aws-sdk-organizations 1.43.0 → 1.48.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +1 -1
- data/lib/aws-sdk-organizations/client.rb +182 -121
- data/lib/aws-sdk-organizations/types.rb +152 -59
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e5d96097520061e6114fc6fe94babd9ae3273b6500e9c5cbb8c939da23a21074
|
4
|
+
data.tar.gz: 256abcfe182414969fc84ef97db333f39bd1951c08fa3a26be52e5b9b519c31b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5f673ac6b433f52999e50bcc64fa72a415e819505dc30ebc719c2a495d5432ae53797269d9cd2db7e7fd0ba1f00fc8e2bcd3bbfbd8592a8fdaef7e814de35b88
|
7
|
+
data.tar.gz: 58a2113b3d5535885cf194971cd61ac9432eee25e68251083a2c2b682d12c5cfb2c9ba4e0359d023d2ecdd66a609c5542ffb726a332af456f75779821780e3c1
|
@@ -461,53 +461,26 @@ module Aws::Organizations
|
|
461
461
|
|
462
462
|
# Attaches a policy to a root, an organizational unit (OU), or an
|
463
463
|
# individual account. How the policy affects accounts depends on the
|
464
|
-
# type of policy
|
465
|
-
#
|
466
|
-
#
|
467
|
-
#
|
468
|
-
#
|
469
|
-
#
|
470
|
-
#
|
471
|
-
#
|
472
|
-
#
|
473
|
-
#
|
474
|
-
# and in any child OUs.
|
475
|
-
#
|
476
|
-
# * If you attach the policy directly to an account, it affects only
|
477
|
-
# that account.
|
478
|
-
#
|
479
|
-
# SCPs are JSON policies that specify the maximum permissions for an
|
480
|
-
# organization or organizational unit (OU). You can attach one SCP to
|
481
|
-
# a higher level root or OU, and a different SCP to a child OU or to
|
482
|
-
# an account. The child policy can further restrict only the
|
483
|
-
# permissions that pass through the parent filter and are available to
|
484
|
-
# the child. An SCP that is attached to a child can't grant a
|
485
|
-
# permission that the parent hasn't already granted. For example,
|
486
|
-
# imagine that the parent SCP allows permissions A, B, C, D, and E.
|
487
|
-
# The child SCP allows C, D, E, F, and G. The result is that the
|
488
|
-
# accounts affected by the child SCP are allowed to use only C, D, and
|
489
|
-
# E. They can't use A or B because the child OU filtered them out.
|
490
|
-
# They also can't use F and G because the parent OU filtered them
|
491
|
-
# out. They can't be granted back by the child SCP; child SCPs can
|
492
|
-
# only filter the permissions they receive from the parent SCP.
|
493
|
-
#
|
494
|
-
# AWS Organizations attaches a default SCP named `"FullAWSAccess` to
|
495
|
-
# every root, OU, and account. This default SCP allows all services
|
496
|
-
# and actions, enabling any new child OU or account to inherit the
|
497
|
-
# permissions of the parent root or OU. If you detach the default
|
498
|
-
# policy, you must replace it with a policy that specifies the
|
499
|
-
# permissions that you want to allow in that OU or account.
|
500
|
-
#
|
501
|
-
# For more information about how AWS Organizations policies
|
502
|
-
# permissions work, see [Using Service Control Policies][1] in the
|
503
|
-
# *AWS Organizations User Guide.*
|
464
|
+
# type of policy. Refer to the *AWS Organizations User Guide* for
|
465
|
+
# information about each policy type:
|
466
|
+
#
|
467
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
468
|
+
#
|
469
|
+
# * [BACKUP\_POLICY][2]
|
470
|
+
#
|
471
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
472
|
+
#
|
473
|
+
# * [TAG\_POLICY][4]
|
504
474
|
#
|
505
475
|
# This operation can be called only from the organization's master
|
506
476
|
# account.
|
507
477
|
#
|
508
478
|
#
|
509
479
|
#
|
510
|
-
# [1]:
|
480
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
481
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
482
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
483
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
511
484
|
#
|
512
485
|
# @option params [required, String] :policy_id
|
513
486
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -882,7 +855,7 @@ module Aws::Organizations
|
|
882
855
|
# resp.create_account_status.completed_timestamp #=> Time
|
883
856
|
# resp.create_account_status.account_id #=> String
|
884
857
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
885
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
858
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
886
859
|
#
|
887
860
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
888
861
|
#
|
@@ -969,12 +942,13 @@ module Aws::Organizations
|
|
969
942
|
#
|
970
943
|
# * When you create an account in an organization using the AWS
|
971
944
|
# Organizations console, API, or CLI commands, the information
|
972
|
-
# required for the account to operate as a standalone account
|
973
|
-
# a payment method and signing
|
974
|
-
#
|
975
|
-
# your organization later, you can do so only after you provide
|
976
|
-
# missing information. Follow the steps at [ To leave an
|
977
|
-
# as a member account][7] in the *AWS Organizations User
|
945
|
+
# required for the account to operate as a standalone account is *not*
|
946
|
+
# automatically collected. This includes a payment method and signing
|
947
|
+
# the end user license agreement (EULA). If you must remove an account
|
948
|
+
# from your organization later, you can do so only after you provide
|
949
|
+
# the missing information. Follow the steps at [ To leave an
|
950
|
+
# organization as a member account][7] in the *AWS Organizations User
|
951
|
+
# Guide.*
|
978
952
|
#
|
979
953
|
# * If you get an exception that indicates that you exceeded your
|
980
954
|
# account limits for the organization, contact [AWS Support][8].
|
@@ -1095,7 +1069,7 @@ module Aws::Organizations
|
|
1095
1069
|
# resp.create_account_status.completed_timestamp #=> Time
|
1096
1070
|
# resp.create_account_status.account_id #=> String
|
1097
1071
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1098
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1072
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1099
1073
|
#
|
1100
1074
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
|
1101
1075
|
#
|
@@ -1219,7 +1193,7 @@ module Aws::Organizations
|
|
1219
1193
|
# resp.organization.master_account_id #=> String
|
1220
1194
|
# resp.organization.master_account_email #=> String
|
1221
1195
|
# resp.organization.available_policy_types #=> Array
|
1222
|
-
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
1196
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
1223
1197
|
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
1224
1198
|
#
|
1225
1199
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
|
@@ -1329,17 +1303,9 @@ module Aws::Organizations
|
|
1329
1303
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
|
1330
1304
|
#
|
1331
1305
|
# @option params [required, String] :content
|
1332
|
-
# The policy content to add to the new policy.
|
1333
|
-
#
|
1334
|
-
#
|
1335
|
-
# can delegate to their users, groups, and roles. For more information
|
1336
|
-
# about the SCP syntax, see [Service Control Policy Syntax][2] in the
|
1337
|
-
# *AWS Organizations User Guide.*
|
1338
|
-
#
|
1339
|
-
#
|
1340
|
-
#
|
1341
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1342
|
-
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
|
1306
|
+
# The policy text content to add to the new policy. The text that you
|
1307
|
+
# supply must adhere to the rules of the policy type you specify in the
|
1308
|
+
# `Type` parameter.
|
1343
1309
|
#
|
1344
1310
|
# @option params [required, String] :description
|
1345
1311
|
# An optional description to assign to the policy.
|
@@ -1355,12 +1321,23 @@ module Aws::Organizations
|
|
1355
1321
|
# [1]: http://wikipedia.org/wiki/regex
|
1356
1322
|
#
|
1357
1323
|
# @option params [required, String] :type
|
1358
|
-
# The type of policy to create.
|
1324
|
+
# The type of policy to create. You can specify one of the following
|
1325
|
+
# values:
|
1326
|
+
#
|
1327
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1328
|
+
#
|
1329
|
+
# * [BACKUP\_POLICY][2]
|
1330
|
+
#
|
1331
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
1332
|
+
#
|
1333
|
+
# * [TAG\_POLICY][4]
|
1359
1334
|
#
|
1360
|
-
# <note markdown="1"> In the current release, the only type of policy that you can create is
|
1361
|
-
# a service control policy (SCP).
|
1362
1335
|
#
|
1363
|
-
#
|
1336
|
+
#
|
1337
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1338
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1339
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1340
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1364
1341
|
#
|
1365
1342
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1366
1343
|
#
|
@@ -1400,7 +1377,7 @@ module Aws::Organizations
|
|
1400
1377
|
# content: "PolicyContent", # required
|
1401
1378
|
# description: "PolicyDescription", # required
|
1402
1379
|
# name: "PolicyName", # required
|
1403
|
-
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
1380
|
+
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1404
1381
|
# })
|
1405
1382
|
#
|
1406
1383
|
# @example Response structure
|
@@ -1409,7 +1386,7 @@ module Aws::Organizations
|
|
1409
1386
|
# resp.policy.policy_summary.arn #=> String
|
1410
1387
|
# resp.policy.policy_summary.name #=> String
|
1411
1388
|
# resp.policy.policy_summary.description #=> String
|
1412
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
1389
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
1413
1390
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
1414
1391
|
# resp.policy.content #=> String
|
1415
1392
|
#
|
@@ -1648,6 +1625,11 @@ module Aws::Organizations
|
|
1648
1625
|
# Removes the specified member AWS account as a delegated administrator
|
1649
1626
|
# for the specified AWS service.
|
1650
1627
|
#
|
1628
|
+
# Deregistering a delegated administrator can have unintended impacts on
|
1629
|
+
# the functionality of the enabled AWS service. See the documentation
|
1630
|
+
# for the enabled service before you deregister a delegated
|
1631
|
+
# administrator so that you understand any potential impacts.
|
1632
|
+
#
|
1651
1633
|
# You can run this action only for AWS services that support this
|
1652
1634
|
# feature. For a current list of services that support it, see the
|
1653
1635
|
# column *Supports Delegated Administrator* in the table at [AWS
|
@@ -1818,7 +1800,7 @@ module Aws::Organizations
|
|
1818
1800
|
# resp.create_account_status.completed_timestamp #=> Time
|
1819
1801
|
# resp.create_account_status.account_id #=> String
|
1820
1802
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1821
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1803
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1822
1804
|
#
|
1823
1805
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
1824
1806
|
#
|
@@ -1829,14 +1811,15 @@ module Aws::Organizations
|
|
1829
1811
|
req.send_request(options)
|
1830
1812
|
end
|
1831
1813
|
|
1832
|
-
# Returns the contents of the effective
|
1833
|
-
# effective
|
1834
|
-
# account inherits, plus any policy
|
1835
|
-
# account.
|
1814
|
+
# Returns the contents of the effective policy for specified policy type
|
1815
|
+
# and account. The effective policy is the aggregation of any policies
|
1816
|
+
# of the specified type that the account inherits, plus any policy of
|
1817
|
+
# that type that is directly attached to the account.
|
1836
1818
|
#
|
1837
|
-
# This
|
1819
|
+
# This operation applies only to policy types *other* than service
|
1820
|
+
# control policies (SCPs).
|
1838
1821
|
#
|
1839
|
-
# For more information
|
1822
|
+
# For more information about policy inheritance, see [How Policy
|
1840
1823
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1841
1824
|
#
|
1842
1825
|
# This operation can be called only from the organization's master
|
@@ -1848,12 +1831,25 @@ module Aws::Organizations
|
|
1848
1831
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
|
1849
1832
|
#
|
1850
1833
|
# @option params [required, String] :policy_type
|
1851
|
-
# The type of policy that you want information about.
|
1834
|
+
# The type of policy that you want information about. You can specify
|
1835
|
+
# one of the following values:
|
1836
|
+
#
|
1837
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1838
|
+
#
|
1839
|
+
# * [BACKUP\_POLICY][2]
|
1840
|
+
#
|
1841
|
+
# * [TAG\_POLICY][3]
|
1842
|
+
#
|
1843
|
+
#
|
1844
|
+
#
|
1845
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1846
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1847
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1852
1848
|
#
|
1853
1849
|
# @option params [String] :target_id
|
1854
1850
|
# When you're signed in as the master account, specify the ID of the
|
1855
1851
|
# account that you want details about. Specifying an organization root
|
1856
|
-
# or OU as the target is not supported.
|
1852
|
+
# or organizational unit (OU) as the target is not supported.
|
1857
1853
|
#
|
1858
1854
|
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1859
1855
|
#
|
@@ -1862,7 +1858,7 @@ module Aws::Organizations
|
|
1862
1858
|
# @example Request syntax with placeholder values
|
1863
1859
|
#
|
1864
1860
|
# resp = client.describe_effective_policy({
|
1865
|
-
# policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
|
1861
|
+
# policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1866
1862
|
# target_id: "PolicyTargetId",
|
1867
1863
|
# })
|
1868
1864
|
#
|
@@ -1871,7 +1867,7 @@ module Aws::Organizations
|
|
1871
1867
|
# resp.effective_policy.policy_content #=> String
|
1872
1868
|
# resp.effective_policy.last_updated_timestamp #=> Time
|
1873
1869
|
# resp.effective_policy.target_id #=> String
|
1874
|
-
# resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
|
1870
|
+
# resp.effective_policy.policy_type #=> String, one of "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
1875
1871
|
#
|
1876
1872
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
|
1877
1873
|
#
|
@@ -2042,7 +2038,7 @@ module Aws::Organizations
|
|
2042
2038
|
# resp.organization.master_account_id #=> String
|
2043
2039
|
# resp.organization.master_account_email #=> String
|
2044
2040
|
# resp.organization.available_policy_types #=> Array
|
2045
|
-
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2041
|
+
# resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
2046
2042
|
# resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2047
2043
|
#
|
2048
2044
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
|
@@ -2176,7 +2172,7 @@ module Aws::Organizations
|
|
2176
2172
|
# resp.policy.policy_summary.arn #=> String
|
2177
2173
|
# resp.policy.policy_summary.name #=> String
|
2178
2174
|
# resp.policy.policy_summary.description #=> String
|
2179
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2175
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
2180
2176
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
2181
2177
|
# resp.policy.content #=> String
|
2182
2178
|
#
|
@@ -2190,18 +2186,20 @@ module Aws::Organizations
|
|
2190
2186
|
end
|
2191
2187
|
|
2192
2188
|
# Detaches a policy from a target root, organizational unit (OU), or
|
2193
|
-
# account.
|
2194
|
-
#
|
2195
|
-
#
|
2196
|
-
#
|
2197
|
-
#
|
2198
|
-
#
|
2199
|
-
#
|
2200
|
-
#
|
2201
|
-
#
|
2202
|
-
#
|
2203
|
-
#
|
2204
|
-
#
|
2189
|
+
# account.
|
2190
|
+
#
|
2191
|
+
# If the policy being detached is a service control policy (SCP), the
|
2192
|
+
# changes to permissions for AWS Identity and Access Management (IAM)
|
2193
|
+
# users and roles in affected accounts are immediate.
|
2194
|
+
#
|
2195
|
+
# Every root, OU, and account must have at least one SCP attached. If
|
2196
|
+
# you want to replace the default `FullAWSAccess` policy with an SCP
|
2197
|
+
# that limits the permissions that can be delegated, you must attach the
|
2198
|
+
# replacement SCP before you can remove the default SCP. This is the
|
2199
|
+
# authorization strategy of an "[allow list][1]". If you instead
|
2200
|
+
# attach a second SCP and leave the `FullAWSAccess` SCP still attached,
|
2201
|
+
# and specify `"Effect": "Deny"` in the second SCP to override the
|
2202
|
+
# `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
|
2205
2203
|
# attached SCP), you're using the authorization strategy of a "[deny
|
2206
2204
|
# list][2]".
|
2207
2205
|
#
|
@@ -2210,8 +2208,8 @@ module Aws::Organizations
|
|
2210
2208
|
#
|
2211
2209
|
#
|
2212
2210
|
#
|
2213
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
2214
|
-
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
2211
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist
|
2212
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist
|
2215
2213
|
#
|
2216
2214
|
# @option params [required, String] :policy_id
|
2217
2215
|
# The unique identifier (ID) of the policy you want to detach. You can
|
@@ -2334,18 +2332,19 @@ module Aws::Organizations
|
|
2334
2332
|
req.send_request(options)
|
2335
2333
|
end
|
2336
2334
|
|
2337
|
-
# Disables an organizational
|
2338
|
-
#
|
2335
|
+
# Disables an organizational policy type in a root. A policy of a
|
2336
|
+
# certain type can be attached to entities in a root only if that type
|
2339
2337
|
# is enabled in the root. After you perform this operation, you no
|
2340
2338
|
# longer can attach policies of the specified type to that root or to
|
2341
2339
|
# any organizational unit (OU) or account in that root. You can undo
|
2342
2340
|
# this by using the EnablePolicyType operation.
|
2343
2341
|
#
|
2344
2342
|
# This is an asynchronous request that AWS performs in the background.
|
2345
|
-
# If you disable a policy for a root, it still appears enabled for
|
2346
|
-
# organization if [all features][1] are enabled for the
|
2347
|
-
# AWS recommends that you first use ListRoots to see the
|
2348
|
-
# policy types for a specified root, and then use this
|
2343
|
+
# If you disable a policy type for a root, it still appears enabled for
|
2344
|
+
# the organization if [all features][1] are enabled for the
|
2345
|
+
# organization. AWS recommends that you first use ListRoots to see the
|
2346
|
+
# status of policy types for a specified root, and then use this
|
2347
|
+
# operation.
|
2349
2348
|
#
|
2350
2349
|
# This operation can be called only from the organization's master
|
2351
2350
|
# account.
|
@@ -2369,7 +2368,23 @@ module Aws::Organizations
|
|
2369
2368
|
# [1]: http://wikipedia.org/wiki/regex
|
2370
2369
|
#
|
2371
2370
|
# @option params [required, String] :policy_type
|
2372
|
-
# The policy type that you want to disable in this root.
|
2371
|
+
# The policy type that you want to disable in this root. You can specify
|
2372
|
+
# one of the following values:
|
2373
|
+
#
|
2374
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
2375
|
+
#
|
2376
|
+
# * [BACKUP\_POLICY][2]
|
2377
|
+
#
|
2378
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
2379
|
+
#
|
2380
|
+
# * [TAG\_POLICY][4]
|
2381
|
+
#
|
2382
|
+
#
|
2383
|
+
#
|
2384
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2385
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2386
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2387
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2373
2388
|
#
|
2374
2389
|
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2375
2390
|
#
|
@@ -2401,7 +2416,7 @@ module Aws::Organizations
|
|
2401
2416
|
#
|
2402
2417
|
# resp = client.disable_policy_type({
|
2403
2418
|
# root_id: "RootId", # required
|
2404
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
2419
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
2405
2420
|
# })
|
2406
2421
|
#
|
2407
2422
|
# @example Response structure
|
@@ -2410,7 +2425,7 @@ module Aws::Organizations
|
|
2410
2425
|
# resp.root.arn #=> String
|
2411
2426
|
# resp.root.name #=> String
|
2412
2427
|
# resp.root.policy_types #=> Array
|
2413
|
-
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2428
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
2414
2429
|
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2415
2430
|
#
|
2416
2431
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
|
@@ -2603,7 +2618,23 @@ module Aws::Organizations
|
|
2603
2618
|
# [1]: http://wikipedia.org/wiki/regex
|
2604
2619
|
#
|
2605
2620
|
# @option params [required, String] :policy_type
|
2606
|
-
# The policy type that you want to enable.
|
2621
|
+
# The policy type that you want to enable. You can specify one of the
|
2622
|
+
# following values:
|
2623
|
+
#
|
2624
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
2625
|
+
#
|
2626
|
+
# * [BACKUP\_POLICY][2]
|
2627
|
+
#
|
2628
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
2629
|
+
#
|
2630
|
+
# * [TAG\_POLICY][4]
|
2631
|
+
#
|
2632
|
+
#
|
2633
|
+
#
|
2634
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2635
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2636
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2637
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2607
2638
|
#
|
2608
2639
|
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2609
2640
|
#
|
@@ -2639,7 +2670,7 @@ module Aws::Organizations
|
|
2639
2670
|
#
|
2640
2671
|
# resp = client.enable_policy_type({
|
2641
2672
|
# root_id: "RootId", # required
|
2642
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
2673
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
2643
2674
|
# })
|
2644
2675
|
#
|
2645
2676
|
# @example Response structure
|
@@ -2648,7 +2679,7 @@ module Aws::Organizations
|
|
2648
2679
|
# resp.root.arn #=> String
|
2649
2680
|
# resp.root.name #=> String
|
2650
2681
|
# resp.root.policy_types #=> Array
|
2651
|
-
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
2682
|
+
# resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
2652
2683
|
# resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
2653
2684
|
#
|
2654
2685
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
|
@@ -3399,7 +3430,7 @@ module Aws::Organizations
|
|
3399
3430
|
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
3400
3431
|
# resp.create_account_statuses[0].account_id #=> String
|
3401
3432
|
# resp.create_account_statuses[0].gov_cloud_account_id #=> String
|
3402
|
-
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
3433
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
3403
3434
|
# resp.next_token #=> String
|
3404
3435
|
#
|
3405
3436
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
@@ -3557,9 +3588,7 @@ module Aws::Organizations
|
|
3557
3588
|
#
|
3558
3589
|
# </note>
|
3559
3590
|
#
|
3560
|
-
# This operation can be called
|
3561
|
-
# account or by a member account that is a delegated administrator for
|
3562
|
-
# an AWS service.
|
3591
|
+
# This operation can be called from any account in the organization.
|
3563
3592
|
#
|
3564
3593
|
# @option params [Types::HandshakeFilter] :filter
|
3565
3594
|
# Filters the handshakes that you want included in the response. The
|
@@ -4118,6 +4147,22 @@ module Aws::Organizations
|
|
4118
4147
|
#
|
4119
4148
|
# @option params [required, String] :filter
|
4120
4149
|
# Specifies the type of policy that you want to include in the response.
|
4150
|
+
# You must specify one of the following values:
|
4151
|
+
#
|
4152
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
4153
|
+
#
|
4154
|
+
# * [BACKUP\_POLICY][2]
|
4155
|
+
#
|
4156
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
4157
|
+
#
|
4158
|
+
# * [TAG\_POLICY][4]
|
4159
|
+
#
|
4160
|
+
#
|
4161
|
+
#
|
4162
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4163
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4164
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4165
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4121
4166
|
#
|
4122
4167
|
# @option params [String] :next_token
|
4123
4168
|
# The parameter for receiving additional results if you receive a
|
@@ -4187,7 +4232,7 @@ module Aws::Organizations
|
|
4187
4232
|
# @example Request syntax with placeholder values
|
4188
4233
|
#
|
4189
4234
|
# resp = client.list_policies({
|
4190
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
4235
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
4191
4236
|
# next_token: "NextToken",
|
4192
4237
|
# max_results: 1,
|
4193
4238
|
# })
|
@@ -4199,7 +4244,7 @@ module Aws::Organizations
|
|
4199
4244
|
# resp.policies[0].arn #=> String
|
4200
4245
|
# resp.policies[0].name #=> String
|
4201
4246
|
# resp.policies[0].description #=> String
|
4202
|
-
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
4247
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
4203
4248
|
# resp.policies[0].aws_managed #=> Boolean
|
4204
4249
|
# resp.next_token #=> String
|
4205
4250
|
#
|
@@ -4250,7 +4295,23 @@ module Aws::Organizations
|
|
4250
4295
|
# [1]: http://wikipedia.org/wiki/regex
|
4251
4296
|
#
|
4252
4297
|
# @option params [required, String] :filter
|
4253
|
-
# The type of policy that you want to include in the returned list.
|
4298
|
+
# The type of policy that you want to include in the returned list. You
|
4299
|
+
# must specify one of the following values:
|
4300
|
+
#
|
4301
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
4302
|
+
#
|
4303
|
+
# * [BACKUP\_POLICY][2]
|
4304
|
+
#
|
4305
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
4306
|
+
#
|
4307
|
+
# * [TAG\_POLICY][4]
|
4308
|
+
#
|
4309
|
+
#
|
4310
|
+
#
|
4311
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4312
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4313
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4314
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4254
4315
|
#
|
4255
4316
|
# @option params [String] :next_token
|
4256
4317
|
# The parameter for receiving additional results if you receive a
|
@@ -4308,7 +4369,7 @@ module Aws::Organizations
|
|
4308
4369
|
#
|
4309
4370
|
# resp = client.list_policies_for_target({
|
4310
4371
|
# target_id: "PolicyTargetId", # required
|
4311
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
4372
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
4312
4373
|
# next_token: "NextToken",
|
4313
4374
|
# max_results: 1,
|
4314
4375
|
# })
|
@@ -4320,7 +4381,7 @@ module Aws::Organizations
|
|
4320
4381
|
# resp.policies[0].arn #=> String
|
4321
4382
|
# resp.policies[0].name #=> String
|
4322
4383
|
# resp.policies[0].description #=> String
|
4323
|
-
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
4384
|
+
# resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
4324
4385
|
# resp.policies[0].aws_managed #=> Boolean
|
4325
4386
|
# resp.next_token #=> String
|
4326
4387
|
#
|
@@ -4421,7 +4482,7 @@ module Aws::Organizations
|
|
4421
4482
|
# resp.roots[0].arn #=> String
|
4422
4483
|
# resp.roots[0].name #=> String
|
4423
4484
|
# resp.roots[0].policy_types #=> Array
|
4424
|
-
# resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
4485
|
+
# resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
4425
4486
|
# resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
|
4426
4487
|
# resp.next_token #=> String
|
4427
4488
|
#
|
@@ -4803,9 +4864,9 @@ module Aws::Organizations
|
|
4803
4864
|
# The ID of the resource to add a tag to.
|
4804
4865
|
#
|
4805
4866
|
# @option params [required, Array<Types::Tag>] :tags
|
4806
|
-
# The tag to add to the specified resource.
|
4807
|
-
#
|
4808
|
-
# can't set
|
4867
|
+
# The tag to add to the specified resource. You must specify both a tag
|
4868
|
+
# key and value. You can set the value of a tag to an empty string, but
|
4869
|
+
# you can't set it to null.
|
4809
4870
|
#
|
4810
4871
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4811
4872
|
#
|
@@ -5048,7 +5109,7 @@ module Aws::Organizations
|
|
5048
5109
|
# resp.policy.policy_summary.arn #=> String
|
5049
5110
|
# resp.policy.policy_summary.name #=> String
|
5050
5111
|
# resp.policy.policy_summary.description #=> String
|
5051
|
-
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
|
5112
|
+
# resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
|
5052
5113
|
# resp.policy.policy_summary.aws_managed #=> Boolean
|
5053
5114
|
# resp.policy.content #=> String
|
5054
5115
|
#
|
@@ -5074,7 +5135,7 @@ module Aws::Organizations
|
|
5074
5135
|
params: params,
|
5075
5136
|
config: config)
|
5076
5137
|
context[:gem_name] = 'aws-sdk-organizations'
|
5077
|
-
context[:gem_version] = '1.
|
5138
|
+
context[:gem_version] = '1.48.0'
|
5078
5139
|
Seahorse::Client::Request.new(handlers, context)
|
5079
5140
|
end
|
5080
5141
|
|
@@ -417,10 +417,12 @@ module Aws::Organizations
|
|
417
417
|
# (SCP) from an OU or root, inviting or creating too many accounts to
|
418
418
|
# the organization, or attaching too many policies to an account, OU, or
|
419
419
|
# root. This exception includes a reason that contains additional
|
420
|
-
# information about the violated limit
|
420
|
+
# information about the violated limit:
|
421
421
|
#
|
422
|
-
# Some of the reasons in the following list might not be applicable to
|
423
|
-
# this specific API or operation
|
422
|
+
# <note markdown="1"> Some of the reasons in the following list might not be applicable to
|
423
|
+
# this specific API or operation.
|
424
|
+
#
|
425
|
+
# </note>
|
424
426
|
#
|
425
427
|
# * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
|
426
428
|
# master account from the organization. You can't remove the master
|
@@ -431,15 +433,15 @@ module Aws::Organizations
|
|
431
433
|
# account from the organization that doesn't yet have enough
|
432
434
|
# information to exist as a standalone account. This account requires
|
433
435
|
# you to first agree to the AWS Customer Agreement. Follow the steps
|
434
|
-
# at [
|
435
|
-
#
|
436
|
+
# at [Removing a member account from your organization][1]in the *AWS
|
437
|
+
# Organizations User Guide.*
|
436
438
|
#
|
437
439
|
# * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_PHONE\_VERIFICATION: You attempted
|
438
440
|
# to remove an account from the organization that doesn't yet have
|
439
441
|
# enough information to exist as a standalone account. This account
|
440
442
|
# requires you to first complete phone verification. Follow the steps
|
441
|
-
# at [
|
442
|
-
#
|
443
|
+
# at [Removing a member account from your organization][1] in the *AWS
|
444
|
+
# Organizations User Guide.*
|
443
445
|
#
|
444
446
|
# * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
|
445
447
|
# the number of accounts that you can create in one day.
|
@@ -458,9 +460,9 @@ module Aws::Organizations
|
|
458
460
|
#
|
459
461
|
# </note>
|
460
462
|
#
|
461
|
-
# If you get
|
462
|
-
#
|
463
|
-
#
|
463
|
+
# If you get this exception when running a command immediately after
|
464
|
+
# creating the organization, wait one hour and try again. After an
|
465
|
+
# hour, if the command continues to fail with this error, contact [AWS
|
464
466
|
# Support][2].
|
465
467
|
#
|
466
468
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
@@ -506,7 +508,7 @@ module Aws::Organizations
|
|
506
508
|
# support.
|
507
509
|
#
|
508
510
|
# * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
|
509
|
-
# you must first provide
|
511
|
+
# you must first provide a valid contact address and phone number for
|
510
512
|
# the master account. Then try the operation again.
|
511
513
|
#
|
512
514
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
@@ -518,7 +520,7 @@ module Aws::Organizations
|
|
518
520
|
# organization with this master account, you first must associate a
|
519
521
|
# valid payment instrument, such as a credit card, with the account.
|
520
522
|
# Follow the steps at [To leave an organization when all required
|
521
|
-
# account information has not yet been provided][
|
523
|
+
# account information has not yet been provided][4] in the *AWS
|
522
524
|
# Organizations User Guide.*
|
523
525
|
#
|
524
526
|
# * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
|
@@ -536,7 +538,7 @@ module Aws::Organizations
|
|
536
538
|
# operation with this member account, you first must associate a valid
|
537
539
|
# payment instrument, such as a credit card, with the account. Follow
|
538
540
|
# the steps at [To leave an organization when all required account
|
539
|
-
# information has not yet been provided][
|
541
|
+
# information has not yet been provided][4] in the *AWS Organizations
|
540
542
|
# User Guide.*
|
541
543
|
#
|
542
544
|
# * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
|
@@ -567,9 +569,10 @@ module Aws::Organizations
|
|
567
569
|
#
|
568
570
|
#
|
569
571
|
#
|
570
|
-
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#
|
572
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
|
571
573
|
# [2]: https://console.aws.amazon.com/support/home#/
|
572
574
|
# [3]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
575
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
573
576
|
#
|
574
577
|
# @!attribute [rw] message
|
575
578
|
# @return [String]
|
@@ -752,6 +755,9 @@ module Aws::Organizations
|
|
752
755
|
# you have reached the limit on the number of accounts in your
|
753
756
|
# organization.
|
754
757
|
#
|
758
|
+
# * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
|
759
|
+
# with the same information.
|
760
|
+
#
|
755
761
|
# * EMAIL\_ALREADY\_EXISTS: The account could not be created because
|
756
762
|
# another AWS account with that email address already exists.
|
757
763
|
#
|
@@ -768,6 +774,12 @@ module Aws::Organizations
|
|
768
774
|
# * INTERNAL\_FAILURE: The account could not be created because of an
|
769
775
|
# internal failure. Try again later. If the problem persists,
|
770
776
|
# contact Customer Support.
|
777
|
+
#
|
778
|
+
# * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
|
779
|
+
# organization has not received Business Validation.
|
780
|
+
#
|
781
|
+
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
|
782
|
+
# account with a valid payment method, such as a credit card.
|
771
783
|
# @return [String]
|
772
784
|
#
|
773
785
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
|
@@ -1011,21 +1023,13 @@ module Aws::Organizations
|
|
1011
1023
|
# content: "PolicyContent", # required
|
1012
1024
|
# description: "PolicyDescription", # required
|
1013
1025
|
# name: "PolicyName", # required
|
1014
|
-
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
1026
|
+
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1015
1027
|
# }
|
1016
1028
|
#
|
1017
1029
|
# @!attribute [rw] content
|
1018
|
-
# The policy content to add to the new policy.
|
1019
|
-
#
|
1020
|
-
#
|
1021
|
-
# can delegate to their users, groups, and roles. For more information
|
1022
|
-
# about the SCP syntax, see [Service Control Policy Syntax][2] in the
|
1023
|
-
# *AWS Organizations User Guide.*
|
1024
|
-
#
|
1025
|
-
#
|
1026
|
-
#
|
1027
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1028
|
-
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
|
1030
|
+
# The policy text content to add to the new policy. The text that you
|
1031
|
+
# supply must adhere to the rules of the policy type you specify in
|
1032
|
+
# the `Type` parameter.
|
1029
1033
|
# @return [String]
|
1030
1034
|
#
|
1031
1035
|
# @!attribute [rw] description
|
@@ -1044,12 +1048,23 @@ module Aws::Organizations
|
|
1044
1048
|
# @return [String]
|
1045
1049
|
#
|
1046
1050
|
# @!attribute [rw] type
|
1047
|
-
# The type of policy to create.
|
1051
|
+
# The type of policy to create. You can specify one of the following
|
1052
|
+
# values:
|
1048
1053
|
#
|
1049
|
-
#
|
1050
|
-
# is a service control policy (SCP).
|
1054
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1051
1055
|
#
|
1052
|
-
#
|
1056
|
+
# * [BACKUP\_POLICY][2]
|
1057
|
+
#
|
1058
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
1059
|
+
#
|
1060
|
+
# * [TAG\_POLICY][4]
|
1061
|
+
#
|
1062
|
+
#
|
1063
|
+
#
|
1064
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1065
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1066
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1067
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1053
1068
|
# @return [String]
|
1054
1069
|
#
|
1055
1070
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
|
@@ -1373,18 +1388,31 @@ module Aws::Organizations
|
|
1373
1388
|
# data as a hash:
|
1374
1389
|
#
|
1375
1390
|
# {
|
1376
|
-
# policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
|
1391
|
+
# policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1377
1392
|
# target_id: "PolicyTargetId",
|
1378
1393
|
# }
|
1379
1394
|
#
|
1380
1395
|
# @!attribute [rw] policy_type
|
1381
|
-
# The type of policy that you want information about.
|
1396
|
+
# The type of policy that you want information about. You can specify
|
1397
|
+
# one of the following values:
|
1398
|
+
#
|
1399
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1400
|
+
#
|
1401
|
+
# * [BACKUP\_POLICY][2]
|
1402
|
+
#
|
1403
|
+
# * [TAG\_POLICY][3]
|
1404
|
+
#
|
1405
|
+
#
|
1406
|
+
#
|
1407
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1408
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1409
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1382
1410
|
# @return [String]
|
1383
1411
|
#
|
1384
1412
|
# @!attribute [rw] target_id
|
1385
1413
|
# When you're signed in as the master account, specify the ID of the
|
1386
1414
|
# account that you want details about. Specifying an organization root
|
1387
|
-
# or OU as the target is not supported.
|
1415
|
+
# or organizational unit (OU) as the target is not supported.
|
1388
1416
|
# @return [String]
|
1389
1417
|
#
|
1390
1418
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
|
@@ -1451,6 +1479,12 @@ module Aws::Organizations
|
|
1451
1479
|
|
1452
1480
|
# @!attribute [rw] organization
|
1453
1481
|
# A structure that contains information about the organization.
|
1482
|
+
#
|
1483
|
+
# The `AvailablePolicyTypes` part of the response is deprecated, and
|
1484
|
+
# you shouldn't use it in your apps. It doesn't include any policy
|
1485
|
+
# type supported by Organizations other than SCPs. To determine which
|
1486
|
+
# policy types are enabled in your organization, use the ` ListRoots `
|
1487
|
+
# operation.
|
1454
1488
|
# @return [Types::Organization]
|
1455
1489
|
#
|
1456
1490
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationResponse AWS API Documentation
|
@@ -1640,7 +1674,7 @@ module Aws::Organizations
|
|
1640
1674
|
#
|
1641
1675
|
# {
|
1642
1676
|
# root_id: "RootId", # required
|
1643
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
1677
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1644
1678
|
# }
|
1645
1679
|
#
|
1646
1680
|
# @!attribute [rw] root_id
|
@@ -1656,7 +1690,23 @@ module Aws::Organizations
|
|
1656
1690
|
# @return [String]
|
1657
1691
|
#
|
1658
1692
|
# @!attribute [rw] policy_type
|
1659
|
-
# The policy type that you want to disable in this root.
|
1693
|
+
# The policy type that you want to disable in this root. You can
|
1694
|
+
# specify one of the following values:
|
1695
|
+
#
|
1696
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1697
|
+
#
|
1698
|
+
# * [BACKUP\_POLICY][2]
|
1699
|
+
#
|
1700
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
1701
|
+
#
|
1702
|
+
# * [TAG\_POLICY][4]
|
1703
|
+
#
|
1704
|
+
#
|
1705
|
+
#
|
1706
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1707
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1708
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1709
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1660
1710
|
# @return [String]
|
1661
1711
|
#
|
1662
1712
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
|
@@ -1844,7 +1894,7 @@ module Aws::Organizations
|
|
1844
1894
|
#
|
1845
1895
|
# {
|
1846
1896
|
# root_id: "RootId", # required
|
1847
|
-
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
1897
|
+
# policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1848
1898
|
# }
|
1849
1899
|
#
|
1850
1900
|
# @!attribute [rw] root_id
|
@@ -1860,7 +1910,23 @@ module Aws::Organizations
|
|
1860
1910
|
# @return [String]
|
1861
1911
|
#
|
1862
1912
|
# @!attribute [rw] policy_type
|
1863
|
-
# The policy type that you want to enable.
|
1913
|
+
# The policy type that you want to enable. You can specify one of the
|
1914
|
+
# following values:
|
1915
|
+
#
|
1916
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
1917
|
+
#
|
1918
|
+
# * [BACKUP\_POLICY][2]
|
1919
|
+
#
|
1920
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
1921
|
+
#
|
1922
|
+
# * [TAG\_POLICY][4]
|
1923
|
+
#
|
1924
|
+
#
|
1925
|
+
#
|
1926
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1927
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1928
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1929
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1864
1930
|
# @return [String]
|
1865
1931
|
#
|
1866
1932
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
|
@@ -2278,7 +2344,7 @@ module Aws::Organizations
|
|
2278
2344
|
# reason that contains additional information about the violated limit:
|
2279
2345
|
#
|
2280
2346
|
# <note markdown="1"> Some of the reasons in the following list might not be applicable to
|
2281
|
-
# this specific API or operation
|
2347
|
+
# this specific API or operation.
|
2282
2348
|
#
|
2283
2349
|
# </note>
|
2284
2350
|
#
|
@@ -3210,7 +3276,7 @@ module Aws::Organizations
|
|
3210
3276
|
#
|
3211
3277
|
# {
|
3212
3278
|
# target_id: "PolicyTargetId", # required
|
3213
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
3279
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
3214
3280
|
# next_token: "NextToken",
|
3215
3281
|
# max_results: 1,
|
3216
3282
|
# }
|
@@ -3240,6 +3306,22 @@ module Aws::Organizations
|
|
3240
3306
|
#
|
3241
3307
|
# @!attribute [rw] filter
|
3242
3308
|
# The type of policy that you want to include in the returned list.
|
3309
|
+
# You must specify one of the following values:
|
3310
|
+
#
|
3311
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
3312
|
+
#
|
3313
|
+
# * [BACKUP\_POLICY][2]
|
3314
|
+
#
|
3315
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
3316
|
+
#
|
3317
|
+
# * [TAG\_POLICY][4]
|
3318
|
+
#
|
3319
|
+
#
|
3320
|
+
#
|
3321
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3322
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3323
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3324
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3243
3325
|
# @return [String]
|
3244
3326
|
#
|
3245
3327
|
# @!attribute [rw] next_token
|
@@ -3299,14 +3381,29 @@ module Aws::Organizations
|
|
3299
3381
|
# data as a hash:
|
3300
3382
|
#
|
3301
3383
|
# {
|
3302
|
-
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
|
3384
|
+
# filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
3303
3385
|
# next_token: "NextToken",
|
3304
3386
|
# max_results: 1,
|
3305
3387
|
# }
|
3306
3388
|
#
|
3307
3389
|
# @!attribute [rw] filter
|
3308
3390
|
# Specifies the type of policy that you want to include in the
|
3309
|
-
# response.
|
3391
|
+
# response. You must specify one of the following values:
|
3392
|
+
#
|
3393
|
+
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
3394
|
+
#
|
3395
|
+
# * [BACKUP\_POLICY][2]
|
3396
|
+
#
|
3397
|
+
# * [SERVICE\_CONTROL\_POLICY][3]
|
3398
|
+
#
|
3399
|
+
# * [TAG\_POLICY][4]
|
3400
|
+
#
|
3401
|
+
#
|
3402
|
+
#
|
3403
|
+
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3404
|
+
# [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3405
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3406
|
+
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3310
3407
|
# @return [String]
|
3311
3408
|
#
|
3312
3409
|
# @!attribute [rw] next_token
|
@@ -3726,16 +3823,11 @@ module Aws::Organizations
|
|
3726
3823
|
# @return [String]
|
3727
3824
|
#
|
3728
3825
|
# @!attribute [rw] available_policy_types
|
3729
|
-
#
|
3730
|
-
#
|
3731
|
-
# control policies (SCPs) are included in the list.
|
3826
|
+
# Do not use. This field is deprecated and doesn't provide complete
|
3827
|
+
# information about the policies in your organization.
|
3732
3828
|
#
|
3733
|
-
#
|
3734
|
-
#
|
3735
|
-
# EnablePolicyType and DisablePolicyType. Use ListRoots to see the
|
3736
|
-
# status of a policy type in that root.
|
3737
|
-
#
|
3738
|
-
# </note>
|
3829
|
+
# To determine the policies that are enabled and available for use in
|
3830
|
+
# your organization, use the ListRoots operation instead.
|
3739
3831
|
# @return [Array<Types::PolicyTypeSummary>]
|
3740
3832
|
#
|
3741
3833
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Organization AWS API Documentation
|
@@ -4115,8 +4207,8 @@ module Aws::Organizations
|
|
4115
4207
|
# You can't use the specified policy type with the feature set
|
4116
4208
|
# currently enabled for this organization. For example, you can enable
|
4117
4209
|
# SCPs only after you enable all features in the organization. For more
|
4118
|
-
# information, see [
|
4119
|
-
#
|
4210
|
+
# information, see [Managing AWS Organizations Policies][1]in the *AWS
|
4211
|
+
# Organizations User Guide.*
|
4120
4212
|
#
|
4121
4213
|
#
|
4122
4214
|
#
|
@@ -4384,9 +4476,9 @@ module Aws::Organizations
|
|
4384
4476
|
# @return [String]
|
4385
4477
|
#
|
4386
4478
|
# @!attribute [rw] tags
|
4387
|
-
# The tag to add to the specified resource.
|
4388
|
-
#
|
4389
|
-
# can't set
|
4479
|
+
# The tag to add to the specified resource. You must specify both a
|
4480
|
+
# tag key and value. You can set the value of a tag to an empty
|
4481
|
+
# string, but you can't set it to null.
|
4390
4482
|
# @return [Array<Types::Tag>]
|
4391
4483
|
#
|
4392
4484
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
|
@@ -4413,11 +4505,12 @@ module Aws::Organizations
|
|
4413
4505
|
end
|
4414
4506
|
|
4415
4507
|
# You have sent too many requests in too short a period of time. The
|
4416
|
-
#
|
4508
|
+
# quota helps protect against denial-of-service attacks. Try again
|
4417
4509
|
# later.
|
4418
4510
|
#
|
4419
|
-
# For information
|
4420
|
-
#
|
4511
|
+
# For information about quotas that affect AWS Organizations, see
|
4512
|
+
# [Quotas for AWS Organizations][1]in the *AWS Organizations User
|
4513
|
+
# Guide.*
|
4421
4514
|
#
|
4422
4515
|
#
|
4423
4516
|
#
|
@@ -4438,7 +4531,7 @@ module Aws::Organizations
|
|
4438
4531
|
include Aws::Structure
|
4439
4532
|
end
|
4440
4533
|
|
4441
|
-
# This action isn't available in the current Region.
|
4534
|
+
# This action isn't available in the current AWS Region.
|
4442
4535
|
#
|
4443
4536
|
# @!attribute [rw] message
|
4444
4537
|
# @return [String]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-organizations
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.48.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|