aws-sdk-organizations 1.46.0 → 1.51.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8acf3103efb1db953353acd9106b2c9d627fd72df9d1a0d4571e34784cd1dcef
4
- data.tar.gz: dba7cb5f3c6b497476fc03c7eed35cf52b5dcac4b54d4409db4d051182adc417
3
+ metadata.gz: 7b6f5921109742aaa83544abde06a32cae7102b883e54767fe4e5567affe73a6
4
+ data.tar.gz: 0fdaeb797a8f94bca291bedaa02f83098032626aa70e1e304010bbc9926d7b25
5
5
  SHA512:
6
- metadata.gz: b736e9938bd6db6ecfa592f7aa4d8b5b2ceb36c1dfbca0358729abbc1b83e7cbdd2e42565a9b3104611e7e7363d0d43fd2ef7808ab8dac733d286c316113618a
7
- data.tar.gz: a99502472c5734b7614067d7ce3477cd554e216df5eaf3a471729de332b778bf441d3d60979e524b48fc1afeeac41b3e1e154bb0c118744e0c5b2eaf7d8c1afc
6
+ metadata.gz: 40a50363452745e1f6a6ef0aef7f5688754608588f65766d59e5786d40dc54a718ee5d67b404f852459dc5a4a47491dcbee044c82b90ce7f589ec17a87e51fcd
7
+ data.tar.gz: 5bc9c7b9b676bee453d617114739d234a0203ba6ff31298dcb34cb7254f336d96feeb91aaa85ea0cbd5dbb7a829fd2a0401500158f969150dd28bb4a3c24c2cc
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-organizations/customizations'
44
45
  #
45
46
  # See {Errors} for more information.
46
47
  #
47
- # @service
48
+ # @!group service
48
49
  module Aws::Organizations
49
50
 
50
- GEM_VERSION = '1.46.0'
51
+ GEM_VERSION = '1.51.0'
51
52
 
52
53
  end
@@ -85,13 +85,28 @@ module Aws::Organizations
85
85
  # * `Aws::Credentials` - Used for configuring static, non-refreshing
86
86
  # credentials.
87
87
  #
88
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
89
+ # shared file, such as `~/.aws/config`.
90
+ #
91
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
92
+ #
93
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
94
+ # assume a role after providing credentials via the web.
95
+ #
96
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
97
+ # access token generated from `aws login`.
98
+ #
99
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
100
+ # process that outputs to stdout.
101
+ #
88
102
  # * `Aws::InstanceProfileCredentials` - Used for loading credentials
89
103
  # from an EC2 IMDS on an EC2 instance.
90
104
  #
91
- # * `Aws::SharedCredentials` - Used for loading credentials from a
92
- # shared file, such as `~/.aws/config`.
105
+ # * `Aws::ECSCredentials` - Used for loading credentials from
106
+ # instances running in ECS.
93
107
  #
94
- # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
108
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
109
+ # from the Cognito Identity service.
95
110
  #
96
111
  # When `:credentials` are not configured directly, the following
97
112
  # locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::Organizations
101
116
  # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
102
117
  # * `~/.aws/credentials`
103
118
  # * `~/.aws/config`
104
- # * EC2 IMDS instance profile - When used by default, the timeouts are
105
- # very aggressive. Construct and pass an instance of
106
- # `Aws::InstanceProfileCredentails` to enable retries and extended
107
- # timeouts.
119
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
+ # are very aggressive. Construct and pass an instance of
121
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
+ # enable retries and extended timeouts.
108
123
  #
109
124
  # @option options [required, String] :region
110
125
  # The AWS region to connect to. The configured `:region` is
@@ -688,8 +703,6 @@ module Aws::Organizations
688
703
  # [Monitoring the Activity in Your Organization][1] in the *AWS
689
704
  # Organizations User Guide.*
690
705
  #
691
- #
692
- #
693
706
  # The user who calls the API to create an account must have the
694
707
  # `organizations:CreateAccount` permission. If you enabled all features
695
708
  # in the organization, AWS Organizations creates the required
@@ -697,6 +710,9 @@ module Aws::Organizations
697
710
  # information, see [AWS Organizations and Service-Linked Roles][2] in
698
711
  # the *AWS Organizations User Guide*.
699
712
  #
713
+ # If the request includes tags, then the requester must have the
714
+ # `organizations:TagResource` permission.
715
+ #
700
716
  # AWS Organizations preconfigures the new member account with a role
701
717
  # (named `OrganizationAccountAccessRole` by default) that grants users
702
718
  # in the master account administrator permissions in the new member
@@ -812,6 +828,23 @@ module Aws::Organizations
812
828
  #
813
829
  # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
814
830
  #
831
+ # @option params [Array<Types::Tag>] :tags
832
+ # A list of tags that you want to attach to the newly created account.
833
+ # For each tag in the list, you must specify both a tag key and a value.
834
+ # You can set the value to an empty string, but you can't set it to
835
+ # `null`. For more information about tagging, see [Tagging AWS
836
+ # Organizations resources][1] in the AWS Organizations User Guide.
837
+ #
838
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
839
+ # of tags for an account, then the entire request fails and the account
840
+ # is not created.
841
+ #
842
+ # </note>
843
+ #
844
+ #
845
+ #
846
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
847
+ #
815
848
  # @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
816
849
  #
817
850
  # * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
@@ -844,6 +877,12 @@ module Aws::Organizations
844
877
  # account_name: "AccountName", # required
845
878
  # role_name: "RoleName",
846
879
  # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
880
+ # tags: [
881
+ # {
882
+ # key: "TagKey", # required
883
+ # value: "TagValue", # required
884
+ # },
885
+ # ],
847
886
  # })
848
887
  #
849
888
  # @example Response structure
@@ -855,7 +894,7 @@ module Aws::Organizations
855
894
  # resp.create_account_status.completed_timestamp #=> Time
856
895
  # resp.create_account_status.account_id #=> String
857
896
  # resp.create_account_status.gov_cloud_account_id #=> String
858
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
897
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
859
898
  #
860
899
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
861
900
  #
@@ -878,11 +917,12 @@ module Aws::Organizations
878
917
  # * You call this action from the master account of your organization in
879
918
  # the commercial Region.
880
919
  #
881
- # * You have the `organizations:CreateGovCloudAccount` permission. AWS
882
- # Organizations creates the required service-linked role named
883
- # `AWSServiceRoleForOrganizations`. For more information, see [AWS
884
- # Organizations and Service-Linked Roles][2] in the *AWS Organizations
885
- # User Guide.*
920
+ # * You have the `organizations:CreateGovCloudAccount` permission.
921
+ #
922
+ # AWS Organizations automatically creates the required service-linked
923
+ # role named `AWSServiceRoleForOrganizations`. For more information, see
924
+ # [AWS Organizations and Service-Linked Roles][2] in the *AWS
925
+ # Organizations User Guide.*
886
926
  #
887
927
  # AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
888
928
  # accounts, but you should also do the following:
@@ -894,6 +934,13 @@ module Aws::Organizations
894
934
  # For more information, see [Verifying AWS CloudTrail Is Enabled][3]
895
935
  # in the *AWS GovCloud User Guide*.
896
936
  #
937
+ # If the request includes tags, then the requester must have the
938
+ # `organizations:TagResource` permission. The tags are attached to the
939
+ # commercial account associated with the GovCloud account, rather than
940
+ # the GovCloud account itself. To add tags to the GovCloud account, call
941
+ # the TagResource operation in the GovCloud Region after the new
942
+ # GovCloud account exists.
943
+ #
897
944
  # You call this action from the master account of your organization in
898
945
  # the commercial Region to create a standalone AWS account in the AWS
899
946
  # GovCloud (US) Region. After the account is created, the master account
@@ -930,10 +977,10 @@ module Aws::Organizations
930
977
  # allows the master account in the organization in the commercial Region
931
978
  # to assume it. An AWS GovCloud (US) account is then created and
932
979
  # associated with the commercial account that you just created. A role
933
- # is created in the new AWS GovCloud (US) account that can be assumed by
934
- # the AWS GovCloud (US) account that is associated with the master
935
- # account of the commercial organization. For more information and to
936
- # view a diagram that explains how account access works, see [AWS
980
+ # is also created in the new AWS GovCloud (US) account that can be
981
+ # assumed by the AWS GovCloud (US) account that is associated with the
982
+ # master account of the commercial organization. For more information
983
+ # and to view a diagram that explains how account access works, see [AWS
937
984
  # Organizations][4] in the *AWS GovCloud User Guide.*
938
985
  #
939
986
  # For more information about creating accounts, see [Creating an AWS
@@ -1047,6 +1094,28 @@ module Aws::Organizations
1047
1094
  #
1048
1095
  # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
1049
1096
  #
1097
+ # @option params [Array<Types::Tag>] :tags
1098
+ # A list of tags that you want to attach to the newly created account.
1099
+ # These tags are attached to the commercial account associated with the
1100
+ # GovCloud account, and not to the GovCloud account itself. To add tags
1101
+ # to the actual GovCloud account, call the TagResource operation in the
1102
+ # GovCloud region after the new GovCloud account exists.
1103
+ #
1104
+ # For each tag in the list, you must specify both a tag key and a value.
1105
+ # You can set the value to an empty string, but you can't set it to
1106
+ # `null`. For more information about tagging, see [Tagging AWS
1107
+ # Organizations resources][1] in the AWS Organizations User Guide.
1108
+ #
1109
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1110
+ # of tags for an account, then the entire request fails and the account
1111
+ # is not created.
1112
+ #
1113
+ # </note>
1114
+ #
1115
+ #
1116
+ #
1117
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
1118
+ #
1050
1119
  # @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1051
1120
  #
1052
1121
  # * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
@@ -1058,6 +1127,12 @@ module Aws::Organizations
1058
1127
  # account_name: "AccountName", # required
1059
1128
  # role_name: "RoleName",
1060
1129
  # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
1130
+ # tags: [
1131
+ # {
1132
+ # key: "TagKey", # required
1133
+ # value: "TagValue", # required
1134
+ # },
1135
+ # ],
1061
1136
  # })
1062
1137
  #
1063
1138
  # @example Response structure
@@ -1069,7 +1144,7 @@ module Aws::Organizations
1069
1144
  # resp.create_account_status.completed_timestamp #=> Time
1070
1145
  # resp.create_account_status.account_id #=> String
1071
1146
  # resp.create_account_status.gov_cloud_account_id #=> String
1072
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1147
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
1073
1148
  #
1074
1149
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
1075
1150
  #
@@ -1098,7 +1173,7 @@ module Aws::Organizations
1098
1173
  #
1099
1174
  #
1100
1175
  #
1101
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account
1176
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
1102
1177
  #
1103
1178
  # @option params [String] :feature_set
1104
1179
  # Specifies the feature set supported by the new organization. Each
@@ -1215,6 +1290,9 @@ module Aws::Organizations
1215
1290
  # For more information about OUs, see [Managing Organizational Units][1]
1216
1291
  # in the *AWS Organizations User Guide.*
1217
1292
  #
1293
+ # If the request includes tags, then the requester must have the
1294
+ # `organizations:TagResource` permission.
1295
+ #
1218
1296
  # This operation can be called only from the organization's master
1219
1297
  # account.
1220
1298
  #
@@ -1244,6 +1322,23 @@ module Aws::Organizations
1244
1322
  # @option params [required, String] :name
1245
1323
  # The friendly name to assign to the new OU.
1246
1324
  #
1325
+ # @option params [Array<Types::Tag>] :tags
1326
+ # A list of tags that you want to attach to the newly created OU. For
1327
+ # each tag in the list, you must specify both a tag key and a value. You
1328
+ # can set the value to an empty string, but you can't set it to `null`.
1329
+ # For more information about tagging, see [Tagging AWS Organizations
1330
+ # resources][1] in the AWS Organizations User Guide.
1331
+ #
1332
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1333
+ # of tags for an OU, then the entire request fails and the OU is not
1334
+ # created.
1335
+ #
1336
+ # </note>
1337
+ #
1338
+ #
1339
+ #
1340
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
1341
+ #
1247
1342
  # @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1248
1343
  #
1249
1344
  # * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
@@ -1272,6 +1367,12 @@ module Aws::Organizations
1272
1367
  # resp = client.create_organizational_unit({
1273
1368
  # parent_id: "ParentId", # required
1274
1369
  # name: "OrganizationalUnitName", # required
1370
+ # tags: [
1371
+ # {
1372
+ # key: "TagKey", # required
1373
+ # value: "TagValue", # required
1374
+ # },
1375
+ # ],
1275
1376
  # })
1276
1377
  #
1277
1378
  # @example Response structure
@@ -1295,6 +1396,9 @@ module Aws::Organizations
1295
1396
  # For more information about policies and their use, see [Managing
1296
1397
  # Organization Policies][1].
1297
1398
  #
1399
+ # If the request includes tags, then the requester must have the
1400
+ # `organizations:TagResource` permission.
1401
+ #
1298
1402
  # This operation can be called only from the organization's master
1299
1403
  # account.
1300
1404
  #
@@ -1339,6 +1443,23 @@ module Aws::Organizations
1339
1443
  # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
1340
1444
  # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1341
1445
  #
1446
+ # @option params [Array<Types::Tag>] :tags
1447
+ # A list of tags that you want to attach to the newly created policy.
1448
+ # For each tag in the list, you must specify both a tag key and a value.
1449
+ # You can set the value to an empty string, but you can't set it to
1450
+ # `null`. For more information about tagging, see [Tagging AWS
1451
+ # Organizations resources][1] in the AWS Organizations User Guide.
1452
+ #
1453
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
1454
+ # of tags for a policy, then the entire request fails and the policy is
1455
+ # not created.
1456
+ #
1457
+ # </note>
1458
+ #
1459
+ #
1460
+ #
1461
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
1462
+ #
1342
1463
  # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1343
1464
  #
1344
1465
  # * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1378,6 +1499,12 @@ module Aws::Organizations
1378
1499
  # description: "PolicyDescription", # required
1379
1500
  # name: "PolicyName", # required
1380
1501
  # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1502
+ # tags: [
1503
+ # {
1504
+ # key: "TagKey", # required
1505
+ # value: "TagValue", # required
1506
+ # },
1507
+ # ],
1381
1508
  # })
1382
1509
  #
1383
1510
  # @example Response structure
@@ -1800,7 +1927,7 @@ module Aws::Organizations
1800
1927
  # resp.create_account_status.completed_timestamp #=> Time
1801
1928
  # resp.create_account_status.account_id #=> String
1802
1929
  # resp.create_account_status.gov_cloud_account_id #=> String
1803
- # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
1930
+ # resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
1804
1931
  #
1805
1932
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
1806
1933
  #
@@ -2711,6 +2838,9 @@ module Aws::Organizations
2711
2838
  # then try again. If the error persists after an hour, contact [AWS
2712
2839
  # Support][2].
2713
2840
  #
2841
+ # If the request includes tags, then the requester must have the
2842
+ # `organizations:TagResource` permission.
2843
+ #
2714
2844
  # This operation can be called only from the organization's master
2715
2845
  # account.
2716
2846
  #
@@ -2741,6 +2871,33 @@ module Aws::Organizations
2741
2871
  # Additional information that you want to include in the generated email
2742
2872
  # to the recipient account owner.
2743
2873
  #
2874
+ # @option params [Array<Types::Tag>] :tags
2875
+ # A list of tags that you want to attach to the account when it becomes
2876
+ # a member of the organization. For each tag in the list, you must
2877
+ # specify both a tag key and a value. You can set the value to an empty
2878
+ # string, but you can't set it to `null`. For more information about
2879
+ # tagging, see [Tagging AWS Organizations resources][1] in the AWS
2880
+ # Organizations User Guide.
2881
+ #
2882
+ # Any tags in the request are checked for compliance with any applicable
2883
+ # tag policies when the request is made. The request is rejected if the
2884
+ # tags in the request don't match the requirements of the policy at
2885
+ # that time. Tag policy compliance is <i> <b>not</b> </i> checked again
2886
+ # when the invitation is accepted and the tags are actually attached to
2887
+ # the account. That means that if the tag policy changes between the
2888
+ # invitation and the acceptance, then that tags could potentially be
2889
+ # non-compliant.
2890
+ #
2891
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
2892
+ # of tags for an account, then the entire request fails and invitations
2893
+ # are not sent.
2894
+ #
2895
+ # </note>
2896
+ #
2897
+ #
2898
+ #
2899
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
2900
+ #
2744
2901
  # @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2745
2902
  #
2746
2903
  # * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
@@ -2813,6 +2970,12 @@ module Aws::Organizations
2813
2970
  # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
2814
2971
  # },
2815
2972
  # notes: "HandshakeNotes",
2973
+ # tags: [
2974
+ # {
2975
+ # key: "TagKey", # required
2976
+ # value: "TagValue", # required
2977
+ # },
2978
+ # ],
2816
2979
  # })
2817
2980
  #
2818
2981
  # @example Response structure
@@ -2860,9 +3023,8 @@ module Aws::Organizations
2860
3023
  # using the AWS Organizations console, API, or CLI commands, the
2861
3024
  # information required of standalone accounts is *not* automatically
2862
3025
  # collected. For each account that you want to make standalone, you
2863
- # must do the following steps:
2864
- #
2865
- # * Accept the end user license agreement (EULA)
3026
+ # must perform the following steps. If any of the steps are already
3027
+ # completed for this account, that step doesn't appear.
2866
3028
  #
2867
3029
  # * Choose a support plan
2868
3030
  #
@@ -2881,6 +3043,10 @@ module Aws::Organizations
2881
3043
  # Access to the Billing and Cost Management Console][2] in the *AWS
2882
3044
  # Billing and Cost Management User Guide.*
2883
3045
  #
3046
+ # * After the account leaves the organization, all tags that were
3047
+ # attached to the account object in the organization are deleted. AWS
3048
+ # accounts outside of an organization do not support tags.
3049
+ #
2884
3050
  #
2885
3051
  #
2886
3052
  # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
@@ -3430,7 +3596,7 @@ module Aws::Organizations
3430
3596
  # resp.create_account_statuses[0].completed_timestamp #=> Time
3431
3597
  # resp.create_account_statuses[0].account_id #=> String
3432
3598
  # resp.create_account_statuses[0].gov_cloud_account_id #=> String
3433
- # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
3599
+ # resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
3434
3600
  # resp.next_token #=> String
3435
3601
  #
3436
3602
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -3588,9 +3754,7 @@ module Aws::Organizations
3588
3754
  #
3589
3755
  # </note>
3590
3756
  #
3591
- # This operation can be called only from the organization's master
3592
- # account or by a member account that is a delegated administrator for
3593
- # an AWS service.
3757
+ # This operation can be called from any account in the organization.
3594
3758
  #
3595
3759
  # @option params [Types::HandshakeFilter] :filter
3596
3760
  # Filters the handshakes that you want included in the response. The
@@ -4497,16 +4661,37 @@ module Aws::Organizations
4497
4661
  req.send_request(options)
4498
4662
  end
4499
4663
 
4500
- # Lists tags for the specified resource.
4664
+ # Lists tags that are attached to the specified resource.
4665
+ #
4666
+ # You can attach tags to the following resources in AWS Organizations.
4667
+ #
4668
+ # * AWS account
4669
+ #
4670
+ # * Organization root
4501
4671
  #
4502
- # Currently, you can list tags on an account in AWS Organizations.
4672
+ # * Organizational unit (OU)
4673
+ #
4674
+ # * Policy (any type)
4503
4675
  #
4504
4676
  # This operation can be called only from the organization's master
4505
4677
  # account or by a member account that is a delegated administrator for
4506
4678
  # an AWS service.
4507
4679
  #
4508
4680
  # @option params [required, String] :resource_id
4509
- # The ID of the resource that you want to retrieve tags for.
4681
+ # The ID of the resource with the tags to list.
4682
+ #
4683
+ # You can specify any of the following taggable resources.
4684
+ #
4685
+ # * AWS account – specify the account ID number.
4686
+ #
4687
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
4688
+ # looks similar to: `ou-1a2b-34uvwxyz `
4689
+ #
4690
+ # * Root – specify the root ID that begins with `r-` and looks similar
4691
+ # to: `r-1a2b `
4692
+ #
4693
+ # * Policy – specify the policy ID that begins with `p-` andlooks
4694
+ # similar to: `p-12abcdefg3 `
4510
4695
  #
4511
4696
  # @option params [String] :next_token
4512
4697
  # The parameter for receiving additional results if you receive a
@@ -4798,21 +4983,25 @@ module Aws::Organizations
4798
4983
  # account. Member accounts can remove themselves with LeaveOrganization
4799
4984
  # instead.
4800
4985
  #
4801
- # You can remove an account from your organization only if the account
4802
- # is configured with the information required to operate as a standalone
4803
- # account. When you create an account in an organization using the AWS
4804
- # Organizations console, API, or CLI commands, the information required
4805
- # of standalone accounts is *not* automatically collected. For an
4806
- # account that you want to make standalone, you must accept the end user
4807
- # license agreement (EULA), choose a support plan, provide and verify
4808
- # the required contact information, and provide a current payment
4809
- # method. AWS uses the payment method to charge for any billable (not
4810
- # free tier) AWS activity that occurs while the account isn't attached
4811
- # to an organization. To remove an account that doesn't yet have this
4812
- # information, you must sign in as the member account and follow the
4813
- # steps at [ To leave an organization when all required account
4814
- # information has not yet been provided][1] in the *AWS Organizations
4815
- # User Guide.*
4986
+ # * You can remove an account from your organization only if the account
4987
+ # is configured with the information required to operate as a
4988
+ # standalone account. When you create an account in an organization
4989
+ # using the AWS Organizations console, API, or CLI commands, the
4990
+ # information required of standalone accounts is *not* automatically
4991
+ # collected. For an account that you want to make standalone, you must
4992
+ # choose a support plan, provide and verify the required contact
4993
+ # information, and provide a current payment method. AWS uses the
4994
+ # payment method to charge for any billable (not free tier) AWS
4995
+ # activity that occurs while the account isn't attached to an
4996
+ # organization. To remove an account that doesn't yet have this
4997
+ # information, you must sign in as the member account and follow the
4998
+ # steps at [ To leave an organization when all required account
4999
+ # information has not yet been provided][1] in the *AWS Organizations
5000
+ # User Guide.*
5001
+ #
5002
+ # * After the account leaves the organization, all tags that were
5003
+ # attached to the account object in the organization are deleted. AWS
5004
+ # accounts outside of an organization do not support tags.
4816
5005
  #
4817
5006
  #
4818
5007
  #
@@ -4857,7 +5046,16 @@ module Aws::Organizations
4857
5046
 
4858
5047
  # Adds one or more tags to the specified resource.
4859
5048
  #
4860
- # Currently, you can tag and untag accounts in AWS Organizations.
5049
+ # Currently, you can attach tags to the following resources in AWS
5050
+ # Organizations.
5051
+ #
5052
+ # * AWS account
5053
+ #
5054
+ # * Organization root
5055
+ #
5056
+ # * Organizational unit (OU)
5057
+ #
5058
+ # * Policy (any type)
4861
5059
  #
4862
5060
  # This operation can be called only from the organization's master
4863
5061
  # account.
@@ -4866,9 +5064,30 @@ module Aws::Organizations
4866
5064
  # The ID of the resource to add a tag to.
4867
5065
  #
4868
5066
  # @option params [required, Array<Types::Tag>] :tags
4869
- # The tag to add to the specified resource. You must specify both a tag
4870
- # key and value. You can set the value of a tag to an empty string, but
4871
- # you can't set it to null.
5067
+ # A list of tags to add to the specified resource.
5068
+ #
5069
+ # You can specify any of the following taggable resources.
5070
+ #
5071
+ # * AWS account – specify the account ID number.
5072
+ #
5073
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
5074
+ # looks similar to: `ou-1a2b-34uvwxyz `
5075
+ #
5076
+ # * Root – specify the root ID that begins with `r-` and looks similar
5077
+ # to: `r-1a2b `
5078
+ #
5079
+ # * Policy – specify the policy ID that begins with `p-` andlooks
5080
+ # similar to: `p-12abcdefg3 `
5081
+ #
5082
+ # For each tag in the list, you must specify both a tag key and a value.
5083
+ # You can set the value to an empty string, but you can't set it to
5084
+ # `null`.
5085
+ #
5086
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
5087
+ # of tags for an account user, then the entire request fails and the
5088
+ # account is not created.
5089
+ #
5090
+ # </note>
4872
5091
  #
4873
5092
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4874
5093
  #
@@ -4893,18 +5112,39 @@ module Aws::Organizations
4893
5112
  req.send_request(options)
4894
5113
  end
4895
5114
 
4896
- # Removes a tag from the specified resource.
5115
+ # Removes any tags with the specified keys from the specified resource.
5116
+ #
5117
+ # You can attach tags to the following resources in AWS Organizations.
5118
+ #
5119
+ # * AWS account
4897
5120
  #
4898
- # Currently, you can tag and untag accounts in AWS Organizations.
5121
+ # * Organization root
5122
+ #
5123
+ # * Organizational unit (OU)
5124
+ #
5125
+ # * Policy (any type)
4899
5126
  #
4900
5127
  # This operation can be called only from the organization's master
4901
5128
  # account.
4902
5129
  #
4903
5130
  # @option params [required, String] :resource_id
4904
- # The ID of the resource to remove the tag from.
5131
+ # The ID of the resource to remove a tag from.
5132
+ #
5133
+ # You can specify any of the following taggable resources.
5134
+ #
5135
+ # * AWS account – specify the account ID number.
5136
+ #
5137
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
5138
+ # looks similar to: `ou-1a2b-34uvwxyz `
5139
+ #
5140
+ # * Root – specify the root ID that begins with `r-` and looks similar
5141
+ # to: `r-1a2b `
5142
+ #
5143
+ # * Policy – specify the policy ID that begins with `p-` andlooks
5144
+ # similar to: `p-12abcdefg3 `
4905
5145
  #
4906
5146
  # @option params [required, Array<String>] :tag_keys
4907
- # The tag to remove from the specified resource.
5147
+ # The list of keys for tags to remove from the specified resource.
4908
5148
  #
4909
5149
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4910
5150
  #
@@ -5137,7 +5377,7 @@ module Aws::Organizations
5137
5377
  params: params,
5138
5378
  config: config)
5139
5379
  context[:gem_name] = 'aws-sdk-organizations'
5140
- context[:gem_version] = '1.46.0'
5380
+ context[:gem_version] = '1.51.0'
5141
5381
  Seahorse::Client::Request.new(handlers, context)
5142
5382
  end
5143
5383
 
@@ -312,6 +312,7 @@ module Aws::Organizations
312
312
  CreateAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
313
313
  CreateAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
314
314
  CreateAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
315
+ CreateAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
315
316
  CreateAccountRequest.struct_class = Types::CreateAccountRequest
316
317
 
317
318
  CreateAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
@@ -338,6 +339,7 @@ module Aws::Organizations
338
339
  CreateGovCloudAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
339
340
  CreateGovCloudAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
340
341
  CreateGovCloudAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
342
+ CreateGovCloudAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
341
343
  CreateGovCloudAccountRequest.struct_class = Types::CreateGovCloudAccountRequest
342
344
 
343
345
  CreateGovCloudAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
@@ -351,6 +353,7 @@ module Aws::Organizations
351
353
 
352
354
  CreateOrganizationalUnitRequest.add_member(:parent_id, Shapes::ShapeRef.new(shape: ParentId, required: true, location_name: "ParentId"))
353
355
  CreateOrganizationalUnitRequest.add_member(:name, Shapes::ShapeRef.new(shape: OrganizationalUnitName, required: true, location_name: "Name"))
356
+ CreateOrganizationalUnitRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
354
357
  CreateOrganizationalUnitRequest.struct_class = Types::CreateOrganizationalUnitRequest
355
358
 
356
359
  CreateOrganizationalUnitResponse.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: OrganizationalUnit, location_name: "OrganizationalUnit"))
@@ -360,6 +363,7 @@ module Aws::Organizations
360
363
  CreatePolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: PolicyDescription, required: true, location_name: "Description"))
361
364
  CreatePolicyRequest.add_member(:name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "Name"))
362
365
  CreatePolicyRequest.add_member(:type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "Type"))
366
+ CreatePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
363
367
  CreatePolicyRequest.struct_class = Types::CreatePolicyRequest
364
368
 
365
369
  CreatePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
@@ -552,6 +556,7 @@ module Aws::Organizations
552
556
 
553
557
  InviteAccountToOrganizationRequest.add_member(:target, Shapes::ShapeRef.new(shape: HandshakeParty, required: true, location_name: "Target"))
554
558
  InviteAccountToOrganizationRequest.add_member(:notes, Shapes::ShapeRef.new(shape: HandshakeNotes, location_name: "Notes"))
559
+ InviteAccountToOrganizationRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
555
560
  InviteAccountToOrganizationRequest.struct_class = Types::InviteAccountToOrganizationRequest
556
561
 
557
562
  InviteAccountToOrganizationResponse.add_member(:handshake, Shapes::ShapeRef.new(shape: Handshake, location_name: "Handshake"))
@@ -1322,6 +1327,7 @@ module Aws::Organizations
1322
1327
  o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
1323
1328
  o.errors << Shapes::ShapeRef.new(shape: HandshakeConstraintViolationException)
1324
1329
  o.errors << Shapes::ShapeRef.new(shape: DuplicateHandshakeException)
1330
+ o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
1325
1331
  o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
1326
1332
  o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
1327
1333
  o.errors << Shapes::ShapeRef.new(shape: ServiceException)
@@ -597,6 +597,12 @@ module Aws::Organizations
597
597
  # account_name: "AccountName", # required
598
598
  # role_name: "RoleName",
599
599
  # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
600
+ # tags: [
601
+ # {
602
+ # key: "TagKey", # required
603
+ # value: "TagValue", # required
604
+ # },
605
+ # ],
600
606
  # }
601
607
  #
602
608
  # @!attribute [rw] email
@@ -660,13 +666,32 @@ module Aws::Organizations
660
666
  # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
661
667
  # @return [String]
662
668
  #
669
+ # @!attribute [rw] tags
670
+ # A list of tags that you want to attach to the newly created account.
671
+ # For each tag in the list, you must specify both a tag key and a
672
+ # value. You can set the value to an empty string, but you can't set
673
+ # it to `null`. For more information about tagging, see [Tagging AWS
674
+ # Organizations resources][1] in the AWS Organizations User Guide.
675
+ #
676
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
677
+ # number of tags for an account, then the entire request fails and the
678
+ # account is not created.
679
+ #
680
+ # </note>
681
+ #
682
+ #
683
+ #
684
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
685
+ # @return [Array<Types::Tag>]
686
+ #
663
687
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountRequest AWS API Documentation
664
688
  #
665
689
  class CreateAccountRequest < Struct.new(
666
690
  :email,
667
691
  :account_name,
668
692
  :role_name,
669
- :iam_user_access_to_billing)
693
+ :iam_user_access_to_billing,
694
+ :tags)
670
695
  SENSITIVE = [:email, :account_name]
671
696
  include Aws::Structure
672
697
  end
@@ -755,6 +780,9 @@ module Aws::Organizations
755
780
  # you have reached the limit on the number of accounts in your
756
781
  # organization.
757
782
  #
783
+ # * CONCURRENT\_ACCOUNT\_MODIFICATION: You already submitted a request
784
+ # with the same information.
785
+ #
758
786
  # * EMAIL\_ALREADY\_EXISTS: The account could not be created because
759
787
  # another AWS account with that email address already exists.
760
788
  #
@@ -771,6 +799,12 @@ module Aws::Organizations
771
799
  # * INTERNAL\_FAILURE: The account could not be created because of an
772
800
  # internal failure. Try again later. If the problem persists,
773
801
  # contact Customer Support.
802
+ #
803
+ # * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
804
+ # organization has not received Business Validation.
805
+ #
806
+ # * MISSING\_PAYMENT\_INSTRUMENT: You must configure the master
807
+ # account with a valid payment method, such as a credit card.
774
808
  # @return [String]
775
809
  #
776
810
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
@@ -810,6 +844,12 @@ module Aws::Organizations
810
844
  # account_name: "AccountName", # required
811
845
  # role_name: "RoleName",
812
846
  # iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
847
+ # tags: [
848
+ # {
849
+ # key: "TagKey", # required
850
+ # value: "TagValue", # required
851
+ # },
852
+ # ],
813
853
  # }
814
854
  #
815
855
  # @!attribute [rw] email
@@ -876,13 +916,37 @@ module Aws::Organizations
876
916
  # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
877
917
  # @return [String]
878
918
  #
919
+ # @!attribute [rw] tags
920
+ # A list of tags that you want to attach to the newly created account.
921
+ # These tags are attached to the commercial account associated with
922
+ # the GovCloud account, and not to the GovCloud account itself. To add
923
+ # tags to the actual GovCloud account, call the TagResource operation
924
+ # in the GovCloud region after the new GovCloud account exists.
925
+ #
926
+ # For each tag in the list, you must specify both a tag key and a
927
+ # value. You can set the value to an empty string, but you can't set
928
+ # it to `null`. For more information about tagging, see [Tagging AWS
929
+ # Organizations resources][1] in the AWS Organizations User Guide.
930
+ #
931
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
932
+ # number of tags for an account, then the entire request fails and the
933
+ # account is not created.
934
+ #
935
+ # </note>
936
+ #
937
+ #
938
+ #
939
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
940
+ # @return [Array<Types::Tag>]
941
+ #
879
942
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountRequest AWS API Documentation
880
943
  #
881
944
  class CreateGovCloudAccountRequest < Struct.new(
882
945
  :email,
883
946
  :account_name,
884
947
  :role_name,
885
- :iam_user_access_to_billing)
948
+ :iam_user_access_to_billing,
949
+ :tags)
886
950
  SENSITIVE = [:email, :account_name]
887
951
  include Aws::Structure
888
952
  end
@@ -959,6 +1023,12 @@ module Aws::Organizations
959
1023
  # {
960
1024
  # parent_id: "ParentId", # required
961
1025
  # name: "OrganizationalUnitName", # required
1026
+ # tags: [
1027
+ # {
1028
+ # key: "TagKey", # required
1029
+ # value: "TagValue", # required
1030
+ # },
1031
+ # ],
962
1032
  # }
963
1033
  #
964
1034
  # @!attribute [rw] parent_id
@@ -986,11 +1056,30 @@ module Aws::Organizations
986
1056
  # The friendly name to assign to the new OU.
987
1057
  # @return [String]
988
1058
  #
1059
+ # @!attribute [rw] tags
1060
+ # A list of tags that you want to attach to the newly created OU. For
1061
+ # each tag in the list, you must specify both a tag key and a value.
1062
+ # You can set the value to an empty string, but you can't set it to
1063
+ # `null`. For more information about tagging, see [Tagging AWS
1064
+ # Organizations resources][1] in the AWS Organizations User Guide.
1065
+ #
1066
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
1067
+ # number of tags for an OU, then the entire request fails and the OU
1068
+ # is not created.
1069
+ #
1070
+ # </note>
1071
+ #
1072
+ #
1073
+ #
1074
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
1075
+ # @return [Array<Types::Tag>]
1076
+ #
989
1077
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitRequest AWS API Documentation
990
1078
  #
991
1079
  class CreateOrganizationalUnitRequest < Struct.new(
992
1080
  :parent_id,
993
- :name)
1081
+ :name,
1082
+ :tags)
994
1083
  SENSITIVE = []
995
1084
  include Aws::Structure
996
1085
  end
@@ -1015,6 +1104,12 @@ module Aws::Organizations
1015
1104
  # description: "PolicyDescription", # required
1016
1105
  # name: "PolicyName", # required
1017
1106
  # type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
1107
+ # tags: [
1108
+ # {
1109
+ # key: "TagKey", # required
1110
+ # value: "TagValue", # required
1111
+ # },
1112
+ # ],
1018
1113
  # }
1019
1114
  #
1020
1115
  # @!attribute [rw] content
@@ -1058,13 +1153,32 @@ module Aws::Organizations
1058
1153
  # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
1059
1154
  # @return [String]
1060
1155
  #
1156
+ # @!attribute [rw] tags
1157
+ # A list of tags that you want to attach to the newly created policy.
1158
+ # For each tag in the list, you must specify both a tag key and a
1159
+ # value. You can set the value to an empty string, but you can't set
1160
+ # it to `null`. For more information about tagging, see [Tagging AWS
1161
+ # Organizations resources][1] in the AWS Organizations User Guide.
1162
+ #
1163
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
1164
+ # number of tags for a policy, then the entire request fails and the
1165
+ # policy is not created.
1166
+ #
1167
+ # </note>
1168
+ #
1169
+ #
1170
+ #
1171
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
1172
+ # @return [Array<Types::Tag>]
1173
+ #
1061
1174
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
1062
1175
  #
1063
1176
  class CreatePolicyRequest < Struct.new(
1064
1177
  :content,
1065
1178
  :description,
1066
1179
  :name,
1067
- :type)
1180
+ :type,
1181
+ :tags)
1068
1182
  SENSITIVE = []
1069
1183
  include Aws::Structure
1070
1184
  end
@@ -2339,6 +2453,9 @@ module Aws::Organizations
2339
2453
  #
2340
2454
  # </note>
2341
2455
  #
2456
+ # * DUPLICATE\_TAG\_KEY: Tag keys must be unique among the tags attached
2457
+ # to the same entity.
2458
+ #
2342
2459
  # * IMMUTABLE\_POLICY: You specified a policy that is managed by AWS and
2343
2460
  # can't be modified.
2344
2461
  #
@@ -2347,6 +2464,9 @@ module Aws::Organizations
2347
2464
  #
2348
2465
  # * INVALID\_ENUM: You specified an invalid value.
2349
2466
  #
2467
+ # * INVALID\_ENUM\_POLICY\_TYPE: You specified an invalid policy type
2468
+ # string.
2469
+ #
2350
2470
  # * INVALID\_FULL\_NAME\_TARGET: You specified a full name that contains
2351
2471
  # invalid characters.
2352
2472
  #
@@ -2396,6 +2516,12 @@ module Aws::Organizations
2396
2516
  # * MOVING\_ACCOUNT\_BETWEEN\_DIFFERENT\_ROOTS: You can move an account
2397
2517
  # only between entities in the same root.
2398
2518
  #
2519
+ # * TARGET\_NOT\_SUPPORTED: You can't perform the specified operation
2520
+ # on that target entity.
2521
+ #
2522
+ # * UNRECOGNIZED\_SERVICE\_PRINCIPAL: You specified a service principal
2523
+ # that isn't recognized.
2524
+ #
2399
2525
  # @!attribute [rw] message
2400
2526
  # @return [String]
2401
2527
  #
@@ -2420,6 +2546,12 @@ module Aws::Organizations
2420
2546
  # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
2421
2547
  # },
2422
2548
  # notes: "HandshakeNotes",
2549
+ # tags: [
2550
+ # {
2551
+ # key: "TagKey", # required
2552
+ # value: "TagValue", # required
2553
+ # },
2554
+ # ],
2423
2555
  # }
2424
2556
  #
2425
2557
  # @!attribute [rw] target
@@ -2446,11 +2578,40 @@ module Aws::Organizations
2446
2578
  # email to the recipient account owner.
2447
2579
  # @return [String]
2448
2580
  #
2581
+ # @!attribute [rw] tags
2582
+ # A list of tags that you want to attach to the account when it
2583
+ # becomes a member of the organization. For each tag in the list, you
2584
+ # must specify both a tag key and a value. You can set the value to an
2585
+ # empty string, but you can't set it to `null`. For more information
2586
+ # about tagging, see [Tagging AWS Organizations resources][1] in the
2587
+ # AWS Organizations User Guide.
2588
+ #
2589
+ # Any tags in the request are checked for compliance with any
2590
+ # applicable tag policies when the request is made. The request is
2591
+ # rejected if the tags in the request don't match the requirements of
2592
+ # the policy at that time. Tag policy compliance is <i> <b>not</b>
2593
+ # </i> checked again when the invitation is accepted and the tags are
2594
+ # actually attached to the account. That means that if the tag policy
2595
+ # changes between the invitation and the acceptance, then that tags
2596
+ # could potentially be non-compliant.
2597
+ #
2598
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
2599
+ # number of tags for an account, then the entire request fails and
2600
+ # invitations are not sent.
2601
+ #
2602
+ # </note>
2603
+ #
2604
+ #
2605
+ #
2606
+ # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
2607
+ # @return [Array<Types::Tag>]
2608
+ #
2449
2609
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationRequest AWS API Documentation
2450
2610
  #
2451
2611
  class InviteAccountToOrganizationRequest < Struct.new(
2452
2612
  :target,
2453
- :notes)
2613
+ :notes,
2614
+ :tags)
2454
2615
  SENSITIVE = [:notes]
2455
2616
  include Aws::Structure
2456
2617
  end
@@ -3519,7 +3680,20 @@ module Aws::Organizations
3519
3680
  # }
3520
3681
  #
3521
3682
  # @!attribute [rw] resource_id
3522
- # The ID of the resource that you want to retrieve tags for.
3683
+ # The ID of the resource with the tags to list.
3684
+ #
3685
+ # You can specify any of the following taggable resources.
3686
+ #
3687
+ # * AWS account – specify the account ID number.
3688
+ #
3689
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
3690
+ # looks similar to: `ou-1a2b-34uvwxyz `
3691
+ #
3692
+ # * Root – specify the root ID that begins with `r-` and looks similar
3693
+ # to: `r-1a2b `
3694
+ #
3695
+ # * Policy – specify the policy ID that begins with `p-` andlooks
3696
+ # similar to: `p-12abcdefg3 `
3523
3697
  # @return [String]
3524
3698
  #
3525
3699
  # @!attribute [rw] next_token
@@ -4419,8 +4593,18 @@ module Aws::Organizations
4419
4593
  include Aws::Structure
4420
4594
  end
4421
4595
 
4422
- # A custom key-value pair associated with a resource such as an account
4423
- # within your organization.
4596
+ # A custom key-value pair associated with a resource within your
4597
+ # organization.
4598
+ #
4599
+ # You can attach tags to any of the following organization resources.
4600
+ #
4601
+ # * AWS account
4602
+ #
4603
+ # * Organizational unit (OU)
4604
+ #
4605
+ # * Organization root
4606
+ #
4607
+ # * Policy
4424
4608
  #
4425
4609
  # @note When making an API call, you may pass Tag
4426
4610
  # data as a hash:
@@ -4467,9 +4651,30 @@ module Aws::Organizations
4467
4651
  # @return [String]
4468
4652
  #
4469
4653
  # @!attribute [rw] tags
4470
- # The tag to add to the specified resource. You must specify both a
4471
- # tag key and value. You can set the value of a tag to an empty
4472
- # string, but you can't set it to null.
4654
+ # A list of tags to add to the specified resource.
4655
+ #
4656
+ # You can specify any of the following taggable resources.
4657
+ #
4658
+ # * AWS account – specify the account ID number.
4659
+ #
4660
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
4661
+ # looks similar to: `ou-1a2b-34uvwxyz `
4662
+ #
4663
+ # * Root – specify the root ID that begins with `r-` and looks similar
4664
+ # to: `r-1a2b `
4665
+ #
4666
+ # * Policy – specify the policy ID that begins with `p-` andlooks
4667
+ # similar to: `p-12abcdefg3 `
4668
+ #
4669
+ # For each tag in the list, you must specify both a tag key and a
4670
+ # value. You can set the value to an empty string, but you can't set
4671
+ # it to `null`.
4672
+ #
4673
+ # <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
4674
+ # number of tags for an account user, then the entire request fails
4675
+ # and the account is not created.
4676
+ #
4677
+ # </note>
4473
4678
  # @return [Array<Types::Tag>]
4474
4679
  #
4475
4680
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
@@ -4481,8 +4686,8 @@ module Aws::Organizations
4481
4686
  include Aws::Structure
4482
4687
  end
4483
4688
 
4484
- # We can't find a root, OU, or account with the `TargetId` that you
4485
- # specified.
4689
+ # We can't find a root, OU, account, or policy with the `TargetId` that
4690
+ # you specified.
4486
4691
  #
4487
4692
  # @!attribute [rw] message
4488
4693
  # @return [String]
@@ -4544,11 +4749,24 @@ module Aws::Organizations
4544
4749
  # }
4545
4750
  #
4546
4751
  # @!attribute [rw] resource_id
4547
- # The ID of the resource to remove the tag from.
4752
+ # The ID of the resource to remove a tag from.
4753
+ #
4754
+ # You can specify any of the following taggable resources.
4755
+ #
4756
+ # * AWS account – specify the account ID number.
4757
+ #
4758
+ # * Organizational unit – specify the OU ID that begins with `ou-` and
4759
+ # looks similar to: `ou-1a2b-34uvwxyz `
4760
+ #
4761
+ # * Root – specify the root ID that begins with `r-` and looks similar
4762
+ # to: `r-1a2b `
4763
+ #
4764
+ # * Policy – specify the policy ID that begins with `p-` andlooks
4765
+ # similar to: `p-12abcdefg3 `
4548
4766
  # @return [String]
4549
4767
  #
4550
4768
  # @!attribute [rw] tag_keys
4551
- # The tag to remove from the specified resource.
4769
+ # The list of keys for tags to remove from the specified resource.
4552
4770
  # @return [Array<String>]
4553
4771
  #
4554
4772
  # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResourceRequest AWS API Documentation
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-organizations
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.46.0
4
+ version: 1.51.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-30 00:00:00.000000000 Z
11
+ date: 2020-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core