
2028
|
#
|
@@ -2028,15 +2041,15 @@ module Aws::Organizations
|
|
2028
2041
|
# accounts are immediate.
|
2029
2042
|
#
|
2030
2043
|
# **Note:** Every root, OU, and account must have at least one SCP
|
2031
|
-
# attached.
|
2032
|
-
#
|
2033
|
-
# attach the replacement policy before you can remove the default
|
2034
|
-
# This is the authorization strategy of [
|
2035
|
-
# instead attach a second SCP and leave the `FullAWSAccess`
|
2036
|
-
# attached
|
2037
|
-
# the `"Effect": "Allow"` in the `FullAWSAccess`
|
2038
|
-
# attached SCP)
|
2039
|
-
# [
|
2044
|
+
# attached. You can replace the default `FullAWSAccess` policy with one
|
2045
|
+
# that limits the permissions that can be delegated. To do that, you
|
2046
|
+
# must attach the replacement policy before you can remove the default
|
2047
|
+
# one. This is the authorization strategy of using an [allow list][1].
|
2048
|
+
# You could instead attach a second SCP and leave the `FullAWSAccess`
|
2049
|
+
# SCP still attached. You could then specify `"Effect": "Deny"` in the
|
2050
|
+
# second SCP to override the `"Effect": "Allow"` in the `FullAWSAccess`
|
2051
|
+
# policy (or any other attached SCP). If you take these steps, you're
|
2052
|
+
# using the authorization strategy of a [deny list][2].
|
2040
2053
|
#
|
2041
2054
|
# This operation can be called only from the organization's master
|
2042
2055
|
# account.
|
@@ -2051,7 +2064,7 @@ module Aws::Organizations
|
|
2051
2064
|
# get the ID from the ListPolicies or ListPoliciesForTarget operations.
|
2052
2065
|
#
|
2053
2066
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
2054
|
-
# by from 8 to 128
|
2067
|
+
# by from 8 to 128 lowercase letters or digits.
|
2055
2068
|
#
|
2056
2069
|
#
|
2057
2070
|
#
|
@@ -2066,14 +2079,14 @@ module Aws::Organizations
|
|
2066
2079
|
# following:
|
2067
2080
|
#
|
2068
2081
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
2069
|
-
#
|
2082
|
+
# lowercase letters or digits.
|
2070
2083
|
#
|
2071
2084
|
# * **Account** - A string that consists of exactly 12 digits.
|
2072
2085
|
#
|
2073
2086
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
2074
|
-
# followed by from 4 to 32
|
2075
|
-
# root that the OU is in) followed by a second "-"
|
2076
|
-
# to 32 additional
|
2087
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
2088
|
+
# root that the OU is in). This string is followed by a second "-"
|
2089
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
2077
2090
|
#
|
2078
2091
|
#
|
2079
2092
|
#
|
@@ -2128,8 +2141,9 @@ module Aws::Organizations
|
|
2128
2141
|
#
|
2129
2142
|
# After you perform the `DisableAWSServiceAccess` operation, the
|
2130
2143
|
# specified service can no longer perform operations in your
|
2131
|
-
# organization's accounts
|
2132
|
-
# permitted by
|
2144
|
+
# organization's accounts. The only exception is when the operations
|
2145
|
+
# are explicitly permitted by IAM policies that are attached to your
|
2146
|
+
# roles.
|
2133
2147
|
#
|
2134
2148
|
# For more information about integrating other services with AWS
|
2135
2149
|
# Organizations, including the list of services that work with
|
@@ -2166,12 +2180,13 @@ module Aws::Organizations
|
|
2166
2180
|
req.send_request(options)
|
2167
2181
|
end
|
2168
2182
|
|
2169
|
-
# Disables an organizational control policy type in a root
|
2170
|
-
#
|
2171
|
-
#
|
2172
|
-
#
|
2173
|
-
#
|
2174
|
-
#
|
2183
|
+
# Disables an organizational control policy type in a root and detaches
|
2184
|
+
# all policies of that type from the organization root, OUs, and
|
2185
|
+
# accounts. A policy of a certain type can be attached to entities in a
|
2186
|
+
# root only if that type is enabled in the root. After you perform this
|
2187
|
+
# operation, you no longer can attach policies of the specified type to
|
2188
|
+
# that root or to any organizational unit (OU) or account in that root.
|
2189
|
+
# You can undo this by using the EnablePolicyType operation.
|
2175
2190
|
#
|
2176
2191
|
# This is an asynchronous request that AWS performs in the background.
|
2177
2192
|
# If you disable a policy for a root, it still appears enabled for the
|
@@ -2194,7 +2209,7 @@ module Aws::Organizations
|
|
2194
2209
|
# policy type. You can get the ID from the ListRoots operation.
|
2195
2210
|
#
|
2196
2211
|
# The [regex pattern][1] for a root ID string requires "r-" followed
|
2197
|
-
# by from 4 to 32
|
2212
|
+
# by from 4 to 32 lowercase letters or digits.
|
2198
2213
|
#
|
2199
2214
|
#
|
2200
2215
|
#
|
@@ -2233,7 +2248,7 @@ module Aws::Organizations
|
|
2233
2248
|
#
|
2234
2249
|
# resp = client.disable_policy_type({
|
2235
2250
|
# root_id: "RootId", # required
|
2236
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
2251
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
2237
2252
|
# })
|
2238
2253
|
#
|
2239
2254
|
# @example Response structure
|
@@ -2242,7 +2257,7 @@ module Aws::Organizations
|
|
2242
2257
|
# resp.root.arn #=> String
|
2243
2258
|
# resp.root.name #=> String
|
2244
2259
|
# resp.root.policy_types #=> Array
|
2245
|
-
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2260
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2246
2261
|
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2247
2262
|
#
|
2248
2263
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
|
@@ -2307,7 +2322,7 @@ module Aws::Organizations
|
|
2307
2322
|
# Enables all features in an organization. This enables the use of
|
2308
2323
|
# organization policies that can restrict the services and actions that
|
2309
2324
|
# can be called in each account. Until you enable all features, you have
|
2310
|
-
# access only to consolidated billing
|
2325
|
+
# access only to consolidated billing. You can't use any of the
|
2311
2326
|
# advanced account administration features that AWS Organizations
|
2312
2327
|
# supports. For more information, see [Enabling All Features in Your
|
2313
2328
|
# Organization][1] in the *AWS Organizations User Guide.*
|
@@ -2317,7 +2332,8 @@ module Aws::Organizations
|
|
2317
2332
|
# Calling this operation sends a handshake to every invited account in
|
2318
2333
|
# the organization. The feature set change can be finalized and the
|
2319
2334
|
# additional features enabled only after all administrators in the
|
2320
|
-
# invited accounts approve the change
|
2335
|
+
# invited accounts approve the change. Accepting the handshake approves
|
2336
|
+
# the change.
|
2321
2337
|
#
|
2322
2338
|
# After you enable all features, you can separately enable or disable
|
2323
2339
|
# individual policy types in a root using EnablePolicyType and
|
@@ -2428,7 +2444,7 @@ module Aws::Organizations
|
|
2428
2444
|
# policy type. You can get the ID from the ListRoots operation.
|
2429
2445
|
#
|
2430
2446
|
# The [regex pattern][1] for a root ID string requires "r-" followed
|
2431
|
-
# by from 4 to 32
|
2447
|
+
# by from 4 to 32 lowercase letters or digits.
|
2432
2448
|
#
|
2433
2449
|
#
|
2434
2450
|
#
|
@@ -2471,7 +2487,7 @@ module Aws::Organizations
|
|
2471
2487
|
#
|
2472
2488
|
# resp = client.enable_policy_type({
|
2473
2489
|
# root_id: "RootId", # required
|
2474
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
2490
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
2475
2491
|
# })
|
2476
2492
|
#
|
2477
2493
|
# @example Response structure
|
@@ -2480,7 +2496,7 @@ module Aws::Organizations
|
|
2480
2496
|
# resp.root.arn #=> String
|
2481
2497
|
# resp.root.name #=> String
|
2482
2498
|
# resp.root.policy_types #=> Array
|
2483
|
-
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
2499
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2484
2500
|
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2485
2501
|
#
|
2486
2502
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
|
@@ -2499,18 +2515,18 @@ module Aws::Organizations
|
|
2499
2515
|
# response.
|
2500
2516
|
#
|
2501
2517
|
# * You can invite AWS accounts only from the same seller as the master
|
2502
|
-
# account. For example,
|
2503
|
-
# created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2504
|
-
# in India
|
2505
|
-
# organization. You can't combine accounts from AISPL and AWS or
|
2506
|
-
# any other AWS seller. For more information, see [Consolidated
|
2518
|
+
# account. For example, assume that your organization's master
|
2519
|
+
# account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2520
|
+
# AWS seller in India. You can invite only other AISPL accounts to
|
2521
|
+
# your organization. You can't combine accounts from AISPL and AWS or
|
2522
|
+
# from any other AWS seller. For more information, see [Consolidated
|
2507
2523
|
# Billing in India][1].
|
2508
2524
|
#
|
2509
|
-
# *
|
2525
|
+
# * You might receive an exception that indicates that you exceeded your
|
2510
2526
|
# account limits for the organization or that the operation failed
|
2511
|
-
# because your organization is still initializing, wait one
|
2512
|
-
# then try again. If the error persists after an hour,
|
2513
|
-
# Support][2].
|
2527
|
+
# because your organization is still initializing. If so, wait one
|
2528
|
+
# hour and then try again. If the error persists after an hour,
|
2529
|
+
# contact [AWS Support][2].
|
2514
2530
|
#
|
2515
2531
|
# This operation can be called only from the organization's master
|
2516
2532
|
# account.
|
@@ -2651,19 +2667,19 @@ module Aws::Organizations
|
|
2651
2667
|
#
|
2652
2668
|
# * The master account in an organization with all features enabled can
|
2653
2669
|
# set service control policies (SCPs) that can restrict what
|
2654
|
-
# administrators of member accounts can do
|
2655
|
-
#
|
2656
|
-
#
|
2670
|
+
# administrators of member accounts can do. These restrictions can
|
2671
|
+
# include preventing member accounts from successfully calling
|
2672
|
+
# `LeaveOrganization`.
|
2657
2673
|
#
|
2658
2674
|
# * You can leave an organization as a member account only if the
|
2659
2675
|
# account is configured with the information required to operate as a
|
2660
2676
|
# standalone account. When you create an account in an organization
|
2661
|
-
# using the AWS Organizations console, API, or CLI
|
2662
|
-
#
|
2663
|
-
#
|
2664
|
-
#
|
2665
|
-
# plan, provide and verify the required contact information,
|
2666
|
-
# provide a current payment method. AWS uses the payment method to
|
2677
|
+
# using the AWS Organizations console, API, or CLI, the information
|
2678
|
+
# required of standalone accounts is *not* automatically collected.
|
2679
|
+
# For each account that you want to make standalone, you must accept
|
2680
|
+
# the end user license agreement (EULA). You must also choose a
|
2681
|
+
# support plan, provide and verify the required contact information,
|
2682
|
+
# and provide a current payment method. AWS uses the payment method to
|
2667
2683
|
# charge for any billable (not free tier) AWS activity that occurs
|
2668
2684
|
# while the account isn't attached to an organization. Follow the
|
2669
2685
|
# steps at [ To leave an organization when all required account
|
@@ -3009,12 +3025,12 @@ module Aws::Organizations
|
|
3009
3025
|
# following:
|
3010
3026
|
#
|
3011
3027
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
3012
|
-
#
|
3028
|
+
# lowercase letters or digits.
|
3013
3029
|
#
|
3014
3030
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
3015
|
-
# followed by from 4 to 32
|
3016
|
-
# root that the OU is in) followed by a second "-"
|
3017
|
-
# to 32 additional
|
3031
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
3032
|
+
# root that the OU is in). This string is followed by a second "-"
|
3033
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
3018
3034
|
#
|
3019
3035
|
#
|
3020
3036
|
#
|
@@ -3204,7 +3220,7 @@ module Aws::Organizations
|
|
3204
3220
|
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
3205
3221
|
# resp.create_account_statuses[0].account_id #=> String
|
3206
3222
|
# resp.create_account_statuses[0].gov_cloud_account_id #=> String
|
3207
|
-
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE"
|
3223
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
3208
3224
|
# resp.next_token #=> String
|
3209
3225
|
#
|
3210
3226
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
@@ -3237,10 +3253,11 @@ module Aws::Organizations
|
|
3237
3253
|
# Filters the handshakes that you want included in the response. The
|
3238
3254
|
# default is all types. Use the `ActionType` element to limit the output
|
3239
3255
|
# to only a specified type, such as `INVITE`, `ENABLE_ALL_FEATURES`, or
|
3240
|
-
# `APPROVE_ALL_FEATURES`. Alternatively,
|
3241
|
-
# handshake
|
3242
|
-
#
|
3243
|
-
# handshakes that were generated by
|
3256
|
+
# `APPROVE_ALL_FEATURES`. Alternatively, you can specify the
|
3257
|
+
# `ENABLE_ALL_FEATURES` handshake, which generates a separate child
|
3258
|
+
# handshake for each member account. When you do specify
|
3259
|
+
# `ParentHandshakeId` to see only the handshakes that were generated by
|
3260
|
+
# that parent request.
|
3244
3261
|
#
|
3245
3262
|
# @option params [String] :next_token
|
3246
3263
|
# Use this parameter if you receive a `NextToken` response in a previous
|
@@ -3384,10 +3401,11 @@ module Aws::Organizations
|
|
3384
3401
|
# A filter of the handshakes that you want included in the response. The
|
3385
3402
|
# default is all types. Use the `ActionType` element to limit the output
|
3386
3403
|
# to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
|
3387
|
-
# `APPROVE-ALL-FEATURES`. Alternatively,
|
3388
|
-
# handshake
|
3389
|
-
#
|
3390
|
-
# handshakes that were generated by
|
3404
|
+
# `APPROVE-ALL-FEATURES`. Alternatively, you can specify the
|
3405
|
+
# `ENABLE-ALL-FEATURES` handshake, which generates a separate child
|
3406
|
+
# handshake for each member account. When you do, specify the
|
3407
|
+
# `ParentHandshakeId` to see only the handshakes that were generated by
|
3408
|
+
# that parent request.
|
3391
3409
|
#
|
3392
3410
|
# @option params [String] :next_token
|
3393
3411
|
# Use this parameter if you receive a `NextToken` response in a previous
|
@@ -3570,12 +3588,12 @@ module Aws::Organizations
|
|
3570
3588
|
# following:
|
3571
3589
|
#
|
3572
3590
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
3573
|
-
#
|
3591
|
+
# lowercase letters or digits.
|
3574
3592
|
#
|
3575
3593
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
3576
|
-
# followed by from 4 to 32
|
3577
|
-
# root that the OU is in) followed by a second "-"
|
3578
|
-
# to 32 additional
|
3594
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
3595
|
+
# root that the OU is in). This string is followed by a second "-"
|
3596
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
3579
3597
|
#
|
3580
3598
|
#
|
3581
3599
|
#
|
@@ -3684,9 +3702,9 @@ module Aws::Organizations
|
|
3684
3702
|
# * **Account** - A string that consists of exactly 12 digits.
|
3685
3703
|
#
|
3686
3704
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
3687
|
-
# followed by from 4 to 32
|
3688
|
-
# root that contains the OU) followed by a second
|
3689
|
-
# 8 to 32 additional
|
3705
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
3706
|
+
# root that contains the OU). This string is followed by a second
|
3707
|
+
# "-" dash and from 8 to 32 additional lowercase letters or digits.
|
3690
3708
|
#
|
3691
3709
|
#
|
3692
3710
|
#
|
@@ -3840,7 +3858,7 @@ module Aws::Organizations
|
|
3840
3858
|
# @example Request syntax with placeholder values
|
3841
3859
|
#
|
3842
3860
|
# resp = client.list_policies({
|
3843
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
3861
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
3844
3862
|
# next_token: "NextToken",
|
3845
3863
|
# max_results: 1,
|
3846
3864
|
# })
|
@@ -3852,7 +3870,7 @@ module Aws::Organizations
|
|
3852
3870
|
# resp.policies[0].arn #=> String
|
3853
3871
|
# resp.policies[0].name #=> String
|
3854
3872
|
# resp.policies[0].description #=> String
|
3855
|
-
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
3873
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
3856
3874
|
# resp.policies[0].aws_managed #=> Boolean
|
3857
3875
|
# resp.next_token #=> String
|
3858
3876
|
#
|
@@ -3888,14 +3906,14 @@ module Aws::Organizations
|
|
3888
3906
|
# following:
|
3889
3907
|
#
|
3890
3908
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
3891
|
-
#
|
3909
|
+
# lowercase letters or digits.
|
3892
3910
|
#
|
3893
3911
|
# * **Account** - A string that consists of exactly 12 digits.
|
3894
3912
|
#
|
3895
3913
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
3896
|
-
# followed by from 4 to 32
|
3897
|
-
# root that the OU is in) followed by a second "-"
|
3898
|
-
# to 32 additional
|
3914
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
3915
|
+
# root that the OU is in). This string is followed by a second "-"
|
3916
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
3899
3917
|
#
|
3900
3918
|
#
|
3901
3919
|
#
|
@@ -3957,7 +3975,7 @@ module Aws::Organizations
|
|
3957
3975
|
#
|
3958
3976
|
# resp = client.list_policies_for_target({
|
3959
3977
|
# target_id: "PolicyTargetId", # required
|
3960
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY
|
3978
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
3961
3979
|
# next_token: "NextToken",
|
3962
3980
|
# max_results: 1,
|
3963
3981
|
# })
|
@@ -3969,7 +3987,7 @@ module Aws::Organizations
|
|
3969
3987
|
# resp.policies[0].arn #=> String
|
3970
3988
|
# resp.policies[0].name #=> String
|
3971
3989
|
# resp.policies[0].description #=> String
|
3972
|
-
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
3990
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
3973
3991
|
# resp.policies[0].aws_managed #=> Boolean
|
3974
3992
|
# resp.next_token #=> String
|
3975
3993
|
#
|
@@ -4066,7 +4084,7 @@ module Aws::Organizations
|
|
4066
4084
|
# resp.roots[0].arn #=> String
|
4067
4085
|
# resp.roots[0].name #=> String
|
4068
4086
|
# resp.roots[0].policy_types #=> Array
|
4069
|
-
# resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY"
|
4087
|
+
# resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
4070
4088
|
# resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
4071
4089
|
# resp.next_token #=> String
|
4072
4090
|
#
|
@@ -4142,7 +4160,7 @@ module Aws::Organizations
|
|
4142
4160
|
# know.
|
4143
4161
|
#
|
4144
4162
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
4145
|
-
# by from 8 to 128
|
4163
|
+
# by from 8 to 128 lowercase letters or digits.
|
4146
4164
|
#
|
4147
4165
|
#
|
4148
4166
|
#
|
@@ -4255,12 +4273,12 @@ module Aws::Organizations
|
|
4255
4273
|
# following:
|
4256
4274
|
#
|
4257
4275
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
4258
|
-
#
|
4276
|
+
# lowercase letters or digits.
|
4259
4277
|
#
|
4260
4278
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4261
|
-
# followed by from 4 to 32
|
4262
|
-
# root that the OU is in) followed by a second "-"
|
4263
|
-
# to 32 additional
|
4279
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
4280
|
+
# root that the OU is in). This string is followed by a second "-"
|
4281
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
4264
4282
|
#
|
4265
4283
|
#
|
4266
4284
|
#
|
@@ -4274,12 +4292,12 @@ module Aws::Organizations
|
|
4274
4292
|
# following:
|
4275
4293
|
#
|
4276
4294
|
# * **Root** - A string that begins with "r-" followed by from 4 to 32
|
4277
|
-
#
|
4295
|
+
# lowercase letters or digits.
|
4278
4296
|
#
|
4279
4297
|
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4280
|
-
# followed by from 4 to 32
|
4281
|
-
# root that the OU is in) followed by a second "-"
|
4282
|
-
# to 32 additional
|
4298
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of the
|
4299
|
+
# root that the OU is in). This string is followed by a second "-"
|
4300
|
+
# dash and from 8 to 32 additional lowercase letters or digits.
|
4283
4301
|
#
|
4284
4302
|
#
|
4285
4303
|
#
|
@@ -4330,15 +4348,15 @@ module Aws::Organizations
|
|
4330
4348
|
# You can remove an account from your organization only if the account
|
4331
4349
|
# is configured with the information required to operate as a standalone
|
4332
4350
|
# account. When you create an account in an organization using the AWS
|
4333
|
-
# Organizations console, API, or CLI
|
4334
|
-
#
|
4335
|
-
#
|
4336
|
-
#
|
4337
|
-
# the required contact information, and provide a current payment
|
4351
|
+
# Organizations console, API, or CLI, the information required of
|
4352
|
+
# standalone accounts is *not* automatically collected. For an account
|
4353
|
+
# that you want to make standalone, you must accept the end user license
|
4354
|
+
# agreement (EULA). You must also choose a support plan, provide and
|
4355
|
+
# verify the required contact information, and provide a current payment
|
4338
4356
|
# method. AWS uses the payment method to charge for any billable (not
|
4339
4357
|
# free tier) AWS activity that occurs while the account isn't attached
|
4340
4358
|
# to an organization. To remove an account that doesn't yet have this
|
4341
|
-
# information, you must sign in as the member account
|
4359
|
+
# information, you must sign in as the member account. Then follow the
|
4342
4360
|
# steps at [ To leave an organization when all required account
|
4343
4361
|
# information has not yet been provided][1] in the *AWS Organizations
|
4344
4362
|
# User Guide.*
|
@@ -4465,9 +4483,9 @@ module Aws::Organizations
|
|
4465
4483
|
# get the ID from the ListOrganizationalUnitsForParent operation.
|
4466
4484
|
#
|
4467
4485
|
# The [regex pattern][1] for an organizational unit ID string requires
|
4468
|
-
# "ou-" followed by from 4 to 32
|
4469
|
-
# of the root that contains the OU) followed by a second
|
4470
|
-
# from 8 to 32 additional
|
4486
|
+
# "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
|
4487
|
+
# of the root that contains the OU). This string is followed by a second
|
4488
|
+
# "-" dash and from 8 to 32 additional lowercase letters or digits.
|
4471
4489
|
#
|
4472
4490
|
#
|
4473
4491
|
#
|
@@ -4539,7 +4557,7 @@ module Aws::Organizations
|
|
4539
4557
|
# The unique identifier (ID) of the policy that you want to update.
|
4540
4558
|
#
|
4541
4559
|
# The [regex pattern][1] for a policy ID string requires "p-" followed
|
4542
|
-
# by from 8 to 128
|
4560
|
+
# by from 8 to 128 lowercase letters or digits.
|
4543
4561
|
#
|
4544
4562
|
#
|
4545
4563
|
#
|
@@ -4639,7 +4657,7 @@ module Aws::Organizations
|
|
4639
4657
|
# resp.policy.policy_summary.arn #=> String
|
4640
4658
|
# resp.policy.policy_summary.name #=> String
|
4641
4659
|
# resp.policy.policy_summary.description #=> String
|
4642
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY"
|
4660
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
4643
4661
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
4644
4662
|
# resp.policy.content #=> String
|
4645
4663
|
#
|
@@ -4665,7 +4683,7 @@ module Aws::Organizations
|
|
4665
4683
|
params: params,
|
4666
4684
|
config: config)
|
4667
4685
|
context[:gem_name] = 'aws-sdk-organizations'
|
4668
|
-
context[:gem_version] = '1.
|
4686
|
+
context[:gem_version] = '1.35.0'
|
4669
4687
|
Seahorse::Client::Request.new(handlers, context)
|
4670
4688
|
end
|
4671
4689
|
|