aws-sdk-organizations 1.37.0 → 1.42.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +1 -1
- data/lib/aws-sdk-organizations/client.rb +660 -332
- data/lib/aws-sdk-organizations/client_api.rb +142 -0
- data/lib/aws-sdk-organizations/errors.rb +32 -0
- data/lib/aws-sdk-organizations/resource.rb +1 -7
- data/lib/aws-sdk-organizations/types.rb +641 -319
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a953e5b0ab3d40e0a2a9b101be14080012e4ea1082ab867c7571241f34a7caf2
|
4
|
+
data.tar.gz: 20e6a492db5be209bee6c07c152c9a430c8bf1ca6f9c725d04c95333caf45a04
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 539f1ce6a5acc58b7ab4b2ed5d50ac604ad849f81edb51d71ac74b4c04e0c2475828f01a23b7413bf240e1abd24f6c2f92fc5824630f0e7d94f11ee06d74899e
|
7
|
+
data.tar.gz: fb9c1a8f066b6e57e602559846c51ffc8ae209bf42072a5ea54c5a9e46bd47400ec37d2e8e7f33f23e0a2f12617005cbbdd834f7ac0d9f9304bb053b737b259d
|
@@ -24,6 +24,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
|
|
24
24
|
require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
25
25
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
26
26
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
27
|
+
require 'aws-sdk-core/plugins/http_checksum.rb'
|
27
28
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
28
29
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
29
30
|
|
@@ -69,6 +70,7 @@ module Aws::Organizations
|
|
69
70
|
add_plugin(Aws::Plugins::ClientMetricsPlugin)
|
70
71
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
71
72
|
add_plugin(Aws::Plugins::TransferEncoding)
|
73
|
+
add_plugin(Aws::Plugins::HttpChecksum)
|
72
74
|
add_plugin(Aws::Plugins::SignatureV4)
|
73
75
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
74
76
|
|
@@ -105,7 +107,7 @@ module Aws::Organizations
|
|
105
107
|
# @option options [required, String] :region
|
106
108
|
# The AWS region to connect to. The configured `:region` is
|
107
109
|
# used to determine the service `:endpoint`. When not passed,
|
108
|
-
# a default `:region` is
|
110
|
+
# a default `:region` is searched for in the following locations:
|
109
111
|
#
|
110
112
|
# * `Aws.config[:region]`
|
111
113
|
# * `ENV['AWS_REGION']`
|
@@ -161,7 +163,7 @@ module Aws::Organizations
|
|
161
163
|
# @option options [String] :endpoint
|
162
164
|
# The client endpoint is normally constructed from the `:region`
|
163
165
|
# option. You should only configure an `:endpoint` when connecting
|
164
|
-
# to test endpoints. This should be
|
166
|
+
# to test or custom endpoints. This should be a valid HTTP(S) URI.
|
165
167
|
#
|
166
168
|
# @option options [Integer] :endpoint_cache_max_entries (1000)
|
167
169
|
# Used for the maximum size limit of the LRU cache storing endpoints data
|
@@ -176,7 +178,7 @@ module Aws::Organizations
|
|
176
178
|
# requests fetching endpoints information. Defaults to 60 sec.
|
177
179
|
#
|
178
180
|
# @option options [Boolean] :endpoint_discovery (false)
|
179
|
-
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
181
|
+
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
180
182
|
#
|
181
183
|
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
182
184
|
# The log formatter.
|
@@ -279,8 +281,7 @@ module Aws::Organizations
|
|
279
281
|
#
|
280
282
|
# @option options [Integer] :http_read_timeout (60) The default
|
281
283
|
# number of seconds to wait for response data. This value can
|
282
|
-
# safely be set
|
283
|
-
# per-request on the session yielded by {#session_for}.
|
284
|
+
# safely be set per-request on the session.
|
284
285
|
#
|
285
286
|
# @option options [Float] :http_idle_timeout (5) The number of
|
286
287
|
# seconds a connection is allowed to sit idle before it is
|
@@ -292,7 +293,7 @@ module Aws::Organizations
|
|
292
293
|
# request body. This option has no effect unless the request has
|
293
294
|
# "Expect" header set to "100-continue". Defaults to `nil` which
|
294
295
|
# disables this behaviour. This value can safely be set per
|
295
|
-
# request on the session
|
296
|
+
# request on the session.
|
296
297
|
#
|
297
298
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
298
299
|
# HTTP debug output will be sent to the `:logger`.
|
@@ -457,23 +458,54 @@ module Aws::Organizations
|
|
457
458
|
end
|
458
459
|
|
459
460
|
# Attaches a policy to a root, an organizational unit (OU), or an
|
460
|
-
# individual account.
|
461
|
-
#
|
462
|
-
#
|
463
|
-
#
|
464
|
-
#
|
465
|
-
#
|
466
|
-
#
|
467
|
-
#
|
468
|
-
#
|
461
|
+
# individual account. How the policy affects accounts depends on the
|
462
|
+
# type of policy:
|
463
|
+
#
|
464
|
+
# * **Service control policy (SCP)** - An SCP specifies what permissions
|
465
|
+
# can be delegated to users in affected member accounts. The scope of
|
466
|
+
# influence for a policy depends on what you attach the policy to:
|
467
|
+
#
|
468
|
+
# * If you attach an SCP to a root, it affects all accounts in the
|
469
|
+
# organization.
|
470
|
+
#
|
471
|
+
# * If you attach an SCP to an OU, it affects all accounts in that OU
|
472
|
+
# and in any child OUs.
|
473
|
+
#
|
474
|
+
# * If you attach the policy directly to an account, it affects only
|
475
|
+
# that account.
|
476
|
+
#
|
477
|
+
# SCPs are JSON policies that specify the maximum permissions for an
|
478
|
+
# organization or organizational unit (OU). You can attach one SCP to
|
479
|
+
# a higher level root or OU, and a different SCP to a child OU or to
|
480
|
+
# an account. The child policy can further restrict only the
|
481
|
+
# permissions that pass through the parent filter and are available to
|
482
|
+
# the child. An SCP that is attached to a child can't grant a
|
483
|
+
# permission that the parent hasn't already granted. For example,
|
484
|
+
# imagine that the parent SCP allows permissions A, B, C, D, and E.
|
485
|
+
# The child SCP allows C, D, E, F, and G. The result is that the
|
486
|
+
# accounts affected by the child SCP are allowed to use only C, D, and
|
487
|
+
# E. They can't use A or B because the child OU filtered them out.
|
488
|
+
# They also can't use F and G because the parent OU filtered them
|
489
|
+
# out. They can't be granted back by the child SCP; child SCPs can
|
490
|
+
# only filter the permissions they receive from the parent SCP.
|
491
|
+
#
|
492
|
+
# AWS Organizations attaches a default SCP named `"FullAWSAccess` to
|
493
|
+
# every root, OU, and account. This default SCP allows all services
|
494
|
+
# and actions, enabling any new child OU or account to inherit the
|
495
|
+
# permissions of the parent root or OU. If you detach the default
|
496
|
+
# policy, you must replace it with a policy that specifies the
|
497
|
+
# permissions that you want to allow in that OU or account.
|
498
|
+
#
|
499
|
+
# For more information about how AWS Organizations policies
|
500
|
+
# permissions work, see [Using Service Control Policies][1] in the
|
501
|
+
# *AWS Organizations User Guide.*
|
469
502
|
#
|
470
503
|
# This operation can be called only from the organization's master
|
471
504
|
# account.
|
472
505
|
#
|
473
506
|
#
|
474
507
|
#
|
475
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
476
|
-
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
|
508
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
477
509
|
#
|
478
510
|
# @option params [required, String] :policy_id
|
479
511
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -704,14 +736,14 @@ module Aws::Organizations
|
|
704
736
|
# Account in Your Organization][3] in the *AWS Organizations User
|
705
737
|
# Guide.*
|
706
738
|
#
|
707
|
-
# * When you create an account in an organization
|
708
|
-
#
|
709
|
-
#
|
710
|
-
# method and signing the end user license agreement (EULA)
|
711
|
-
# collected. If you must remove an account from
|
712
|
-
# later, you can do so only after you provide the
|
713
|
-
# Follow the steps at [ To leave an organization
|
714
|
-
# account][4] in the *AWS Organizations User Guide*.
|
739
|
+
# * When you create an account in an organization using the AWS
|
740
|
+
# Organizations console, API, or CLI commands, the information
|
741
|
+
# required for the account to operate as a standalone account, such as
|
742
|
+
# a payment method and signing the end user license agreement (EULA)
|
743
|
+
# is *not* automatically collected. If you must remove an account from
|
744
|
+
# your organization later, you can do so only after you provide the
|
745
|
+
# missing information. Follow the steps at [ To leave an organization
|
746
|
+
# as a member account][4] in the *AWS Organizations User Guide*.
|
715
747
|
#
|
716
748
|
# * If you get an exception that indicates that you exceeded your
|
717
749
|
# account limits for the organization, contact [AWS Support][5].
|
@@ -771,10 +803,13 @@ module Aws::Organizations
|
|
771
803
|
# `OrganizationAccountAccessRole`.
|
772
804
|
#
|
773
805
|
# For more information about how to use this role to access the member
|
774
|
-
# account, see
|
775
|
-
#
|
776
|
-
#
|
777
|
-
#
|
806
|
+
# account, see the following links:
|
807
|
+
#
|
808
|
+
# * [Accessing and Administering the Member Accounts in Your
|
809
|
+
# Organization][1] in the *AWS Organizations User Guide*
|
810
|
+
#
|
811
|
+
# * Steps 2 and 3 in [Tutorial: Delegate Access Across AWS Accounts
|
812
|
+
# Using IAM Roles][2] in the *IAM User Guide*
|
778
813
|
#
|
779
814
|
# The [regex pattern][3] that is used to validate this parameter. The
|
780
815
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -794,9 +829,9 @@ module Aws::Organizations
|
|
794
829
|
# the Billing and Cost Management Console][1] in the *AWS Billing and
|
795
830
|
# Cost Management User Guide*.
|
796
831
|
#
|
797
|
-
# If you don't specify this parameter, the value defaults to `ALLOW
|
798
|
-
#
|
799
|
-
#
|
832
|
+
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
833
|
+
# and IAM users and roles with the required permissions can access
|
834
|
+
# billing information for the new account.
|
800
835
|
#
|
801
836
|
#
|
802
837
|
#
|
@@ -920,24 +955,24 @@ module Aws::Organizations
|
|
920
955
|
# allows the master account in the organization in the commercial Region
|
921
956
|
# to assume it. An AWS GovCloud (US) account is then created and
|
922
957
|
# associated with the commercial account that you just created. A role
|
923
|
-
# is created in the new AWS GovCloud (US) account
|
924
|
-
#
|
925
|
-
#
|
926
|
-
#
|
958
|
+
# is created in the new AWS GovCloud (US) account that can be assumed by
|
959
|
+
# the AWS GovCloud (US) account that is associated with the master
|
960
|
+
# account of the commercial organization. For more information and to
|
961
|
+
# view a diagram that explains how account access works, see [AWS
|
927
962
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
928
963
|
#
|
929
964
|
# For more information about creating accounts, see [Creating an AWS
|
930
965
|
# Account in Your Organization][6] in the *AWS Organizations User
|
931
966
|
# Guide.*
|
932
967
|
#
|
933
|
-
# *
|
934
|
-
# Organizations console, API, or CLI commands
|
935
|
-
#
|
936
|
-
#
|
937
|
-
# If you must remove an account from
|
938
|
-
# do so only after you provide the
|
939
|
-
# steps at [ To leave an organization
|
940
|
-
# *AWS Organizations User Guide.*
|
968
|
+
# * When you create an account in an organization using the AWS
|
969
|
+
# Organizations console, API, or CLI commands, the information
|
970
|
+
# required for the account to operate as a standalone account, such as
|
971
|
+
# a payment method and signing the end user license agreement (EULA)
|
972
|
+
# is *not* automatically collected. If you must remove an account from
|
973
|
+
# your organization later, you can do so only after you provide the
|
974
|
+
# missing information. Follow the steps at [ To leave an organization
|
975
|
+
# as a member account][7] in the *AWS Organizations User Guide.*
|
941
976
|
#
|
942
977
|
# * If you get an exception that indicates that you exceeded your
|
943
978
|
# account limits for the organization, contact [AWS Support][8].
|
@@ -985,8 +1020,8 @@ module Aws::Organizations
|
|
985
1020
|
# of the account or remove an account that was created with an invalid
|
986
1021
|
# email address. Like all request parameters for
|
987
1022
|
# `CreateGovCloudAccount`, the request for the email address for the AWS
|
988
|
-
# GovCloud (US) account originates from the commercial Region
|
989
|
-
#
|
1023
|
+
# GovCloud (US) account originates from the commercial Region, not from
|
1024
|
+
# the AWS GovCloud (US) Region.
|
990
1025
|
#
|
991
1026
|
# @option params [required, String] :account_name
|
992
1027
|
# The friendly name of the member account.
|
@@ -1006,8 +1041,8 @@ module Aws::Organizations
|
|
1006
1041
|
#
|
1007
1042
|
# For more information about how to use this role to access the member
|
1008
1043
|
# account, see [Accessing and Administering the Member Accounts in Your
|
1009
|
-
# Organization][1] in the *AWS Organizations User Guide
|
1010
|
-
#
|
1044
|
+
# Organization][1] in the *AWS Organizations User Guide* and steps 2 and
|
1045
|
+
# 3 in [Tutorial: Delegate Access Across AWS Accounts Using IAM
|
1011
1046
|
# Roles][2] in the *IAM User Guide.*
|
1012
1047
|
#
|
1013
1048
|
# The [regex pattern][3] that is used to validate this parameter. The
|
@@ -1078,11 +1113,12 @@ module Aws::Organizations
|
|
1078
1113
|
# must also have the relevant IAM permissions.
|
1079
1114
|
#
|
1080
1115
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
1081
|
-
# new organization is created with all features enabled
|
1082
|
-
#
|
1083
|
-
#
|
1084
|
-
# billing features
|
1085
|
-
#
|
1116
|
+
# new organization is created with all features enabled and service
|
1117
|
+
# control policies automatically enabled in the root. If you instead
|
1118
|
+
# choose to create the organization supporting only the consolidated
|
1119
|
+
# billing features by setting the `FeatureSet` parameter to
|
1120
|
+
# `CONSOLIDATED_BILLING"`, no policy types are enabled by default, and
|
1121
|
+
# you can't use organization policies
|
1086
1122
|
#
|
1087
1123
|
#
|
1088
1124
|
#
|
@@ -1100,9 +1136,9 @@ module Aws::Organizations
|
|
1100
1136
|
# The consolidated billing feature subset isn't available for
|
1101
1137
|
# organizations in the AWS GovCloud (US) Region.
|
1102
1138
|
#
|
1103
|
-
# * `ALL`\: In addition to all the features
|
1104
|
-
# feature set
|
1105
|
-
# type to any member account in the organization. For more
|
1139
|
+
# * `ALL`\: In addition to all the features supported by the
|
1140
|
+
# consolidated billing feature set, the master account can also apply
|
1141
|
+
# any policy type to any member account in the organization. For more
|
1106
1142
|
# information, see [All features][2] in the *AWS Organizations User
|
1107
1143
|
# Guide.*
|
1108
1144
|
#
|
@@ -1291,12 +1327,12 @@ module Aws::Organizations
|
|
1291
1327
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
|
1292
1328
|
#
|
1293
1329
|
# @option params [required, String] :content
|
1294
|
-
# The policy content to add to the new policy. For example, you
|
1295
|
-
# create a [service control policy][1] (SCP)
|
1296
|
-
# permissions that
|
1297
|
-
# their users, groups, and roles.
|
1298
|
-
#
|
1299
|
-
#
|
1330
|
+
# The policy content to add to the new policy. For example, if you
|
1331
|
+
# create a [service control policy][1] (SCP), this string must be JSON
|
1332
|
+
# text that specifies the permissions that admins in attached accounts
|
1333
|
+
# can delegate to their users, groups, and roles. For more information
|
1334
|
+
# about the SCP syntax, see [Service Control Policy Syntax][2] in the
|
1335
|
+
# *AWS Organizations User Guide.*
|
1300
1336
|
#
|
1301
1337
|
#
|
1302
1338
|
#
|
@@ -1319,6 +1355,11 @@ module Aws::Organizations
|
|
1319
1355
|
# @option params [required, String] :type
|
1320
1356
|
# The type of policy to create.
|
1321
1357
|
#
|
1358
|
+
# <note markdown="1"> In the current release, the only type of policy that you can create is
|
1359
|
+
# a service control policy (SCP).
|
1360
|
+
#
|
1361
|
+
# </note>
|
1362
|
+
#
|
1322
1363
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1323
1364
|
#
|
1324
1365
|
# * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
|
@@ -1388,8 +1429,7 @@ module Aws::Organizations
|
|
1388
1429
|
# reinitiate the process with a new handshake request.
|
1389
1430
|
#
|
1390
1431
|
# After you decline a handshake, it continues to appear in the results
|
1391
|
-
# of relevant
|
1392
|
-
# deleted.
|
1432
|
+
# of relevant APIs for only 30 days. After that, it's deleted.
|
1393
1433
|
#
|
1394
1434
|
# @option params [required, String] :handshake_id
|
1395
1435
|
# The unique identifier (ID) of the handshake that you want to decline.
|
@@ -1603,12 +1643,61 @@ module Aws::Organizations
|
|
1603
1643
|
req.send_request(options)
|
1604
1644
|
end
|
1605
1645
|
|
1606
|
-
#
|
1607
|
-
#
|
1646
|
+
# Removes the specified member AWS account as a delegated administrator
|
1647
|
+
# for the specified AWS service.
|
1648
|
+
#
|
1649
|
+
# You can run this action only for AWS services that support this
|
1650
|
+
# feature. For a current list of services that support it, see the
|
1651
|
+
# column *Supports Delegated Administrator* in the table at [AWS
|
1652
|
+
# Services that you can use with AWS Organizations][1] in the *AWS
|
1653
|
+
# Organizations User Guide.*
|
1608
1654
|
#
|
1609
1655
|
# This operation can be called only from the organization's master
|
1610
1656
|
# account.
|
1611
1657
|
#
|
1658
|
+
#
|
1659
|
+
#
|
1660
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html
|
1661
|
+
#
|
1662
|
+
# @option params [required, String] :account_id
|
1663
|
+
# The account ID number of the member account in the organization that
|
1664
|
+
# you want to deregister as a delegated administrator.
|
1665
|
+
#
|
1666
|
+
# @option params [required, String] :service_principal
|
1667
|
+
# The service principal name of an AWS service for which the account is
|
1668
|
+
# a delegated administrator.
|
1669
|
+
#
|
1670
|
+
# Delegated administrator privileges are revoked for only the specified
|
1671
|
+
# AWS service from the member account. If the specified service is the
|
1672
|
+
# only service for which the member account is a delegated
|
1673
|
+
# administrator, the operation also revokes Organizations read action
|
1674
|
+
# permissions.
|
1675
|
+
#
|
1676
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1677
|
+
#
|
1678
|
+
# @example Request syntax with placeholder values
|
1679
|
+
#
|
1680
|
+
# resp = client.deregister_delegated_administrator({
|
1681
|
+
# account_id: "AccountId", # required
|
1682
|
+
# service_principal: "ServicePrincipal", # required
|
1683
|
+
# })
|
1684
|
+
#
|
1685
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator AWS API Documentation
|
1686
|
+
#
|
1687
|
+
# @overload deregister_delegated_administrator(params = {})
|
1688
|
+
# @param [Hash] params ({})
|
1689
|
+
def deregister_delegated_administrator(params = {}, options = {})
|
1690
|
+
req = build_request(:deregister_delegated_administrator, params)
|
1691
|
+
req.send_request(options)
|
1692
|
+
end
|
1693
|
+
|
1694
|
+
# Retrieves AWS Organizations-related information about the specified
|
1695
|
+
# account.
|
1696
|
+
#
|
1697
|
+
# This operation can be called only from the organization's master
|
1698
|
+
# account or by a member account that is a delegated administrator for
|
1699
|
+
# an AWS service.
|
1700
|
+
#
|
1612
1701
|
# @option params [required, String] :account_id
|
1613
1702
|
# The unique identifier (ID) of the AWS account that you want
|
1614
1703
|
# information about. You can get the ID from the ListAccounts or
|
@@ -1673,7 +1762,8 @@ module Aws::Organizations
|
|
1673
1762
|
# account.
|
1674
1763
|
#
|
1675
1764
|
# This operation can be called only from the organization's master
|
1676
|
-
# account
|
1765
|
+
# account or by a member account that is a delegated administrator for
|
1766
|
+
# an AWS service.
|
1677
1767
|
#
|
1678
1768
|
# @option params [required, String] :create_account_request_id
|
1679
1769
|
# Specifies the `operationId` that uniquely identifies the request. You
|
@@ -1747,7 +1837,9 @@ module Aws::Organizations
|
|
1747
1837
|
# For more information on policy inheritance, see [How Policy
|
1748
1838
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1749
1839
|
#
|
1750
|
-
# This operation can be called from
|
1840
|
+
# This operation can be called only from the organization's master
|
1841
|
+
# account or by a member account that is a delegated administrator for
|
1842
|
+
# an AWS service.
|
1751
1843
|
#
|
1752
1844
|
#
|
1753
1845
|
#
|
@@ -1963,7 +2055,8 @@ module Aws::Organizations
|
|
1963
2055
|
# Retrieves information about an organizational unit (OU).
|
1964
2056
|
#
|
1965
2057
|
# This operation can be called only from the organization's master
|
1966
|
-
# account
|
2058
|
+
# account or by a member account that is a delegated administrator for
|
2059
|
+
# an AWS service.
|
1967
2060
|
#
|
1968
2061
|
# @option params [required, String] :organizational_unit_id
|
1969
2062
|
# The unique identifier (ID) of the organizational unit that you want
|
@@ -2025,7 +2118,8 @@ module Aws::Organizations
|
|
2025
2118
|
# Retrieves information about a policy.
|
2026
2119
|
#
|
2027
2120
|
# This operation can be called only from the organization's master
|
2028
|
-
# account
|
2121
|
+
# account or by a member account that is a delegated administrator for
|
2122
|
+
# an AWS service.
|
2029
2123
|
#
|
2030
2124
|
# @option params [required, String] :policy_id
|
2031
2125
|
# The unique identifier (ID) of the policy that you want details about.
|
@@ -2099,15 +2193,15 @@ module Aws::Organizations
|
|
2099
2193
|
# accounts are immediate.
|
2100
2194
|
#
|
2101
2195
|
# **Note:** Every root, OU, and account must have at least one SCP
|
2102
|
-
# attached.
|
2103
|
-
# that limits the permissions that can be delegated
|
2104
|
-
#
|
2105
|
-
#
|
2106
|
-
#
|
2107
|
-
#
|
2108
|
-
#
|
2109
|
-
#
|
2110
|
-
#
|
2196
|
+
# attached. If you want to replace the default `FullAWSAccess` policy
|
2197
|
+
# with one that limits the permissions that can be delegated, you must
|
2198
|
+
# attach the replacement policy before you can remove the default one.
|
2199
|
+
# This is the authorization strategy of an "[allow list][1]". If you
|
2200
|
+
# instead attach a second SCP and leave the `FullAWSAccess` SCP still
|
2201
|
+
# attached, and specify `"Effect": "Deny"` in the second SCP to override
|
2202
|
+
# the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
|
2203
|
+
# attached SCP), you're using the authorization strategy of a "[deny
|
2204
|
+
# list][2]".
|
2111
2205
|
#
|
2112
2206
|
# This operation can be called only from the organization's master
|
2113
2207
|
# account.
|
@@ -2200,9 +2294,8 @@ module Aws::Organizations
|
|
2200
2294
|
#
|
2201
2295
|
# After you perform the `DisableAWSServiceAccess` operation, the
|
2202
2296
|
# specified service can no longer perform operations in your
|
2203
|
-
# organization's accounts
|
2204
|
-
#
|
2205
|
-
# roles.
|
2297
|
+
# organization's accounts unless the operations are explicitly
|
2298
|
+
# permitted by the IAM policies that are attached to your roles.
|
2206
2299
|
#
|
2207
2300
|
# For more information about integrating other services with AWS
|
2208
2301
|
# Organizations, including the list of services that work with
|
@@ -2239,13 +2332,12 @@ module Aws::Organizations
|
|
2239
2332
|
req.send_request(options)
|
2240
2333
|
end
|
2241
2334
|
|
2242
|
-
# Disables an organizational control policy type in a root
|
2243
|
-
#
|
2244
|
-
#
|
2245
|
-
#
|
2246
|
-
#
|
2247
|
-
#
|
2248
|
-
# You can undo this by using the EnablePolicyType operation.
|
2335
|
+
# Disables an organizational control policy type in a root. A policy of
|
2336
|
+
# a certain type can be attached to entities in a root only if that type
|
2337
|
+
# is enabled in the root. After you perform this operation, you no
|
2338
|
+
# longer can attach policies of the specified type to that root or to
|
2339
|
+
# any organizational unit (OU) or account in that root. You can undo
|
2340
|
+
# this by using the EnablePolicyType operation.
|
2249
2341
|
#
|
2250
2342
|
# This is an asynchronous request that AWS performs in the background.
|
2251
2343
|
# If you disable a policy for a root, it still appears enabled for the
|
@@ -2381,7 +2473,7 @@ module Aws::Organizations
|
|
2381
2473
|
# Enables all features in an organization. This enables the use of
|
2382
2474
|
# organization policies that can restrict the services and actions that
|
2383
2475
|
# can be called in each account. Until you enable all features, you have
|
2384
|
-
# access only to consolidated billing
|
2476
|
+
# access only to consolidated billing, and you can't use any of the
|
2385
2477
|
# advanced account administration features that AWS Organizations
|
2386
2478
|
# supports. For more information, see [Enabling All Features in Your
|
2387
2479
|
# Organization][1] in the *AWS Organizations User Guide.*
|
@@ -2391,8 +2483,7 @@ module Aws::Organizations
|
|
2391
2483
|
# Calling this operation sends a handshake to every invited account in
|
2392
2484
|
# the organization. The feature set change can be finalized and the
|
2393
2485
|
# additional features enabled only after all administrators in the
|
2394
|
-
# invited accounts approve the change
|
2395
|
-
# the change.
|
2486
|
+
# invited accounts approve the change by accepting the handshake.
|
2396
2487
|
#
|
2397
2488
|
# After you enable all features, you can separately enable or disable
|
2398
2489
|
# individual policy types in a root using EnablePolicyType and
|
@@ -2574,18 +2665,18 @@ module Aws::Organizations
|
|
2574
2665
|
# response.
|
2575
2666
|
#
|
2576
2667
|
# * You can invite AWS accounts only from the same seller as the master
|
2577
|
-
# account. For example,
|
2578
|
-
#
|
2579
|
-
#
|
2580
|
-
#
|
2581
|
-
#
|
2668
|
+
# account. For example, if your organization's master account was
|
2669
|
+
# created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller
|
2670
|
+
# in India, you can invite only other AISPL accounts to your
|
2671
|
+
# organization. You can't combine accounts from AISPL and AWS or from
|
2672
|
+
# any other AWS seller. For more information, see [Consolidated
|
2582
2673
|
# Billing in India][1].
|
2583
2674
|
#
|
2584
|
-
# *
|
2675
|
+
# * If you receive an exception that indicates that you exceeded your
|
2585
2676
|
# account limits for the organization or that the operation failed
|
2586
|
-
# because your organization is still initializing
|
2587
|
-
#
|
2588
|
-
#
|
2677
|
+
# because your organization is still initializing, wait one hour and
|
2678
|
+
# then try again. If the error persists after an hour, contact [AWS
|
2679
|
+
# Support][2].
|
2589
2680
|
#
|
2590
2681
|
# This operation can be called only from the organization's master
|
2591
2682
|
# account.
|
@@ -2726,24 +2817,31 @@ module Aws::Organizations
|
|
2726
2817
|
#
|
2727
2818
|
# * The master account in an organization with all features enabled can
|
2728
2819
|
# set service control policies (SCPs) that can restrict what
|
2729
|
-
# administrators of member accounts can do.
|
2730
|
-
#
|
2731
|
-
#
|
2820
|
+
# administrators of member accounts can do. This includes preventing
|
2821
|
+
# them from successfully calling `LeaveOrganization` and leaving the
|
2822
|
+
# organization.
|
2732
2823
|
#
|
2733
2824
|
# * You can leave an organization as a member account only if the
|
2734
2825
|
# account is configured with the information required to operate as a
|
2735
2826
|
# standalone account. When you create an account in an organization
|
2736
|
-
# using the AWS Organizations console, API, or CLI, the
|
2737
|
-
# required of standalone accounts is *not* automatically
|
2738
|
-
# For each account that you want to make standalone, you
|
2739
|
-
#
|
2740
|
-
#
|
2741
|
-
#
|
2742
|
-
#
|
2743
|
-
#
|
2744
|
-
#
|
2745
|
-
#
|
2746
|
-
#
|
2827
|
+
# using the AWS Organizations console, API, or CLI commands, the
|
2828
|
+
# information required of standalone accounts is *not* automatically
|
2829
|
+
# collected. For each account that you want to make standalone, you
|
2830
|
+
# must do the following steps:
|
2831
|
+
#
|
2832
|
+
# * Accept the end user license agreement (EULA)
|
2833
|
+
#
|
2834
|
+
# * Choose a support plan
|
2835
|
+
#
|
2836
|
+
# * Provide and verify the required contact information
|
2837
|
+
#
|
2838
|
+
# * Provide a current payment method
|
2839
|
+
#
|
2840
|
+
# AWS uses the payment method to charge for any billable (not free
|
2841
|
+
# tier) AWS activity that occurs while the account isn't attached to
|
2842
|
+
# an organization. Follow the steps at [ To leave an organization when
|
2843
|
+
# all required account information has not yet been provided][1] in
|
2844
|
+
# the *AWS Organizations User Guide.*
|
2747
2845
|
#
|
2748
2846
|
# * You can leave an organization only after you enable IAM user access
|
2749
2847
|
# to billing in your account. For more information, see [Activating
|
@@ -2785,35 +2883,39 @@ module Aws::Organizations
|
|
2785
2883
|
# Services][1] in the *AWS Organizations User Guide.*
|
2786
2884
|
#
|
2787
2885
|
# This operation can be called only from the organization's master
|
2788
|
-
# account
|
2886
|
+
# account or by a member account that is a delegated administrator for
|
2887
|
+
# an AWS service.
|
2789
2888
|
#
|
2790
2889
|
#
|
2791
2890
|
#
|
2792
2891
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
2793
2892
|
#
|
2794
2893
|
# @option params [String] :next_token
|
2795
|
-
#
|
2796
|
-
#
|
2797
|
-
#
|
2798
|
-
#
|
2894
|
+
# The parameter for receiving additional results if you receive a
|
2895
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
2896
|
+
# indicates that more output is available. Set this parameter to the
|
2897
|
+
# value of the previous call's `NextToken` response to indicate where
|
2898
|
+
# the output should continue from.
|
2799
2899
|
#
|
2800
2900
|
# @option params [Integer] :max_results
|
2801
|
-
#
|
2802
|
-
#
|
2803
|
-
#
|
2804
|
-
#
|
2805
|
-
#
|
2806
|
-
#
|
2807
|
-
#
|
2808
|
-
#
|
2809
|
-
#
|
2810
|
-
#
|
2901
|
+
# The total number of results that you want included on each page of the
|
2902
|
+
# response. If you do not include this parameter, it defaults to a value
|
2903
|
+
# that is specific to the operation. If additional items exist beyond
|
2904
|
+
# the maximum you specify, the `NextToken` response element is present
|
2905
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
2906
|
+
# request parameter in the next call to the operation to get the next
|
2907
|
+
# part of the results. Note that Organizations might return fewer
|
2908
|
+
# results than the maximum even when there are more results available.
|
2909
|
+
# You should check `NextToken` after every operation to ensure that you
|
2910
|
+
# receive all of the results.
|
2811
2911
|
#
|
2812
2912
|
# @return [Types::ListAWSServiceAccessForOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2813
2913
|
#
|
2814
2914
|
# * {Types::ListAWSServiceAccessForOrganizationResponse#enabled_service_principals #enabled_service_principals} => Array<Types::EnabledServicePrincipal>
|
2815
2915
|
# * {Types::ListAWSServiceAccessForOrganizationResponse#next_token #next_token} => String
|
2816
2916
|
#
|
2917
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2918
|
+
#
|
2817
2919
|
# @example Request syntax with placeholder values
|
2818
2920
|
#
|
2819
2921
|
# resp = client.list_aws_service_access_for_organization({
|
@@ -2850,31 +2952,35 @@ module Aws::Organizations
|
|
2850
2952
|
# </note>
|
2851
2953
|
#
|
2852
2954
|
# This operation can be called only from the organization's master
|
2853
|
-
# account
|
2955
|
+
# account or by a member account that is a delegated administrator for
|
2956
|
+
# an AWS service.
|
2854
2957
|
#
|
2855
2958
|
# @option params [String] :next_token
|
2856
|
-
#
|
2857
|
-
#
|
2858
|
-
#
|
2859
|
-
#
|
2959
|
+
# The parameter for receiving additional results if you receive a
|
2960
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
2961
|
+
# indicates that more output is available. Set this parameter to the
|
2962
|
+
# value of the previous call's `NextToken` response to indicate where
|
2963
|
+
# the output should continue from.
|
2860
2964
|
#
|
2861
2965
|
# @option params [Integer] :max_results
|
2862
|
-
#
|
2863
|
-
#
|
2864
|
-
#
|
2865
|
-
#
|
2866
|
-
#
|
2867
|
-
#
|
2868
|
-
#
|
2869
|
-
#
|
2870
|
-
#
|
2871
|
-
#
|
2966
|
+
# The total number of results that you want included on each page of the
|
2967
|
+
# response. If you do not include this parameter, it defaults to a value
|
2968
|
+
# that is specific to the operation. If additional items exist beyond
|
2969
|
+
# the maximum you specify, the `NextToken` response element is present
|
2970
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
2971
|
+
# request parameter in the next call to the operation to get the next
|
2972
|
+
# part of the results. Note that Organizations might return fewer
|
2973
|
+
# results than the maximum even when there are more results available.
|
2974
|
+
# You should check `NextToken` after every operation to ensure that you
|
2975
|
+
# receive all of the results.
|
2872
2976
|
#
|
2873
2977
|
# @return [Types::ListAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2874
2978
|
#
|
2875
2979
|
# * {Types::ListAccountsResponse#accounts #accounts} => Array<Types::Account>
|
2876
2980
|
# * {Types::ListAccountsResponse#next_token #next_token} => String
|
2877
2981
|
#
|
2982
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2983
|
+
#
|
2878
2984
|
#
|
2879
2985
|
# @example Example: To retrieve a list of all of the accounts in an organization
|
2880
2986
|
#
|
@@ -2969,35 +3075,39 @@ module Aws::Organizations
|
|
2969
3075
|
# </note>
|
2970
3076
|
#
|
2971
3077
|
# This operation can be called only from the organization's master
|
2972
|
-
# account
|
3078
|
+
# account or by a member account that is a delegated administrator for
|
3079
|
+
# an AWS service.
|
2973
3080
|
#
|
2974
3081
|
# @option params [required, String] :parent_id
|
2975
3082
|
# The unique identifier (ID) for the parent root or organization unit
|
2976
3083
|
# (OU) whose accounts you want to list.
|
2977
3084
|
#
|
2978
3085
|
# @option params [String] :next_token
|
2979
|
-
#
|
2980
|
-
#
|
2981
|
-
#
|
2982
|
-
#
|
3086
|
+
# The parameter for receiving additional results if you receive a
|
3087
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3088
|
+
# indicates that more output is available. Set this parameter to the
|
3089
|
+
# value of the previous call's `NextToken` response to indicate where
|
3090
|
+
# the output should continue from.
|
2983
3091
|
#
|
2984
3092
|
# @option params [Integer] :max_results
|
2985
|
-
#
|
2986
|
-
#
|
2987
|
-
#
|
2988
|
-
#
|
2989
|
-
#
|
2990
|
-
#
|
2991
|
-
#
|
2992
|
-
#
|
2993
|
-
#
|
2994
|
-
#
|
3093
|
+
# The total number of results that you want included on each page of the
|
3094
|
+
# response. If you do not include this parameter, it defaults to a value
|
3095
|
+
# that is specific to the operation. If additional items exist beyond
|
3096
|
+
# the maximum you specify, the `NextToken` response element is present
|
3097
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3098
|
+
# request parameter in the next call to the operation to get the next
|
3099
|
+
# part of the results. Note that Organizations might return fewer
|
3100
|
+
# results than the maximum even when there are more results available.
|
3101
|
+
# You should check `NextToken` after every operation to ensure that you
|
3102
|
+
# receive all of the results.
|
2995
3103
|
#
|
2996
3104
|
# @return [Types::ListAccountsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2997
3105
|
#
|
2998
3106
|
# * {Types::ListAccountsForParentResponse#accounts #accounts} => Array<Types::Account>
|
2999
3107
|
# * {Types::ListAccountsForParentResponse#next_token #next_token} => String
|
3000
3108
|
#
|
3109
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3110
|
+
#
|
3001
3111
|
#
|
3002
3112
|
# @example Example: To retrieve a list of all of the accounts in a root or OU
|
3003
3113
|
#
|
@@ -3074,7 +3184,8 @@ module Aws::Organizations
|
|
3074
3184
|
# </note>
|
3075
3185
|
#
|
3076
3186
|
# This operation can be called only from the organization's master
|
3077
|
-
# account
|
3187
|
+
# account or by a member account that is a delegated administrator for
|
3188
|
+
# an AWS service.
|
3078
3189
|
#
|
3079
3190
|
# @option params [required, String] :parent_id
|
3080
3191
|
# The unique identifier (ID) for the parent root or OU whose children
|
@@ -3099,28 +3210,31 @@ module Aws::Organizations
|
|
3099
3210
|
# Filters the output to include only the specified child type.
|
3100
3211
|
#
|
3101
3212
|
# @option params [String] :next_token
|
3102
|
-
#
|
3103
|
-
#
|
3104
|
-
#
|
3105
|
-
#
|
3213
|
+
# The parameter for receiving additional results if you receive a
|
3214
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3215
|
+
# indicates that more output is available. Set this parameter to the
|
3216
|
+
# value of the previous call's `NextToken` response to indicate where
|
3217
|
+
# the output should continue from.
|
3106
3218
|
#
|
3107
3219
|
# @option params [Integer] :max_results
|
3108
|
-
#
|
3109
|
-
#
|
3110
|
-
#
|
3111
|
-
#
|
3112
|
-
#
|
3113
|
-
#
|
3114
|
-
#
|
3115
|
-
#
|
3116
|
-
#
|
3117
|
-
#
|
3220
|
+
# The total number of results that you want included on each page of the
|
3221
|
+
# response. If you do not include this parameter, it defaults to a value
|
3222
|
+
# that is specific to the operation. If additional items exist beyond
|
3223
|
+
# the maximum you specify, the `NextToken` response element is present
|
3224
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3225
|
+
# request parameter in the next call to the operation to get the next
|
3226
|
+
# part of the results. Note that Organizations might return fewer
|
3227
|
+
# results than the maximum even when there are more results available.
|
3228
|
+
# You should check `NextToken` after every operation to ensure that you
|
3229
|
+
# receive all of the results.
|
3118
3230
|
#
|
3119
3231
|
# @return [Types::ListChildrenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3120
3232
|
#
|
3121
3233
|
# * {Types::ListChildrenResponse#children #children} => Array<Types::Child>
|
3122
3234
|
# * {Types::ListChildrenResponse#next_token #next_token} => String
|
3123
3235
|
#
|
3236
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3237
|
+
#
|
3124
3238
|
#
|
3125
3239
|
# @example Example: To retrieve a list of all of the child accounts and OUs in a parent root or OU
|
3126
3240
|
#
|
@@ -3182,7 +3296,8 @@ module Aws::Organizations
|
|
3182
3296
|
# </note>
|
3183
3297
|
#
|
3184
3298
|
# This operation can be called only from the organization's master
|
3185
|
-
# account
|
3299
|
+
# account or by a member account that is a delegated administrator for
|
3300
|
+
# an AWS service.
|
3186
3301
|
#
|
3187
3302
|
# @option params [Array<String>] :states
|
3188
3303
|
# A list of one or more states that you want included in the response.
|
@@ -3190,28 +3305,31 @@ module Aws::Organizations
|
|
3190
3305
|
# response.
|
3191
3306
|
#
|
3192
3307
|
# @option params [String] :next_token
|
3193
|
-
#
|
3194
|
-
#
|
3195
|
-
#
|
3196
|
-
#
|
3308
|
+
# The parameter for receiving additional results if you receive a
|
3309
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3310
|
+
# indicates that more output is available. Set this parameter to the
|
3311
|
+
# value of the previous call's `NextToken` response to indicate where
|
3312
|
+
# the output should continue from.
|
3197
3313
|
#
|
3198
3314
|
# @option params [Integer] :max_results
|
3199
|
-
#
|
3200
|
-
#
|
3201
|
-
#
|
3202
|
-
#
|
3203
|
-
#
|
3204
|
-
#
|
3205
|
-
#
|
3206
|
-
#
|
3207
|
-
#
|
3208
|
-
#
|
3315
|
+
# The total number of results that you want included on each page of the
|
3316
|
+
# response. If you do not include this parameter, it defaults to a value
|
3317
|
+
# that is specific to the operation. If additional items exist beyond
|
3318
|
+
# the maximum you specify, the `NextToken` response element is present
|
3319
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3320
|
+
# request parameter in the next call to the operation to get the next
|
3321
|
+
# part of the results. Note that Organizations might return fewer
|
3322
|
+
# results than the maximum even when there are more results available.
|
3323
|
+
# You should check `NextToken` after every operation to ensure that you
|
3324
|
+
# receive all of the results.
|
3209
3325
|
#
|
3210
3326
|
# @return [Types::ListCreateAccountStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3211
3327
|
#
|
3212
3328
|
# * {Types::ListCreateAccountStatusResponse#create_account_statuses #create_account_statuses} => Array<Types::CreateAccountStatus>
|
3213
3329
|
# * {Types::ListCreateAccountStatusResponse#next_token #next_token} => String
|
3214
3330
|
#
|
3331
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3332
|
+
#
|
3215
3333
|
#
|
3216
3334
|
# @example Example: To get a list of completed account creation requests made in the organization
|
3217
3335
|
#
|
@@ -3291,6 +3409,137 @@ module Aws::Organizations
|
|
3291
3409
|
req.send_request(options)
|
3292
3410
|
end
|
3293
3411
|
|
3412
|
+
# Lists the AWS accounts that are designated as delegated administrators
|
3413
|
+
# in this organization.
|
3414
|
+
#
|
3415
|
+
# This operation can be called only from the organization's master
|
3416
|
+
# account or by a member account that is a delegated administrator for
|
3417
|
+
# an AWS service.
|
3418
|
+
#
|
3419
|
+
# @option params [String] :service_principal
|
3420
|
+
# Specifies a service principal name. If specified, then the operation
|
3421
|
+
# lists the delegated administrators only for the specified service.
|
3422
|
+
#
|
3423
|
+
# If you don't specify a service principal, the operation lists all
|
3424
|
+
# delegated administrators for all services in your organization.
|
3425
|
+
#
|
3426
|
+
# @option params [String] :next_token
|
3427
|
+
# The parameter for receiving additional results if you receive a
|
3428
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3429
|
+
# indicates that more output is available. Set this parameter to the
|
3430
|
+
# value of the previous call's `NextToken` response to indicate where
|
3431
|
+
# the output should continue from.
|
3432
|
+
#
|
3433
|
+
# @option params [Integer] :max_results
|
3434
|
+
# The total number of results that you want included on each page of the
|
3435
|
+
# response. If you do not include this parameter, it defaults to a value
|
3436
|
+
# that is specific to the operation. If additional items exist beyond
|
3437
|
+
# the maximum you specify, the `NextToken` response element is present
|
3438
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3439
|
+
# request parameter in the next call to the operation to get the next
|
3440
|
+
# part of the results. Note that Organizations might return fewer
|
3441
|
+
# results than the maximum even when there are more results available.
|
3442
|
+
# You should check `NextToken` after every operation to ensure that you
|
3443
|
+
# receive all of the results.
|
3444
|
+
#
|
3445
|
+
# @return [Types::ListDelegatedAdministratorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3446
|
+
#
|
3447
|
+
# * {Types::ListDelegatedAdministratorsResponse#delegated_administrators #delegated_administrators} => Array<Types::DelegatedAdministrator>
|
3448
|
+
# * {Types::ListDelegatedAdministratorsResponse#next_token #next_token} => String
|
3449
|
+
#
|
3450
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3451
|
+
#
|
3452
|
+
# @example Request syntax with placeholder values
|
3453
|
+
#
|
3454
|
+
# resp = client.list_delegated_administrators({
|
3455
|
+
# service_principal: "ServicePrincipal",
|
3456
|
+
# next_token: "NextToken",
|
3457
|
+
# max_results: 1,
|
3458
|
+
# })
|
3459
|
+
#
|
3460
|
+
# @example Response structure
|
3461
|
+
#
|
3462
|
+
# resp.delegated_administrators #=> Array
|
3463
|
+
# resp.delegated_administrators[0].id #=> String
|
3464
|
+
# resp.delegated_administrators[0].arn #=> String
|
3465
|
+
# resp.delegated_administrators[0].email #=> String
|
3466
|
+
# resp.delegated_administrators[0].name #=> String
|
3467
|
+
# resp.delegated_administrators[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
3468
|
+
# resp.delegated_administrators[0].joined_method #=> String, one of "INVITED", "CREATED"
|
3469
|
+
# resp.delegated_administrators[0].joined_timestamp #=> Time
|
3470
|
+
# resp.delegated_administrators[0].delegation_enabled_date #=> Time
|
3471
|
+
# resp.next_token #=> String
|
3472
|
+
#
|
3473
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators AWS API Documentation
|
3474
|
+
#
|
3475
|
+
# @overload list_delegated_administrators(params = {})
|
3476
|
+
# @param [Hash] params ({})
|
3477
|
+
def list_delegated_administrators(params = {}, options = {})
|
3478
|
+
req = build_request(:list_delegated_administrators, params)
|
3479
|
+
req.send_request(options)
|
3480
|
+
end
|
3481
|
+
|
3482
|
+
# List the AWS services for which the specified account is a delegated
|
3483
|
+
# administrator.
|
3484
|
+
#
|
3485
|
+
# This operation can be called only from the organization's master
|
3486
|
+
# account or by a member account that is a delegated administrator for
|
3487
|
+
# an AWS service.
|
3488
|
+
#
|
3489
|
+
# @option params [required, String] :account_id
|
3490
|
+
# The account ID number of a delegated administrator account in the
|
3491
|
+
# organization.
|
3492
|
+
#
|
3493
|
+
# @option params [String] :next_token
|
3494
|
+
# The parameter for receiving additional results if you receive a
|
3495
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3496
|
+
# indicates that more output is available. Set this parameter to the
|
3497
|
+
# value of the previous call's `NextToken` response to indicate where
|
3498
|
+
# the output should continue from.
|
3499
|
+
#
|
3500
|
+
# @option params [Integer] :max_results
|
3501
|
+
# The total number of results that you want included on each page of the
|
3502
|
+
# response. If you do not include this parameter, it defaults to a value
|
3503
|
+
# that is specific to the operation. If additional items exist beyond
|
3504
|
+
# the maximum you specify, the `NextToken` response element is present
|
3505
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3506
|
+
# request parameter in the next call to the operation to get the next
|
3507
|
+
# part of the results. Note that Organizations might return fewer
|
3508
|
+
# results than the maximum even when there are more results available.
|
3509
|
+
# You should check `NextToken` after every operation to ensure that you
|
3510
|
+
# receive all of the results.
|
3511
|
+
#
|
3512
|
+
# @return [Types::ListDelegatedServicesForAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3513
|
+
#
|
3514
|
+
# * {Types::ListDelegatedServicesForAccountResponse#delegated_services #delegated_services} => Array<Types::DelegatedService>
|
3515
|
+
# * {Types::ListDelegatedServicesForAccountResponse#next_token #next_token} => String
|
3516
|
+
#
|
3517
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3518
|
+
#
|
3519
|
+
# @example Request syntax with placeholder values
|
3520
|
+
#
|
3521
|
+
# resp = client.list_delegated_services_for_account({
|
3522
|
+
# account_id: "AccountId", # required
|
3523
|
+
# next_token: "NextToken",
|
3524
|
+
# max_results: 1,
|
3525
|
+
# })
|
3526
|
+
#
|
3527
|
+
# @example Response structure
|
3528
|
+
#
|
3529
|
+
# resp.delegated_services #=> Array
|
3530
|
+
# resp.delegated_services[0].service_principal #=> String
|
3531
|
+
# resp.delegated_services[0].delegation_enabled_date #=> Time
|
3532
|
+
# resp.next_token #=> String
|
3533
|
+
#
|
3534
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount AWS API Documentation
|
3535
|
+
#
|
3536
|
+
# @overload list_delegated_services_for_account(params = {})
|
3537
|
+
# @param [Hash] params ({})
|
3538
|
+
def list_delegated_services_for_account(params = {}, options = {})
|
3539
|
+
req = build_request(:list_delegated_services_for_account, params)
|
3540
|
+
req.send_request(options)
|
3541
|
+
end
|
3542
|
+
|
3294
3543
|
# Lists the current handshakes that are associated with the account of
|
3295
3544
|
# the requesting user.
|
3296
3545
|
#
|
@@ -3306,41 +3555,45 @@ module Aws::Organizations
|
|
3306
3555
|
#
|
3307
3556
|
# </note>
|
3308
3557
|
#
|
3309
|
-
# This operation can be called from
|
3558
|
+
# This operation can be called only from the organization's master
|
3559
|
+
# account or by a member account that is a delegated administrator for
|
3560
|
+
# an AWS service.
|
3310
3561
|
#
|
3311
3562
|
# @option params [Types::HandshakeFilter] :filter
|
3312
3563
|
# Filters the handshakes that you want included in the response. The
|
3313
3564
|
# default is all types. Use the `ActionType` element to limit the output
|
3314
3565
|
# to only a specified type, such as `INVITE`, `ENABLE_ALL_FEATURES`, or
|
3315
|
-
# `APPROVE_ALL_FEATURES`. Alternatively,
|
3316
|
-
#
|
3317
|
-
#
|
3318
|
-
#
|
3319
|
-
# that parent request.
|
3566
|
+
# `APPROVE_ALL_FEATURES`. Alternatively, for the `ENABLE_ALL_FEATURES`
|
3567
|
+
# handshake that generates a separate child handshake for each member
|
3568
|
+
# account, you can specify `ParentHandshakeId` to see only the
|
3569
|
+
# handshakes that were generated by that parent request.
|
3320
3570
|
#
|
3321
3571
|
# @option params [String] :next_token
|
3322
|
-
#
|
3323
|
-
#
|
3324
|
-
#
|
3325
|
-
#
|
3572
|
+
# The parameter for receiving additional results if you receive a
|
3573
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3574
|
+
# indicates that more output is available. Set this parameter to the
|
3575
|
+
# value of the previous call's `NextToken` response to indicate where
|
3576
|
+
# the output should continue from.
|
3326
3577
|
#
|
3327
3578
|
# @option params [Integer] :max_results
|
3328
|
-
#
|
3329
|
-
#
|
3330
|
-
#
|
3331
|
-
#
|
3332
|
-
#
|
3333
|
-
#
|
3334
|
-
#
|
3335
|
-
#
|
3336
|
-
#
|
3337
|
-
#
|
3579
|
+
# The total number of results that you want included on each page of the
|
3580
|
+
# response. If you do not include this parameter, it defaults to a value
|
3581
|
+
# that is specific to the operation. If additional items exist beyond
|
3582
|
+
# the maximum you specify, the `NextToken` response element is present
|
3583
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3584
|
+
# request parameter in the next call to the operation to get the next
|
3585
|
+
# part of the results. Note that Organizations might return fewer
|
3586
|
+
# results than the maximum even when there are more results available.
|
3587
|
+
# You should check `NextToken` after every operation to ensure that you
|
3588
|
+
# receive all of the results.
|
3338
3589
|
#
|
3339
3590
|
# @return [Types::ListHandshakesForAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3340
3591
|
#
|
3341
3592
|
# * {Types::ListHandshakesForAccountResponse#handshakes #handshakes} => Array<Types::Handshake>
|
3342
3593
|
# * {Types::ListHandshakesForAccountResponse#next_token #next_token} => String
|
3343
3594
|
#
|
3595
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3596
|
+
#
|
3344
3597
|
#
|
3345
3598
|
# @example Example: To retrieve a list of the handshakes sent to an account
|
3346
3599
|
#
|
@@ -3454,41 +3707,44 @@ module Aws::Organizations
|
|
3454
3707
|
# </note>
|
3455
3708
|
#
|
3456
3709
|
# This operation can be called only from the organization's master
|
3457
|
-
# account
|
3710
|
+
# account or by a member account that is a delegated administrator for
|
3711
|
+
# an AWS service.
|
3458
3712
|
#
|
3459
3713
|
# @option params [Types::HandshakeFilter] :filter
|
3460
3714
|
# A filter of the handshakes that you want included in the response. The
|
3461
3715
|
# default is all types. Use the `ActionType` element to limit the output
|
3462
3716
|
# to only a specified type, such as `INVITE`, `ENABLE-ALL-FEATURES`, or
|
3463
|
-
# `APPROVE-ALL-FEATURES`. Alternatively,
|
3464
|
-
#
|
3465
|
-
#
|
3466
|
-
#
|
3467
|
-
# that parent request.
|
3717
|
+
# `APPROVE-ALL-FEATURES`. Alternatively, for the `ENABLE-ALL-FEATURES`
|
3718
|
+
# handshake that generates a separate child handshake for each member
|
3719
|
+
# account, you can specify the `ParentHandshakeId` to see only the
|
3720
|
+
# handshakes that were generated by that parent request.
|
3468
3721
|
#
|
3469
3722
|
# @option params [String] :next_token
|
3470
|
-
#
|
3471
|
-
#
|
3472
|
-
#
|
3473
|
-
#
|
3723
|
+
# The parameter for receiving additional results if you receive a
|
3724
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3725
|
+
# indicates that more output is available. Set this parameter to the
|
3726
|
+
# value of the previous call's `NextToken` response to indicate where
|
3727
|
+
# the output should continue from.
|
3474
3728
|
#
|
3475
3729
|
# @option params [Integer] :max_results
|
3476
|
-
#
|
3477
|
-
#
|
3478
|
-
#
|
3479
|
-
#
|
3480
|
-
#
|
3481
|
-
#
|
3482
|
-
#
|
3483
|
-
#
|
3484
|
-
#
|
3485
|
-
#
|
3730
|
+
# The total number of results that you want included on each page of the
|
3731
|
+
# response. If you do not include this parameter, it defaults to a value
|
3732
|
+
# that is specific to the operation. If additional items exist beyond
|
3733
|
+
# the maximum you specify, the `NextToken` response element is present
|
3734
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3735
|
+
# request parameter in the next call to the operation to get the next
|
3736
|
+
# part of the results. Note that Organizations might return fewer
|
3737
|
+
# results than the maximum even when there are more results available.
|
3738
|
+
# You should check `NextToken` after every operation to ensure that you
|
3739
|
+
# receive all of the results.
|
3486
3740
|
#
|
3487
3741
|
# @return [Types::ListHandshakesForOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3488
3742
|
#
|
3489
3743
|
# * {Types::ListHandshakesForOrganizationResponse#handshakes #handshakes} => Array<Types::Handshake>
|
3490
3744
|
# * {Types::ListHandshakesForOrganizationResponse#next_token #next_token} => String
|
3491
3745
|
#
|
3746
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3747
|
+
#
|
3492
3748
|
#
|
3493
3749
|
# @example Example: To retrieve a list of the handshakes associated with an organization
|
3494
3750
|
#
|
@@ -3637,7 +3893,8 @@ module Aws::Organizations
|
|
3637
3893
|
# </note>
|
3638
3894
|
#
|
3639
3895
|
# This operation can be called only from the organization's master
|
3640
|
-
# account
|
3896
|
+
# account or by a member account that is a delegated administrator for
|
3897
|
+
# an AWS service.
|
3641
3898
|
#
|
3642
3899
|
# @option params [required, String] :parent_id
|
3643
3900
|
# The unique identifier (ID) of the root or OU whose child OUs you want
|
@@ -3659,28 +3916,31 @@ module Aws::Organizations
|
|
3659
3916
|
# [1]: http://wikipedia.org/wiki/regex
|
3660
3917
|
#
|
3661
3918
|
# @option params [String] :next_token
|
3662
|
-
#
|
3663
|
-
#
|
3664
|
-
#
|
3665
|
-
#
|
3919
|
+
# The parameter for receiving additional results if you receive a
|
3920
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
3921
|
+
# indicates that more output is available. Set this parameter to the
|
3922
|
+
# value of the previous call's `NextToken` response to indicate where
|
3923
|
+
# the output should continue from.
|
3666
3924
|
#
|
3667
3925
|
# @option params [Integer] :max_results
|
3668
|
-
#
|
3669
|
-
#
|
3670
|
-
#
|
3671
|
-
#
|
3672
|
-
#
|
3673
|
-
#
|
3674
|
-
#
|
3675
|
-
#
|
3676
|
-
#
|
3677
|
-
#
|
3926
|
+
# The total number of results that you want included on each page of the
|
3927
|
+
# response. If you do not include this parameter, it defaults to a value
|
3928
|
+
# that is specific to the operation. If additional items exist beyond
|
3929
|
+
# the maximum you specify, the `NextToken` response element is present
|
3930
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
3931
|
+
# request parameter in the next call to the operation to get the next
|
3932
|
+
# part of the results. Note that Organizations might return fewer
|
3933
|
+
# results than the maximum even when there are more results available.
|
3934
|
+
# You should check `NextToken` after every operation to ensure that you
|
3935
|
+
# receive all of the results.
|
3678
3936
|
#
|
3679
3937
|
# @return [Types::ListOrganizationalUnitsForParentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3680
3938
|
#
|
3681
3939
|
# * {Types::ListOrganizationalUnitsForParentResponse#organizational_units #organizational_units} => Array<Types::OrganizationalUnit>
|
3682
3940
|
# * {Types::ListOrganizationalUnitsForParentResponse#next_token #next_token} => String
|
3683
3941
|
#
|
3942
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
3943
|
+
#
|
3684
3944
|
#
|
3685
3945
|
# @example Example: To retrieve a list of all of the child OUs in a parent root or OU
|
3686
3946
|
#
|
@@ -3745,7 +4005,8 @@ module Aws::Organizations
|
|
3745
4005
|
# </note>
|
3746
4006
|
#
|
3747
4007
|
# This operation can be called only from the organization's master
|
3748
|
-
# account
|
4008
|
+
# account or by a member account that is a delegated administrator for
|
4009
|
+
# an AWS service.
|
3749
4010
|
#
|
3750
4011
|
# <note markdown="1"> In the current release, a child can have only a single parent.
|
3751
4012
|
#
|
@@ -3770,28 +4031,31 @@ module Aws::Organizations
|
|
3770
4031
|
# [1]: http://wikipedia.org/wiki/regex
|
3771
4032
|
#
|
3772
4033
|
# @option params [String] :next_token
|
3773
|
-
#
|
3774
|
-
#
|
3775
|
-
#
|
3776
|
-
#
|
4034
|
+
# The parameter for receiving additional results if you receive a
|
4035
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4036
|
+
# indicates that more output is available. Set this parameter to the
|
4037
|
+
# value of the previous call's `NextToken` response to indicate where
|
4038
|
+
# the output should continue from.
|
3777
4039
|
#
|
3778
4040
|
# @option params [Integer] :max_results
|
3779
|
-
#
|
3780
|
-
#
|
3781
|
-
#
|
3782
|
-
#
|
3783
|
-
#
|
3784
|
-
#
|
3785
|
-
#
|
3786
|
-
#
|
3787
|
-
#
|
3788
|
-
#
|
4041
|
+
# The total number of results that you want included on each page of the
|
4042
|
+
# response. If you do not include this parameter, it defaults to a value
|
4043
|
+
# that is specific to the operation. If additional items exist beyond
|
4044
|
+
# the maximum you specify, the `NextToken` response element is present
|
4045
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
4046
|
+
# request parameter in the next call to the operation to get the next
|
4047
|
+
# part of the results. Note that Organizations might return fewer
|
4048
|
+
# results than the maximum even when there are more results available.
|
4049
|
+
# You should check `NextToken` after every operation to ensure that you
|
4050
|
+
# receive all of the results.
|
3789
4051
|
#
|
3790
4052
|
# @return [Types::ListParentsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3791
4053
|
#
|
3792
4054
|
# * {Types::ListParentsResponse#parents #parents} => Array<Types::Parent>
|
3793
4055
|
# * {Types::ListParentsResponse#next_token #next_token} => String
|
3794
4056
|
#
|
4057
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4058
|
+
#
|
3795
4059
|
#
|
3796
4060
|
# @example Example: To retrieve a list of all of the parents of a child OU or account
|
3797
4061
|
#
|
@@ -3847,34 +4111,38 @@ module Aws::Organizations
|
|
3847
4111
|
# </note>
|
3848
4112
|
#
|
3849
4113
|
# This operation can be called only from the organization's master
|
3850
|
-
# account
|
4114
|
+
# account or by a member account that is a delegated administrator for
|
4115
|
+
# an AWS service.
|
3851
4116
|
#
|
3852
4117
|
# @option params [required, String] :filter
|
3853
4118
|
# Specifies the type of policy that you want to include in the response.
|
3854
4119
|
#
|
3855
4120
|
# @option params [String] :next_token
|
3856
|
-
#
|
3857
|
-
#
|
3858
|
-
#
|
3859
|
-
#
|
4121
|
+
# The parameter for receiving additional results if you receive a
|
4122
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4123
|
+
# indicates that more output is available. Set this parameter to the
|
4124
|
+
# value of the previous call's `NextToken` response to indicate where
|
4125
|
+
# the output should continue from.
|
3860
4126
|
#
|
3861
4127
|
# @option params [Integer] :max_results
|
3862
|
-
#
|
3863
|
-
#
|
3864
|
-
#
|
3865
|
-
#
|
3866
|
-
#
|
3867
|
-
#
|
3868
|
-
#
|
3869
|
-
#
|
3870
|
-
#
|
3871
|
-
#
|
4128
|
+
# The total number of results that you want included on each page of the
|
4129
|
+
# response. If you do not include this parameter, it defaults to a value
|
4130
|
+
# that is specific to the operation. If additional items exist beyond
|
4131
|
+
# the maximum you specify, the `NextToken` response element is present
|
4132
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
4133
|
+
# request parameter in the next call to the operation to get the next
|
4134
|
+
# part of the results. Note that Organizations might return fewer
|
4135
|
+
# results than the maximum even when there are more results available.
|
4136
|
+
# You should check `NextToken` after every operation to ensure that you
|
4137
|
+
# receive all of the results.
|
3872
4138
|
#
|
3873
4139
|
# @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3874
4140
|
#
|
3875
4141
|
# * {Types::ListPoliciesResponse#policies #policies} => Array<Types::PolicySummary>
|
3876
4142
|
# * {Types::ListPoliciesResponse#next_token #next_token} => String
|
3877
4143
|
#
|
4144
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4145
|
+
#
|
3878
4146
|
#
|
3879
4147
|
# @example Example: To retrieve a list policies in the organization
|
3880
4148
|
#
|
@@ -3955,7 +4223,8 @@ module Aws::Organizations
|
|
3955
4223
|
# </note>
|
3956
4224
|
#
|
3957
4225
|
# This operation can be called only from the organization's master
|
3958
|
-
# account
|
4226
|
+
# account or by a member account that is a delegated administrator for
|
4227
|
+
# an AWS service.
|
3959
4228
|
#
|
3960
4229
|
# @option params [required, String] :target_id
|
3961
4230
|
# The unique identifier (ID) of the root, organizational unit, or
|
@@ -3982,28 +4251,31 @@ module Aws::Organizations
|
|
3982
4251
|
# The type of policy that you want to include in the returned list.
|
3983
4252
|
#
|
3984
4253
|
# @option params [String] :next_token
|
3985
|
-
#
|
3986
|
-
#
|
3987
|
-
#
|
3988
|
-
#
|
4254
|
+
# The parameter for receiving additional results if you receive a
|
4255
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4256
|
+
# indicates that more output is available. Set this parameter to the
|
4257
|
+
# value of the previous call's `NextToken` response to indicate where
|
4258
|
+
# the output should continue from.
|
3989
4259
|
#
|
3990
4260
|
# @option params [Integer] :max_results
|
3991
|
-
#
|
3992
|
-
#
|
3993
|
-
#
|
3994
|
-
#
|
3995
|
-
#
|
3996
|
-
#
|
3997
|
-
#
|
3998
|
-
#
|
3999
|
-
#
|
4000
|
-
#
|
4261
|
+
# The total number of results that you want included on each page of the
|
4262
|
+
# response. If you do not include this parameter, it defaults to a value
|
4263
|
+
# that is specific to the operation. If additional items exist beyond
|
4264
|
+
# the maximum you specify, the `NextToken` response element is present
|
4265
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
4266
|
+
# request parameter in the next call to the operation to get the next
|
4267
|
+
# part of the results. Note that Organizations might return fewer
|
4268
|
+
# results than the maximum even when there are more results available.
|
4269
|
+
# You should check `NextToken` after every operation to ensure that you
|
4270
|
+
# receive all of the results.
|
4001
4271
|
#
|
4002
4272
|
# @return [Types::ListPoliciesForTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4003
4273
|
#
|
4004
4274
|
# * {Types::ListPoliciesForTargetResponse#policies #policies} => Array<Types::PolicySummary>
|
4005
4275
|
# * {Types::ListPoliciesForTargetResponse#next_token #next_token} => String
|
4006
4276
|
#
|
4277
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4278
|
+
#
|
4007
4279
|
#
|
4008
4280
|
# @example Example: To retrieve a list policies attached to a root, OU, or account
|
4009
4281
|
#
|
@@ -4070,7 +4342,8 @@ module Aws::Organizations
|
|
4070
4342
|
# </note>
|
4071
4343
|
#
|
4072
4344
|
# This operation can be called only from the organization's master
|
4073
|
-
# account
|
4345
|
+
# account or by a member account that is a delegated administrator for
|
4346
|
+
# an AWS service.
|
4074
4347
|
#
|
4075
4348
|
# <note markdown="1"> Policy types can be enabled and disabled in roots. This is distinct
|
4076
4349
|
# from whether they're available in the organization. When you enable
|
@@ -4082,28 +4355,31 @@ module Aws::Organizations
|
|
4082
4355
|
# </note>
|
4083
4356
|
#
|
4084
4357
|
# @option params [String] :next_token
|
4085
|
-
#
|
4086
|
-
#
|
4087
|
-
#
|
4088
|
-
#
|
4358
|
+
# The parameter for receiving additional results if you receive a
|
4359
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4360
|
+
# indicates that more output is available. Set this parameter to the
|
4361
|
+
# value of the previous call's `NextToken` response to indicate where
|
4362
|
+
# the output should continue from.
|
4089
4363
|
#
|
4090
4364
|
# @option params [Integer] :max_results
|
4091
|
-
#
|
4092
|
-
#
|
4093
|
-
#
|
4094
|
-
#
|
4095
|
-
#
|
4096
|
-
#
|
4097
|
-
#
|
4098
|
-
#
|
4099
|
-
#
|
4100
|
-
#
|
4365
|
+
# The total number of results that you want included on each page of the
|
4366
|
+
# response. If you do not include this parameter, it defaults to a value
|
4367
|
+
# that is specific to the operation. If additional items exist beyond
|
4368
|
+
# the maximum you specify, the `NextToken` response element is present
|
4369
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
4370
|
+
# request parameter in the next call to the operation to get the next
|
4371
|
+
# part of the results. Note that Organizations might return fewer
|
4372
|
+
# results than the maximum even when there are more results available.
|
4373
|
+
# You should check `NextToken` after every operation to ensure that you
|
4374
|
+
# receive all of the results.
|
4101
4375
|
#
|
4102
4376
|
# @return [Types::ListRootsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4103
4377
|
#
|
4104
4378
|
# * {Types::ListRootsResponse#roots #roots} => Array<Types::Root>
|
4105
4379
|
# * {Types::ListRootsResponse#next_token #next_token} => String
|
4106
4380
|
#
|
4381
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4382
|
+
#
|
4107
4383
|
#
|
4108
4384
|
# @example Example: To retrieve a list of roots in the organization
|
4109
4385
|
#
|
@@ -4161,22 +4437,26 @@ module Aws::Organizations
|
|
4161
4437
|
# Currently, you can list tags on an account in AWS Organizations.
|
4162
4438
|
#
|
4163
4439
|
# This operation can be called only from the organization's master
|
4164
|
-
# account
|
4440
|
+
# account or by a member account that is a delegated administrator for
|
4441
|
+
# an AWS service.
|
4165
4442
|
#
|
4166
4443
|
# @option params [required, String] :resource_id
|
4167
4444
|
# The ID of the resource that you want to retrieve tags for.
|
4168
4445
|
#
|
4169
4446
|
# @option params [String] :next_token
|
4170
|
-
#
|
4171
|
-
#
|
4172
|
-
#
|
4173
|
-
#
|
4447
|
+
# The parameter for receiving additional results if you receive a
|
4448
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4449
|
+
# indicates that more output is available. Set this parameter to the
|
4450
|
+
# value of the previous call's `NextToken` response to indicate where
|
4451
|
+
# the output should continue from.
|
4174
4452
|
#
|
4175
4453
|
# @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4176
4454
|
#
|
4177
4455
|
# * {Types::ListTagsForResourceResponse#tags #tags} => Array<Types::Tag>
|
4178
4456
|
# * {Types::ListTagsForResourceResponse#next_token #next_token} => String
|
4179
4457
|
#
|
4458
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4459
|
+
#
|
4180
4460
|
# @example Request syntax with placeholder values
|
4181
4461
|
#
|
4182
4462
|
# resp = client.list_tags_for_resource({
|
@@ -4212,7 +4492,8 @@ module Aws::Organizations
|
|
4212
4492
|
# </note>
|
4213
4493
|
#
|
4214
4494
|
# This operation can be called only from the organization's master
|
4215
|
-
# account
|
4495
|
+
# account or by a member account that is a delegated administrator for
|
4496
|
+
# an AWS service.
|
4216
4497
|
#
|
4217
4498
|
# @option params [required, String] :policy_id
|
4218
4499
|
# The unique identifier (ID) of the policy whose attachments you want to
|
@@ -4227,28 +4508,31 @@ module Aws::Organizations
|
|
4227
4508
|
# [1]: http://wikipedia.org/wiki/regex
|
4228
4509
|
#
|
4229
4510
|
# @option params [String] :next_token
|
4230
|
-
#
|
4231
|
-
#
|
4232
|
-
#
|
4233
|
-
#
|
4511
|
+
# The parameter for receiving additional results if you receive a
|
4512
|
+
# `NextToken` response in a previous request. A `NextToken` response
|
4513
|
+
# indicates that more output is available. Set this parameter to the
|
4514
|
+
# value of the previous call's `NextToken` response to indicate where
|
4515
|
+
# the output should continue from.
|
4234
4516
|
#
|
4235
4517
|
# @option params [Integer] :max_results
|
4236
|
-
#
|
4237
|
-
#
|
4238
|
-
#
|
4239
|
-
#
|
4240
|
-
#
|
4241
|
-
#
|
4242
|
-
#
|
4243
|
-
#
|
4244
|
-
#
|
4245
|
-
#
|
4518
|
+
# The total number of results that you want included on each page of the
|
4519
|
+
# response. If you do not include this parameter, it defaults to a value
|
4520
|
+
# that is specific to the operation. If additional items exist beyond
|
4521
|
+
# the maximum you specify, the `NextToken` response element is present
|
4522
|
+
# and has a value (is not null). Include that value as the `NextToken`
|
4523
|
+
# request parameter in the next call to the operation to get the next
|
4524
|
+
# part of the results. Note that Organizations might return fewer
|
4525
|
+
# results than the maximum even when there are more results available.
|
4526
|
+
# You should check `NextToken` after every operation to ensure that you
|
4527
|
+
# receive all of the results.
|
4246
4528
|
#
|
4247
4529
|
# @return [Types::ListTargetsForPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4248
4530
|
#
|
4249
4531
|
# * {Types::ListTargetsForPolicyResponse#targets #targets} => Array<Types::PolicyTargetSummary>
|
4250
4532
|
# * {Types::ListTargetsForPolicyResponse#next_token #next_token} => String
|
4251
4533
|
#
|
4534
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
4535
|
+
#
|
4252
4536
|
#
|
4253
4537
|
# @example Example: To retrieve a list of roots, OUs, and accounts to which a policy is attached
|
4254
4538
|
#
|
@@ -4393,6 +4677,50 @@ module Aws::Organizations
|
|
4393
4677
|
req.send_request(options)
|
4394
4678
|
end
|
4395
4679
|
|
4680
|
+
# Enables the specified member account to administer the Organizations
|
4681
|
+
# features of the specified AWS service. It grants read-only access to
|
4682
|
+
# AWS Organizations service data. The account still requires IAM
|
4683
|
+
# permissions to access and administer the AWS service.
|
4684
|
+
#
|
4685
|
+
# You can run this action only for AWS services that support this
|
4686
|
+
# feature. For a current list of services that support it, see the
|
4687
|
+
# column *Supports Delegated Administrator* in the table at [AWS
|
4688
|
+
# Services that you can use with AWS Organizations][1] in the *AWS
|
4689
|
+
# Organizations User Guide.*
|
4690
|
+
#
|
4691
|
+
# This operation can be called only from the organization's master
|
4692
|
+
# account.
|
4693
|
+
#
|
4694
|
+
#
|
4695
|
+
#
|
4696
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html
|
4697
|
+
#
|
4698
|
+
# @option params [required, String] :account_id
|
4699
|
+
# The account ID number of the member account in the organization to
|
4700
|
+
# register as a delegated administrator.
|
4701
|
+
#
|
4702
|
+
# @option params [required, String] :service_principal
|
4703
|
+
# The service principal of the AWS service for which you want to make
|
4704
|
+
# the member account a delegated administrator.
|
4705
|
+
#
|
4706
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4707
|
+
#
|
4708
|
+
# @example Request syntax with placeholder values
|
4709
|
+
#
|
4710
|
+
# resp = client.register_delegated_administrator({
|
4711
|
+
# account_id: "AccountId", # required
|
4712
|
+
# service_principal: "ServicePrincipal", # required
|
4713
|
+
# })
|
4714
|
+
#
|
4715
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator AWS API Documentation
|
4716
|
+
#
|
4717
|
+
# @overload register_delegated_administrator(params = {})
|
4718
|
+
# @param [Hash] params ({})
|
4719
|
+
def register_delegated_administrator(params = {}, options = {})
|
4720
|
+
req = build_request(:register_delegated_administrator, params)
|
4721
|
+
req.send_request(options)
|
4722
|
+
end
|
4723
|
+
|
4396
4724
|
# Removes the specified account from the organization.
|
4397
4725
|
#
|
4398
4726
|
# The removed account becomes a standalone account that isn't a member
|
@@ -4408,15 +4736,15 @@ module Aws::Organizations
|
|
4408
4736
|
# You can remove an account from your organization only if the account
|
4409
4737
|
# is configured with the information required to operate as a standalone
|
4410
4738
|
# account. When you create an account in an organization using the AWS
|
4411
|
-
# Organizations console, API, or CLI, the information required
|
4412
|
-
# standalone accounts is *not* automatically collected. For an
|
4413
|
-
# that you want to make standalone, you must accept the end user
|
4414
|
-
# agreement (EULA)
|
4415
|
-
#
|
4739
|
+
# Organizations console, API, or CLI commands, the information required
|
4740
|
+
# of standalone accounts is *not* automatically collected. For an
|
4741
|
+
# account that you want to make standalone, you must accept the end user
|
4742
|
+
# license agreement (EULA), choose a support plan, provide and verify
|
4743
|
+
# the required contact information, and provide a current payment
|
4416
4744
|
# method. AWS uses the payment method to charge for any billable (not
|
4417
4745
|
# free tier) AWS activity that occurs while the account isn't attached
|
4418
4746
|
# to an organization. To remove an account that doesn't yet have this
|
4419
|
-
# information, you must sign in as the member account
|
4747
|
+
# information, you must sign in as the member account and follow the
|
4420
4748
|
# steps at [ To leave an organization when all required account
|
4421
4749
|
# information has not yet been provided][1] in the *AWS Organizations
|
4422
4750
|
# User Guide.*
|
@@ -4744,7 +5072,7 @@ module Aws::Organizations
|
|
4744
5072
|
params: params,
|
4745
5073
|
config: config)
|
4746
5074
|
context[:gem_name] = 'aws-sdk-organizations'
|
4747
|
-
context[:gem_version] = '1.
|
5075
|
+
context[:gem_version] = '1.42.1'
|
4748
5076
|
Seahorse::Client::Request.new(handlers, context)
|
4749
5077
|
end
|
4750
5078
|
|