aws-sdk-organizations 1.42.1 → 1.47.0

data/lib/aws-sdk-organizations/client_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -1235,6 +1237,7 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
       api.add_operation(:disable_policy_type, Seahorse::Model::Operation.new.tap do |o|
@@ -1269,6 +1272,7 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
       api.add_operation(:enable_all_features, Seahorse::Model::Operation.new.tap do |o|
@@ -1353,6 +1357,7 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
         o[:pager] = Aws::Pager.new(
           limit_key: "max_results",
           tokens: {

data/lib/aws-sdk-organizations/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-organizations/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-organizations/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -19,6 +21,7 @@ module Aws::Organizations
     #
     class AWSOrganizationsNotInUseException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -44,6 +47,7 @@ module Aws::Organizations
     #
     class AcceptHandshakeRequest < Struct.new(
       :handshake_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -55,6 +59,7 @@ module Aws::Organizations
     #
     class AcceptHandshakeResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -74,6 +79,7 @@ module Aws::Organizations
     #
     class AccessDeniedException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -93,6 +99,7 @@ module Aws::Organizations
     class AccessDeniedForDependencyException < Struct.new(
       :message,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -166,6 +173,7 @@ module Aws::Organizations
       :status,
       :joined_method,
       :joined_timestamp)
+      SENSITIVE = [:email, :name]
       include Aws::Structure
     end
 
@@ -179,6 +187,7 @@ module Aws::Organizations
     #
     class AccountAlreadyRegisteredException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -193,6 +202,7 @@ module Aws::Organizations
     #
     class AccountNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -206,6 +216,7 @@ module Aws::Organizations
     #
     class AccountNotRegisteredException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -225,6 +236,7 @@ module Aws::Organizations
     #
     class AccountOwnerNotVerifiedException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -238,6 +250,7 @@ module Aws::Organizations
     #
     class AlreadyInOrganizationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -293,6 +306,7 @@ module Aws::Organizations
     class AttachPolicyRequest < Struct.new(
       :policy_id,
       :target_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -319,6 +333,7 @@ module Aws::Organizations
     #
     class CancelHandshakeRequest < Struct.new(
       :handshake_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -331,6 +346,7 @@ module Aws::Organizations
     #
     class CancelHandshakeResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -364,6 +380,7 @@ module Aws::Organizations
     class Child < Struct.new(
       :id,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -377,6 +394,7 @@ module Aws::Organizations
     #
     class ChildNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -390,6 +408,7 @@ module Aws::Organizations
     #
     class ConcurrentModificationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -398,24 +417,31 @@ module Aws::Organizations
     # (SCP) from an OU or root, inviting or creating too many accounts to
     # the organization, or attaching too many policies to an account, OU, or
     # root. This exception includes a reason that contains additional
-    # information about the violated limit.
+    # information about the violated limit:
     #
-    # Some of the reasons in the following list might not be applicable to
-    # this specific API or operation:
+    # <note markdown="1"> Some of the reasons in the following list might not be applicable to
+    # this specific API or operation.
+    #
+    #  </note>
+    #
+    # * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
+    #   master account from the organization. You can't remove the master
+    #   account. Instead, after you remove all member accounts, delete the
+    #   organization itself.
     #
     # * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_EULA: You attempted to remove an
     #   account from the organization that doesn't yet have enough
     #   information to exist as a standalone account. This account requires
     #   you to first agree to the AWS Customer Agreement. Follow the steps
-    #   at [To leave an organization when all required account information
-    #   has not yet been provided][1] in the *AWS Organizations User Guide.*
+    #   at [Removing a member account from your organization][1]in the *AWS
+    #   Organizations User Guide.*
     #
     # * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_PHONE\_VERIFICATION: You attempted
     #   to remove an account from the organization that doesn't yet have
     #   enough information to exist as a standalone account. This account
     #   requires you to first complete phone verification. Follow the steps
-    #   at [To leave an organization when all required account information
-    #   has not yet been provided][1] in the *AWS Organizations User Guide.*
+    #   at [Removing a member account from your organization][1] in the *AWS
+    #   Organizations User Guide.*
     #
     # * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
     #   the number of accounts that you can create in one day.
@@ -434,22 +460,37 @@ module Aws::Organizations
     #
     #    </note>
     #
-    #   If you get receive this exception when running a command immediately
-    #   after creating the organization, wait one hour and try again. If
-    #   after an hour it continues to fail with this error, contact [AWS
+    #   If you get this exception when running a command immediately after
+    #   creating the organization, wait one hour and try again. After an
+    #   hour, if the command continues to fail with this error, contact [AWS
     #   Support][2].
     #
-    # * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You can
-    #   designate only a member account as a delegated administrator.
-    #
-    # * CANNOT\_REMOVE\_DELEGATED\_ADMINISTRATOR\_FROM\_ORG: To complete
-    #   this operation, you must first deregister this account as a
+    # * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
+    #   attempted to register the master account of the organization as a
+    #   delegated administrator for an AWS service integrated with
+    #   Organizations. You can designate only a member account as a
     #   delegated administrator.
     #
-    # * DELEGATED\_ADMINISTRATOR\_EXISTS\_FOR\_THIS\_SERVICE: To complete
-    #   this operation, you must first deregister all delegated
+    # * CANNOT\_REMOVE\_DELEGATED\_ADMINISTRATOR\_FROM\_ORG: You attempted
+    #   to remove an account that is registered as a delegated administrator
+    #   for a service integrated with your organization. To complete this
+    #   operation, you must first deregister this account as a delegated
+    #   administrator.
+    #
+    # * CREATE\_ORGANIZATION\_IN\_BILLING\_MODE\_UNSUPPORTED\_REGION: To
+    #   create an organization in the specified region, you must enable all
+    #   features mode.
+    #
+    # * DELEGATED\_ADMINISTRATOR\_EXISTS\_FOR\_THIS\_SERVICE: You attempted
+    #   to register an AWS account as a delegated administrator for an AWS
+    #   service that already has a delegated administrator. To complete this
+    #   operation, you must first deregister any existing delegated
     #   administrators for this service.
     #
+    # * EMAIL\_VERIFICATION\_CODE\_EXPIRED: The email verification code is
+    #   only valid for a limited period of time. You must resubmit the
+    #   request and generate a new verfication code.
+    #
     # * HANDSHAKE\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed the number
     #   of handshakes that you can send in one day.
     #
@@ -461,8 +502,13 @@ module Aws::Organizations
     #   accounts in an organization must be associated with the same
     #   marketplace.
     #
+    # * MASTER\_ACCOUNT\_MISSING\_BUSINESS\_LICENSE: Applies only to the AWS
+    #   Regions in China. To create an organization, the master must have an
+    #   valid business license. For more information, contact customer
+    #   support.
+    #
     # * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
-    #   you must first provide contact a valid address and phone number for
+    #   you must first provide a valid contact address and phone number for
     #   the master account. Then try the operation again.
     #
     # * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
@@ -474,7 +520,7 @@ module Aws::Organizations
     #   organization with this master account, you first must associate a
     #   valid payment instrument, such as a credit card, with the account.
     #   Follow the steps at [To leave an organization when all required
-    #   account information has not yet been provided][1] in the *AWS
+    #   account information has not yet been provided][4] in the *AWS
     #   Organizations User Guide.*
     #
     # * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
@@ -492,7 +538,7 @@ module Aws::Organizations
     #   operation with this member account, you first must associate a valid
     #   payment instrument, such as a credit card, with the account. Follow
     #   the steps at [To leave an organization when all required account
-    #   information has not yet been provided][1] in the *AWS Organizations
+    #   information has not yet been provided][4] in the *AWS Organizations
     #   User Guide.*
     #
     # * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
@@ -500,25 +546,33 @@ module Aws::Organizations
     #   fewer than the minimum number of policies of a certain type
     #   required.
     #
-    # * OU\_DEPTH\_LIMIT\_EXCEEDED: You attempted to create an OU tree that
-    #   is too many levels deep.
-    #
     # * ORGANIZATION\_NOT\_IN\_ALL\_FEATURES\_MODE: You attempted to perform
     #   an operation that requires the organization to be configured to
     #   support all features. An organization that supports only
     #   consolidated billing features can't perform this operation.
     #
+    # * OU\_DEPTH\_LIMIT\_EXCEEDED: You attempted to create an OU tree that
+    #   is too many levels deep.
+    #
     # * OU\_NUMBER\_LIMIT\_EXCEEDED: You attempted to exceed the number of
     #   OUs that you can have in an organization.
     #
-    # * POLICY\_NUMBER\_LIMIT\_EXCEEDED. You attempted to exceed the number
+    # * POLICY\_CONTENT\_LIMIT\_EXCEEDED: You attempted to create a policy
+    #   that is larger than the maximum size.
+    #
+    # * POLICY\_NUMBER\_LIMIT\_EXCEEDED: You attempted to exceed the number
     #   of policies that you can have in an organization.
     #
+    # * TAG\_POLICY\_VIOLATION: You attempted to create or update a resource
+    #   with tags that are not compliant with the tag policy requirements
+    #   for this account.
+    #
     #
     #
-    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
+    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
     # [2]: https://console.aws.amazon.com/support/home#/
     # [3]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
+    # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -531,6 +585,7 @@ module Aws::Organizations
     class ConstraintViolationException < Struct.new(
       :message,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -612,6 +667,7 @@ module Aws::Organizations
       :account_name,
       :role_name,
       :iam_user_access_to_billing)
+      SENSITIVE = [:email, :account_name]
       include Aws::Structure
     end
 
@@ -635,6 +691,7 @@ module Aws::Organizations
     #
     class CreateAccountResponse < Struct.new(
       :create_account_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -698,6 +755,9 @@ module Aws::Organizations
     #     you have reached the limit on the number of accounts in your
     #     organization.
     #
+    #   * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
+    #     with the same information.
+    #
     #   * EMAIL\_ALREADY\_EXISTS: The account could not be created because
     #     another AWS account with that email address already exists.
     #
@@ -714,6 +774,12 @@ module Aws::Organizations
     #   * INTERNAL\_FAILURE: The account could not be created because of an
     #     internal failure. Try again later. If the problem persists,
     #     contact Customer Support.
+    #
+    #   * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
+    #     organization has not received Business Validation.
+    #
+    #   * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
+    #     account with a valid payment method, such as a credit card.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
@@ -727,6 +793,7 @@ module Aws::Organizations
       :account_id,
       :gov_cloud_account_id,
       :failure_reason)
+      SENSITIVE = [:account_name]
       include Aws::Structure
     end
 
@@ -740,6 +807,7 @@ module Aws::Organizations
     #
     class CreateAccountStatusNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -824,6 +892,7 @@ module Aws::Organizations
       :account_name,
       :role_name,
       :iam_user_access_to_billing)
+      SENSITIVE = [:email, :account_name]
       include Aws::Structure
     end
 
@@ -837,6 +906,7 @@ module Aws::Organizations
     #
     class CreateGovCloudAccountResponse < Struct.new(
       :create_account_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -875,6 +945,7 @@ module Aws::Organizations
     #
     class CreateOrganizationRequest < Struct.new(
       :feature_set)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -887,6 +958,7 @@ module Aws::Organizations
     #
     class CreateOrganizationResponse < Struct.new(
       :organization)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -928,6 +1000,7 @@ module Aws::Organizations
     class CreateOrganizationalUnitRequest < Struct.new(
       :parent_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -939,6 +1012,7 @@ module Aws::Organizations
     #
     class CreateOrganizationalUnitResponse < Struct.new(
       :organizational_unit)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -949,21 +1023,13 @@ module Aws::Organizations
     #         content: "PolicyContent", # required
     #         description: "PolicyDescription", # required
     #         name: "PolicyName", # required
-    #         type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] content
-    #   The policy content to add to the new policy. For example, if you
-    #   create a [service control policy][1] (SCP), this string must be JSON
-    #   text that specifies the permissions that admins in attached accounts
-    #   can delegate to their users, groups, and roles. For more information
-    #   about the SCP syntax, see [Service Control Policy Syntax][2] in the
-    #   *AWS Organizations User Guide.*
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
+    #   The policy text content to add to the new policy. The text that you
+    #   supply must adhere to the rules of the policy type you specify in
+    #   the `Type` parameter.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -982,12 +1048,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] type
-    #   The type of policy to create.
+    #   The type of policy to create. You can specify one of the following
+    #   values:
     #
-    #   <note markdown="1"> In the current release, the only type of policy that you can create
-    #   is a service control policy (SCP).
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
     #
-    #    </note>
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
@@ -997,6 +1074,7 @@ module Aws::Organizations
       :description,
       :name,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1008,6 +1086,7 @@ module Aws::Organizations
     #
     class CreatePolicyResponse < Struct.new(
       :policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1035,6 +1114,7 @@ module Aws::Organizations
     #
     class DeclineHandshakeRequest < Struct.new(
       :handshake_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1047,6 +1127,7 @@ module Aws::Organizations
     #
     class DeclineHandshakeResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1101,6 +1182,7 @@ module Aws::Organizations
       :joined_method,
       :joined_timestamp,
       :delegation_enabled_date)
+      SENSITIVE = [:email, :name]
       include Aws::Structure
     end
 
@@ -1123,6 +1205,7 @@ module Aws::Organizations
     class DelegatedService < Struct.new(
       :service_principal,
       :delegation_enabled_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1153,6 +1236,7 @@ module Aws::Organizations
     #
     class DeleteOrganizationalUnitRequest < Struct.new(
       :organizational_unit_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1181,6 +1265,7 @@ module Aws::Organizations
     #
     class DeletePolicyRequest < Struct.new(
       :policy_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1213,6 +1298,7 @@ module Aws::Organizations
     class DeregisterDelegatedAdministratorRequest < Struct.new(
       :account_id,
       :service_principal)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1240,6 +1326,7 @@ module Aws::Organizations
     #
     class DescribeAccountRequest < Struct.new(
       :account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1251,6 +1338,7 @@ module Aws::Organizations
     #
     class DescribeAccountResponse < Struct.new(
       :account)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1279,6 +1367,7 @@ module Aws::Organizations
     #
     class DescribeCreateAccountStatusRequest < Struct.new(
       :create_account_request_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1291,6 +1380,7 @@ module Aws::Organizations
     #
     class DescribeCreateAccountStatusResponse < Struct.new(
       :create_account_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1298,18 +1388,31 @@ module Aws::Organizations
     #   data as a hash:
     #
     #       {
-    #         policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
+    #         policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         target_id: "PolicyTargetId",
     #       }
     #
     # @!attribute [rw] policy_type
-    #   The type of policy that you want information about.
+    #   The type of policy that you want information about. You can specify
+    #   one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [TAG\_POLICY][3]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] target_id
     #   When you're signed in as the master account, specify the ID of the
     #   account that you want details about. Specifying an organization root
-    #   or OU as the target is not supported.
+    #   or organizational unit (OU) as the target is not supported.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
@@ -1317,6 +1420,7 @@ module Aws::Organizations
     class DescribeEffectivePolicyRequest < Struct.new(
       :policy_type,
       :target_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1328,6 +1432,7 @@ module Aws::Organizations
     #
     class DescribeEffectivePolicyResponse < Struct.new(
       :effective_policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1356,6 +1461,7 @@ module Aws::Organizations
     #
     class DescribeHandshakeRequest < Struct.new(
       :handshake_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1367,17 +1473,25 @@ module Aws::Organizations
     #
     class DescribeHandshakeResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] organization
     #   A structure that contains information about the organization.
+    #
+    #   The `AvailablePolicyTypes` part of the response is deprecated, and
+    #   you shouldn't use it in your apps. It doesn't include any policy
+    #   type supported by Organizations other than SCPs. To determine which
+    #   policy types are enabled in your organization, use the ` ListRoots `
+    #   operation.
     #   @return [Types::Organization]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationResponse AWS API Documentation
     #
     class DescribeOrganizationResponse < Struct.new(
       :organization)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1408,6 +1522,7 @@ module Aws::Organizations
     #
     class DescribeOrganizationalUnitRequest < Struct.new(
       :organizational_unit_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1419,6 +1534,7 @@ module Aws::Organizations
     #
     class DescribeOrganizationalUnitResponse < Struct.new(
       :organizational_unit)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1447,6 +1563,7 @@ module Aws::Organizations
     #
     class DescribePolicyRequest < Struct.new(
       :policy_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1458,6 +1575,7 @@ module Aws::Organizations
     #
     class DescribePolicyResponse < Struct.new(
       :policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1471,6 +1589,7 @@ module Aws::Organizations
     #
     class DestinationParentNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1525,6 +1644,7 @@ module Aws::Organizations
     class DetachPolicyRequest < Struct.new(
       :policy_id,
       :target_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1545,6 +1665,7 @@ module Aws::Organizations
     #
     class DisableAWSServiceAccessRequest < Struct.new(
       :service_principal)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1553,7 +1674,7 @@ module Aws::Organizations
     #
     #       {
     #         root_id: "RootId", # required
-    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] root_id
@@ -1569,7 +1690,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] policy_type
-    #   The policy type that you want to disable in this root.
+    #   The policy type that you want to disable in this root. You can
+    #   specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
@@ -1577,6 +1714,7 @@ module Aws::Organizations
     class DisablePolicyTypeRequest < Struct.new(
       :root_id,
       :policy_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1589,6 +1727,7 @@ module Aws::Organizations
     #
     class DisablePolicyTypeResponse < Struct.new(
       :root)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1601,6 +1740,7 @@ module Aws::Organizations
     #
     class DuplicateAccountException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1618,6 +1758,7 @@ module Aws::Organizations
     #
     class DuplicateHandshakeException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1630,6 +1771,7 @@ module Aws::Organizations
     #
     class DuplicateOrganizationalUnitException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1642,6 +1784,7 @@ module Aws::Organizations
     #
     class DuplicatePolicyAttachmentException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1654,6 +1797,7 @@ module Aws::Organizations
     #
     class DuplicatePolicyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1684,6 +1828,7 @@ module Aws::Organizations
       :last_updated_timestamp,
       :target_id,
       :policy_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1700,6 +1845,7 @@ module Aws::Organizations
     #
     class EffectivePolicyNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1720,6 +1866,7 @@ module Aws::Organizations
     #
     class EnableAWSServiceAccessRequest < Struct.new(
       :service_principal)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1738,6 +1885,7 @@ module Aws::Organizations
     #
     class EnableAllFeaturesResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1746,7 +1894,7 @@ module Aws::Organizations
     #
     #       {
     #         root_id: "RootId", # required
-    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] root_id
@@ -1762,7 +1910,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] policy_type
-    #   The policy type that you want to enable.
+    #   The policy type that you want to enable. You can specify one of the
+    #   following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
@@ -1770,6 +1934,7 @@ module Aws::Organizations
     class EnablePolicyTypeRequest < Struct.new(
       :root_id,
       :policy_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1782,6 +1947,7 @@ module Aws::Organizations
     #
     class EnablePolicyTypeResponse < Struct.new(
       :root)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1804,6 +1970,7 @@ module Aws::Organizations
     class EnabledServicePrincipal < Struct.new(
       :service_principal,
       :date_enabled)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1823,6 +1990,7 @@ module Aws::Organizations
     #
     class FinalizingOrganizationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1942,6 +2110,7 @@ module Aws::Organizations
       :expiration_timestamp,
       :action,
       :resources)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1955,6 +2124,7 @@ module Aws::Organizations
     #
     class HandshakeAlreadyInStateException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2017,6 +2187,7 @@ module Aws::Organizations
     class HandshakeConstraintViolationException < Struct.new(
       :message,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2058,6 +2229,7 @@ module Aws::Organizations
     class HandshakeFilter < Struct.new(
       :action_type,
       :parent_handshake_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2070,6 +2242,7 @@ module Aws::Organizations
     #
     class HandshakeNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2103,6 +2276,7 @@ module Aws::Organizations
     class HandshakeParty < Struct.new(
       :id,
       :type)
+      SENSITIVE = [:id]
       include Aws::Structure
     end
 
@@ -2146,6 +2320,7 @@ module Aws::Organizations
       :value,
       :type,
       :resources)
+      SENSITIVE = [:value]
       include Aws::Structure
     end
 
@@ -2160,6 +2335,7 @@ module Aws::Organizations
     #
     class InvalidHandshakeTransitionException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2168,7 +2344,7 @@ module Aws::Organizations
     # reason that contains additional information about the violated limit:
     #
     # <note markdown="1"> Some of the reasons in the following list might not be applicable to
-    # this specific API or operation:
+    # this specific API or operation.
     #
     #  </note>
     #
@@ -2240,6 +2416,7 @@ module Aws::Organizations
     class InvalidInputException < Struct.new(
       :message,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2283,6 +2460,7 @@ module Aws::Organizations
     class InviteAccountToOrganizationRequest < Struct.new(
       :target,
       :notes)
+      SENSITIVE = [:notes]
       include Aws::Structure
     end
 
@@ -2295,6 +2473,7 @@ module Aws::Organizations
     #
     class InviteAccountToOrganizationResponse < Struct.new(
       :handshake)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2332,6 +2511,7 @@ module Aws::Organizations
     class ListAWSServiceAccessForOrganizationRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2355,6 +2535,7 @@ module Aws::Organizations
     class ListAWSServiceAccessForOrganizationResponse < Struct.new(
       :enabled_service_principals,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2399,6 +2580,7 @@ module Aws::Organizations
       :parent_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2419,6 +2601,7 @@ module Aws::Organizations
     class ListAccountsForParentResponse < Struct.new(
       :accounts,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2456,6 +2639,7 @@ module Aws::Organizations
     class ListAccountsRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2476,6 +2660,7 @@ module Aws::Organizations
     class ListAccountsResponse < Struct.new(
       :accounts,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2542,6 +2727,7 @@ module Aws::Organizations
       :child_type,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2562,6 +2748,7 @@ module Aws::Organizations
     class ListChildrenResponse < Struct.new(
       :children,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2607,6 +2794,7 @@ module Aws::Organizations
       :states,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2629,6 +2817,7 @@ module Aws::Organizations
     class ListCreateAccountStatusResponse < Struct.new(
       :create_account_statuses,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2676,6 +2865,7 @@ module Aws::Organizations
       :service_principal,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2696,6 +2886,7 @@ module Aws::Organizations
     class ListDelegatedAdministratorsResponse < Struct.new(
       :delegated_administrators,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2740,6 +2931,7 @@ module Aws::Organizations
       :account_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2760,6 +2952,7 @@ module Aws::Organizations
     class ListDelegatedServicesForAccountResponse < Struct.new(
       :delegated_services,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2813,6 +3006,7 @@ module Aws::Organizations
       :filter,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2834,6 +3028,7 @@ module Aws::Organizations
     class ListHandshakesForAccountResponse < Struct.new(
       :handshakes,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2887,6 +3082,7 @@ module Aws::Organizations
       :filter,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2908,6 +3104,7 @@ module Aws::Organizations
     class ListHandshakesForOrganizationResponse < Struct.new(
       :handshakes,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2968,6 +3165,7 @@ module Aws::Organizations
       :parent_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2988,6 +3186,7 @@ module Aws::Organizations
     class ListOrganizationalUnitsForParentResponse < Struct.new(
       :organizational_units,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3047,6 +3246,7 @@ module Aws::Organizations
       :child_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3067,6 +3267,7 @@ module Aws::Organizations
     class ListParentsResponse < Struct.new(
       :parents,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3075,7 +3276,7 @@ module Aws::Organizations
     #
     #       {
     #         target_id: "PolicyTargetId", # required
-    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
@@ -3105,6 +3306,22 @@ module Aws::Organizations
     #
     # @!attribute [rw] filter
     #   The type of policy that you want to include in the returned list.
+    #   You must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -3135,6 +3352,7 @@ module Aws::Organizations
       :filter,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3155,6 +3373,7 @@ module Aws::Organizations
     class ListPoliciesForTargetResponse < Struct.new(
       :policies,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3162,14 +3381,29 @@ module Aws::Organizations
     #   data as a hash:
     #
     #       {
-    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
     #
     # @!attribute [rw] filter
     #   Specifies the type of policy that you want to include in the
-    #   response.
+    #   response. You must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -3199,6 +3433,7 @@ module Aws::Organizations
       :filter,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3221,6 +3456,7 @@ module Aws::Organizations
     class ListPoliciesResponse < Struct.new(
       :policies,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3258,6 +3494,7 @@ module Aws::Organizations
     class ListRootsRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3278,6 +3515,7 @@ module Aws::Organizations
     class ListRootsResponse < Struct.new(
       :roots,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3306,6 +3544,7 @@ module Aws::Organizations
     class ListTagsForResourceRequest < Struct.new(
       :resource_id,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3326,6 +3565,7 @@ module Aws::Organizations
     class ListTagsForResourceResponse < Struct.new(
       :tags,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3378,6 +3618,7 @@ module Aws::Organizations
       :policy_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3399,6 +3640,7 @@ module Aws::Organizations
     class ListTargetsForPolicyResponse < Struct.new(
       :targets,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3418,6 +3660,7 @@ module Aws::Organizations
     #
     class MalformedPolicyDocumentException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3432,6 +3675,7 @@ module Aws::Organizations
     #
     class MasterCannotLeaveOrganizationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3503,6 +3747,7 @@ module Aws::Organizations
       :account_id,
       :source_parent_id,
       :destination_parent_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3578,16 +3823,11 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] available_policy_types
-    #   A list of policy types that are enabled for this organization. For
-    #   example, if your organization has all features enabled, then service
-    #   control policies (SCPs) are included in the list.
+    #   Do not use. This field is deprecated and doesn't provide complete
+    #   information about the policies in your organization.
     #
-    #   <note markdown="1"> Even if a policy type is shown as available in the organization, you
-    #   can separately enable and disable them at the root level by using
-    #   EnablePolicyType and DisablePolicyType. Use ListRoots to see the
-    #   status of a policy type in that root.
-    #
-    #    </note>
+    #   To determine the policies that are enabled and available for use in
+    #   your organization, use the ListRoots operation instead.
     #   @return [Array<Types::PolicyTypeSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Organization AWS API Documentation
@@ -3600,6 +3840,7 @@ module Aws::Organizations
       :master_account_id,
       :master_account_email,
       :available_policy_types)
+      SENSITIVE = [:master_account_email]
       include Aws::Structure
     end
 
@@ -3614,6 +3855,7 @@ module Aws::Organizations
     #
     class OrganizationNotEmptyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3665,6 +3907,7 @@ module Aws::Organizations
       :id,
       :arn,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3678,6 +3921,7 @@ module Aws::Organizations
     #
     class OrganizationalUnitNotEmptyException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3691,6 +3935,7 @@ module Aws::Organizations
     #
     class OrganizationalUnitNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3726,6 +3971,7 @@ module Aws::Organizations
     class Parent < Struct.new(
       :id,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3738,6 +3984,7 @@ module Aws::Organizations
     #
     class ParentNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3758,6 +4005,7 @@ module Aws::Organizations
     class Policy < Struct.new(
       :policy_summary,
       :content)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3771,6 +4019,7 @@ module Aws::Organizations
     #
     class PolicyChangesInProgressException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3784,6 +4033,7 @@ module Aws::Organizations
     #
     class PolicyInUseException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3797,6 +4047,7 @@ module Aws::Organizations
     #
     class PolicyNotAttachedException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3809,6 +4060,7 @@ module Aws::Organizations
     #
     class PolicyNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3872,6 +4124,7 @@ module Aws::Organizations
       :description,
       :type,
       :aws_managed)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3934,6 +4187,7 @@ module Aws::Organizations
       :arn,
       :name,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3946,14 +4200,15 @@ module Aws::Organizations
     #
     class PolicyTypeAlreadyEnabledException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # You can't use the specified policy type with the feature set
     # currently enabled for this organization. For example, you can enable
     # SCPs only after you enable all features in the organization. For more
-    # information, see [Enabling and Disabling a Policy Type on a Root][1]
-    # in the *AWS Organizations User Guide.*
+    # information, see [Managing AWS Organizations Policies][1]in the *AWS
+    # Organizations User Guide.*
     #
     #
     #
@@ -3966,6 +4221,7 @@ module Aws::Organizations
     #
     class PolicyTypeNotAvailableForOrganizationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3986,6 +4242,7 @@ module Aws::Organizations
     #
     class PolicyTypeNotEnabledException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4008,6 +4265,7 @@ module Aws::Organizations
     class PolicyTypeSummary < Struct.new(
       :type,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4034,6 +4292,7 @@ module Aws::Organizations
     class RegisterDelegatedAdministratorRequest < Struct.new(
       :account_id,
       :service_principal)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4060,6 +4319,7 @@ module Aws::Organizations
     #
     class RemoveAccountFromOrganizationRequest < Struct.new(
       :account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4123,6 +4383,7 @@ module Aws::Organizations
       :arn,
       :name,
       :policy_types)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4135,6 +4396,7 @@ module Aws::Organizations
     #
     class RootNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4148,6 +4410,7 @@ module Aws::Organizations
     #
     class ServiceException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4161,6 +4424,7 @@ module Aws::Organizations
     #
     class SourceParentNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4190,6 +4454,7 @@ module Aws::Organizations
     class Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4211,9 +4476,9 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The tag to add to the specified resource. Specifying the tag key is
-    #   required. You can set the value of a tag to an empty string, but you
-    #   can't set the value of a tag to null.
+    #   The tag to add to the specified resource. You must specify both a
+    #   tag key and value. You can set the value of a tag to an empty
+    #   string, but you can't set it to null.
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
@@ -4221,6 +4486,7 @@ module Aws::Organizations
     class TagResourceRequest < Struct.new(
       :resource_id,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4234,15 +4500,17 @@ module Aws::Organizations
     #
     class TargetNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # You have sent too many requests in too short a period of time. The
-    # limit helps protect against denial-of-service attacks. Try again
+    # quota helps protect against denial-of-service attacks. Try again
     # later.
     #
-    # For information on limits that affect AWS Organizations, see [Limits
-    # of AWS Organizations][1] in the *AWS Organizations User Guide.*
+    # For information about quotas that affect AWS Organizations, see
+    # [Quotas for AWS Organizations][1]in the *AWS Organizations User
+    # Guide.*
     #
     #
     #
@@ -4259,10 +4527,11 @@ module Aws::Organizations
     class TooManyRequestsException < Struct.new(
       :type,
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # This action isn't available in the current Region.
+    # This action isn't available in the current AWS Region.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -4271,6 +4540,7 @@ module Aws::Organizations
     #
     class UnsupportedAPIEndpointException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4295,6 +4565,7 @@ module Aws::Organizations
     class UntagResourceRequest < Struct.new(
       :resource_id,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4337,6 +4608,7 @@ module Aws::Organizations
     class UpdateOrganizationalUnitRequest < Struct.new(
       :organizational_unit_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4349,6 +4621,7 @@ module Aws::Organizations
     #
     class UpdateOrganizationalUnitResponse < Struct.new(
       :organizational_unit)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4407,6 +4680,7 @@ module Aws::Organizations
       :name,
       :description,
       :content)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4419,6 +4693,7 @@ module Aws::Organizations
     #
     class UpdatePolicyResponse < Struct.new(
       :policy)
+      SENSITIVE = []
       include Aws::Structure
     end