aws-sdk-organizations 1.43.0 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d55de0dc62249c471875ee0a37ac282aecc80f727cf0083d7ad05bd09b2a5c3d
4
- data.tar.gz: 3978d2ce14f7bb273a802a52076c4f82b1c6214376955957bdf2fcd60126d280
3
+ metadata.gz: e5d96097520061e6114fc6fe94babd9ae3273b6500e9c5cbb8c939da23a21074
4
+ data.tar.gz: 256abcfe182414969fc84ef97db333f39bd1951c08fa3a26be52e5b9b519c31b
5
5
  SHA512:
6
- metadata.gz: 67c8f52615b63f8ffd7c5f1f63d3498c791980522f6988ef0d4490709aefb9470a60009e457b98a18ed5ce3f3c685733fd1af7ba995888e493c20cfa7b466fcb
7
- data.tar.gz: b1bf914b8cafae4db07b0a4c6b9d39a5dbf37dc4f451e1e2b45e2ec8d1d83f43c5972725e2e6895b8213a9df3e453eed5a5f76533da9f97ee013f6317a664c3f
6
+ metadata.gz: 5f673ac6b433f52999e50bcc64fa72a415e819505dc30ebc719c2a495d5432ae53797269d9cd2db7e7fd0ba1f00fc8e2bcd3bbfbd8592a8fdaef7e814de35b88
7
+ data.tar.gz: 58a2113b3d5535885cf194971cd61ac9432eee25e68251083a2c2b682d12c5cfb2c9ba4e0359d023d2ecdd66a609c5542ffb726a332af456f75779821780e3c1
@@ -47,6 +47,6 @@ require_relative 'aws-sdk-organizations/customizations'
47
47
  # @service
48
48
  module Aws::Organizations
49
49
 
50
- GEM_VERSION = '1.43.0'
50
+ GEM_VERSION = '1.48.0'
51
51
 
52
52
  end
@@ -461,53 +461,26 @@ module Aws::Organizations
461
461
 
462
462
  # Attaches a policy to a root, an organizational unit (OU), or an
463
463
  # individual account. How the policy affects accounts depends on the
464
- # type of policy:
465
- #
466
- # * **Service control policy (SCP)** - An SCP specifies what permissions
467
- # can be delegated to users in affected member accounts. The scope of
468
- # influence for a policy depends on what you attach the policy to:
469
- #
470
- # * If you attach an SCP to a root, it affects all accounts in the
471
- # organization.
472
- #
473
- # * If you attach an SCP to an OU, it affects all accounts in that OU
474
- # and in any child OUs.
475
- #
476
- # * If you attach the policy directly to an account, it affects only
477
- # that account.
478
- #
479
- # SCPs are JSON policies that specify the maximum permissions for an
480
- # organization or organizational unit (OU). You can attach one SCP to
481
- # a higher level root or OU, and a different SCP to a child OU or to
482
- # an account. The child policy can further restrict only the
483
- # permissions that pass through the parent filter and are available to
484
- # the child. An SCP that is attached to a child can't grant a
485
- # permission that the parent hasn't already granted. For example,
486
- # imagine that the parent SCP allows permissions A, B, C, D, and E.
487
- # The child SCP allows C, D, E, F, and G. The result is that the
488
- # accounts affected by the child SCP are allowed to use only C, D, and
489
- # E. They can't use A or B because the child OU filtered them out.
490
- # They also can't use F and G because the parent OU filtered them
491
- # out. They can't be granted back by the child SCP; child SCPs can
492
- # only filter the permissions they receive from the parent SCP.
493
- #
494
- # AWS Organizations attaches a default SCP named `"FullAWSAccess` to
495
- # every root, OU, and account. This default SCP allows all services
496
- # and actions, enabling any new child OU or account to inherit the
497
- # permissions of the parent root or OU. If you detach the default
498
- # policy, you must replace it with a policy that specifies the
499
- # permissions that you want to allow in that OU or account.
500
- #
501
- # For more information about how AWS Organizations policies
502
- # permissions work, see [Using Service Control Policies][1] in the
503
- # *AWS Organizations User Guide.*
464
+ # type of policy. Refer to the *AWS Organizations User Guide* for
465
+ # information about each policy type:
466
+ #
467
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
468
+ #
469
+ # * [BACKUP\_POLICY][2]
470
+ #
471
+ # * [SERVICE\_CONTROL\_POLICY][3]
472
+ #
473
+ # * [TAG\_POLICY][4]
504
474
  #
505
475
  # This operation can be called only from the organization's master
506
476
  # account.
507
477
  #
508
478
  #
509
479
  #
510
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
480
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
481
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
482
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
483
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
511
484
  #
512
485
  # @option params [required, String] :policy_id
513
486
  # The unique identifier (ID) of the policy that you want to attach to
@@ -882,7 +855,7 @@ module Aws::Organizations
882
855
  # resp.create_account_status.completed_timestamp #=> Time
883
856
  # resp.create_account_status.account_id #=> String
884
857
  # resp.create_account_status.gov_cloud_account_id #=> String
885
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
858
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
886
859
  #
887
860
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
888
861
  #
@@ -969,12 +942,13 @@ module Aws::Organizations
969
942
  #
970
943
  # * When you create an account in an organization using the AWS
971
944
  # Organizations console, API, or CLI commands, the information
972
- # required for the account to operate as a standalone account, such as
973
- # a payment method and signing the end user license agreement (EULA)
974
- # is *not* automatically collected. If you must remove an account from
975
- # your organization later, you can do so only after you provide the
976
- # missing information. Follow the steps at [ To leave an organization
977
- # as a member account][7] in the *AWS Organizations User Guide.*
945
+ # required for the account to operate as a standalone account is *not*
946
+ # automatically collected. This includes a payment method and signing
947
+ # the end user license agreement (EULA). If you must remove an account
948
+ # from your organization later, you can do so only after you provide
949
+ # the missing information. Follow the steps at [ To leave an
950
+ # organization as a member account][7] in the *AWS Organizations User
951
+ # Guide.*
978
952
  #
979
953
  # * If you get an exception that indicates that you exceeded your
980
954
  # account limits for the organization, contact [AWS Support][8].
@@ -1095,7 +1069,7 @@ module Aws::Organizations
1095
1069
  # resp.create_account_status.completed_timestamp #=> Time
1096
1070
  # resp.create_account_status.account_id #=> String
1097
1071
  # resp.create_account_status.gov_cloud_account_id #=> String
1098
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1072
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
1099
1073
  #
1100
1074
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
1101
1075
  #
@@ -1219,7 +1193,7 @@ module Aws::Organizations
1219
1193
  # resp.organization.master_account_id #=> String
1220
1194
  # resp.organization.master_account_email #=> String
1221
1195
  # resp.organization.available_policy_types #=> Array
1222
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1196
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
1223
1197
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
1224
1198
  #
1225
1199
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
@@ -1329,17 +1303,9 @@ module Aws::Organizations
1329
1303
  # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
1330
1304
  #
1331
1305
  # @option params [required, String] :content
1332
- # The policy content to add to the new policy. For example, if you
1333
- # create a [service control policy][1] (SCP), this string must be JSON
1334
- # text that specifies the permissions that admins in attached accounts
1335
- # can delegate to their users, groups, and roles. For more information
1336
- # about the SCP syntax, see [Service Control Policy Syntax][2] in the
1337
- # *AWS Organizations User Guide.*
1338
- #
1339
- #
1340
- #
1341
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1342
- # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
1306
+ # The policy text content to add to the new policy. The text that you
1307
+ # supply must adhere to the rules of the policy type you specify in the
1308
+ # `Type` parameter.
1343
1309
  #
1344
1310
  # @option params [required, String] :description
1345
1311
  # An optional description to assign to the policy.
@@ -1355,12 +1321,23 @@ module Aws::Organizations
1355
1321
  # [1]: http://wikipedia.org/wiki/regex
1356
1322
  #
1357
1323
  # @option params [required, String] :type
1358
- # The type of policy to create.
1324
+ # The type of policy to create. You can specify one of the following
1325
+ # values:
1326
+ #
1327
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1328
+ #
1329
+ # * [BACKUP\_POLICY][2]
1330
+ #
1331
+ # * [SERVICE\_CONTROL\_POLICY][3]
1332
+ #
1333
+ # * [TAG\_POLICY][4]
1359
1334
  #
1360
- # <note markdown="1"> In the current release, the only type of policy that you can create is
1361
- # a service control policy (SCP).
1362
1335
  #
1363
- # </note>
1336
+ #
1337
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1338
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1339
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1340
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1364
1341
  #
1365
1342
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1366
1343
  #
@@ -1400,7 +1377,7 @@ module Aws::Organizations
1400
1377
  # content: "PolicyContent", # required
1401
1378
  # description: "PolicyDescription", # required
1402
1379
  # name: "PolicyName", # required
1403
- # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1380
+ # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1404
1381
  # })
1405
1382
  #
1406
1383
  # @example Response structure
@@ -1409,7 +1386,7 @@ module Aws::Organizations
1409
1386
  # resp.policy.policy_summary.arn #=> String
1410
1387
  # resp.policy.policy_summary.name #=> String
1411
1388
  # resp.policy.policy_summary.description #=> String
1412
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
1389
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
1413
1390
  # resp.policy.policy_summary.aws_managed #=> Boolean
1414
1391
  # resp.policy.content #=> String
1415
1392
  #
@@ -1648,6 +1625,11 @@ module Aws::Organizations
1648
1625
  # Removes the specified member AWS account as a delegated administrator
1649
1626
  # for the specified AWS service.
1650
1627
  #
1628
+ # Deregistering a delegated administrator can have unintended impacts on
1629
+ # the functionality of the enabled AWS service. See the documentation
1630
+ # for the enabled service before you deregister a delegated
1631
+ # administrator so that you understand any potential impacts.
1632
+ #
1651
1633
  # You can run this action only for AWS services that support this
1652
1634
  # feature. For a current list of services that support it, see the
1653
1635
  # column *Supports Delegated Administrator* in the table at [AWS
@@ -1818,7 +1800,7 @@ module Aws::Organizations
1818
1800
  # resp.create_account_status.completed_timestamp #=> Time
1819
1801
  # resp.create_account_status.account_id #=> String
1820
1802
  # resp.create_account_status.gov_cloud_account_id #=> String
1821
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1803
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
1822
1804
  #
1823
1805
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
1824
1806
  #
@@ -1829,14 +1811,15 @@ module Aws::Organizations
1829
1811
  req.send_request(options)
1830
1812
  end
1831
1813
 
1832
- # Returns the contents of the effective tag policy for the account. The
1833
- # effective tag policy is the aggregation of any tag policies the
1834
- # account inherits, plus any policy directly that is attached to the
1835
- # account.
1814
+ # Returns the contents of the effective policy for specified policy type
1815
+ # and account. The effective policy is the aggregation of any policies
1816
+ # of the specified type that the account inherits, plus any policy of
1817
+ # that type that is directly attached to the account.
1836
1818
  #
1837
- # This action returns information on tag policies only.
1819
+ # This operation applies only to policy types *other* than service
1820
+ # control policies (SCPs).
1838
1821
  #
1839
- # For more information on policy inheritance, see [How Policy
1822
+ # For more information about policy inheritance, see [How Policy
1840
1823
  # Inheritance Works][1] in the *AWS Organizations User Guide*.
1841
1824
  #
1842
1825
  # This operation can be called only from the organization's master
@@ -1848,12 +1831,25 @@ module Aws::Organizations
1848
1831
  # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
1849
1832
  #
1850
1833
  # @option params [required, String] :policy_type
1851
- # The type of policy that you want information about.
1834
+ # The type of policy that you want information about. You can specify
1835
+ # one of the following values:
1836
+ #
1837
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1838
+ #
1839
+ # * [BACKUP\_POLICY][2]
1840
+ #
1841
+ # * [TAG\_POLICY][3]
1842
+ #
1843
+ #
1844
+ #
1845
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1846
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1847
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1852
1848
  #
1853
1849
  # @option params [String] :target_id
1854
1850
  # When you're signed in as the master account, specify the ID of the
1855
1851
  # account that you want details about. Specifying an organization root
1856
- # or OU as the target is not supported.
1852
+ # or organizational unit (OU) as the target is not supported.
1857
1853
  #
1858
1854
  # @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1859
1855
  #
@@ -1862,7 +1858,7 @@ module Aws::Organizations
1862
1858
  # @example Request syntax with placeholder values
1863
1859
  #
1864
1860
  # resp = client.describe_effective_policy({
1865
- # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
1861
+ # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1866
1862
  # target_id: "PolicyTargetId",
1867
1863
  # })
1868
1864
  #
@@ -1871,7 +1867,7 @@ module Aws::Organizations
1871
1867
  # resp.effective_policy.policy_content #=> String
1872
1868
  # resp.effective_policy.last_updated_timestamp #=> Time
1873
1869
  # resp.effective_policy.target_id #=> String
1874
- # resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
1870
+ # resp.effective_policy.policy_type #=> String, one of "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
1875
1871
  #
1876
1872
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
1877
1873
  #
@@ -2042,7 +2038,7 @@ module Aws::Organizations
2042
2038
  # resp.organization.master_account_id #=> String
2043
2039
  # resp.organization.master_account_email #=> String
2044
2040
  # resp.organization.available_policy_types #=> Array
2045
- # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2041
+ # resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
2046
2042
  # resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2047
2043
  #
2048
2044
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
@@ -2176,7 +2172,7 @@ module Aws::Organizations
2176
2172
  # resp.policy.policy_summary.arn #=> String
2177
2173
  # resp.policy.policy_summary.name #=> String
2178
2174
  # resp.policy.policy_summary.description #=> String
2179
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2175
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
2180
2176
  # resp.policy.policy_summary.aws_managed #=> Boolean
2181
2177
  # resp.policy.content #=> String
2182
2178
  #
@@ -2190,18 +2186,20 @@ module Aws::Organizations
2190
2186
  end
2191
2187
 
2192
2188
  # Detaches a policy from a target root, organizational unit (OU), or
2193
- # account. If the policy being detached is a service control policy
2194
- # (SCP), the changes to permissions for IAM users and roles in affected
2195
- # accounts are immediate.
2196
- #
2197
- # **Note:** Every root, OU, and account must have at least one SCP
2198
- # attached. If you want to replace the default `FullAWSAccess` policy
2199
- # with one that limits the permissions that can be delegated, you must
2200
- # attach the replacement policy before you can remove the default one.
2201
- # This is the authorization strategy of an "[allow list][1]". If you
2202
- # instead attach a second SCP and leave the `FullAWSAccess` SCP still
2203
- # attached, and specify `"Effect": "Deny"` in the second SCP to override
2204
- # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
2189
+ # account.
2190
+ #
2191
+ # If the policy being detached is a service control policy (SCP), the
2192
+ # changes to permissions for AWS Identity and Access Management (IAM)
2193
+ # users and roles in affected accounts are immediate.
2194
+ #
2195
+ # Every root, OU, and account must have at least one SCP attached. If
2196
+ # you want to replace the default `FullAWSAccess` policy with an SCP
2197
+ # that limits the permissions that can be delegated, you must attach the
2198
+ # replacement SCP before you can remove the default SCP. This is the
2199
+ # authorization strategy of an "[allow list][1]". If you instead
2200
+ # attach a second SCP and leave the `FullAWSAccess` SCP still attached,
2201
+ # and specify `"Effect": "Deny"` in the second SCP to override the
2202
+ # `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
2205
2203
  # attached SCP), you're using the authorization strategy of a "[deny
2206
2204
  # list][2]".
2207
2205
  #
@@ -2210,8 +2208,8 @@ module Aws::Organizations
2210
2208
  #
2211
2209
  #
2212
2210
  #
2213
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist
2214
- # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist
2211
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist
2212
+ # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist
2215
2213
  #
2216
2214
  # @option params [required, String] :policy_id
2217
2215
  # The unique identifier (ID) of the policy you want to detach. You can
@@ -2334,18 +2332,19 @@ module Aws::Organizations
2334
2332
  req.send_request(options)
2335
2333
  end
2336
2334
 
2337
- # Disables an organizational control policy type in a root. A policy of
2338
- # a certain type can be attached to entities in a root only if that type
2335
+ # Disables an organizational policy type in a root. A policy of a
2336
+ # certain type can be attached to entities in a root only if that type
2339
2337
  # is enabled in the root. After you perform this operation, you no
2340
2338
  # longer can attach policies of the specified type to that root or to
2341
2339
  # any organizational unit (OU) or account in that root. You can undo
2342
2340
  # this by using the EnablePolicyType operation.
2343
2341
  #
2344
2342
  # This is an asynchronous request that AWS performs in the background.
2345
- # If you disable a policy for a root, it still appears enabled for the
2346
- # organization if [all features][1] are enabled for the organization.
2347
- # AWS recommends that you first use ListRoots to see the status of
2348
- # policy types for a specified root, and then use this operation.
2343
+ # If you disable a policy type for a root, it still appears enabled for
2344
+ # the organization if [all features][1] are enabled for the
2345
+ # organization. AWS recommends that you first use ListRoots to see the
2346
+ # status of policy types for a specified root, and then use this
2347
+ # operation.
2349
2348
  #
2350
2349
  # This operation can be called only from the organization's master
2351
2350
  # account.
@@ -2369,7 +2368,23 @@ module Aws::Organizations
2369
2368
  # [1]: http://wikipedia.org/wiki/regex
2370
2369
  #
2371
2370
  # @option params [required, String] :policy_type
2372
- # The policy type that you want to disable in this root.
2371
+ # The policy type that you want to disable in this root. You can specify
2372
+ # one of the following values:
2373
+ #
2374
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
2375
+ #
2376
+ # * [BACKUP\_POLICY][2]
2377
+ #
2378
+ # * [SERVICE\_CONTROL\_POLICY][3]
2379
+ #
2380
+ # * [TAG\_POLICY][4]
2381
+ #
2382
+ #
2383
+ #
2384
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
2385
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
2386
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
2387
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
2373
2388
  #
2374
2389
  # @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2375
2390
  #
@@ -2401,7 +2416,7 @@ module Aws::Organizations
2401
2416
  #
2402
2417
  # resp = client.disable_policy_type({
2403
2418
  # root_id: "RootId", # required
2404
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2419
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
2405
2420
  # })
2406
2421
  #
2407
2422
  # @example Response structure
@@ -2410,7 +2425,7 @@ module Aws::Organizations
2410
2425
  # resp.root.arn #=> String
2411
2426
  # resp.root.name #=> String
2412
2427
  # resp.root.policy_types #=> Array
2413
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2428
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
2414
2429
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2415
2430
  #
2416
2431
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
@@ -2603,7 +2618,23 @@ module Aws::Organizations
2603
2618
  # [1]: http://wikipedia.org/wiki/regex
2604
2619
  #
2605
2620
  # @option params [required, String] :policy_type
2606
- # The policy type that you want to enable.
2621
+ # The policy type that you want to enable. You can specify one of the
2622
+ # following values:
2623
+ #
2624
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
2625
+ #
2626
+ # * [BACKUP\_POLICY][2]
2627
+ #
2628
+ # * [SERVICE\_CONTROL\_POLICY][3]
2629
+ #
2630
+ # * [TAG\_POLICY][4]
2631
+ #
2632
+ #
2633
+ #
2634
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
2635
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
2636
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
2637
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
2607
2638
  #
2608
2639
  # @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2609
2640
  #
@@ -2639,7 +2670,7 @@ module Aws::Organizations
2639
2670
  #
2640
2671
  # resp = client.enable_policy_type({
2641
2672
  # root_id: "RootId", # required
2642
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
2673
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
2643
2674
  # })
2644
2675
  #
2645
2676
  # @example Response structure
@@ -2648,7 +2679,7 @@ module Aws::Organizations
2648
2679
  # resp.root.arn #=> String
2649
2680
  # resp.root.name #=> String
2650
2681
  # resp.root.policy_types #=> Array
2651
- # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
2682
+ # resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
2652
2683
  # resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
2653
2684
  #
2654
2685
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
@@ -3399,7 +3430,7 @@ module Aws::Organizations
3399
3430
  # resp.create_account_statuses[0].completed_timestamp #=> Time
3400
3431
  # resp.create_account_statuses[0].account_id #=> String
3401
3432
  # resp.create_account_statuses[0].gov_cloud_account_id #=> String
3402
- # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
3433
+ # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
3403
3434
  # resp.next_token #=> String
3404
3435
  #
3405
3436
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -3557,9 +3588,7 @@ module Aws::Organizations
3557
3588
  #
3558
3589
  # </note>
3559
3590
  #
3560
- # This operation can be called only from the organization's master
3561
- # account or by a member account that is a delegated administrator for
3562
- # an AWS service.
3591
+ # This operation can be called from any account in the organization.
3563
3592
  #
3564
3593
  # @option params [Types::HandshakeFilter] :filter
3565
3594
  # Filters the handshakes that you want included in the response. The
@@ -4118,6 +4147,22 @@ module Aws::Organizations
4118
4147
  #
4119
4148
  # @option params [required, String] :filter
4120
4149
  # Specifies the type of policy that you want to include in the response.
4150
+ # You must specify one of the following values:
4151
+ #
4152
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
4153
+ #
4154
+ # * [BACKUP\_POLICY][2]
4155
+ #
4156
+ # * [SERVICE\_CONTROL\_POLICY][3]
4157
+ #
4158
+ # * [TAG\_POLICY][4]
4159
+ #
4160
+ #
4161
+ #
4162
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
4163
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
4164
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
4165
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
4121
4166
  #
4122
4167
  # @option params [String] :next_token
4123
4168
  # The parameter for receiving additional results if you receive a
@@ -4187,7 +4232,7 @@ module Aws::Organizations
4187
4232
  # @example Request syntax with placeholder values
4188
4233
  #
4189
4234
  # resp = client.list_policies({
4190
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
4235
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
4191
4236
  # next_token: "NextToken",
4192
4237
  # max_results: 1,
4193
4238
  # })
@@ -4199,7 +4244,7 @@ module Aws::Organizations
4199
4244
  # resp.policies[0].arn #=> String
4200
4245
  # resp.policies[0].name #=> String
4201
4246
  # resp.policies[0].description #=> String
4202
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4247
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
4203
4248
  # resp.policies[0].aws_managed #=> Boolean
4204
4249
  # resp.next_token #=> String
4205
4250
  #
@@ -4250,7 +4295,23 @@ module Aws::Organizations
4250
4295
  # [1]: http://wikipedia.org/wiki/regex
4251
4296
  #
4252
4297
  # @option params [required, String] :filter
4253
- # The type of policy that you want to include in the returned list.
4298
+ # The type of policy that you want to include in the returned list. You
4299
+ # must specify one of the following values:
4300
+ #
4301
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
4302
+ #
4303
+ # * [BACKUP\_POLICY][2]
4304
+ #
4305
+ # * [SERVICE\_CONTROL\_POLICY][3]
4306
+ #
4307
+ # * [TAG\_POLICY][4]
4308
+ #
4309
+ #
4310
+ #
4311
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
4312
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
4313
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
4314
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
4254
4315
  #
4255
4316
  # @option params [String] :next_token
4256
4317
  # The parameter for receiving additional results if you receive a
@@ -4308,7 +4369,7 @@ module Aws::Organizations
4308
4369
  #
4309
4370
  # resp = client.list_policies_for_target({
4310
4371
  # target_id: "PolicyTargetId", # required
4311
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
4372
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
4312
4373
  # next_token: "NextToken",
4313
4374
  # max_results: 1,
4314
4375
  # })
@@ -4320,7 +4381,7 @@ module Aws::Organizations
4320
4381
  # resp.policies[0].arn #=> String
4321
4382
  # resp.policies[0].name #=> String
4322
4383
  # resp.policies[0].description #=> String
4323
- # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4384
+ # resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
4324
4385
  # resp.policies[0].aws_managed #=> Boolean
4325
4386
  # resp.next_token #=> String
4326
4387
  #
@@ -4421,7 +4482,7 @@ module Aws::Organizations
4421
4482
  # resp.roots[0].arn #=> String
4422
4483
  # resp.roots[0].name #=> String
4423
4484
  # resp.roots[0].policy_types #=> Array
4424
- # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
4485
+ # resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
4425
4486
  # resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
4426
4487
  # resp.next_token #=> String
4427
4488
  #
@@ -4803,9 +4864,9 @@ module Aws::Organizations
4803
4864
  # The ID of the resource to add a tag to.
4804
4865
  #
4805
4866
  # @option params [required, Array<Types::Tag>] :tags
4806
- # The tag to add to the specified resource. Specifying the tag key is
4807
- # required. You can set the value of a tag to an empty string, but you
4808
- # can't set the value of a tag to null.
4867
+ # The tag to add to the specified resource. You must specify both a tag
4868
+ # key and value. You can set the value of a tag to an empty string, but
4869
+ # you can't set it to null.
4809
4870
  #
4810
4871
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4811
4872
  #
@@ -5048,7 +5109,7 @@ module Aws::Organizations
5048
5109
  # resp.policy.policy_summary.arn #=> String
5049
5110
  # resp.policy.policy_summary.name #=> String
5050
5111
  # resp.policy.policy_summary.description #=> String
5051
- # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
5112
+ # resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
5052
5113
  # resp.policy.policy_summary.aws_managed #=> Boolean
5053
5114
  # resp.policy.content #=> String
5054
5115
  #
@@ -5074,7 +5135,7 @@ module Aws::Organizations
5074
5135
  params: params,
5075
5136
  config: config)
5076
5137
  context[:gem_name] = 'aws-sdk-organizations'
5077
- context[:gem_version] = '1.43.0'
5138
+ context[:gem_version] = '1.48.0'
5078
5139
  Seahorse::Client::Request.new(handlers, context)
5079
5140
  end
5080
5141
 
@@ -417,10 +417,12 @@ module Aws::Organizations
417
417
  # (SCP) from an OU or root, inviting or creating too many accounts to
418
418
  # the organization, or attaching too many policies to an account, OU, or
419
419
  # root. This exception includes a reason that contains additional
420
- # information about the violated limit.
420
+ # information about the violated limit:
421
421
  #
422
- # Some of the reasons in the following list might not be applicable to
423
- # this specific API or operation:
422
+ # <note markdown="1"> Some of the reasons in the following list might not be applicable to
423
+ # this specific API or operation.
424
+ #
425
+ # </note>
424
426
  #
425
427
  # * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
426
428
  # master account from the organization. You can't remove the master
@@ -431,15 +433,15 @@ module Aws::Organizations
431
433
  # account from the organization that doesn't yet have enough
432
434
  # information to exist as a standalone account. This account requires
433
435
  # you to first agree to the AWS Customer Agreement. Follow the steps
434
- # at [To leave an organization when all required account information
435
- # has not yet been provided][1] in the *AWS Organizations User Guide.*
436
+ # at [Removing a member account from your organization][1]in the *AWS
437
+ # Organizations User Guide.*
436
438
  #
437
439
  # * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_PHONE\_VERIFICATION: You attempted
438
440
  # to remove an account from the organization that doesn't yet have
439
441
  # enough information to exist as a standalone account. This account
440
442
  # requires you to first complete phone verification. Follow the steps
441
- # at [To leave an organization when all required account information
442
- # has not yet been provided][1] in the *AWS Organizations User Guide.*
443
+ # at [Removing a member account from your organization][1] in the *AWS
444
+ # Organizations User Guide.*
443
445
  #
444
446
  # * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
445
447
  # the number of accounts that you can create in one day.
@@ -458,9 +460,9 @@ module Aws::Organizations
458
460
  #
459
461
  # </note>
460
462
  #
461
- # If you get receive this exception when running a command immediately
462
- # after creating the organization, wait one hour and try again. If
463
- # after an hour it continues to fail with this error, contact [AWS
463
+ # If you get this exception when running a command immediately after
464
+ # creating the organization, wait one hour and try again. After an
465
+ # hour, if the command continues to fail with this error, contact [AWS
464
466
  # Support][2].
465
467
  #
466
468
  # * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
@@ -506,7 +508,7 @@ module Aws::Organizations
506
508
  # support.
507
509
  #
508
510
  # * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
509
- # you must first provide contact a valid address and phone number for
511
+ # you must first provide a valid contact address and phone number for
510
512
  # the master account. Then try the operation again.
511
513
  #
512
514
  # * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
@@ -518,7 +520,7 @@ module Aws::Organizations
518
520
  # organization with this master account, you first must associate a
519
521
  # valid payment instrument, such as a credit card, with the account.
520
522
  # Follow the steps at [To leave an organization when all required
521
- # account information has not yet been provided][1] in the *AWS
523
+ # account information has not yet been provided][4] in the *AWS
522
524
  # Organizations User Guide.*
523
525
  #
524
526
  # * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
@@ -536,7 +538,7 @@ module Aws::Organizations
536
538
  # operation with this member account, you first must associate a valid
537
539
  # payment instrument, such as a credit card, with the account. Follow
538
540
  # the steps at [To leave an organization when all required account
539
- # information has not yet been provided][1] in the *AWS Organizations
541
+ # information has not yet been provided][4] in the *AWS Organizations
540
542
  # User Guide.*
541
543
  #
542
544
  # * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
@@ -567,9 +569,10 @@ module Aws::Organizations
567
569
  #
568
570
  #
569
571
  #
570
- # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
572
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
571
573
  # [2]: https://console.aws.amazon.com/support/home#/
572
574
  # [3]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
575
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
573
576
  #
574
577
  # @!attribute [rw] message
575
578
  # @return [String]
@@ -752,6 +755,9 @@ module Aws::Organizations
752
755
  # you have reached the limit on the number of accounts in your
753
756
  # organization.
754
757
  #
758
+ # * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
759
+ # with the same information.
760
+ #
755
761
  # * EMAIL\_ALREADY\_EXISTS: The account could not be created because
756
762
  # another AWS account with that email address already exists.
757
763
  #
@@ -768,6 +774,12 @@ module Aws::Organizations
768
774
  # * INTERNAL\_FAILURE: The account could not be created because of an
769
775
  # internal failure. Try again later. If the problem persists,
770
776
  # contact Customer Support.
777
+ #
778
+ # * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
779
+ # organization has not received Business Validation.
780
+ #
781
+ # * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
782
+ # account with a valid payment method, such as a credit card.
771
783
  # @return [String]
772
784
  #
773
785
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
@@ -1011,21 +1023,13 @@ module Aws::Organizations
1011
1023
  # content: "PolicyContent", # required
1012
1024
  # description: "PolicyDescription", # required
1013
1025
  # name: "PolicyName", # required
1014
- # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1026
+ # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1015
1027
  # }
1016
1028
  #
1017
1029
  # @!attribute [rw] content
1018
- # The policy content to add to the new policy. For example, if you
1019
- # create a [service control policy][1] (SCP), this string must be JSON
1020
- # text that specifies the permissions that admins in attached accounts
1021
- # can delegate to their users, groups, and roles. For more information
1022
- # about the SCP syntax, see [Service Control Policy Syntax][2] in the
1023
- # *AWS Organizations User Guide.*
1024
- #
1025
- #
1026
- #
1027
- # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1028
- # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
1030
+ # The policy text content to add to the new policy. The text that you
1031
+ # supply must adhere to the rules of the policy type you specify in
1032
+ # the `Type` parameter.
1029
1033
  # @return [String]
1030
1034
  #
1031
1035
  # @!attribute [rw] description
@@ -1044,12 +1048,23 @@ module Aws::Organizations
1044
1048
  # @return [String]
1045
1049
  #
1046
1050
  # @!attribute [rw] type
1047
- # The type of policy to create.
1051
+ # The type of policy to create. You can specify one of the following
1052
+ # values:
1048
1053
  #
1049
- # <note markdown="1"> In the current release, the only type of policy that you can create
1050
- # is a service control policy (SCP).
1054
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1051
1055
  #
1052
- # </note>
1056
+ # * [BACKUP\_POLICY][2]
1057
+ #
1058
+ # * [SERVICE\_CONTROL\_POLICY][3]
1059
+ #
1060
+ # * [TAG\_POLICY][4]
1061
+ #
1062
+ #
1063
+ #
1064
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1065
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1066
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1067
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1053
1068
  # @return [String]
1054
1069
  #
1055
1070
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
@@ -1373,18 +1388,31 @@ module Aws::Organizations
1373
1388
  # data as a hash:
1374
1389
  #
1375
1390
  # {
1376
- # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
1391
+ # policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1377
1392
  # target_id: "PolicyTargetId",
1378
1393
  # }
1379
1394
  #
1380
1395
  # @!attribute [rw] policy_type
1381
- # The type of policy that you want information about.
1396
+ # The type of policy that you want information about. You can specify
1397
+ # one of the following values:
1398
+ #
1399
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1400
+ #
1401
+ # * [BACKUP\_POLICY][2]
1402
+ #
1403
+ # * [TAG\_POLICY][3]
1404
+ #
1405
+ #
1406
+ #
1407
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1408
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1409
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1382
1410
  # @return [String]
1383
1411
  #
1384
1412
  # @!attribute [rw] target_id
1385
1413
  # When you're signed in as the master account, specify the ID of the
1386
1414
  # account that you want details about. Specifying an organization root
1387
- # or OU as the target is not supported.
1415
+ # or organizational unit (OU) as the target is not supported.
1388
1416
  # @return [String]
1389
1417
  #
1390
1418
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
@@ -1451,6 +1479,12 @@ module Aws::Organizations
1451
1479
 
1452
1480
  # @!attribute [rw] organization
1453
1481
  # A structure that contains information about the organization.
1482
+ #
1483
+ # The `AvailablePolicyTypes` part of the response is deprecated, and
1484
+ # you shouldn't use it in your apps. It doesn't include any policy
1485
+ # type supported by Organizations other than SCPs. To determine which
1486
+ # policy types are enabled in your organization, use the ` ListRoots `
1487
+ # operation.
1454
1488
  # @return [Types::Organization]
1455
1489
  #
1456
1490
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationResponse AWS API Documentation
@@ -1640,7 +1674,7 @@ module Aws::Organizations
1640
1674
  #
1641
1675
  # {
1642
1676
  # root_id: "RootId", # required
1643
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1677
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1644
1678
  # }
1645
1679
  #
1646
1680
  # @!attribute [rw] root_id
@@ -1656,7 +1690,23 @@ module Aws::Organizations
1656
1690
  # @return [String]
1657
1691
  #
1658
1692
  # @!attribute [rw] policy_type
1659
- # The policy type that you want to disable in this root.
1693
+ # The policy type that you want to disable in this root. You can
1694
+ # specify one of the following values:
1695
+ #
1696
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1697
+ #
1698
+ # * [BACKUP\_POLICY][2]
1699
+ #
1700
+ # * [SERVICE\_CONTROL\_POLICY][3]
1701
+ #
1702
+ # * [TAG\_POLICY][4]
1703
+ #
1704
+ #
1705
+ #
1706
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1707
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1708
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1709
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1660
1710
  # @return [String]
1661
1711
  #
1662
1712
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
@@ -1844,7 +1894,7 @@ module Aws::Organizations
1844
1894
  #
1845
1895
  # {
1846
1896
  # root_id: "RootId", # required
1847
- # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
1897
+ # policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1848
1898
  # }
1849
1899
  #
1850
1900
  # @!attribute [rw] root_id
@@ -1860,7 +1910,23 @@ module Aws::Organizations
1860
1910
  # @return [String]
1861
1911
  #
1862
1912
  # @!attribute [rw] policy_type
1863
- # The policy type that you want to enable.
1913
+ # The policy type that you want to enable. You can specify one of the
1914
+ # following values:
1915
+ #
1916
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
1917
+ #
1918
+ # * [BACKUP\_POLICY][2]
1919
+ #
1920
+ # * [SERVICE\_CONTROL\_POLICY][3]
1921
+ #
1922
+ # * [TAG\_POLICY][4]
1923
+ #
1924
+ #
1925
+ #
1926
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
1927
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
1928
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1929
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1864
1930
  # @return [String]
1865
1931
  #
1866
1932
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
@@ -2278,7 +2344,7 @@ module Aws::Organizations
2278
2344
  # reason that contains additional information about the violated limit:
2279
2345
  #
2280
2346
  # <note markdown="1"> Some of the reasons in the following list might not be applicable to
2281
- # this specific API or operation:
2347
+ # this specific API or operation.
2282
2348
  #
2283
2349
  # </note>
2284
2350
  #
@@ -3210,7 +3276,7 @@ module Aws::Organizations
3210
3276
  #
3211
3277
  # {
3212
3278
  # target_id: "PolicyTargetId", # required
3213
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3279
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
3214
3280
  # next_token: "NextToken",
3215
3281
  # max_results: 1,
3216
3282
  # }
@@ -3240,6 +3306,22 @@ module Aws::Organizations
3240
3306
  #
3241
3307
  # @!attribute [rw] filter
3242
3308
  # The type of policy that you want to include in the returned list.
3309
+ # You must specify one of the following values:
3310
+ #
3311
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
3312
+ #
3313
+ # * [BACKUP\_POLICY][2]
3314
+ #
3315
+ # * [SERVICE\_CONTROL\_POLICY][3]
3316
+ #
3317
+ # * [TAG\_POLICY][4]
3318
+ #
3319
+ #
3320
+ #
3321
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
3322
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
3323
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
3324
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
3243
3325
  # @return [String]
3244
3326
  #
3245
3327
  # @!attribute [rw] next_token
@@ -3299,14 +3381,29 @@ module Aws::Organizations
3299
3381
  # data as a hash:
3300
3382
  #
3301
3383
  # {
3302
- # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
3384
+ # filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
3303
3385
  # next_token: "NextToken",
3304
3386
  # max_results: 1,
3305
3387
  # }
3306
3388
  #
3307
3389
  # @!attribute [rw] filter
3308
3390
  # Specifies the type of policy that you want to include in the
3309
- # response.
3391
+ # response. You must specify one of the following values:
3392
+ #
3393
+ # * [AISERVICES\_OPT\_OUT\_POLICY][1]
3394
+ #
3395
+ # * [BACKUP\_POLICY][2]
3396
+ #
3397
+ # * [SERVICE\_CONTROL\_POLICY][3]
3398
+ #
3399
+ # * [TAG\_POLICY][4]
3400
+ #
3401
+ #
3402
+ #
3403
+ # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
3404
+ # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
3405
+ # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
3406
+ # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
3310
3407
  # @return [String]
3311
3408
  #
3312
3409
  # @!attribute [rw] next_token
@@ -3726,16 +3823,11 @@ module Aws::Organizations
3726
3823
  # @return [String]
3727
3824
  #
3728
3825
  # @!attribute [rw] available_policy_types
3729
- # A list of policy types that are enabled for this organization. For
3730
- # example, if your organization has all features enabled, then service
3731
- # control policies (SCPs) are included in the list.
3826
+ # Do not use. This field is deprecated and doesn't provide complete
3827
+ # information about the policies in your organization.
3732
3828
  #
3733
- # <note markdown="1"> Even if a policy type is shown as available in the organization, you
3734
- # can separately enable and disable them at the root level by using
3735
- # EnablePolicyType and DisablePolicyType. Use ListRoots to see the
3736
- # status of a policy type in that root.
3737
- #
3738
- # </note>
3829
+ # To determine the policies that are enabled and available for use in
3830
+ # your organization, use the ListRoots operation instead.
3739
3831
  # @return [Array<Types::PolicyTypeSummary>]
3740
3832
  #
3741
3833
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Organization AWS API Documentation
@@ -4115,8 +4207,8 @@ module Aws::Organizations
4115
4207
  # You can't use the specified policy type with the feature set
4116
4208
  # currently enabled for this organization. For example, you can enable
4117
4209
  # SCPs only after you enable all features in the organization. For more
4118
- # information, see [Enabling and Disabling a Policy Type on a Root][1]
4119
- # in the *AWS Organizations User Guide.*
4210
+ # information, see [Managing AWS Organizations Policies][1]in the *AWS
4211
+ # Organizations User Guide.*
4120
4212
  #
4121
4213
  #
4122
4214
  #
@@ -4384,9 +4476,9 @@ module Aws::Organizations
4384
4476
  # @return [String]
4385
4477
  #
4386
4478
  # @!attribute [rw] tags
4387
- # The tag to add to the specified resource. Specifying the tag key is
4388
- # required. You can set the value of a tag to an empty string, but you
4389
- # can't set the value of a tag to null.
4479
+ # The tag to add to the specified resource. You must specify both a
4480
+ # tag key and value. You can set the value of a tag to an empty
4481
+ # string, but you can't set it to null.
4390
4482
  # @return [Array<Types::Tag>]
4391
4483
  #
4392
4484
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
@@ -4413,11 +4505,12 @@ module Aws::Organizations
4413
4505
  end
4414
4506
 
4415
4507
  # You have sent too many requests in too short a period of time. The
4416
- # limit helps protect against denial-of-service attacks. Try again
4508
+ # quota helps protect against denial-of-service attacks. Try again
4417
4509
  # later.
4418
4510
  #
4419
- # For information on limits that affect AWS Organizations, see [Limits
4420
- # of AWS Organizations][1] in the *AWS Organizations User Guide.*
4511
+ # For information about quotas that affect AWS Organizations, see
4512
+ # [Quotas for AWS Organizations][1]in the *AWS Organizations User
4513
+ # Guide.*
4421
4514
  #
4422
4515
  #
4423
4516
  #
@@ -4438,7 +4531,7 @@ module Aws::Organizations
4438
4531
  include Aws::Structure
4439
4532
  end
4440
4533
 
4441
- # This action isn't available in the current Region.
4534
+ # This action isn't available in the current AWS Region.
4442
4535
  #
4443
4536
  # @!attribute [rw] message
4444
4537
  # @return [String]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-organizations
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.43.0
4
+ version: 1.48.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-23 00:00:00.000000000 Z
11
+ date: 2020-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core