aws-sdk-organizations 1.43.0 → 1.48.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d55de0dc62249c471875ee0a37ac282aecc80f727cf0083d7ad05bd09b2a5c3d
-  data.tar.gz: 3978d2ce14f7bb273a802a52076c4f82b1c6214376955957bdf2fcd60126d280
+  metadata.gz: e5d96097520061e6114fc6fe94babd9ae3273b6500e9c5cbb8c939da23a21074
+  data.tar.gz: 256abcfe182414969fc84ef97db333f39bd1951c08fa3a26be52e5b9b519c31b
 SHA512:
-  metadata.gz: 67c8f52615b63f8ffd7c5f1f63d3498c791980522f6988ef0d4490709aefb9470a60009e457b98a18ed5ce3f3c685733fd1af7ba995888e493c20cfa7b466fcb
-  data.tar.gz: b1bf914b8cafae4db07b0a4c6b9d39a5dbf37dc4f451e1e2b45e2ec8d1d83f43c5972725e2e6895b8213a9df3e453eed5a5f76533da9f97ee013f6317a664c3f
+  metadata.gz: 5f673ac6b433f52999e50bcc64fa72a415e819505dc30ebc719c2a495d5432ae53797269d9cd2db7e7fd0ba1f00fc8e2bcd3bbfbd8592a8fdaef7e814de35b88
+  data.tar.gz: 58a2113b3d5535885cf194971cd61ac9432eee25e68251083a2c2b682d12c5cfb2c9ba4e0359d023d2ecdd66a609c5542ffb726a332af456f75779821780e3c1

data/lib/aws-sdk-organizations.rb

@@ -47,6 +47,6 @@ require_relative 'aws-sdk-organizations/customizations'
 # @service
 module Aws::Organizations
 
-  GEM_VERSION = '1.43.0'
+  GEM_VERSION = '1.48.0'
 
 end

data/lib/aws-sdk-organizations/client.rb

@@ -461,53 +461,26 @@ module Aws::Organizations
 
     # Attaches a policy to a root, an organizational unit (OU), or an
     # individual account. How the policy affects accounts depends on the
-    # type of policy:
-    #
-    # * **Service control policy (SCP)** - An SCP specifies what permissions
-    #   can be delegated to users in affected member accounts. The scope of
-    #   influence for a policy depends on what you attach the policy to:
-    #
-    #   * If you attach an SCP to a root, it affects all accounts in the
-    #     organization.
-    #
-    #   * If you attach an SCP to an OU, it affects all accounts in that OU
-    #     and in any child OUs.
-    #
-    #   * If you attach the policy directly to an account, it affects only
-    #     that account.
-    #
-    #   SCPs are JSON policies that specify the maximum permissions for an
-    #   organization or organizational unit (OU). You can attach one SCP to
-    #   a higher level root or OU, and a different SCP to a child OU or to
-    #   an account. The child policy can further restrict only the
-    #   permissions that pass through the parent filter and are available to
-    #   the child. An SCP that is attached to a child can't grant a
-    #   permission that the parent hasn't already granted. For example,
-    #   imagine that the parent SCP allows permissions A, B, C, D, and E.
-    #   The child SCP allows C, D, E, F, and G. The result is that the
-    #   accounts affected by the child SCP are allowed to use only C, D, and
-    #   E. They can't use A or B because the child OU filtered them out.
-    #   They also can't use F and G because the parent OU filtered them
-    #   out. They can't be granted back by the child SCP; child SCPs can
-    #   only filter the permissions they receive from the parent SCP.
-    #
-    #   AWS Organizations attaches a default SCP named `"FullAWSAccess` to
-    #   every root, OU, and account. This default SCP allows all services
-    #   and actions, enabling any new child OU or account to inherit the
-    #   permissions of the parent root or OU. If you detach the default
-    #   policy, you must replace it with a policy that specifies the
-    #   permissions that you want to allow in that OU or account.
-    #
-    #   For more information about how AWS Organizations policies
-    #   permissions work, see [Using Service Control Policies][1] in the
-    #   *AWS Organizations User Guide.*
+    # type of policy. Refer to the *AWS Organizations User Guide* for
+    # information about each policy type:
+    #
+    # * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    # * [BACKUP\_POLICY][2]
+    #
+    # * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    # * [TAG\_POLICY][4]
     #
     # This operation can be called only from the organization's master
     # account.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [required, String] :policy_id
     #   The unique identifier (ID) of the policy that you want to attach to
@@ -882,7 +855,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
     #
@@ -969,12 +942,13 @@ module Aws::Organizations
     #
     # * When you create an account in an organization using the AWS
     #   Organizations console, API, or CLI commands, the information
-    #   required for the account to operate as a standalone account, such as
-    #   a payment method and signing the end user license agreement (EULA)
-    #   is *not* automatically collected. If you must remove an account from
-    #   your organization later, you can do so only after you provide the
-    #   missing information. Follow the steps at [ To leave an organization
-    #   as a member account][7] in the *AWS Organizations User Guide.*
+    #   required for the account to operate as a standalone account is *not*
+    #   automatically collected. This includes a payment method and signing
+    #   the end user license agreement (EULA). If you must remove an account
+    #   from your organization later, you can do so only after you provide
+    #   the missing information. Follow the steps at [ To leave an
+    #   organization as a member account][7] in the *AWS Organizations User
+    #   Guide.*
     #
     # * If you get an exception that indicates that you exceeded your
     #   account limits for the organization, contact [AWS Support][8].
@@ -1095,7 +1069,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
     #
@@ -1219,7 +1193,7 @@ module Aws::Organizations
     #   resp.organization.master_account_id #=> String
     #   resp.organization.master_account_email #=> String
     #   resp.organization.available_policy_types #=> Array
-    #   resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization AWS API Documentation
@@ -1329,17 +1303,9 @@ module Aws::Organizations
     # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html
     #
     # @option params [required, String] :content
-    #   The policy content to add to the new policy. For example, if you
-    #   create a [service control policy][1] (SCP), this string must be JSON
-    #   text that specifies the permissions that admins in attached accounts
-    #   can delegate to their users, groups, and roles. For more information
-    #   about the SCP syntax, see [Service Control Policy Syntax][2] in the
-    #   *AWS Organizations User Guide.*
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
+    #   The policy text content to add to the new policy. The text that you
+    #   supply must adhere to the rules of the policy type you specify in the
+    #   `Type` parameter.
     #
     # @option params [required, String] :description
     #   An optional description to assign to the policy.
@@ -1355,12 +1321,23 @@ module Aws::Organizations
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :type
-    #   The type of policy to create.
+    #   The type of policy to create. You can specify one of the following
+    #   values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
     #
-    #   <note markdown="1"> In the current release, the only type of policy that you can create is
-    #   a service control policy (SCP).
     #
-    #    </note>
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1400,7 +1377,7 @@ module Aws::Organizations
     #     content: "PolicyContent", # required
     #     description: "PolicyDescription", # required
     #     name: "PolicyName", # required
-    #     type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #     type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #   })
     #
     # @example Response structure
@@ -1409,7 +1386,7 @@ module Aws::Organizations
     #   resp.policy.policy_summary.arn #=> String
     #   resp.policy.policy_summary.name #=> String
     #   resp.policy.policy_summary.description #=> String
-    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.policy.policy_summary.aws_managed #=> Boolean
     #   resp.policy.content #=> String
     #
@@ -1648,6 +1625,11 @@ module Aws::Organizations
     # Removes the specified member AWS account as a delegated administrator
     # for the specified AWS service.
     #
+    # Deregistering a delegated administrator can have unintended impacts on
+    # the functionality of the enabled AWS service. See the documentation
+    # for the enabled service before you deregister a delegated
+    # administrator so that you understand any potential impacts.
+    #
     # You can run this action only for AWS services that support this
     # feature. For a current list of services that support it, see the
     # column *Supports Delegated Administrator* in the table at [AWS
@@ -1818,7 +1800,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
     #
@@ -1829,14 +1811,15 @@ module Aws::Organizations
       req.send_request(options)
     end
 
-    # Returns the contents of the effective tag policy for the account. The
-    # effective tag policy is the aggregation of any tag policies the
-    # account inherits, plus any policy directly that is attached to the
-    # account.
+    # Returns the contents of the effective policy for specified policy type
+    # and account. The effective policy is the aggregation of any policies
+    # of the specified type that the account inherits, plus any policy of
+    # that type that is directly attached to the account.
     #
-    # This action returns information on tag policies only.
+    # This operation applies only to policy types *other* than service
+    # control policies (SCPs).
     #
-    # For more information on policy inheritance, see [How Policy
+    # For more information about policy inheritance, see [How Policy
     # Inheritance Works][1] in the *AWS Organizations User Guide*.
     #
     # This operation can be called only from the organization's master
@@ -1848,12 +1831,25 @@ module Aws::Organizations
     # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
     #
     # @option params [required, String] :policy_type
-    #   The type of policy that you want information about.
+    #   The type of policy that you want information about. You can specify
+    #   one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [TAG\_POLICY][3]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :target_id
     #   When you're signed in as the master account, specify the ID of the
     #   account that you want details about. Specifying an organization root
-    #   or OU as the target is not supported.
+    #   or organizational unit (OU) as the target is not supported.
     #
     # @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1862,7 +1858,7 @@ module Aws::Organizations
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_effective_policy({
-    #     policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
+    #     policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #     target_id: "PolicyTargetId",
     #   })
     #
@@ -1871,7 +1867,7 @@ module Aws::Organizations
     #   resp.effective_policy.policy_content #=> String
     #   resp.effective_policy.last_updated_timestamp #=> Time
     #   resp.effective_policy.target_id #=> String
-    #   resp.effective_policy.policy_type #=> String, one of "TAG_POLICY"
+    #   resp.effective_policy.policy_type #=> String, one of "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy AWS API Documentation
     #
@@ -2042,7 +2038,7 @@ module Aws::Organizations
     #   resp.organization.master_account_id #=> String
     #   resp.organization.master_account_email #=> String
     #   resp.organization.available_policy_types #=> Array
-    #   resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.organization.available_policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.organization.available_policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization AWS API Documentation
@@ -2176,7 +2172,7 @@ module Aws::Organizations
     #   resp.policy.policy_summary.arn #=> String
     #   resp.policy.policy_summary.name #=> String
     #   resp.policy.policy_summary.description #=> String
-    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.policy.policy_summary.aws_managed #=> Boolean
     #   resp.policy.content #=> String
     #
@@ -2190,18 +2186,20 @@ module Aws::Organizations
     end
 
     # Detaches a policy from a target root, organizational unit (OU), or
-    # account. If the policy being detached is a service control policy
-    # (SCP), the changes to permissions for IAM users and roles in affected
-    # accounts are immediate.
-    #
-    # **Note:** Every root, OU, and account must have at least one SCP
-    # attached. If you want to replace the default `FullAWSAccess` policy
-    # with one that limits the permissions that can be delegated, you must
-    # attach the replacement policy before you can remove the default one.
-    # This is the authorization strategy of an "[allow list][1]". If you
-    # instead attach a second SCP and leave the `FullAWSAccess` SCP still
-    # attached, and specify `"Effect": "Deny"` in the second SCP to override
-    # the `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
+    # account.
+    #
+    # If the policy being detached is a service control policy (SCP), the
+    # changes to permissions for AWS Identity and Access Management (IAM)
+    # users and roles in affected accounts are immediate.
+    #
+    # Every root, OU, and account must have at least one SCP attached. If
+    # you want to replace the default `FullAWSAccess` policy with an SCP
+    # that limits the permissions that can be delegated, you must attach the
+    # replacement SCP before you can remove the default SCP. This is the
+    # authorization strategy of an "[allow list][1]". If you instead
+    # attach a second SCP and leave the `FullAWSAccess` SCP still attached,
+    # and specify `"Effect": "Deny"` in the second SCP to override the
+    # `"Effect": "Allow"` in the `FullAWSAccess` policy (or any other
     # attached SCP), you're using the authorization strategy of a "[deny
     # list][2]".
     #
@@ -2210,8 +2208,8 @@ module Aws::Organizations
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist
-    # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist
+    # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist
     #
     # @option params [required, String] :policy_id
     #   The unique identifier (ID) of the policy you want to detach. You can
@@ -2334,18 +2332,19 @@ module Aws::Organizations
       req.send_request(options)
     end
 
-    # Disables an organizational control policy type in a root. A policy of
-    # a certain type can be attached to entities in a root only if that type
+    # Disables an organizational policy type in a root. A policy of a
+    # certain type can be attached to entities in a root only if that type
     # is enabled in the root. After you perform this operation, you no
     # longer can attach policies of the specified type to that root or to
     # any organizational unit (OU) or account in that root. You can undo
     # this by using the EnablePolicyType operation.
     #
     # This is an asynchronous request that AWS performs in the background.
-    # If you disable a policy for a root, it still appears enabled for the
-    # organization if [all features][1] are enabled for the organization.
-    # AWS recommends that you first use ListRoots to see the status of
-    # policy types for a specified root, and then use this operation.
+    # If you disable a policy type for a root, it still appears enabled for
+    # the organization if [all features][1] are enabled for the
+    # organization. AWS recommends that you first use ListRoots to see the
+    # status of policy types for a specified root, and then use this
+    # operation.
     #
     # This operation can be called only from the organization's master
     # account.
@@ -2369,7 +2368,23 @@ module Aws::Organizations
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :policy_type
-    #   The policy type that you want to disable in this root.
+    #   The policy type that you want to disable in this root. You can specify
+    #   one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2401,7 +2416,7 @@ module Aws::Organizations
     #
     #   resp = client.disable_policy_type({
     #     root_id: "RootId", # required
-    #     policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #     policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #   })
     #
     # @example Response structure
@@ -2410,7 +2425,7 @@ module Aws::Organizations
     #   resp.root.arn #=> String
     #   resp.root.name #=> String
     #   resp.root.policy_types #=> Array
-    #   resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType AWS API Documentation
@@ -2603,7 +2618,23 @@ module Aws::Organizations
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :policy_type
-    #   The policy type that you want to enable.
+    #   The policy type that you want to enable. You can specify one of the
+    #   following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2639,7 +2670,7 @@ module Aws::Organizations
     #
     #   resp = client.enable_policy_type({
     #     root_id: "RootId", # required
-    #     policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #     policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #   })
     #
     # @example Response structure
@@ -2648,7 +2679,7 @@ module Aws::Organizations
     #   resp.root.arn #=> String
     #   resp.root.name #=> String
     #   resp.root.policy_types #=> Array
-    #   resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.root.policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.root.policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType AWS API Documentation
@@ -3399,7 +3430,7 @@ module Aws::Organizations
     #   resp.create_account_statuses[0].completed_timestamp #=> Time
     #   resp.create_account_statuses[0].account_id #=> String
     #   resp.create_account_statuses[0].gov_cloud_account_id #=> String
-    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
+    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -3557,9 +3588,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
-    # account or by a member account that is a delegated administrator for
-    # an AWS service.
+    # This operation can be called from any account in the organization.
     #
     # @option params [Types::HandshakeFilter] :filter
     #   Filters the handshakes that you want included in the response. The
@@ -4118,6 +4147,22 @@ module Aws::Organizations
     #
     # @option params [required, String] :filter
     #   Specifies the type of policy that you want to include in the response.
+    #   You must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :next_token
     #   The parameter for receiving additional results if you receive a
@@ -4187,7 +4232,7 @@ module Aws::Organizations
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_policies({
-    #     filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #     filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #     next_token: "NextToken",
     #     max_results: 1,
     #   })
@@ -4199,7 +4244,7 @@ module Aws::Organizations
     #   resp.policies[0].arn #=> String
     #   resp.policies[0].name #=> String
     #   resp.policies[0].description #=> String
-    #   resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.policies[0].aws_managed #=> Boolean
     #   resp.next_token #=> String
     #
@@ -4250,7 +4295,23 @@ module Aws::Organizations
     #   [1]: http://wikipedia.org/wiki/regex
     #
     # @option params [required, String] :filter
-    #   The type of policy that you want to include in the returned list.
+    #   The type of policy that you want to include in the returned list. You
+    #   must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :next_token
     #   The parameter for receiving additional results if you receive a
@@ -4308,7 +4369,7 @@ module Aws::Organizations
     #
     #   resp = client.list_policies_for_target({
     #     target_id: "PolicyTargetId", # required
-    #     filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #     filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #     next_token: "NextToken",
     #     max_results: 1,
     #   })
@@ -4320,7 +4381,7 @@ module Aws::Organizations
     #   resp.policies[0].arn #=> String
     #   resp.policies[0].name #=> String
     #   resp.policies[0].description #=> String
-    #   resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.policies[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.policies[0].aws_managed #=> Boolean
     #   resp.next_token #=> String
     #
@@ -4421,7 +4482,7 @@ module Aws::Organizations
     #   resp.roots[0].arn #=> String
     #   resp.roots[0].name #=> String
     #   resp.roots[0].policy_types #=> Array
-    #   resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.roots[0].policy_types[0].type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.roots[0].policy_types[0].status #=> String, one of "ENABLED", "PENDING_ENABLE", "PENDING_DISABLE"
     #   resp.next_token #=> String
     #
@@ -4803,9 +4864,9 @@ module Aws::Organizations
     #   The ID of the resource to add a tag to.
     #
     # @option params [required, Array<Types::Tag>] :tags
-    #   The tag to add to the specified resource. Specifying the tag key is
-    #   required. You can set the value of a tag to an empty string, but you
-    #   can't set the value of a tag to null.
+    #   The tag to add to the specified resource. You must specify both a tag
+    #   key and value. You can set the value of a tag to an empty string, but
+    #   you can't set it to null.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -5048,7 +5109,7 @@ module Aws::Organizations
     #   resp.policy.policy_summary.arn #=> String
     #   resp.policy.policy_summary.name #=> String
     #   resp.policy.policy_summary.description #=> String
-    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY"
+    #   resp.policy.policy_summary.type #=> String, one of "SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"
     #   resp.policy.policy_summary.aws_managed #=> Boolean
     #   resp.policy.content #=> String
     #
@@ -5074,7 +5135,7 @@ module Aws::Organizations
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-organizations'
-      context[:gem_version] = '1.43.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-organizations/types.rb

@@ -417,10 +417,12 @@ module Aws::Organizations
     # (SCP) from an OU or root, inviting or creating too many accounts to
     # the organization, or attaching too many policies to an account, OU, or
     # root. This exception includes a reason that contains additional
-    # information about the violated limit.
+    # information about the violated limit:
     #
-    # Some of the reasons in the following list might not be applicable to
-    # this specific API or operation:
+    # <note markdown="1"> Some of the reasons in the following list might not be applicable to
+    # this specific API or operation.
+    #
+    #  </note>
     #
     # * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
     #   master account from the organization. You can't remove the master
@@ -431,15 +433,15 @@ module Aws::Organizations
     #   account from the organization that doesn't yet have enough
     #   information to exist as a standalone account. This account requires
     #   you to first agree to the AWS Customer Agreement. Follow the steps
-    #   at [To leave an organization when all required account information
-    #   has not yet been provided][1] in the *AWS Organizations User Guide.*
+    #   at [Removing a member account from your organization][1]in the *AWS
+    #   Organizations User Guide.*
     #
     # * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_PHONE\_VERIFICATION: You attempted
     #   to remove an account from the organization that doesn't yet have
     #   enough information to exist as a standalone account. This account
     #   requires you to first complete phone verification. Follow the steps
-    #   at [To leave an organization when all required account information
-    #   has not yet been provided][1] in the *AWS Organizations User Guide.*
+    #   at [Removing a member account from your organization][1] in the *AWS
+    #   Organizations User Guide.*
     #
     # * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
     #   the number of accounts that you can create in one day.
@@ -458,9 +460,9 @@ module Aws::Organizations
     #
     #    </note>
     #
-    #   If you get receive this exception when running a command immediately
-    #   after creating the organization, wait one hour and try again. If
-    #   after an hour it continues to fail with this error, contact [AWS
+    #   If you get this exception when running a command immediately after
+    #   creating the organization, wait one hour and try again. After an
+    #   hour, if the command continues to fail with this error, contact [AWS
     #   Support][2].
     #
     # * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
@@ -506,7 +508,7 @@ module Aws::Organizations
     #   support.
     #
     # * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
-    #   you must first provide contact a valid address and phone number for
+    #   you must first provide a valid contact address and phone number for
     #   the master account. Then try the operation again.
     #
     # * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
@@ -518,7 +520,7 @@ module Aws::Organizations
     #   organization with this master account, you first must associate a
     #   valid payment instrument, such as a credit card, with the account.
     #   Follow the steps at [To leave an organization when all required
-    #   account information has not yet been provided][1] in the *AWS
+    #   account information has not yet been provided][4] in the *AWS
     #   Organizations User Guide.*
     #
     # * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
@@ -536,7 +538,7 @@ module Aws::Organizations
     #   operation with this member account, you first must associate a valid
     #   payment instrument, such as a credit card, with the account. Follow
     #   the steps at [To leave an organization when all required account
-    #   information has not yet been provided][1] in the *AWS Organizations
+    #   information has not yet been provided][4] in the *AWS Organizations
     #   User Guide.*
     #
     # * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
@@ -567,9 +569,10 @@ module Aws::Organizations
     #
     #
     #
-    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
+    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
     # [2]: https://console.aws.amazon.com/support/home#/
     # [3]: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
+    # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -752,6 +755,9 @@ module Aws::Organizations
     #     you have reached the limit on the number of accounts in your
     #     organization.
     #
+    #   * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
+    #     with the same information.
+    #
     #   * EMAIL\_ALREADY\_EXISTS: The account could not be created because
     #     another AWS account with that email address already exists.
     #
@@ -768,6 +774,12 @@ module Aws::Organizations
     #   * INTERNAL\_FAILURE: The account could not be created because of an
     #     internal failure. Try again later. If the problem persists,
     #     contact Customer Support.
+    #
+    #   * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
+    #     organization has not received Business Validation.
+    #
+    #   * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
+    #     account with a valid payment method, such as a credit card.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
@@ -1011,21 +1023,13 @@ module Aws::Organizations
     #         content: "PolicyContent", # required
     #         description: "PolicyDescription", # required
     #         name: "PolicyName", # required
-    #         type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] content
-    #   The policy content to add to the new policy. For example, if you
-    #   create a [service control policy][1] (SCP), this string must be JSON
-    #   text that specifies the permissions that admins in attached accounts
-    #   can delegate to their users, groups, and roles. For more information
-    #   about the SCP syntax, see [Service Control Policy Syntax][2] in the
-    #   *AWS Organizations User Guide.*
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
+    #   The policy text content to add to the new policy. The text that you
+    #   supply must adhere to the rules of the policy type you specify in
+    #   the `Type` parameter.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -1044,12 +1048,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] type
-    #   The type of policy to create.
+    #   The type of policy to create. You can specify one of the following
+    #   values:
     #
-    #   <note markdown="1"> In the current release, the only type of policy that you can create
-    #   is a service control policy (SCP).
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
     #
-    #    </note>
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
@@ -1373,18 +1388,31 @@ module Aws::Organizations
     #   data as a hash:
     #
     #       {
-    #         policy_type: "TAG_POLICY", # required, accepts TAG_POLICY
+    #         policy_type: "TAG_POLICY", # required, accepts TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         target_id: "PolicyTargetId",
     #       }
     #
     # @!attribute [rw] policy_type
-    #   The type of policy that you want information about.
+    #   The type of policy that you want information about. You can specify
+    #   one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [TAG\_POLICY][3]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] target_id
     #   When you're signed in as the master account, specify the ID of the
     #   account that you want details about. Specifying an organization root
-    #   or OU as the target is not supported.
+    #   or organizational unit (OU) as the target is not supported.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
@@ -1451,6 +1479,12 @@ module Aws::Organizations
 
     # @!attribute [rw] organization
     #   A structure that contains information about the organization.
+    #
+    #   The `AvailablePolicyTypes` part of the response is deprecated, and
+    #   you shouldn't use it in your apps. It doesn't include any policy
+    #   type supported by Organizations other than SCPs. To determine which
+    #   policy types are enabled in your organization, use the ` ListRoots `
+    #   operation.
     #   @return [Types::Organization]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationResponse AWS API Documentation
@@ -1640,7 +1674,7 @@ module Aws::Organizations
     #
     #       {
     #         root_id: "RootId", # required
-    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] root_id
@@ -1656,7 +1690,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] policy_type
-    #   The policy type that you want to disable in this root.
+    #   The policy type that you want to disable in this root. You can
+    #   specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
@@ -1844,7 +1894,7 @@ module Aws::Organizations
     #
     #       {
     #         root_id: "RootId", # required
-    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         policy_type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #       }
     #
     # @!attribute [rw] root_id
@@ -1860,7 +1910,23 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] policy_type
-    #   The policy type that you want to enable.
+    #   The policy type that you want to enable. You can specify one of the
+    #   following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
@@ -2278,7 +2344,7 @@ module Aws::Organizations
     # reason that contains additional information about the violated limit:
     #
     # <note markdown="1"> Some of the reasons in the following list might not be applicable to
-    # this specific API or operation:
+    # this specific API or operation.
     #
     #  </note>
     #
@@ -3210,7 +3276,7 @@ module Aws::Organizations
     #
     #       {
     #         target_id: "PolicyTargetId", # required
-    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
@@ -3240,6 +3306,22 @@ module Aws::Organizations
     #
     # @!attribute [rw] filter
     #   The type of policy that you want to include in the returned list.
+    #   You must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -3299,14 +3381,29 @@ module Aws::Organizations
     #   data as a hash:
     #
     #       {
-    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY
+    #         filter: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
     #
     # @!attribute [rw] filter
     #   Specifies the type of policy that you want to include in the
-    #   response.
+    #   response. You must specify one of the following values:
+    #
+    #   * [AISERVICES\_OPT\_OUT\_POLICY][1]
+    #
+    #   * [BACKUP\_POLICY][2]
+    #
+    #   * [SERVICE\_CONTROL\_POLICY][3]
+    #
+    #   * [TAG\_POLICY][4]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -3726,16 +3823,11 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] available_policy_types
-    #   A list of policy types that are enabled for this organization. For
-    #   example, if your organization has all features enabled, then service
-    #   control policies (SCPs) are included in the list.
+    #   Do not use. This field is deprecated and doesn't provide complete
+    #   information about the policies in your organization.
     #
-    #   <note markdown="1"> Even if a policy type is shown as available in the organization, you
-    #   can separately enable and disable them at the root level by using
-    #   EnablePolicyType and DisablePolicyType. Use ListRoots to see the
-    #   status of a policy type in that root.
-    #
-    #    </note>
+    #   To determine the policies that are enabled and available for use in
+    #   your organization, use the ListRoots operation instead.
     #   @return [Array<Types::PolicyTypeSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/Organization AWS API Documentation
@@ -4115,8 +4207,8 @@ module Aws::Organizations
     # You can't use the specified policy type with the feature set
     # currently enabled for this organization. For example, you can enable
     # SCPs only after you enable all features in the organization. For more
-    # information, see [Enabling and Disabling a Policy Type on a Root][1]
-    # in the *AWS Organizations User Guide.*
+    # information, see [Managing AWS Organizations Policies][1]in the *AWS
+    # Organizations User Guide.*
     #
     #
     #
@@ -4384,9 +4476,9 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The tag to add to the specified resource. Specifying the tag key is
-    #   required. You can set the value of a tag to an empty string, but you
-    #   can't set the value of a tag to null.
+    #   The tag to add to the specified resource. You must specify both a
+    #   tag key and value. You can set the value of a tag to an empty
+    #   string, but you can't set it to null.
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
@@ -4413,11 +4505,12 @@ module Aws::Organizations
     end
 
     # You have sent too many requests in too short a period of time. The
-    # limit helps protect against denial-of-service attacks. Try again
+    # quota helps protect against denial-of-service attacks. Try again
     # later.
     #
-    # For information on limits that affect AWS Organizations, see [Limits
-    # of AWS Organizations][1] in the *AWS Organizations User Guide.*
+    # For information about quotas that affect AWS Organizations, see
+    # [Quotas for AWS Organizations][1]in the *AWS Organizations User
+    # Guide.*
     #
     #
     #
@@ -4438,7 +4531,7 @@ module Aws::Organizations
       include Aws::Structure
     end
 
-    # This action isn't available in the current Region.
+    # This action isn't available in the current AWS Region.
     #
     # @!attribute [rw] message
     #   @return [String]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-organizations
 version: !ruby/object:Gem::Version
-  version: 1.43.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-23 00:00:00.000000000 Z
+date: 2020-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core