aws-sdk-organizations 1.48.0 → 1.53.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +3 -2
- data/lib/aws-sdk-organizations/client.rb +327 -82
- data/lib/aws-sdk-organizations/client_api.rb +6 -0
- data/lib/aws-sdk-organizations/types.rb +279 -70
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e17c233b9f00cdf398e31c920ecc81219a1f4df141f9e2be1d3aefa40e1a04ab
|
4
|
+
data.tar.gz: 26f49eead8937477d592fa94b7817105da8a328f18377d4d9ce9a1114783922e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d7d2d950fe168072a9542da1b63c6e9b1ff501d81c4db363bbf3429305778d97233d4e25b4d4dfec79de7d66ba951cbbb7f47d2de805356fd9ac32a6d2fd2d25
|
7
|
+
data.tar.gz: 2d286d0d3f8b874af8e7ef4195ddb02256ba3305ae62c3bcea28655bf7c0728067a14052be89baf1b05f7d1106ec040c48f85eab07c56e60859b83a67b560793
|
@@ -7,6 +7,7 @@
|
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
10
|
+
|
10
11
|
require 'aws-sdk-core'
|
11
12
|
require 'aws-sigv4'
|
12
13
|
|
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-organizations/customizations'
|
|
44
45
|
#
|
45
46
|
# See {Errors} for more information.
|
46
47
|
#
|
47
|
-
#
|
48
|
+
# @!group service
|
48
49
|
module Aws::Organizations
|
49
50
|
|
50
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.53.0'
|
51
52
|
|
52
53
|
end
|
@@ -85,13 +85,28 @@ module Aws::Organizations
|
|
85
85
|
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
86
86
|
# credentials.
|
87
87
|
#
|
88
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
89
|
+
# shared file, such as `~/.aws/config`.
|
90
|
+
#
|
91
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
92
|
+
#
|
93
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
94
|
+
# assume a role after providing credentials via the web.
|
95
|
+
#
|
96
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
97
|
+
# access token generated from `aws login`.
|
98
|
+
#
|
99
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
100
|
+
# process that outputs to stdout.
|
101
|
+
#
|
88
102
|
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
89
103
|
# from an EC2 IMDS on an EC2 instance.
|
90
104
|
#
|
91
|
-
# * `Aws::
|
92
|
-
#
|
105
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
106
|
+
# instances running in ECS.
|
93
107
|
#
|
94
|
-
# * `Aws::
|
108
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
109
|
+
# from the Cognito Identity service.
|
95
110
|
#
|
96
111
|
# When `:credentials` are not configured directly, the following
|
97
112
|
# locations will be searched for credentials:
|
@@ -101,10 +116,10 @@ module Aws::Organizations
|
|
101
116
|
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
102
117
|
# * `~/.aws/credentials`
|
103
118
|
# * `~/.aws/config`
|
104
|
-
# * EC2 IMDS instance profile - When used by default, the timeouts
|
105
|
-
# very aggressive. Construct and pass an instance of
|
106
|
-
# `Aws::InstanceProfileCredentails`
|
107
|
-
# timeouts.
|
119
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
|
+
# are very aggressive. Construct and pass an instance of
|
121
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
+
# enable retries and extended timeouts.
|
108
123
|
#
|
109
124
|
# @option options [required, String] :region
|
110
125
|
# The AWS region to connect to. The configured `:region` is
|
@@ -477,10 +492,10 @@ module Aws::Organizations
|
|
477
492
|
#
|
478
493
|
#
|
479
494
|
#
|
480
|
-
# [1]:
|
481
|
-
# [2]:
|
482
|
-
# [3]:
|
483
|
-
# [4]:
|
495
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
496
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
497
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
498
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
484
499
|
#
|
485
500
|
# @option params [required, String] :policy_id
|
486
501
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -680,16 +695,15 @@ module Aws::Organizations
|
|
680
695
|
# successfully access the account. To check the status of the request,
|
681
696
|
# do one of the following:
|
682
697
|
#
|
683
|
-
# * Use the `
|
684
|
-
# provide as a parameter to the
|
698
|
+
# * Use the `Id` member of the `CreateAccountStatus` response element
|
699
|
+
# from this operation to provide as a parameter to the
|
700
|
+
# DescribeCreateAccountStatus operation.
|
685
701
|
#
|
686
702
|
# * Check the AWS CloudTrail log for the `CreateAccountResult` event.
|
687
703
|
# For information on using AWS CloudTrail with AWS Organizations, see
|
688
704
|
# [Monitoring the Activity in Your Organization][1] in the *AWS
|
689
705
|
# Organizations User Guide.*
|
690
706
|
#
|
691
|
-
#
|
692
|
-
#
|
693
707
|
# The user who calls the API to create an account must have the
|
694
708
|
# `organizations:CreateAccount` permission. If you enabled all features
|
695
709
|
# in the organization, AWS Organizations creates the required
|
@@ -697,6 +711,9 @@ module Aws::Organizations
|
|
697
711
|
# information, see [AWS Organizations and Service-Linked Roles][2] in
|
698
712
|
# the *AWS Organizations User Guide*.
|
699
713
|
#
|
714
|
+
# If the request includes tags, then the requester must have the
|
715
|
+
# `organizations:TagResource` permission.
|
716
|
+
#
|
700
717
|
# AWS Organizations preconfigures the new member account with a role
|
701
718
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
702
719
|
# in the master account administrator permissions in the new member
|
@@ -812,6 +829,23 @@ module Aws::Organizations
|
|
812
829
|
#
|
813
830
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
814
831
|
#
|
832
|
+
# @option params [Array<Types::Tag>] :tags
|
833
|
+
# A list of tags that you want to attach to the newly created account.
|
834
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
835
|
+
# You can set the value to an empty string, but you can't set it to
|
836
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
837
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
838
|
+
#
|
839
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
840
|
+
# of tags for an account, then the entire request fails and the account
|
841
|
+
# is not created.
|
842
|
+
#
|
843
|
+
# </note>
|
844
|
+
#
|
845
|
+
#
|
846
|
+
#
|
847
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
848
|
+
#
|
815
849
|
# @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
816
850
|
#
|
817
851
|
# * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -844,6 +878,12 @@ module Aws::Organizations
|
|
844
878
|
# account_name: "AccountName", # required
|
845
879
|
# role_name: "RoleName",
|
846
880
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
881
|
+
# tags: [
|
882
|
+
# {
|
883
|
+
# key: "TagKey", # required
|
884
|
+
# value: "TagValue", # required
|
885
|
+
# },
|
886
|
+
# ],
|
847
887
|
# })
|
848
888
|
#
|
849
889
|
# @example Response structure
|
@@ -873,16 +913,18 @@ module Aws::Organizations
|
|
873
913
|
# the [ *AWS GovCloud User Guide*.][1]
|
874
914
|
#
|
875
915
|
# * You already have an account in the AWS GovCloud (US) Region that is
|
876
|
-
#
|
916
|
+
# paired with a master account of an organization in the commercial
|
917
|
+
# Region.
|
877
918
|
#
|
878
919
|
# * You call this action from the master account of your organization in
|
879
920
|
# the commercial Region.
|
880
921
|
#
|
881
|
-
# * You have the `organizations:CreateGovCloudAccount` permission.
|
882
|
-
#
|
883
|
-
#
|
884
|
-
#
|
885
|
-
#
|
922
|
+
# * You have the `organizations:CreateGovCloudAccount` permission.
|
923
|
+
#
|
924
|
+
# AWS Organizations automatically creates the required service-linked
|
925
|
+
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
926
|
+
# [AWS Organizations and Service-Linked Roles][2] in the *AWS
|
927
|
+
# Organizations User Guide.*
|
886
928
|
#
|
887
929
|
# AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
|
888
930
|
# accounts, but you should also do the following:
|
@@ -894,6 +936,13 @@ module Aws::Organizations
|
|
894
936
|
# For more information, see [Verifying AWS CloudTrail Is Enabled][3]
|
895
937
|
# in the *AWS GovCloud User Guide*.
|
896
938
|
#
|
939
|
+
# If the request includes tags, then the requester must have the
|
940
|
+
# `organizations:TagResource` permission. The tags are attached to the
|
941
|
+
# commercial account associated with the GovCloud account, rather than
|
942
|
+
# the GovCloud account itself. To add tags to the GovCloud account, call
|
943
|
+
# the TagResource operation in the GovCloud Region after the new
|
944
|
+
# GovCloud account exists.
|
945
|
+
#
|
897
946
|
# You call this action from the master account of your organization in
|
898
947
|
# the commercial Region to create a standalone AWS account in the AWS
|
899
948
|
# GovCloud (US) Region. After the account is created, the master account
|
@@ -930,10 +979,10 @@ module Aws::Organizations
|
|
930
979
|
# allows the master account in the organization in the commercial Region
|
931
980
|
# to assume it. An AWS GovCloud (US) account is then created and
|
932
981
|
# associated with the commercial account that you just created. A role
|
933
|
-
# is created in the new AWS GovCloud (US) account that can be
|
934
|
-
# the AWS GovCloud (US) account that is associated with the
|
935
|
-
# account of the commercial organization. For more information
|
936
|
-
# view a diagram that explains how account access works, see [AWS
|
982
|
+
# is also created in the new AWS GovCloud (US) account that can be
|
983
|
+
# assumed by the AWS GovCloud (US) account that is associated with the
|
984
|
+
# master account of the commercial organization. For more information
|
985
|
+
# and to view a diagram that explains how account access works, see [AWS
|
937
986
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
938
987
|
#
|
939
988
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -1047,6 +1096,28 @@ module Aws::Organizations
|
|
1047
1096
|
#
|
1048
1097
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
1049
1098
|
#
|
1099
|
+
# @option params [Array<Types::Tag>] :tags
|
1100
|
+
# A list of tags that you want to attach to the newly created account.
|
1101
|
+
# These tags are attached to the commercial account associated with the
|
1102
|
+
# GovCloud account, and not to the GovCloud account itself. To add tags
|
1103
|
+
# to the actual GovCloud account, call the TagResource operation in the
|
1104
|
+
# GovCloud region after the new GovCloud account exists.
|
1105
|
+
#
|
1106
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1107
|
+
# You can set the value to an empty string, but you can't set it to
|
1108
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1109
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1110
|
+
#
|
1111
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1112
|
+
# of tags for an account, then the entire request fails and the account
|
1113
|
+
# is not created.
|
1114
|
+
#
|
1115
|
+
# </note>
|
1116
|
+
#
|
1117
|
+
#
|
1118
|
+
#
|
1119
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1120
|
+
#
|
1050
1121
|
# @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1051
1122
|
#
|
1052
1123
|
# * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -1058,6 +1129,12 @@ module Aws::Organizations
|
|
1058
1129
|
# account_name: "AccountName", # required
|
1059
1130
|
# role_name: "RoleName",
|
1060
1131
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
1132
|
+
# tags: [
|
1133
|
+
# {
|
1134
|
+
# key: "TagKey", # required
|
1135
|
+
# value: "TagValue", # required
|
1136
|
+
# },
|
1137
|
+
# ],
|
1061
1138
|
# })
|
1062
1139
|
#
|
1063
1140
|
# @example Response structure
|
@@ -1098,7 +1175,7 @@ module Aws::Organizations
|
|
1098
1175
|
#
|
1099
1176
|
#
|
1100
1177
|
#
|
1101
|
-
# [1]: https://docs.aws.amazon.com/
|
1178
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
|
1102
1179
|
#
|
1103
1180
|
# @option params [String] :feature_set
|
1104
1181
|
# Specifies the feature set supported by the new organization. Each
|
@@ -1215,6 +1292,9 @@ module Aws::Organizations
|
|
1215
1292
|
# For more information about OUs, see [Managing Organizational Units][1]
|
1216
1293
|
# in the *AWS Organizations User Guide.*
|
1217
1294
|
#
|
1295
|
+
# If the request includes tags, then the requester must have the
|
1296
|
+
# `organizations:TagResource` permission.
|
1297
|
+
#
|
1218
1298
|
# This operation can be called only from the organization's master
|
1219
1299
|
# account.
|
1220
1300
|
#
|
@@ -1244,6 +1324,23 @@ module Aws::Organizations
|
|
1244
1324
|
# @option params [required, String] :name
|
1245
1325
|
# The friendly name to assign to the new OU.
|
1246
1326
|
#
|
1327
|
+
# @option params [Array<Types::Tag>] :tags
|
1328
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1329
|
+
# each tag in the list, you must specify both a tag key and a value. You
|
1330
|
+
# can set the value to an empty string, but you can't set it to `null`.
|
1331
|
+
# For more information about tagging, see [Tagging AWS Organizations
|
1332
|
+
# resources][1] in the AWS Organizations User Guide.
|
1333
|
+
#
|
1334
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1335
|
+
# of tags for an OU, then the entire request fails and the OU is not
|
1336
|
+
# created.
|
1337
|
+
#
|
1338
|
+
# </note>
|
1339
|
+
#
|
1340
|
+
#
|
1341
|
+
#
|
1342
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1343
|
+
#
|
1247
1344
|
# @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1248
1345
|
#
|
1249
1346
|
# * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
@@ -1272,6 +1369,12 @@ module Aws::Organizations
|
|
1272
1369
|
# resp = client.create_organizational_unit({
|
1273
1370
|
# parent_id: "ParentId", # required
|
1274
1371
|
# name: "OrganizationalUnitName", # required
|
1372
|
+
# tags: [
|
1373
|
+
# {
|
1374
|
+
# key: "TagKey", # required
|
1375
|
+
# value: "TagValue", # required
|
1376
|
+
# },
|
1377
|
+
# ],
|
1275
1378
|
# })
|
1276
1379
|
#
|
1277
1380
|
# @example Response structure
|
@@ -1295,6 +1398,9 @@ module Aws::Organizations
|
|
1295
1398
|
# For more information about policies and their use, see [Managing
|
1296
1399
|
# Organization Policies][1].
|
1297
1400
|
#
|
1401
|
+
# If the request includes tags, then the requester must have the
|
1402
|
+
# `organizations:TagResource` permission.
|
1403
|
+
#
|
1298
1404
|
# This operation can be called only from the organization's master
|
1299
1405
|
# account.
|
1300
1406
|
#
|
@@ -1334,10 +1440,27 @@ module Aws::Organizations
|
|
1334
1440
|
#
|
1335
1441
|
#
|
1336
1442
|
#
|
1337
|
-
# [1]:
|
1338
|
-
# [2]:
|
1339
|
-
# [3]:
|
1340
|
-
# [4]:
|
1443
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1444
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1445
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1446
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1447
|
+
#
|
1448
|
+
# @option params [Array<Types::Tag>] :tags
|
1449
|
+
# A list of tags that you want to attach to the newly created policy.
|
1450
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1451
|
+
# You can set the value to an empty string, but you can't set it to
|
1452
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1453
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1454
|
+
#
|
1455
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1456
|
+
# of tags for a policy, then the entire request fails and the policy is
|
1457
|
+
# not created.
|
1458
|
+
#
|
1459
|
+
# </note>
|
1460
|
+
#
|
1461
|
+
#
|
1462
|
+
#
|
1463
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1341
1464
|
#
|
1342
1465
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1343
1466
|
#
|
@@ -1378,6 +1501,12 @@ module Aws::Organizations
|
|
1378
1501
|
# description: "PolicyDescription", # required
|
1379
1502
|
# name: "PolicyName", # required
|
1380
1503
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1504
|
+
# tags: [
|
1505
|
+
# {
|
1506
|
+
# key: "TagKey", # required
|
1507
|
+
# value: "TagValue", # required
|
1508
|
+
# },
|
1509
|
+
# ],
|
1381
1510
|
# })
|
1382
1511
|
#
|
1383
1512
|
# @example Response structure
|
@@ -1750,9 +1879,10 @@ module Aws::Organizations
|
|
1750
1879
|
# an AWS service.
|
1751
1880
|
#
|
1752
1881
|
# @option params [required, String] :create_account_request_id
|
1753
|
-
# Specifies the `
|
1754
|
-
# can get the
|
1755
|
-
# or from the
|
1882
|
+
# Specifies the `Id` value that uniquely identifies the `CreateAccount`
|
1883
|
+
# request. You can get the value from the `CreateAccountStatus.Id`
|
1884
|
+
# response in an earlier CreateAccount request, or from the
|
1885
|
+
# ListCreateAccountStatus operation.
|
1756
1886
|
#
|
1757
1887
|
# The [regex pattern][1] for a create account request ID string requires
|
1758
1888
|
# "car-" followed by from 8 to 32 lowercase letters or digits.
|
@@ -1842,9 +1972,9 @@ module Aws::Organizations
|
|
1842
1972
|
#
|
1843
1973
|
#
|
1844
1974
|
#
|
1845
|
-
# [1]:
|
1846
|
-
# [2]:
|
1847
|
-
# [3]:
|
1975
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1976
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1977
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1848
1978
|
#
|
1849
1979
|
# @option params [String] :target_id
|
1850
1980
|
# When you're signed in as the master account, specify the ID of the
|
@@ -2381,10 +2511,10 @@ module Aws::Organizations
|
|
2381
2511
|
#
|
2382
2512
|
#
|
2383
2513
|
#
|
2384
|
-
# [1]:
|
2385
|
-
# [2]:
|
2386
|
-
# [3]:
|
2387
|
-
# [4]:
|
2514
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2515
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2516
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2517
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2388
2518
|
#
|
2389
2519
|
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2390
2520
|
#
|
@@ -2631,10 +2761,10 @@ module Aws::Organizations
|
|
2631
2761
|
#
|
2632
2762
|
#
|
2633
2763
|
#
|
2634
|
-
# [1]:
|
2635
|
-
# [2]:
|
2636
|
-
# [3]:
|
2637
|
-
# [4]:
|
2764
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2765
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2766
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2767
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2638
2768
|
#
|
2639
2769
|
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2640
2770
|
#
|
@@ -2711,6 +2841,9 @@ module Aws::Organizations
|
|
2711
2841
|
# then try again. If the error persists after an hour, contact [AWS
|
2712
2842
|
# Support][2].
|
2713
2843
|
#
|
2844
|
+
# If the request includes tags, then the requester must have the
|
2845
|
+
# `organizations:TagResource` permission.
|
2846
|
+
#
|
2714
2847
|
# This operation can be called only from the organization's master
|
2715
2848
|
# account.
|
2716
2849
|
#
|
@@ -2741,6 +2874,33 @@ module Aws::Organizations
|
|
2741
2874
|
# Additional information that you want to include in the generated email
|
2742
2875
|
# to the recipient account owner.
|
2743
2876
|
#
|
2877
|
+
# @option params [Array<Types::Tag>] :tags
|
2878
|
+
# A list of tags that you want to attach to the account when it becomes
|
2879
|
+
# a member of the organization. For each tag in the list, you must
|
2880
|
+
# specify both a tag key and a value. You can set the value to an empty
|
2881
|
+
# string, but you can't set it to `null`. For more information about
|
2882
|
+
# tagging, see [Tagging AWS Organizations resources][1] in the AWS
|
2883
|
+
# Organizations User Guide.
|
2884
|
+
#
|
2885
|
+
# Any tags in the request are checked for compliance with any applicable
|
2886
|
+
# tag policies when the request is made. The request is rejected if the
|
2887
|
+
# tags in the request don't match the requirements of the policy at
|
2888
|
+
# that time. Tag policy compliance is <i> <b>not</b> </i> checked again
|
2889
|
+
# when the invitation is accepted and the tags are actually attached to
|
2890
|
+
# the account. That means that if the tag policy changes between the
|
2891
|
+
# invitation and the acceptance, then that tags could potentially be
|
2892
|
+
# non-compliant.
|
2893
|
+
#
|
2894
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
2895
|
+
# of tags for an account, then the entire request fails and invitations
|
2896
|
+
# are not sent.
|
2897
|
+
#
|
2898
|
+
# </note>
|
2899
|
+
#
|
2900
|
+
#
|
2901
|
+
#
|
2902
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2903
|
+
#
|
2744
2904
|
# @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2745
2905
|
#
|
2746
2906
|
# * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
|
@@ -2813,6 +2973,12 @@ module Aws::Organizations
|
|
2813
2973
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2814
2974
|
# },
|
2815
2975
|
# notes: "HandshakeNotes",
|
2976
|
+
# tags: [
|
2977
|
+
# {
|
2978
|
+
# key: "TagKey", # required
|
2979
|
+
# value: "TagValue", # required
|
2980
|
+
# },
|
2981
|
+
# ],
|
2816
2982
|
# })
|
2817
2983
|
#
|
2818
2984
|
# @example Response structure
|
@@ -2860,9 +3026,8 @@ module Aws::Organizations
|
|
2860
3026
|
# using the AWS Organizations console, API, or CLI commands, the
|
2861
3027
|
# information required of standalone accounts is *not* automatically
|
2862
3028
|
# collected. For each account that you want to make standalone, you
|
2863
|
-
# must
|
2864
|
-
#
|
2865
|
-
# * Accept the end user license agreement (EULA)
|
3029
|
+
# must perform the following steps. If any of the steps are already
|
3030
|
+
# completed for this account, that step doesn't appear.
|
2866
3031
|
#
|
2867
3032
|
# * Choose a support plan
|
2868
3033
|
#
|
@@ -2881,6 +3046,10 @@ module Aws::Organizations
|
|
2881
3046
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
2882
3047
|
# Billing and Cost Management User Guide.*
|
2883
3048
|
#
|
3049
|
+
# * After the account leaves the organization, all tags that were
|
3050
|
+
# attached to the account object in the organization are deleted. AWS
|
3051
|
+
# accounts outside of an organization do not support tags.
|
3052
|
+
#
|
2884
3053
|
#
|
2885
3054
|
#
|
2886
3055
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
@@ -4159,10 +4328,10 @@ module Aws::Organizations
|
|
4159
4328
|
#
|
4160
4329
|
#
|
4161
4330
|
#
|
4162
|
-
# [1]:
|
4163
|
-
# [2]:
|
4164
|
-
# [3]:
|
4165
|
-
# [4]:
|
4331
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4332
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4333
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4334
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4166
4335
|
#
|
4167
4336
|
# @option params [String] :next_token
|
4168
4337
|
# The parameter for receiving additional results if you receive a
|
@@ -4308,10 +4477,10 @@ module Aws::Organizations
|
|
4308
4477
|
#
|
4309
4478
|
#
|
4310
4479
|
#
|
4311
|
-
# [1]:
|
4312
|
-
# [2]:
|
4313
|
-
# [3]:
|
4314
|
-
# [4]:
|
4480
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4481
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4482
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4483
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4315
4484
|
#
|
4316
4485
|
# @option params [String] :next_token
|
4317
4486
|
# The parameter for receiving additional results if you receive a
|
@@ -4495,16 +4664,37 @@ module Aws::Organizations
|
|
4495
4664
|
req.send_request(options)
|
4496
4665
|
end
|
4497
4666
|
|
4498
|
-
# Lists tags
|
4667
|
+
# Lists tags that are attached to the specified resource.
|
4668
|
+
#
|
4669
|
+
# You can attach tags to the following resources in AWS Organizations.
|
4670
|
+
#
|
4671
|
+
# * AWS account
|
4672
|
+
#
|
4673
|
+
# * Organization root
|
4499
4674
|
#
|
4500
|
-
#
|
4675
|
+
# * Organizational unit (OU)
|
4676
|
+
#
|
4677
|
+
# * Policy (any type)
|
4501
4678
|
#
|
4502
4679
|
# This operation can be called only from the organization's master
|
4503
4680
|
# account or by a member account that is a delegated administrator for
|
4504
4681
|
# an AWS service.
|
4505
4682
|
#
|
4506
4683
|
# @option params [required, String] :resource_id
|
4507
|
-
# The ID of the resource
|
4684
|
+
# The ID of the resource with the tags to list.
|
4685
|
+
#
|
4686
|
+
# You can specify any of the following taggable resources.
|
4687
|
+
#
|
4688
|
+
# * AWS account – specify the account ID number.
|
4689
|
+
#
|
4690
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4691
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4692
|
+
#
|
4693
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4694
|
+
# to: `r-1a2b `
|
4695
|
+
#
|
4696
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4697
|
+
# similar to: `p-12abcdefg3 `
|
4508
4698
|
#
|
4509
4699
|
# @option params [String] :next_token
|
4510
4700
|
# The parameter for receiving additional results if you receive a
|
@@ -4796,21 +4986,25 @@ module Aws::Organizations
|
|
4796
4986
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4797
4987
|
# instead.
|
4798
4988
|
#
|
4799
|
-
# You can remove an account from your organization only if the account
|
4800
|
-
#
|
4801
|
-
# account. When you create an account in an organization
|
4802
|
-
# Organizations console, API, or CLI commands, the
|
4803
|
-
# of standalone accounts is *not* automatically
|
4804
|
-
# account that you want to make standalone, you must
|
4805
|
-
#
|
4806
|
-
#
|
4807
|
-
#
|
4808
|
-
#
|
4809
|
-
#
|
4810
|
-
#
|
4811
|
-
#
|
4812
|
-
#
|
4813
|
-
#
|
4989
|
+
# * You can remove an account from your organization only if the account
|
4990
|
+
# is configured with the information required to operate as a
|
4991
|
+
# standalone account. When you create an account in an organization
|
4992
|
+
# using the AWS Organizations console, API, or CLI commands, the
|
4993
|
+
# information required of standalone accounts is *not* automatically
|
4994
|
+
# collected. For an account that you want to make standalone, you must
|
4995
|
+
# choose a support plan, provide and verify the required contact
|
4996
|
+
# information, and provide a current payment method. AWS uses the
|
4997
|
+
# payment method to charge for any billable (not free tier) AWS
|
4998
|
+
# activity that occurs while the account isn't attached to an
|
4999
|
+
# organization. To remove an account that doesn't yet have this
|
5000
|
+
# information, you must sign in as the member account and follow the
|
5001
|
+
# steps at [ To leave an organization when all required account
|
5002
|
+
# information has not yet been provided][1] in the *AWS Organizations
|
5003
|
+
# User Guide.*
|
5004
|
+
#
|
5005
|
+
# * After the account leaves the organization, all tags that were
|
5006
|
+
# attached to the account object in the organization are deleted. AWS
|
5007
|
+
# accounts outside of an organization do not support tags.
|
4814
5008
|
#
|
4815
5009
|
#
|
4816
5010
|
#
|
@@ -4855,7 +5049,16 @@ module Aws::Organizations
|
|
4855
5049
|
|
4856
5050
|
# Adds one or more tags to the specified resource.
|
4857
5051
|
#
|
4858
|
-
# Currently, you can
|
5052
|
+
# Currently, you can attach tags to the following resources in AWS
|
5053
|
+
# Organizations.
|
5054
|
+
#
|
5055
|
+
# * AWS account
|
5056
|
+
#
|
5057
|
+
# * Organization root
|
5058
|
+
#
|
5059
|
+
# * Organizational unit (OU)
|
5060
|
+
#
|
5061
|
+
# * Policy (any type)
|
4859
5062
|
#
|
4860
5063
|
# This operation can be called only from the organization's master
|
4861
5064
|
# account.
|
@@ -4864,9 +5067,30 @@ module Aws::Organizations
|
|
4864
5067
|
# The ID of the resource to add a tag to.
|
4865
5068
|
#
|
4866
5069
|
# @option params [required, Array<Types::Tag>] :tags
|
4867
|
-
#
|
4868
|
-
#
|
4869
|
-
#
|
5070
|
+
# A list of tags to add to the specified resource.
|
5071
|
+
#
|
5072
|
+
# You can specify any of the following taggable resources.
|
5073
|
+
#
|
5074
|
+
# * AWS account – specify the account ID number.
|
5075
|
+
#
|
5076
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5077
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5078
|
+
#
|
5079
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5080
|
+
# to: `r-1a2b `
|
5081
|
+
#
|
5082
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5083
|
+
# similar to: `p-12abcdefg3 `
|
5084
|
+
#
|
5085
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
5086
|
+
# You can set the value to an empty string, but you can't set it to
|
5087
|
+
# `null`.
|
5088
|
+
#
|
5089
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
5090
|
+
# of tags for an account user, then the entire request fails and the
|
5091
|
+
# account is not created.
|
5092
|
+
#
|
5093
|
+
# </note>
|
4870
5094
|
#
|
4871
5095
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4872
5096
|
#
|
@@ -4891,18 +5115,39 @@ module Aws::Organizations
|
|
4891
5115
|
req.send_request(options)
|
4892
5116
|
end
|
4893
5117
|
|
4894
|
-
# Removes
|
5118
|
+
# Removes any tags with the specified keys from the specified resource.
|
5119
|
+
#
|
5120
|
+
# You can attach tags to the following resources in AWS Organizations.
|
5121
|
+
#
|
5122
|
+
# * AWS account
|
4895
5123
|
#
|
4896
|
-
#
|
5124
|
+
# * Organization root
|
5125
|
+
#
|
5126
|
+
# * Organizational unit (OU)
|
5127
|
+
#
|
5128
|
+
# * Policy (any type)
|
4897
5129
|
#
|
4898
5130
|
# This operation can be called only from the organization's master
|
4899
5131
|
# account.
|
4900
5132
|
#
|
4901
5133
|
# @option params [required, String] :resource_id
|
4902
|
-
# The ID of the resource to remove
|
5134
|
+
# The ID of the resource to remove a tag from.
|
5135
|
+
#
|
5136
|
+
# You can specify any of the following taggable resources.
|
5137
|
+
#
|
5138
|
+
# * AWS account – specify the account ID number.
|
5139
|
+
#
|
5140
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5141
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5142
|
+
#
|
5143
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5144
|
+
# to: `r-1a2b `
|
5145
|
+
#
|
5146
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5147
|
+
# similar to: `p-12abcdefg3 `
|
4903
5148
|
#
|
4904
5149
|
# @option params [required, Array<String>] :tag_keys
|
4905
|
-
# The
|
5150
|
+
# The list of keys for tags to remove from the specified resource.
|
4906
5151
|
#
|
4907
5152
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4908
5153
|
#
|
@@ -5135,7 +5380,7 @@ module Aws::Organizations
|
|
5135
5380
|
params: params,
|
5136
5381
|
config: config)
|
5137
5382
|
context[:gem_name] = 'aws-sdk-organizations'
|
5138
|
-
context[:gem_version] = '1.
|
5383
|
+
context[:gem_version] = '1.53.0'
|
5139
5384
|
Seahorse::Client::Request.new(handlers, context)
|
5140
5385
|
end
|
5141
5386
|
|