aws-sdk-organizations 1.46.0 → 1.51.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +3 -2
- data/lib/aws-sdk-organizations/client.rb +296 -56
- data/lib/aws-sdk-organizations/client_api.rb +6 -0
- data/lib/aws-sdk-organizations/types.rb +233 -15
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7b6f5921109742aaa83544abde06a32cae7102b883e54767fe4e5567affe73a6
|
4
|
+
data.tar.gz: 0fdaeb797a8f94bca291bedaa02f83098032626aa70e1e304010bbc9926d7b25
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 40a50363452745e1f6a6ef0aef7f5688754608588f65766d59e5786d40dc54a718ee5d67b404f852459dc5a4a47491dcbee044c82b90ce7f589ec17a87e51fcd
|
7
|
+
data.tar.gz: 5bc9c7b9b676bee453d617114739d234a0203ba6ff31298dcb34cb7254f336d96feeb91aaa85ea0cbd5dbb7a829fd2a0401500158f969150dd28bb4a3c24c2cc
|
@@ -7,6 +7,7 @@
|
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
10
|
+
|
10
11
|
require 'aws-sdk-core'
|
11
12
|
require 'aws-sigv4'
|
12
13
|
|
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-organizations/customizations'
|
|
44
45
|
#
|
45
46
|
# See {Errors} for more information.
|
46
47
|
#
|
47
|
-
#
|
48
|
+
# @!group service
|
48
49
|
module Aws::Organizations
|
49
50
|
|
50
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.51.0'
|
51
52
|
|
52
53
|
end
|
@@ -85,13 +85,28 @@ module Aws::Organizations
|
|
85
85
|
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
86
86
|
# credentials.
|
87
87
|
#
|
88
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
89
|
+
# shared file, such as `~/.aws/config`.
|
90
|
+
#
|
91
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
92
|
+
#
|
93
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
94
|
+
# assume a role after providing credentials via the web.
|
95
|
+
#
|
96
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
97
|
+
# access token generated from `aws login`.
|
98
|
+
#
|
99
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
100
|
+
# process that outputs to stdout.
|
101
|
+
#
|
88
102
|
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
89
103
|
# from an EC2 IMDS on an EC2 instance.
|
90
104
|
#
|
91
|
-
# * `Aws::
|
92
|
-
#
|
105
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
106
|
+
# instances running in ECS.
|
93
107
|
#
|
94
|
-
# * `Aws::
|
108
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
109
|
+
# from the Cognito Identity service.
|
95
110
|
#
|
96
111
|
# When `:credentials` are not configured directly, the following
|
97
112
|
# locations will be searched for credentials:
|
@@ -101,10 +116,10 @@ module Aws::Organizations
|
|
101
116
|
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
102
117
|
# * `~/.aws/credentials`
|
103
118
|
# * `~/.aws/config`
|
104
|
-
# * EC2 IMDS instance profile - When used by default, the timeouts
|
105
|
-
# very aggressive. Construct and pass an instance of
|
106
|
-
# `Aws::InstanceProfileCredentails`
|
107
|
-
# timeouts.
|
119
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
|
+
# are very aggressive. Construct and pass an instance of
|
121
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
+
# enable retries and extended timeouts.
|
108
123
|
#
|
109
124
|
# @option options [required, String] :region
|
110
125
|
# The AWS region to connect to. The configured `:region` is
|
@@ -688,8 +703,6 @@ module Aws::Organizations
|
|
688
703
|
# [Monitoring the Activity in Your Organization][1] in the *AWS
|
689
704
|
# Organizations User Guide.*
|
690
705
|
#
|
691
|
-
#
|
692
|
-
#
|
693
706
|
# The user who calls the API to create an account must have the
|
694
707
|
# `organizations:CreateAccount` permission. If you enabled all features
|
695
708
|
# in the organization, AWS Organizations creates the required
|
@@ -697,6 +710,9 @@ module Aws::Organizations
|
|
697
710
|
# information, see [AWS Organizations and Service-Linked Roles][2] in
|
698
711
|
# the *AWS Organizations User Guide*.
|
699
712
|
#
|
713
|
+
# If the request includes tags, then the requester must have the
|
714
|
+
# `organizations:TagResource` permission.
|
715
|
+
#
|
700
716
|
# AWS Organizations preconfigures the new member account with a role
|
701
717
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
702
718
|
# in the master account administrator permissions in the new member
|
@@ -812,6 +828,23 @@ module Aws::Organizations
|
|
812
828
|
#
|
813
829
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
814
830
|
#
|
831
|
+
# @option params [Array<Types::Tag>] :tags
|
832
|
+
# A list of tags that you want to attach to the newly created account.
|
833
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
834
|
+
# You can set the value to an empty string, but you can't set it to
|
835
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
836
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
837
|
+
#
|
838
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
839
|
+
# of tags for an account, then the entire request fails and the account
|
840
|
+
# is not created.
|
841
|
+
#
|
842
|
+
# </note>
|
843
|
+
#
|
844
|
+
#
|
845
|
+
#
|
846
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
847
|
+
#
|
815
848
|
# @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
816
849
|
#
|
817
850
|
# * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -844,6 +877,12 @@ module Aws::Organizations
|
|
844
877
|
# account_name: "AccountName", # required
|
845
878
|
# role_name: "RoleName",
|
846
879
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
880
|
+
# tags: [
|
881
|
+
# {
|
882
|
+
# key: "TagKey", # required
|
883
|
+
# value: "TagValue", # required
|
884
|
+
# },
|
885
|
+
# ],
|
847
886
|
# })
|
848
887
|
#
|
849
888
|
# @example Response structure
|
@@ -855,7 +894,7 @@ module Aws::Organizations
|
|
855
894
|
# resp.create_account_status.completed_timestamp #=> Time
|
856
895
|
# resp.create_account_status.account_id #=> String
|
857
896
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
858
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
897
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
859
898
|
#
|
860
899
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
861
900
|
#
|
@@ -878,11 +917,12 @@ module Aws::Organizations
|
|
878
917
|
# * You call this action from the master account of your organization in
|
879
918
|
# the commercial Region.
|
880
919
|
#
|
881
|
-
# * You have the `organizations:CreateGovCloudAccount` permission.
|
882
|
-
#
|
883
|
-
#
|
884
|
-
#
|
885
|
-
#
|
920
|
+
# * You have the `organizations:CreateGovCloudAccount` permission.
|
921
|
+
#
|
922
|
+
# AWS Organizations automatically creates the required service-linked
|
923
|
+
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
924
|
+
# [AWS Organizations and Service-Linked Roles][2] in the *AWS
|
925
|
+
# Organizations User Guide.*
|
886
926
|
#
|
887
927
|
# AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
|
888
928
|
# accounts, but you should also do the following:
|
@@ -894,6 +934,13 @@ module Aws::Organizations
|
|
894
934
|
# For more information, see [Verifying AWS CloudTrail Is Enabled][3]
|
895
935
|
# in the *AWS GovCloud User Guide*.
|
896
936
|
#
|
937
|
+
# If the request includes tags, then the requester must have the
|
938
|
+
# `organizations:TagResource` permission. The tags are attached to the
|
939
|
+
# commercial account associated with the GovCloud account, rather than
|
940
|
+
# the GovCloud account itself. To add tags to the GovCloud account, call
|
941
|
+
# the TagResource operation in the GovCloud Region after the new
|
942
|
+
# GovCloud account exists.
|
943
|
+
#
|
897
944
|
# You call this action from the master account of your organization in
|
898
945
|
# the commercial Region to create a standalone AWS account in the AWS
|
899
946
|
# GovCloud (US) Region. After the account is created, the master account
|
@@ -930,10 +977,10 @@ module Aws::Organizations
|
|
930
977
|
# allows the master account in the organization in the commercial Region
|
931
978
|
# to assume it. An AWS GovCloud (US) account is then created and
|
932
979
|
# associated with the commercial account that you just created. A role
|
933
|
-
# is created in the new AWS GovCloud (US) account that can be
|
934
|
-
# the AWS GovCloud (US) account that is associated with the
|
935
|
-
# account of the commercial organization. For more information
|
936
|
-
# view a diagram that explains how account access works, see [AWS
|
980
|
+
# is also created in the new AWS GovCloud (US) account that can be
|
981
|
+
# assumed by the AWS GovCloud (US) account that is associated with the
|
982
|
+
# master account of the commercial organization. For more information
|
983
|
+
# and to view a diagram that explains how account access works, see [AWS
|
937
984
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
938
985
|
#
|
939
986
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -1047,6 +1094,28 @@ module Aws::Organizations
|
|
1047
1094
|
#
|
1048
1095
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
1049
1096
|
#
|
1097
|
+
# @option params [Array<Types::Tag>] :tags
|
1098
|
+
# A list of tags that you want to attach to the newly created account.
|
1099
|
+
# These tags are attached to the commercial account associated with the
|
1100
|
+
# GovCloud account, and not to the GovCloud account itself. To add tags
|
1101
|
+
# to the actual GovCloud account, call the TagResource operation in the
|
1102
|
+
# GovCloud region after the new GovCloud account exists.
|
1103
|
+
#
|
1104
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1105
|
+
# You can set the value to an empty string, but you can't set it to
|
1106
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1107
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1108
|
+
#
|
1109
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1110
|
+
# of tags for an account, then the entire request fails and the account
|
1111
|
+
# is not created.
|
1112
|
+
#
|
1113
|
+
# </note>
|
1114
|
+
#
|
1115
|
+
#
|
1116
|
+
#
|
1117
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1118
|
+
#
|
1050
1119
|
# @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1051
1120
|
#
|
1052
1121
|
# * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -1058,6 +1127,12 @@ module Aws::Organizations
|
|
1058
1127
|
# account_name: "AccountName", # required
|
1059
1128
|
# role_name: "RoleName",
|
1060
1129
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
1130
|
+
# tags: [
|
1131
|
+
# {
|
1132
|
+
# key: "TagKey", # required
|
1133
|
+
# value: "TagValue", # required
|
1134
|
+
# },
|
1135
|
+
# ],
|
1061
1136
|
# })
|
1062
1137
|
#
|
1063
1138
|
# @example Response structure
|
@@ -1069,7 +1144,7 @@ module Aws::Organizations
|
|
1069
1144
|
# resp.create_account_status.completed_timestamp #=> Time
|
1070
1145
|
# resp.create_account_status.account_id #=> String
|
1071
1146
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1072
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1147
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1073
1148
|
#
|
1074
1149
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
|
1075
1150
|
#
|
@@ -1098,7 +1173,7 @@ module Aws::Organizations
|
|
1098
1173
|
#
|
1099
1174
|
#
|
1100
1175
|
#
|
1101
|
-
# [1]: https://docs.aws.amazon.com/
|
1176
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
|
1102
1177
|
#
|
1103
1178
|
# @option params [String] :feature_set
|
1104
1179
|
# Specifies the feature set supported by the new organization. Each
|
@@ -1215,6 +1290,9 @@ module Aws::Organizations
|
|
1215
1290
|
# For more information about OUs, see [Managing Organizational Units][1]
|
1216
1291
|
# in the *AWS Organizations User Guide.*
|
1217
1292
|
#
|
1293
|
+
# If the request includes tags, then the requester must have the
|
1294
|
+
# `organizations:TagResource` permission.
|
1295
|
+
#
|
1218
1296
|
# This operation can be called only from the organization's master
|
1219
1297
|
# account.
|
1220
1298
|
#
|
@@ -1244,6 +1322,23 @@ module Aws::Organizations
|
|
1244
1322
|
# @option params [required, String] :name
|
1245
1323
|
# The friendly name to assign to the new OU.
|
1246
1324
|
#
|
1325
|
+
# @option params [Array<Types::Tag>] :tags
|
1326
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1327
|
+
# each tag in the list, you must specify both a tag key and a value. You
|
1328
|
+
# can set the value to an empty string, but you can't set it to `null`.
|
1329
|
+
# For more information about tagging, see [Tagging AWS Organizations
|
1330
|
+
# resources][1] in the AWS Organizations User Guide.
|
1331
|
+
#
|
1332
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1333
|
+
# of tags for an OU, then the entire request fails and the OU is not
|
1334
|
+
# created.
|
1335
|
+
#
|
1336
|
+
# </note>
|
1337
|
+
#
|
1338
|
+
#
|
1339
|
+
#
|
1340
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1341
|
+
#
|
1247
1342
|
# @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1248
1343
|
#
|
1249
1344
|
# * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
@@ -1272,6 +1367,12 @@ module Aws::Organizations
|
|
1272
1367
|
# resp = client.create_organizational_unit({
|
1273
1368
|
# parent_id: "ParentId", # required
|
1274
1369
|
# name: "OrganizationalUnitName", # required
|
1370
|
+
# tags: [
|
1371
|
+
# {
|
1372
|
+
# key: "TagKey", # required
|
1373
|
+
# value: "TagValue", # required
|
1374
|
+
# },
|
1375
|
+
# ],
|
1275
1376
|
# })
|
1276
1377
|
#
|
1277
1378
|
# @example Response structure
|
@@ -1295,6 +1396,9 @@ module Aws::Organizations
|
|
1295
1396
|
# For more information about policies and their use, see [Managing
|
1296
1397
|
# Organization Policies][1].
|
1297
1398
|
#
|
1399
|
+
# If the request includes tags, then the requester must have the
|
1400
|
+
# `organizations:TagResource` permission.
|
1401
|
+
#
|
1298
1402
|
# This operation can be called only from the organization's master
|
1299
1403
|
# account.
|
1300
1404
|
#
|
@@ -1339,6 +1443,23 @@ module Aws::Organizations
|
|
1339
1443
|
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1340
1444
|
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1341
1445
|
#
|
1446
|
+
# @option params [Array<Types::Tag>] :tags
|
1447
|
+
# A list of tags that you want to attach to the newly created policy.
|
1448
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1449
|
+
# You can set the value to an empty string, but you can't set it to
|
1450
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1451
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1452
|
+
#
|
1453
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1454
|
+
# of tags for a policy, then the entire request fails and the policy is
|
1455
|
+
# not created.
|
1456
|
+
#
|
1457
|
+
# </note>
|
1458
|
+
#
|
1459
|
+
#
|
1460
|
+
#
|
1461
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1462
|
+
#
|
1342
1463
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1343
1464
|
#
|
1344
1465
|
# * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
|
@@ -1378,6 +1499,12 @@ module Aws::Organizations
|
|
1378
1499
|
# description: "PolicyDescription", # required
|
1379
1500
|
# name: "PolicyName", # required
|
1380
1501
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1502
|
+
# tags: [
|
1503
|
+
# {
|
1504
|
+
# key: "TagKey", # required
|
1505
|
+
# value: "TagValue", # required
|
1506
|
+
# },
|
1507
|
+
# ],
|
1381
1508
|
# })
|
1382
1509
|
#
|
1383
1510
|
# @example Response structure
|
@@ -1800,7 +1927,7 @@ module Aws::Organizations
|
|
1800
1927
|
# resp.create_account_status.completed_timestamp #=> Time
|
1801
1928
|
# resp.create_account_status.account_id #=> String
|
1802
1929
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1803
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
1930
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1804
1931
|
#
|
1805
1932
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
1806
1933
|
#
|
@@ -2711,6 +2838,9 @@ module Aws::Organizations
|
|
2711
2838
|
# then try again. If the error persists after an hour, contact [AWS
|
2712
2839
|
# Support][2].
|
2713
2840
|
#
|
2841
|
+
# If the request includes tags, then the requester must have the
|
2842
|
+
# `organizations:TagResource` permission.
|
2843
|
+
#
|
2714
2844
|
# This operation can be called only from the organization's master
|
2715
2845
|
# account.
|
2716
2846
|
#
|
@@ -2741,6 +2871,33 @@ module Aws::Organizations
|
|
2741
2871
|
# Additional information that you want to include in the generated email
|
2742
2872
|
# to the recipient account owner.
|
2743
2873
|
#
|
2874
|
+
# @option params [Array<Types::Tag>] :tags
|
2875
|
+
# A list of tags that you want to attach to the account when it becomes
|
2876
|
+
# a member of the organization. For each tag in the list, you must
|
2877
|
+
# specify both a tag key and a value. You can set the value to an empty
|
2878
|
+
# string, but you can't set it to `null`. For more information about
|
2879
|
+
# tagging, see [Tagging AWS Organizations resources][1] in the AWS
|
2880
|
+
# Organizations User Guide.
|
2881
|
+
#
|
2882
|
+
# Any tags in the request are checked for compliance with any applicable
|
2883
|
+
# tag policies when the request is made. The request is rejected if the
|
2884
|
+
# tags in the request don't match the requirements of the policy at
|
2885
|
+
# that time. Tag policy compliance is <i> <b>not</b> </i> checked again
|
2886
|
+
# when the invitation is accepted and the tags are actually attached to
|
2887
|
+
# the account. That means that if the tag policy changes between the
|
2888
|
+
# invitation and the acceptance, then that tags could potentially be
|
2889
|
+
# non-compliant.
|
2890
|
+
#
|
2891
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
2892
|
+
# of tags for an account, then the entire request fails and invitations
|
2893
|
+
# are not sent.
|
2894
|
+
#
|
2895
|
+
# </note>
|
2896
|
+
#
|
2897
|
+
#
|
2898
|
+
#
|
2899
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2900
|
+
#
|
2744
2901
|
# @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2745
2902
|
#
|
2746
2903
|
# * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
|
@@ -2813,6 +2970,12 @@ module Aws::Organizations
|
|
2813
2970
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2814
2971
|
# },
|
2815
2972
|
# notes: "HandshakeNotes",
|
2973
|
+
# tags: [
|
2974
|
+
# {
|
2975
|
+
# key: "TagKey", # required
|
2976
|
+
# value: "TagValue", # required
|
2977
|
+
# },
|
2978
|
+
# ],
|
2816
2979
|
# })
|
2817
2980
|
#
|
2818
2981
|
# @example Response structure
|
@@ -2860,9 +3023,8 @@ module Aws::Organizations
|
|
2860
3023
|
# using the AWS Organizations console, API, or CLI commands, the
|
2861
3024
|
# information required of standalone accounts is *not* automatically
|
2862
3025
|
# collected. For each account that you want to make standalone, you
|
2863
|
-
# must
|
2864
|
-
#
|
2865
|
-
# * Accept the end user license agreement (EULA)
|
3026
|
+
# must perform the following steps. If any of the steps are already
|
3027
|
+
# completed for this account, that step doesn't appear.
|
2866
3028
|
#
|
2867
3029
|
# * Choose a support plan
|
2868
3030
|
#
|
@@ -2881,6 +3043,10 @@ module Aws::Organizations
|
|
2881
3043
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
2882
3044
|
# Billing and Cost Management User Guide.*
|
2883
3045
|
#
|
3046
|
+
# * After the account leaves the organization, all tags that were
|
3047
|
+
# attached to the account object in the organization are deleted. AWS
|
3048
|
+
# accounts outside of an organization do not support tags.
|
3049
|
+
#
|
2884
3050
|
#
|
2885
3051
|
#
|
2886
3052
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
@@ -3430,7 +3596,7 @@ module Aws::Organizations
|
|
3430
3596
|
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
3431
3597
|
# resp.create_account_statuses[0].account_id #=> String
|
3432
3598
|
# resp.create_account_statuses[0].gov_cloud_account_id #=> String
|
3433
|
-
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
|
3599
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
3434
3600
|
# resp.next_token #=> String
|
3435
3601
|
#
|
3436
3602
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
@@ -3588,9 +3754,7 @@ module Aws::Organizations
|
|
3588
3754
|
#
|
3589
3755
|
# </note>
|
3590
3756
|
#
|
3591
|
-
# This operation can be called
|
3592
|
-
# account or by a member account that is a delegated administrator for
|
3593
|
-
# an AWS service.
|
3757
|
+
# This operation can be called from any account in the organization.
|
3594
3758
|
#
|
3595
3759
|
# @option params [Types::HandshakeFilter] :filter
|
3596
3760
|
# Filters the handshakes that you want included in the response. The
|
@@ -4497,16 +4661,37 @@ module Aws::Organizations
|
|
4497
4661
|
req.send_request(options)
|
4498
4662
|
end
|
4499
4663
|
|
4500
|
-
# Lists tags
|
4664
|
+
# Lists tags that are attached to the specified resource.
|
4665
|
+
#
|
4666
|
+
# You can attach tags to the following resources in AWS Organizations.
|
4667
|
+
#
|
4668
|
+
# * AWS account
|
4669
|
+
#
|
4670
|
+
# * Organization root
|
4501
4671
|
#
|
4502
|
-
#
|
4672
|
+
# * Organizational unit (OU)
|
4673
|
+
#
|
4674
|
+
# * Policy (any type)
|
4503
4675
|
#
|
4504
4676
|
# This operation can be called only from the organization's master
|
4505
4677
|
# account or by a member account that is a delegated administrator for
|
4506
4678
|
# an AWS service.
|
4507
4679
|
#
|
4508
4680
|
# @option params [required, String] :resource_id
|
4509
|
-
# The ID of the resource
|
4681
|
+
# The ID of the resource with the tags to list.
|
4682
|
+
#
|
4683
|
+
# You can specify any of the following taggable resources.
|
4684
|
+
#
|
4685
|
+
# * AWS account – specify the account ID number.
|
4686
|
+
#
|
4687
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4688
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4689
|
+
#
|
4690
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4691
|
+
# to: `r-1a2b `
|
4692
|
+
#
|
4693
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4694
|
+
# similar to: `p-12abcdefg3 `
|
4510
4695
|
#
|
4511
4696
|
# @option params [String] :next_token
|
4512
4697
|
# The parameter for receiving additional results if you receive a
|
@@ -4798,21 +4983,25 @@ module Aws::Organizations
|
|
4798
4983
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4799
4984
|
# instead.
|
4800
4985
|
#
|
4801
|
-
# You can remove an account from your organization only if the account
|
4802
|
-
#
|
4803
|
-
# account. When you create an account in an organization
|
4804
|
-
# Organizations console, API, or CLI commands, the
|
4805
|
-
# of standalone accounts is *not* automatically
|
4806
|
-
# account that you want to make standalone, you must
|
4807
|
-
#
|
4808
|
-
#
|
4809
|
-
#
|
4810
|
-
#
|
4811
|
-
#
|
4812
|
-
#
|
4813
|
-
#
|
4814
|
-
#
|
4815
|
-
#
|
4986
|
+
# * You can remove an account from your organization only if the account
|
4987
|
+
# is configured with the information required to operate as a
|
4988
|
+
# standalone account. When you create an account in an organization
|
4989
|
+
# using the AWS Organizations console, API, or CLI commands, the
|
4990
|
+
# information required of standalone accounts is *not* automatically
|
4991
|
+
# collected. For an account that you want to make standalone, you must
|
4992
|
+
# choose a support plan, provide and verify the required contact
|
4993
|
+
# information, and provide a current payment method. AWS uses the
|
4994
|
+
# payment method to charge for any billable (not free tier) AWS
|
4995
|
+
# activity that occurs while the account isn't attached to an
|
4996
|
+
# organization. To remove an account that doesn't yet have this
|
4997
|
+
# information, you must sign in as the member account and follow the
|
4998
|
+
# steps at [ To leave an organization when all required account
|
4999
|
+
# information has not yet been provided][1] in the *AWS Organizations
|
5000
|
+
# User Guide.*
|
5001
|
+
#
|
5002
|
+
# * After the account leaves the organization, all tags that were
|
5003
|
+
# attached to the account object in the organization are deleted. AWS
|
5004
|
+
# accounts outside of an organization do not support tags.
|
4816
5005
|
#
|
4817
5006
|
#
|
4818
5007
|
#
|
@@ -4857,7 +5046,16 @@ module Aws::Organizations
|
|
4857
5046
|
|
4858
5047
|
# Adds one or more tags to the specified resource.
|
4859
5048
|
#
|
4860
|
-
# Currently, you can
|
5049
|
+
# Currently, you can attach tags to the following resources in AWS
|
5050
|
+
# Organizations.
|
5051
|
+
#
|
5052
|
+
# * AWS account
|
5053
|
+
#
|
5054
|
+
# * Organization root
|
5055
|
+
#
|
5056
|
+
# * Organizational unit (OU)
|
5057
|
+
#
|
5058
|
+
# * Policy (any type)
|
4861
5059
|
#
|
4862
5060
|
# This operation can be called only from the organization's master
|
4863
5061
|
# account.
|
@@ -4866,9 +5064,30 @@ module Aws::Organizations
|
|
4866
5064
|
# The ID of the resource to add a tag to.
|
4867
5065
|
#
|
4868
5066
|
# @option params [required, Array<Types::Tag>] :tags
|
4869
|
-
#
|
4870
|
-
#
|
4871
|
-
#
|
5067
|
+
# A list of tags to add to the specified resource.
|
5068
|
+
#
|
5069
|
+
# You can specify any of the following taggable resources.
|
5070
|
+
#
|
5071
|
+
# * AWS account – specify the account ID number.
|
5072
|
+
#
|
5073
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5074
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5075
|
+
#
|
5076
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5077
|
+
# to: `r-1a2b `
|
5078
|
+
#
|
5079
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5080
|
+
# similar to: `p-12abcdefg3 `
|
5081
|
+
#
|
5082
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
5083
|
+
# You can set the value to an empty string, but you can't set it to
|
5084
|
+
# `null`.
|
5085
|
+
#
|
5086
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
5087
|
+
# of tags for an account user, then the entire request fails and the
|
5088
|
+
# account is not created.
|
5089
|
+
#
|
5090
|
+
# </note>
|
4872
5091
|
#
|
4873
5092
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4874
5093
|
#
|
@@ -4893,18 +5112,39 @@ module Aws::Organizations
|
|
4893
5112
|
req.send_request(options)
|
4894
5113
|
end
|
4895
5114
|
|
4896
|
-
# Removes
|
5115
|
+
# Removes any tags with the specified keys from the specified resource.
|
5116
|
+
#
|
5117
|
+
# You can attach tags to the following resources in AWS Organizations.
|
5118
|
+
#
|
5119
|
+
# * AWS account
|
4897
5120
|
#
|
4898
|
-
#
|
5121
|
+
# * Organization root
|
5122
|
+
#
|
5123
|
+
# * Organizational unit (OU)
|
5124
|
+
#
|
5125
|
+
# * Policy (any type)
|
4899
5126
|
#
|
4900
5127
|
# This operation can be called only from the organization's master
|
4901
5128
|
# account.
|
4902
5129
|
#
|
4903
5130
|
# @option params [required, String] :resource_id
|
4904
|
-
# The ID of the resource to remove
|
5131
|
+
# The ID of the resource to remove a tag from.
|
5132
|
+
#
|
5133
|
+
# You can specify any of the following taggable resources.
|
5134
|
+
#
|
5135
|
+
# * AWS account – specify the account ID number.
|
5136
|
+
#
|
5137
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5138
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5139
|
+
#
|
5140
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5141
|
+
# to: `r-1a2b `
|
5142
|
+
#
|
5143
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5144
|
+
# similar to: `p-12abcdefg3 `
|
4905
5145
|
#
|
4906
5146
|
# @option params [required, Array<String>] :tag_keys
|
4907
|
-
# The
|
5147
|
+
# The list of keys for tags to remove from the specified resource.
|
4908
5148
|
#
|
4909
5149
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4910
5150
|
#
|
@@ -5137,7 +5377,7 @@ module Aws::Organizations
|
|
5137
5377
|
params: params,
|
5138
5378
|
config: config)
|
5139
5379
|
context[:gem_name] = 'aws-sdk-organizations'
|
5140
|
-
context[:gem_version] = '1.
|
5380
|
+
context[:gem_version] = '1.51.0'
|
5141
5381
|
Seahorse::Client::Request.new(handlers, context)
|
5142
5382
|
end
|
5143
5383
|
|
@@ -312,6 +312,7 @@ module Aws::Organizations
|
|
312
312
|
CreateAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
|
313
313
|
CreateAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
|
314
314
|
CreateAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
|
315
|
+
CreateAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
315
316
|
CreateAccountRequest.struct_class = Types::CreateAccountRequest
|
316
317
|
|
317
318
|
CreateAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
|
@@ -338,6 +339,7 @@ module Aws::Organizations
|
|
338
339
|
CreateGovCloudAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
|
339
340
|
CreateGovCloudAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
|
340
341
|
CreateGovCloudAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
|
342
|
+
CreateGovCloudAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
341
343
|
CreateGovCloudAccountRequest.struct_class = Types::CreateGovCloudAccountRequest
|
342
344
|
|
343
345
|
CreateGovCloudAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
|
@@ -351,6 +353,7 @@ module Aws::Organizations
|
|
351
353
|
|
352
354
|
CreateOrganizationalUnitRequest.add_member(:parent_id, Shapes::ShapeRef.new(shape: ParentId, required: true, location_name: "ParentId"))
|
353
355
|
CreateOrganizationalUnitRequest.add_member(:name, Shapes::ShapeRef.new(shape: OrganizationalUnitName, required: true, location_name: "Name"))
|
356
|
+
CreateOrganizationalUnitRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
354
357
|
CreateOrganizationalUnitRequest.struct_class = Types::CreateOrganizationalUnitRequest
|
355
358
|
|
356
359
|
CreateOrganizationalUnitResponse.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: OrganizationalUnit, location_name: "OrganizationalUnit"))
|
@@ -360,6 +363,7 @@ module Aws::Organizations
|
|
360
363
|
CreatePolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: PolicyDescription, required: true, location_name: "Description"))
|
361
364
|
CreatePolicyRequest.add_member(:name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "Name"))
|
362
365
|
CreatePolicyRequest.add_member(:type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "Type"))
|
366
|
+
CreatePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
363
367
|
CreatePolicyRequest.struct_class = Types::CreatePolicyRequest
|
364
368
|
|
365
369
|
CreatePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
@@ -552,6 +556,7 @@ module Aws::Organizations
|
|
552
556
|
|
553
557
|
InviteAccountToOrganizationRequest.add_member(:target, Shapes::ShapeRef.new(shape: HandshakeParty, required: true, location_name: "Target"))
|
554
558
|
InviteAccountToOrganizationRequest.add_member(:notes, Shapes::ShapeRef.new(shape: HandshakeNotes, location_name: "Notes"))
|
559
|
+
InviteAccountToOrganizationRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
555
560
|
InviteAccountToOrganizationRequest.struct_class = Types::InviteAccountToOrganizationRequest
|
556
561
|
|
557
562
|
InviteAccountToOrganizationResponse.add_member(:handshake, Shapes::ShapeRef.new(shape: Handshake, location_name: "Handshake"))
|
@@ -1322,6 +1327,7 @@ module Aws::Organizations
|
|
1322
1327
|
o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
|
1323
1328
|
o.errors << Shapes::ShapeRef.new(shape: HandshakeConstraintViolationException)
|
1324
1329
|
o.errors << Shapes::ShapeRef.new(shape: DuplicateHandshakeException)
|
1330
|
+
o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
|
1325
1331
|
o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
|
1326
1332
|
o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
|
1327
1333
|
o.errors << Shapes::ShapeRef.new(shape: ServiceException)
|
@@ -597,6 +597,12 @@ module Aws::Organizations
|
|
597
597
|
# account_name: "AccountName", # required
|
598
598
|
# role_name: "RoleName",
|
599
599
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
600
|
+
# tags: [
|
601
|
+
# {
|
602
|
+
# key: "TagKey", # required
|
603
|
+
# value: "TagValue", # required
|
604
|
+
# },
|
605
|
+
# ],
|
600
606
|
# }
|
601
607
|
#
|
602
608
|
# @!attribute [rw] email
|
@@ -660,13 +666,32 @@ module Aws::Organizations
|
|
660
666
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
661
667
|
# @return [String]
|
662
668
|
#
|
669
|
+
# @!attribute [rw] tags
|
670
|
+
# A list of tags that you want to attach to the newly created account.
|
671
|
+
# For each tag in the list, you must specify both a tag key and a
|
672
|
+
# value. You can set the value to an empty string, but you can't set
|
673
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
674
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
675
|
+
#
|
676
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
677
|
+
# number of tags for an account, then the entire request fails and the
|
678
|
+
# account is not created.
|
679
|
+
#
|
680
|
+
# </note>
|
681
|
+
#
|
682
|
+
#
|
683
|
+
#
|
684
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
685
|
+
# @return [Array<Types::Tag>]
|
686
|
+
#
|
663
687
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountRequest AWS API Documentation
|
664
688
|
#
|
665
689
|
class CreateAccountRequest < Struct.new(
|
666
690
|
:email,
|
667
691
|
:account_name,
|
668
692
|
:role_name,
|
669
|
-
:iam_user_access_to_billing
|
693
|
+
:iam_user_access_to_billing,
|
694
|
+
:tags)
|
670
695
|
SENSITIVE = [:email, :account_name]
|
671
696
|
include Aws::Structure
|
672
697
|
end
|
@@ -755,6 +780,9 @@ module Aws::Organizations
|
|
755
780
|
# you have reached the limit on the number of accounts in your
|
756
781
|
# organization.
|
757
782
|
#
|
783
|
+
# * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
|
784
|
+
# with the same information.
|
785
|
+
#
|
758
786
|
# * EMAIL\_ALREADY\_EXISTS: The account could not be created because
|
759
787
|
# another AWS account with that email address already exists.
|
760
788
|
#
|
@@ -771,6 +799,12 @@ module Aws::Organizations
|
|
771
799
|
# * INTERNAL\_FAILURE: The account could not be created because of an
|
772
800
|
# internal failure. Try again later. If the problem persists,
|
773
801
|
# contact Customer Support.
|
802
|
+
#
|
803
|
+
# * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
|
804
|
+
# organization has not received Business Validation.
|
805
|
+
#
|
806
|
+
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
|
807
|
+
# account with a valid payment method, such as a credit card.
|
774
808
|
# @return [String]
|
775
809
|
#
|
776
810
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
|
@@ -810,6 +844,12 @@ module Aws::Organizations
|
|
810
844
|
# account_name: "AccountName", # required
|
811
845
|
# role_name: "RoleName",
|
812
846
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
847
|
+
# tags: [
|
848
|
+
# {
|
849
|
+
# key: "TagKey", # required
|
850
|
+
# value: "TagValue", # required
|
851
|
+
# },
|
852
|
+
# ],
|
813
853
|
# }
|
814
854
|
#
|
815
855
|
# @!attribute [rw] email
|
@@ -876,13 +916,37 @@ module Aws::Organizations
|
|
876
916
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
877
917
|
# @return [String]
|
878
918
|
#
|
919
|
+
# @!attribute [rw] tags
|
920
|
+
# A list of tags that you want to attach to the newly created account.
|
921
|
+
# These tags are attached to the commercial account associated with
|
922
|
+
# the GovCloud account, and not to the GovCloud account itself. To add
|
923
|
+
# tags to the actual GovCloud account, call the TagResource operation
|
924
|
+
# in the GovCloud region after the new GovCloud account exists.
|
925
|
+
#
|
926
|
+
# For each tag in the list, you must specify both a tag key and a
|
927
|
+
# value. You can set the value to an empty string, but you can't set
|
928
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
929
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
930
|
+
#
|
931
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
932
|
+
# number of tags for an account, then the entire request fails and the
|
933
|
+
# account is not created.
|
934
|
+
#
|
935
|
+
# </note>
|
936
|
+
#
|
937
|
+
#
|
938
|
+
#
|
939
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
940
|
+
# @return [Array<Types::Tag>]
|
941
|
+
#
|
879
942
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountRequest AWS API Documentation
|
880
943
|
#
|
881
944
|
class CreateGovCloudAccountRequest < Struct.new(
|
882
945
|
:email,
|
883
946
|
:account_name,
|
884
947
|
:role_name,
|
885
|
-
:iam_user_access_to_billing
|
948
|
+
:iam_user_access_to_billing,
|
949
|
+
:tags)
|
886
950
|
SENSITIVE = [:email, :account_name]
|
887
951
|
include Aws::Structure
|
888
952
|
end
|
@@ -959,6 +1023,12 @@ module Aws::Organizations
|
|
959
1023
|
# {
|
960
1024
|
# parent_id: "ParentId", # required
|
961
1025
|
# name: "OrganizationalUnitName", # required
|
1026
|
+
# tags: [
|
1027
|
+
# {
|
1028
|
+
# key: "TagKey", # required
|
1029
|
+
# value: "TagValue", # required
|
1030
|
+
# },
|
1031
|
+
# ],
|
962
1032
|
# }
|
963
1033
|
#
|
964
1034
|
# @!attribute [rw] parent_id
|
@@ -986,11 +1056,30 @@ module Aws::Organizations
|
|
986
1056
|
# The friendly name to assign to the new OU.
|
987
1057
|
# @return [String]
|
988
1058
|
#
|
1059
|
+
# @!attribute [rw] tags
|
1060
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1061
|
+
# each tag in the list, you must specify both a tag key and a value.
|
1062
|
+
# You can set the value to an empty string, but you can't set it to
|
1063
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1064
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1065
|
+
#
|
1066
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1067
|
+
# number of tags for an OU, then the entire request fails and the OU
|
1068
|
+
# is not created.
|
1069
|
+
#
|
1070
|
+
# </note>
|
1071
|
+
#
|
1072
|
+
#
|
1073
|
+
#
|
1074
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1075
|
+
# @return [Array<Types::Tag>]
|
1076
|
+
#
|
989
1077
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitRequest AWS API Documentation
|
990
1078
|
#
|
991
1079
|
class CreateOrganizationalUnitRequest < Struct.new(
|
992
1080
|
:parent_id,
|
993
|
-
:name
|
1081
|
+
:name,
|
1082
|
+
:tags)
|
994
1083
|
SENSITIVE = []
|
995
1084
|
include Aws::Structure
|
996
1085
|
end
|
@@ -1015,6 +1104,12 @@ module Aws::Organizations
|
|
1015
1104
|
# description: "PolicyDescription", # required
|
1016
1105
|
# name: "PolicyName", # required
|
1017
1106
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1107
|
+
# tags: [
|
1108
|
+
# {
|
1109
|
+
# key: "TagKey", # required
|
1110
|
+
# value: "TagValue", # required
|
1111
|
+
# },
|
1112
|
+
# ],
|
1018
1113
|
# }
|
1019
1114
|
#
|
1020
1115
|
# @!attribute [rw] content
|
@@ -1058,13 +1153,32 @@ module Aws::Organizations
|
|
1058
1153
|
# [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1059
1154
|
# @return [String]
|
1060
1155
|
#
|
1156
|
+
# @!attribute [rw] tags
|
1157
|
+
# A list of tags that you want to attach to the newly created policy.
|
1158
|
+
# For each tag in the list, you must specify both a tag key and a
|
1159
|
+
# value. You can set the value to an empty string, but you can't set
|
1160
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
1161
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1162
|
+
#
|
1163
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1164
|
+
# number of tags for a policy, then the entire request fails and the
|
1165
|
+
# policy is not created.
|
1166
|
+
#
|
1167
|
+
# </note>
|
1168
|
+
#
|
1169
|
+
#
|
1170
|
+
#
|
1171
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1172
|
+
# @return [Array<Types::Tag>]
|
1173
|
+
#
|
1061
1174
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
|
1062
1175
|
#
|
1063
1176
|
class CreatePolicyRequest < Struct.new(
|
1064
1177
|
:content,
|
1065
1178
|
:description,
|
1066
1179
|
:name,
|
1067
|
-
:type
|
1180
|
+
:type,
|
1181
|
+
:tags)
|
1068
1182
|
SENSITIVE = []
|
1069
1183
|
include Aws::Structure
|
1070
1184
|
end
|
@@ -2339,6 +2453,9 @@ module Aws::Organizations
|
|
2339
2453
|
#
|
2340
2454
|
# </note>
|
2341
2455
|
#
|
2456
|
+
# * DUPLICATE\_TAG\_KEY: Tag keys must be unique among the tags attached
|
2457
|
+
# to the same entity.
|
2458
|
+
#
|
2342
2459
|
# * IMMUTABLE\_POLICY: You specified a policy that is managed by AWS and
|
2343
2460
|
# can't be modified.
|
2344
2461
|
#
|
@@ -2347,6 +2464,9 @@ module Aws::Organizations
|
|
2347
2464
|
#
|
2348
2465
|
# * INVALID\_ENUM: You specified an invalid value.
|
2349
2466
|
#
|
2467
|
+
# * INVALID\_ENUM\_POLICY\_TYPE: You specified an invalid policy type
|
2468
|
+
# string.
|
2469
|
+
#
|
2350
2470
|
# * INVALID\_FULL\_NAME\_TARGET: You specified a full name that contains
|
2351
2471
|
# invalid characters.
|
2352
2472
|
#
|
@@ -2396,6 +2516,12 @@ module Aws::Organizations
|
|
2396
2516
|
# * MOVING\_ACCOUNT\_BETWEEN\_DIFFERENT\_ROOTS: You can move an account
|
2397
2517
|
# only between entities in the same root.
|
2398
2518
|
#
|
2519
|
+
# * TARGET\_NOT\_SUPPORTED: You can't perform the specified operation
|
2520
|
+
# on that target entity.
|
2521
|
+
#
|
2522
|
+
# * UNRECOGNIZED\_SERVICE\_PRINCIPAL: You specified a service principal
|
2523
|
+
# that isn't recognized.
|
2524
|
+
#
|
2399
2525
|
# @!attribute [rw] message
|
2400
2526
|
# @return [String]
|
2401
2527
|
#
|
@@ -2420,6 +2546,12 @@ module Aws::Organizations
|
|
2420
2546
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2421
2547
|
# },
|
2422
2548
|
# notes: "HandshakeNotes",
|
2549
|
+
# tags: [
|
2550
|
+
# {
|
2551
|
+
# key: "TagKey", # required
|
2552
|
+
# value: "TagValue", # required
|
2553
|
+
# },
|
2554
|
+
# ],
|
2423
2555
|
# }
|
2424
2556
|
#
|
2425
2557
|
# @!attribute [rw] target
|
@@ -2446,11 +2578,40 @@ module Aws::Organizations
|
|
2446
2578
|
# email to the recipient account owner.
|
2447
2579
|
# @return [String]
|
2448
2580
|
#
|
2581
|
+
# @!attribute [rw] tags
|
2582
|
+
# A list of tags that you want to attach to the account when it
|
2583
|
+
# becomes a member of the organization. For each tag in the list, you
|
2584
|
+
# must specify both a tag key and a value. You can set the value to an
|
2585
|
+
# empty string, but you can't set it to `null`. For more information
|
2586
|
+
# about tagging, see [Tagging AWS Organizations resources][1] in the
|
2587
|
+
# AWS Organizations User Guide.
|
2588
|
+
#
|
2589
|
+
# Any tags in the request are checked for compliance with any
|
2590
|
+
# applicable tag policies when the request is made. The request is
|
2591
|
+
# rejected if the tags in the request don't match the requirements of
|
2592
|
+
# the policy at that time. Tag policy compliance is <i> <b>not</b>
|
2593
|
+
# </i> checked again when the invitation is accepted and the tags are
|
2594
|
+
# actually attached to the account. That means that if the tag policy
|
2595
|
+
# changes between the invitation and the acceptance, then that tags
|
2596
|
+
# could potentially be non-compliant.
|
2597
|
+
#
|
2598
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
2599
|
+
# number of tags for an account, then the entire request fails and
|
2600
|
+
# invitations are not sent.
|
2601
|
+
#
|
2602
|
+
# </note>
|
2603
|
+
#
|
2604
|
+
#
|
2605
|
+
#
|
2606
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2607
|
+
# @return [Array<Types::Tag>]
|
2608
|
+
#
|
2449
2609
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationRequest AWS API Documentation
|
2450
2610
|
#
|
2451
2611
|
class InviteAccountToOrganizationRequest < Struct.new(
|
2452
2612
|
:target,
|
2453
|
-
:notes
|
2613
|
+
:notes,
|
2614
|
+
:tags)
|
2454
2615
|
SENSITIVE = [:notes]
|
2455
2616
|
include Aws::Structure
|
2456
2617
|
end
|
@@ -3519,7 +3680,20 @@ module Aws::Organizations
|
|
3519
3680
|
# }
|
3520
3681
|
#
|
3521
3682
|
# @!attribute [rw] resource_id
|
3522
|
-
# The ID of the resource
|
3683
|
+
# The ID of the resource with the tags to list.
|
3684
|
+
#
|
3685
|
+
# You can specify any of the following taggable resources.
|
3686
|
+
#
|
3687
|
+
# * AWS account – specify the account ID number.
|
3688
|
+
#
|
3689
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
3690
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
3691
|
+
#
|
3692
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
3693
|
+
# to: `r-1a2b `
|
3694
|
+
#
|
3695
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
3696
|
+
# similar to: `p-12abcdefg3 `
|
3523
3697
|
# @return [String]
|
3524
3698
|
#
|
3525
3699
|
# @!attribute [rw] next_token
|
@@ -4419,8 +4593,18 @@ module Aws::Organizations
|
|
4419
4593
|
include Aws::Structure
|
4420
4594
|
end
|
4421
4595
|
|
4422
|
-
# A custom key-value pair associated with a resource
|
4423
|
-
#
|
4596
|
+
# A custom key-value pair associated with a resource within your
|
4597
|
+
# organization.
|
4598
|
+
#
|
4599
|
+
# You can attach tags to any of the following organization resources.
|
4600
|
+
#
|
4601
|
+
# * AWS account
|
4602
|
+
#
|
4603
|
+
# * Organizational unit (OU)
|
4604
|
+
#
|
4605
|
+
# * Organization root
|
4606
|
+
#
|
4607
|
+
# * Policy
|
4424
4608
|
#
|
4425
4609
|
# @note When making an API call, you may pass Tag
|
4426
4610
|
# data as a hash:
|
@@ -4467,9 +4651,30 @@ module Aws::Organizations
|
|
4467
4651
|
# @return [String]
|
4468
4652
|
#
|
4469
4653
|
# @!attribute [rw] tags
|
4470
|
-
#
|
4471
|
-
#
|
4472
|
-
#
|
4654
|
+
# A list of tags to add to the specified resource.
|
4655
|
+
#
|
4656
|
+
# You can specify any of the following taggable resources.
|
4657
|
+
#
|
4658
|
+
# * AWS account – specify the account ID number.
|
4659
|
+
#
|
4660
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4661
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4662
|
+
#
|
4663
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4664
|
+
# to: `r-1a2b `
|
4665
|
+
#
|
4666
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4667
|
+
# similar to: `p-12abcdefg3 `
|
4668
|
+
#
|
4669
|
+
# For each tag in the list, you must specify both a tag key and a
|
4670
|
+
# value. You can set the value to an empty string, but you can't set
|
4671
|
+
# it to `null`.
|
4672
|
+
#
|
4673
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
4674
|
+
# number of tags for an account user, then the entire request fails
|
4675
|
+
# and the account is not created.
|
4676
|
+
#
|
4677
|
+
# </note>
|
4473
4678
|
# @return [Array<Types::Tag>]
|
4474
4679
|
#
|
4475
4680
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
|
@@ -4481,8 +4686,8 @@ module Aws::Organizations
|
|
4481
4686
|
include Aws::Structure
|
4482
4687
|
end
|
4483
4688
|
|
4484
|
-
# We can't find a root, OU, or
|
4485
|
-
# specified.
|
4689
|
+
# We can't find a root, OU, account, or policy with the `TargetId` that
|
4690
|
+
# you specified.
|
4486
4691
|
#
|
4487
4692
|
# @!attribute [rw] message
|
4488
4693
|
# @return [String]
|
@@ -4544,11 +4749,24 @@ module Aws::Organizations
|
|
4544
4749
|
# }
|
4545
4750
|
#
|
4546
4751
|
# @!attribute [rw] resource_id
|
4547
|
-
# The ID of the resource to remove
|
4752
|
+
# The ID of the resource to remove a tag from.
|
4753
|
+
#
|
4754
|
+
# You can specify any of the following taggable resources.
|
4755
|
+
#
|
4756
|
+
# * AWS account – specify the account ID number.
|
4757
|
+
#
|
4758
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4759
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4760
|
+
#
|
4761
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4762
|
+
# to: `r-1a2b `
|
4763
|
+
#
|
4764
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4765
|
+
# similar to: `p-12abcdefg3 `
|
4548
4766
|
# @return [String]
|
4549
4767
|
#
|
4550
4768
|
# @!attribute [rw] tag_keys
|
4551
|
-
# The
|
4769
|
+
# The list of keys for tags to remove from the specified resource.
|
4552
4770
|
# @return [Array<String>]
|
4553
4771
|
#
|
4554
4772
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResourceRequest AWS API Documentation
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-organizations
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.51.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|