aws-sdk-organizations 1.49.0 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +3 -2
- data/lib/aws-sdk-organizations/client.rb +415 -168
- data/lib/aws-sdk-organizations/client_api.rb +6 -0
- data/lib/aws-sdk-organizations/types.rb +334 -120
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 12d5b32001c2e000c0e68f125e340547a8d1ed5aec990699d591ee15753adf5a
|
4
|
+
data.tar.gz: b870e7a4de0aec2c3322a6866fdcfa8c606fc20ba1cfc553f7a3ece322cdf147
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fa43a08728fe583f45a3dd6ad6ac859caf06e47f6bf1237a69aee01100812f5983d4dd26f133c8a16a7263033e32ba61c9d5c58558d2d8f60d20febf034190f
|
7
|
+
data.tar.gz: 37f0dc9aa70395aa4b9f515288f73127e12596a48efd6f7cff7597eeaf92393423fab6b118255610ea4b48ee1ad311695ecd9fdf249ba01b117833a09c0e4f25
|
@@ -7,6 +7,7 @@
|
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
10
|
+
|
10
11
|
require 'aws-sdk-core'
|
11
12
|
require 'aws-sigv4'
|
12
13
|
|
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-organizations/customizations'
|
|
44
45
|
#
|
45
46
|
# See {Errors} for more information.
|
46
47
|
#
|
47
|
-
#
|
48
|
+
# @!group service
|
48
49
|
module Aws::Organizations
|
49
50
|
|
50
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.54.0'
|
51
52
|
|
52
53
|
end
|
@@ -85,13 +85,28 @@ module Aws::Organizations
|
|
85
85
|
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
86
86
|
# credentials.
|
87
87
|
#
|
88
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
89
|
+
# shared file, such as `~/.aws/config`.
|
90
|
+
#
|
91
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
92
|
+
#
|
93
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
94
|
+
# assume a role after providing credentials via the web.
|
95
|
+
#
|
96
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
97
|
+
# access token generated from `aws login`.
|
98
|
+
#
|
99
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
100
|
+
# process that outputs to stdout.
|
101
|
+
#
|
88
102
|
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
89
103
|
# from an EC2 IMDS on an EC2 instance.
|
90
104
|
#
|
91
|
-
# * `Aws::
|
92
|
-
#
|
105
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
106
|
+
# instances running in ECS.
|
93
107
|
#
|
94
|
-
# * `Aws::
|
108
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
109
|
+
# from the Cognito Identity service.
|
95
110
|
#
|
96
111
|
# When `:credentials` are not configured directly, the following
|
97
112
|
# locations will be searched for credentials:
|
@@ -101,10 +116,10 @@ module Aws::Organizations
|
|
101
116
|
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
102
117
|
# * `~/.aws/credentials`
|
103
118
|
# * `~/.aws/config`
|
104
|
-
# * EC2 IMDS instance profile - When used by default, the timeouts
|
105
|
-
# very aggressive. Construct and pass an instance of
|
106
|
-
# `Aws::InstanceProfileCredentails`
|
107
|
-
# timeouts.
|
119
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
|
+
# are very aggressive. Construct and pass an instance of
|
121
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
+
# enable retries and extended timeouts.
|
108
123
|
#
|
109
124
|
# @option options [required, String] :region
|
110
125
|
# The AWS region to connect to. The configured `:region` is
|
@@ -341,7 +356,7 @@ module Aws::Organizations
|
|
341
356
|
# User Guide*.
|
342
357
|
#
|
343
358
|
# * **Enable all features final confirmation** handshake: only a
|
344
|
-
# principal from the
|
359
|
+
# principal from the management account.
|
345
360
|
#
|
346
361
|
# For more information about invitations, see [Inviting an AWS Account
|
347
362
|
# to Join Your Organization][2] in the *AWS Organizations User Guide.*
|
@@ -472,15 +487,15 @@ module Aws::Organizations
|
|
472
487
|
#
|
473
488
|
# * [TAG\_POLICY][4]
|
474
489
|
#
|
475
|
-
# This operation can be called only from the organization's
|
490
|
+
# This operation can be called only from the organization's management
|
476
491
|
# account.
|
477
492
|
#
|
478
493
|
#
|
479
494
|
#
|
480
|
-
# [1]:
|
481
|
-
# [2]:
|
482
|
-
# [3]:
|
483
|
-
# [4]:
|
495
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
496
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
497
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
498
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
484
499
|
#
|
485
500
|
# @option params [required, String] :policy_id
|
486
501
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -680,16 +695,15 @@ module Aws::Organizations
|
|
680
695
|
# successfully access the account. To check the status of the request,
|
681
696
|
# do one of the following:
|
682
697
|
#
|
683
|
-
# * Use the `
|
684
|
-
# provide as a parameter to the
|
698
|
+
# * Use the `Id` member of the `CreateAccountStatus` response element
|
699
|
+
# from this operation to provide as a parameter to the
|
700
|
+
# DescribeCreateAccountStatus operation.
|
685
701
|
#
|
686
702
|
# * Check the AWS CloudTrail log for the `CreateAccountResult` event.
|
687
703
|
# For information on using AWS CloudTrail with AWS Organizations, see
|
688
704
|
# [Monitoring the Activity in Your Organization][1] in the *AWS
|
689
705
|
# Organizations User Guide.*
|
690
706
|
#
|
691
|
-
#
|
692
|
-
#
|
693
707
|
# The user who calls the API to create an account must have the
|
694
708
|
# `organizations:CreateAccount` permission. If you enabled all features
|
695
709
|
# in the organization, AWS Organizations creates the required
|
@@ -697,14 +711,17 @@ module Aws::Organizations
|
|
697
711
|
# information, see [AWS Organizations and Service-Linked Roles][2] in
|
698
712
|
# the *AWS Organizations User Guide*.
|
699
713
|
#
|
714
|
+
# If the request includes tags, then the requester must have the
|
715
|
+
# `organizations:TagResource` permission.
|
716
|
+
#
|
700
717
|
# AWS Organizations preconfigures the new member account with a role
|
701
718
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
702
|
-
# in the
|
703
|
-
# account. Principals in the
|
719
|
+
# in the management account administrator permissions in the new member
|
720
|
+
# account. Principals in the management account can assume the role. AWS
|
704
721
|
# Organizations clones the company name and address information for the
|
705
|
-
# new account from the organization's
|
722
|
+
# new account from the organization's management account.
|
706
723
|
#
|
707
|
-
# This operation can be called only from the organization's
|
724
|
+
# This operation can be called only from the organization's management
|
708
725
|
# account.
|
709
726
|
#
|
710
727
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -769,10 +786,10 @@ module Aws::Organizations
|
|
769
786
|
# (Optional)
|
770
787
|
#
|
771
788
|
# The name of an IAM role that AWS Organizations automatically
|
772
|
-
# preconfigures in the new member account. This role trusts the
|
773
|
-
# account, allowing users in the
|
774
|
-
# permitted by the
|
775
|
-
# administrator permissions in the new member account.
|
789
|
+
# preconfigures in the new member account. This role trusts the
|
790
|
+
# management account, allowing users in the management account to assume
|
791
|
+
# the role, as permitted by the management account administrator. The
|
792
|
+
# role has administrator permissions in the new member account.
|
776
793
|
#
|
777
794
|
# If you don't specify this parameter, the role name defaults to
|
778
795
|
# `OrganizationAccountAccessRole`.
|
@@ -812,6 +829,23 @@ module Aws::Organizations
|
|
812
829
|
#
|
813
830
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
814
831
|
#
|
832
|
+
# @option params [Array<Types::Tag>] :tags
|
833
|
+
# A list of tags that you want to attach to the newly created account.
|
834
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
835
|
+
# You can set the value to an empty string, but you can't set it to
|
836
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
837
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
838
|
+
#
|
839
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
840
|
+
# of tags for an account, then the entire request fails and the account
|
841
|
+
# is not created.
|
842
|
+
#
|
843
|
+
# </note>
|
844
|
+
#
|
845
|
+
#
|
846
|
+
#
|
847
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
848
|
+
#
|
815
849
|
# @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
816
850
|
#
|
817
851
|
# * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -844,6 +878,12 @@ module Aws::Organizations
|
|
844
878
|
# account_name: "AccountName", # required
|
845
879
|
# role_name: "RoleName",
|
846
880
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
881
|
+
# tags: [
|
882
|
+
# {
|
883
|
+
# key: "TagKey", # required
|
884
|
+
# value: "TagValue", # required
|
885
|
+
# },
|
886
|
+
# ],
|
847
887
|
# })
|
848
888
|
#
|
849
889
|
# @example Response structure
|
@@ -873,16 +913,18 @@ module Aws::Organizations
|
|
873
913
|
# the [ *AWS GovCloud User Guide*.][1]
|
874
914
|
#
|
875
915
|
# * You already have an account in the AWS GovCloud (US) Region that is
|
876
|
-
#
|
916
|
+
# paired with a management account of an organization in the
|
917
|
+
# commercial Region.
|
877
918
|
#
|
878
|
-
# * You call this action from the
|
879
|
-
# the commercial Region.
|
919
|
+
# * You call this action from the management account of your
|
920
|
+
# organization in the commercial Region.
|
880
921
|
#
|
881
|
-
# * You have the `organizations:CreateGovCloudAccount` permission.
|
882
|
-
#
|
883
|
-
#
|
884
|
-
#
|
885
|
-
#
|
922
|
+
# * You have the `organizations:CreateGovCloudAccount` permission.
|
923
|
+
#
|
924
|
+
# AWS Organizations automatically creates the required service-linked
|
925
|
+
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
926
|
+
# [AWS Organizations and Service-Linked Roles][2] in the *AWS
|
927
|
+
# Organizations User Guide.*
|
886
928
|
#
|
887
929
|
# AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
|
888
930
|
# accounts, but you should also do the following:
|
@@ -894,11 +936,18 @@ module Aws::Organizations
|
|
894
936
|
# For more information, see [Verifying AWS CloudTrail Is Enabled][3]
|
895
937
|
# in the *AWS GovCloud User Guide*.
|
896
938
|
#
|
897
|
-
#
|
898
|
-
#
|
899
|
-
#
|
900
|
-
#
|
901
|
-
#
|
939
|
+
# If the request includes tags, then the requester must have the
|
940
|
+
# `organizations:TagResource` permission. The tags are attached to the
|
941
|
+
# commercial account associated with the GovCloud account, rather than
|
942
|
+
# the GovCloud account itself. To add tags to the GovCloud account, call
|
943
|
+
# the TagResource operation in the GovCloud Region after the new
|
944
|
+
# GovCloud account exists.
|
945
|
+
#
|
946
|
+
# You call this action from the management account of your organization
|
947
|
+
# in the commercial Region to create a standalone AWS account in the AWS
|
948
|
+
# GovCloud (US) Region. After the account is created, the management
|
949
|
+
# account of an organization in the AWS GovCloud (US) Region can invite
|
950
|
+
# it to that organization. For more information on inviting standalone
|
902
951
|
# accounts in the AWS GovCloud (US) to join an organization, see [AWS
|
903
952
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
904
953
|
#
|
@@ -927,14 +976,14 @@ module Aws::Organizations
|
|
927
976
|
# accounts are associated with the same email address.
|
928
977
|
#
|
929
978
|
# A role is created in the new account in the commercial Region that
|
930
|
-
# allows the
|
931
|
-
# to assume it. An AWS GovCloud (US) account is then created and
|
979
|
+
# allows the management account in the organization in the commercial
|
980
|
+
# Region to assume it. An AWS GovCloud (US) account is then created and
|
932
981
|
# associated with the commercial account that you just created. A role
|
933
|
-
# is created in the new AWS GovCloud (US) account that can be
|
934
|
-
# the AWS GovCloud (US) account that is associated with the
|
935
|
-
# account of the commercial organization. For more
|
936
|
-
# view a diagram that explains how account access
|
937
|
-
# Organizations][4] in the *AWS GovCloud User Guide.*
|
982
|
+
# is also created in the new AWS GovCloud (US) account that can be
|
983
|
+
# assumed by the AWS GovCloud (US) account that is associated with the
|
984
|
+
# management account of the commercial organization. For more
|
985
|
+
# information and to view a diagram that explains how account access
|
986
|
+
# works, see [AWS Organizations][4] in the *AWS GovCloud User Guide.*
|
938
987
|
#
|
939
988
|
# For more information about creating accounts, see [Creating an AWS
|
940
989
|
# Account in Your Organization][6] in the *AWS Organizations User
|
@@ -1007,9 +1056,9 @@ module Aws::Organizations
|
|
1007
1056
|
#
|
1008
1057
|
# The name of an IAM role that AWS Organizations automatically
|
1009
1058
|
# preconfigures in the new member accounts in both the AWS GovCloud (US)
|
1010
|
-
# Region and in the commercial Region. This role trusts the
|
1011
|
-
# account, allowing users in the
|
1012
|
-
# permitted by the
|
1059
|
+
# Region and in the commercial Region. This role trusts the management
|
1060
|
+
# account, allowing users in the management account to assume the role,
|
1061
|
+
# as permitted by the management account administrator. The role has
|
1013
1062
|
# administrator permissions in the new member account.
|
1014
1063
|
#
|
1015
1064
|
# If you don't specify this parameter, the role name defaults to
|
@@ -1047,6 +1096,28 @@ module Aws::Organizations
|
|
1047
1096
|
#
|
1048
1097
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
1049
1098
|
#
|
1099
|
+
# @option params [Array<Types::Tag>] :tags
|
1100
|
+
# A list of tags that you want to attach to the newly created account.
|
1101
|
+
# These tags are attached to the commercial account associated with the
|
1102
|
+
# GovCloud account, and not to the GovCloud account itself. To add tags
|
1103
|
+
# to the actual GovCloud account, call the TagResource operation in the
|
1104
|
+
# GovCloud region after the new GovCloud account exists.
|
1105
|
+
#
|
1106
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1107
|
+
# You can set the value to an empty string, but you can't set it to
|
1108
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1109
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1110
|
+
#
|
1111
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1112
|
+
# of tags for an account, then the entire request fails and the account
|
1113
|
+
# is not created.
|
1114
|
+
#
|
1115
|
+
# </note>
|
1116
|
+
#
|
1117
|
+
#
|
1118
|
+
#
|
1119
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1120
|
+
#
|
1050
1121
|
# @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1051
1122
|
#
|
1052
1123
|
# * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -1058,6 +1129,12 @@ module Aws::Organizations
|
|
1058
1129
|
# account_name: "AccountName", # required
|
1059
1130
|
# role_name: "RoleName",
|
1060
1131
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
1132
|
+
# tags: [
|
1133
|
+
# {
|
1134
|
+
# key: "TagKey", # required
|
1135
|
+
# value: "TagValue", # required
|
1136
|
+
# },
|
1137
|
+
# ],
|
1061
1138
|
# })
|
1062
1139
|
#
|
1063
1140
|
# @example Response structure
|
@@ -1081,11 +1158,11 @@ module Aws::Organizations
|
|
1081
1158
|
end
|
1082
1159
|
|
1083
1160
|
# Creates an AWS organization. The account whose user is calling the
|
1084
|
-
# `CreateOrganization` operation automatically becomes the [
|
1161
|
+
# `CreateOrganization` operation automatically becomes the [management
|
1085
1162
|
# account][1] of the new organization.
|
1086
1163
|
#
|
1087
1164
|
# This operation must be called using credentials from the account that
|
1088
|
-
# is to become the new organization's
|
1165
|
+
# is to become the new organization's management account. The principal
|
1089
1166
|
# must also have the relevant IAM permissions.
|
1090
1167
|
#
|
1091
1168
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
@@ -1098,14 +1175,14 @@ module Aws::Organizations
|
|
1098
1175
|
#
|
1099
1176
|
#
|
1100
1177
|
#
|
1101
|
-
# [1]: https://docs.aws.amazon.com/
|
1178
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
|
1102
1179
|
#
|
1103
1180
|
# @option params [String] :feature_set
|
1104
1181
|
# Specifies the feature set supported by the new organization. Each
|
1105
1182
|
# feature set supports different levels of functionality.
|
1106
1183
|
#
|
1107
1184
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
1108
|
-
# consolidated to and paid by the
|
1185
|
+
# consolidated to and paid by the management account. For more
|
1109
1186
|
# information, see [Consolidated billing][1] in the *AWS Organizations
|
1110
1187
|
# User Guide.*
|
1111
1188
|
#
|
@@ -1113,10 +1190,10 @@ module Aws::Organizations
|
|
1113
1190
|
# organizations in the AWS GovCloud (US) Region.
|
1114
1191
|
#
|
1115
1192
|
# * `ALL`\: In addition to all the features supported by the
|
1116
|
-
# consolidated billing feature set, the
|
1117
|
-
# any policy type to any member account in the organization. For
|
1118
|
-
# information, see [All features][2] in the *AWS Organizations
|
1119
|
-
# Guide.*
|
1193
|
+
# consolidated billing feature set, the management account can also
|
1194
|
+
# apply any policy type to any member account in the organization. For
|
1195
|
+
# more information, see [All features][2] in the *AWS Organizations
|
1196
|
+
# User Guide.*
|
1120
1197
|
#
|
1121
1198
|
#
|
1122
1199
|
#
|
@@ -1215,7 +1292,10 @@ module Aws::Organizations
|
|
1215
1292
|
# For more information about OUs, see [Managing Organizational Units][1]
|
1216
1293
|
# in the *AWS Organizations User Guide.*
|
1217
1294
|
#
|
1218
|
-
#
|
1295
|
+
# If the request includes tags, then the requester must have the
|
1296
|
+
# `organizations:TagResource` permission.
|
1297
|
+
#
|
1298
|
+
# This operation can be called only from the organization's management
|
1219
1299
|
# account.
|
1220
1300
|
#
|
1221
1301
|
#
|
@@ -1244,6 +1324,23 @@ module Aws::Organizations
|
|
1244
1324
|
# @option params [required, String] :name
|
1245
1325
|
# The friendly name to assign to the new OU.
|
1246
1326
|
#
|
1327
|
+
# @option params [Array<Types::Tag>] :tags
|
1328
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1329
|
+
# each tag in the list, you must specify both a tag key and a value. You
|
1330
|
+
# can set the value to an empty string, but you can't set it to `null`.
|
1331
|
+
# For more information about tagging, see [Tagging AWS Organizations
|
1332
|
+
# resources][1] in the AWS Organizations User Guide.
|
1333
|
+
#
|
1334
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1335
|
+
# of tags for an OU, then the entire request fails and the OU is not
|
1336
|
+
# created.
|
1337
|
+
#
|
1338
|
+
# </note>
|
1339
|
+
#
|
1340
|
+
#
|
1341
|
+
#
|
1342
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1343
|
+
#
|
1247
1344
|
# @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1248
1345
|
#
|
1249
1346
|
# * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
@@ -1272,6 +1369,12 @@ module Aws::Organizations
|
|
1272
1369
|
# resp = client.create_organizational_unit({
|
1273
1370
|
# parent_id: "ParentId", # required
|
1274
1371
|
# name: "OrganizationalUnitName", # required
|
1372
|
+
# tags: [
|
1373
|
+
# {
|
1374
|
+
# key: "TagKey", # required
|
1375
|
+
# value: "TagValue", # required
|
1376
|
+
# },
|
1377
|
+
# ],
|
1275
1378
|
# })
|
1276
1379
|
#
|
1277
1380
|
# @example Response structure
|
@@ -1295,7 +1398,10 @@ module Aws::Organizations
|
|
1295
1398
|
# For more information about policies and their use, see [Managing
|
1296
1399
|
# Organization Policies][1].
|
1297
1400
|
#
|
1298
|
-
#
|
1401
|
+
# If the request includes tags, then the requester must have the
|
1402
|
+
# `organizations:TagResource` permission.
|
1403
|
+
#
|
1404
|
+
# This operation can be called only from the organization's management
|
1299
1405
|
# account.
|
1300
1406
|
#
|
1301
1407
|
#
|
@@ -1334,10 +1440,27 @@ module Aws::Organizations
|
|
1334
1440
|
#
|
1335
1441
|
#
|
1336
1442
|
#
|
1337
|
-
# [1]:
|
1338
|
-
# [2]:
|
1339
|
-
# [3]:
|
1340
|
-
# [4]:
|
1443
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1444
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1445
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1446
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1447
|
+
#
|
1448
|
+
# @option params [Array<Types::Tag>] :tags
|
1449
|
+
# A list of tags that you want to attach to the newly created policy.
|
1450
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1451
|
+
# You can set the value to an empty string, but you can't set it to
|
1452
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1453
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1454
|
+
#
|
1455
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1456
|
+
# of tags for a policy, then the entire request fails and the policy is
|
1457
|
+
# not created.
|
1458
|
+
#
|
1459
|
+
# </note>
|
1460
|
+
#
|
1461
|
+
#
|
1462
|
+
#
|
1463
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1341
1464
|
#
|
1342
1465
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1343
1466
|
#
|
@@ -1378,6 +1501,12 @@ module Aws::Organizations
|
|
1378
1501
|
# description: "PolicyDescription", # required
|
1379
1502
|
# name: "PolicyName", # required
|
1380
1503
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1504
|
+
# tags: [
|
1505
|
+
# {
|
1506
|
+
# key: "TagKey", # required
|
1507
|
+
# value: "TagValue", # required
|
1508
|
+
# },
|
1509
|
+
# ],
|
1381
1510
|
# })
|
1382
1511
|
#
|
1383
1512
|
# @example Response structure
|
@@ -1513,8 +1642,8 @@ module Aws::Organizations
|
|
1513
1642
|
end
|
1514
1643
|
|
1515
1644
|
# Deletes the organization. You can delete an organization only by using
|
1516
|
-
# credentials from the
|
1517
|
-
# member accounts.
|
1645
|
+
# credentials from the management account. The organization must be
|
1646
|
+
# empty of member accounts.
|
1518
1647
|
#
|
1519
1648
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1520
1649
|
#
|
@@ -1531,7 +1660,7 @@ module Aws::Organizations
|
|
1531
1660
|
# must first remove all accounts and child OUs from the OU that you want
|
1532
1661
|
# to delete.
|
1533
1662
|
#
|
1534
|
-
# This operation can be called only from the organization's
|
1663
|
+
# This operation can be called only from the organization's management
|
1535
1664
|
# account.
|
1536
1665
|
#
|
1537
1666
|
# @option params [required, String] :organizational_unit_id
|
@@ -1579,7 +1708,7 @@ module Aws::Organizations
|
|
1579
1708
|
# perform this operation, you must first detach the policy from all
|
1580
1709
|
# organizational units (OUs), roots, and accounts.
|
1581
1710
|
#
|
1582
|
-
# This operation can be called only from the organization's
|
1711
|
+
# This operation can be called only from the organization's management
|
1583
1712
|
# account.
|
1584
1713
|
#
|
1585
1714
|
# @option params [required, String] :policy_id
|
@@ -1636,7 +1765,7 @@ module Aws::Organizations
|
|
1636
1765
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
1637
1766
|
# Organizations User Guide.*
|
1638
1767
|
#
|
1639
|
-
# This operation can be called only from the organization's
|
1768
|
+
# This operation can be called only from the organization's management
|
1640
1769
|
# account.
|
1641
1770
|
#
|
1642
1771
|
#
|
@@ -1678,7 +1807,7 @@ module Aws::Organizations
|
|
1678
1807
|
# Retrieves AWS Organizations-related information about the specified
|
1679
1808
|
# account.
|
1680
1809
|
#
|
1681
|
-
# This operation can be called only from the organization's
|
1810
|
+
# This operation can be called only from the organization's management
|
1682
1811
|
# account or by a member account that is a delegated administrator for
|
1683
1812
|
# an AWS service.
|
1684
1813
|
#
|
@@ -1745,14 +1874,15 @@ module Aws::Organizations
|
|
1745
1874
|
# Retrieves the current status of an asynchronous request to create an
|
1746
1875
|
# account.
|
1747
1876
|
#
|
1748
|
-
# This operation can be called only from the organization's
|
1877
|
+
# This operation can be called only from the organization's management
|
1749
1878
|
# account or by a member account that is a delegated administrator for
|
1750
1879
|
# an AWS service.
|
1751
1880
|
#
|
1752
1881
|
# @option params [required, String] :create_account_request_id
|
1753
|
-
# Specifies the `
|
1754
|
-
# can get the
|
1755
|
-
# or from the
|
1882
|
+
# Specifies the `Id` value that uniquely identifies the `CreateAccount`
|
1883
|
+
# request. You can get the value from the `CreateAccountStatus.Id`
|
1884
|
+
# response in an earlier CreateAccount request, or from the
|
1885
|
+
# ListCreateAccountStatus operation.
|
1756
1886
|
#
|
1757
1887
|
# The [regex pattern][1] for a create account request ID string requires
|
1758
1888
|
# "car-" followed by from 8 to 32 lowercase letters or digits.
|
@@ -1822,7 +1952,7 @@ module Aws::Organizations
|
|
1822
1952
|
# For more information about policy inheritance, see [How Policy
|
1823
1953
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1824
1954
|
#
|
1825
|
-
# This operation can be called only from the organization's
|
1955
|
+
# This operation can be called only from the organization's management
|
1826
1956
|
# account or by a member account that is a delegated administrator for
|
1827
1957
|
# an AWS service.
|
1828
1958
|
#
|
@@ -1842,14 +1972,14 @@ module Aws::Organizations
|
|
1842
1972
|
#
|
1843
1973
|
#
|
1844
1974
|
#
|
1845
|
-
# [1]:
|
1846
|
-
# [2]:
|
1847
|
-
# [3]:
|
1975
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1976
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1977
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1848
1978
|
#
|
1849
1979
|
# @option params [String] :target_id
|
1850
|
-
# When you're signed in as the
|
1851
|
-
# account that you want details about. Specifying an organization
|
1852
|
-
# or organizational unit (OU) as the target is not supported.
|
1980
|
+
# When you're signed in as the management account, specify the ID of
|
1981
|
+
# the account that you want details about. Specifying an organization
|
1982
|
+
# root or organizational unit (OU) as the target is not supported.
|
1853
1983
|
#
|
1854
1984
|
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1855
1985
|
#
|
@@ -2052,7 +2182,7 @@ module Aws::Organizations
|
|
2052
2182
|
|
2053
2183
|
# Retrieves information about an organizational unit (OU).
|
2054
2184
|
#
|
2055
|
-
# This operation can be called only from the organization's
|
2185
|
+
# This operation can be called only from the organization's management
|
2056
2186
|
# account or by a member account that is a delegated administrator for
|
2057
2187
|
# an AWS service.
|
2058
2188
|
#
|
@@ -2115,7 +2245,7 @@ module Aws::Organizations
|
|
2115
2245
|
|
2116
2246
|
# Retrieves information about a policy.
|
2117
2247
|
#
|
2118
|
-
# This operation can be called only from the organization's
|
2248
|
+
# This operation can be called only from the organization's management
|
2119
2249
|
# account or by a member account that is a delegated administrator for
|
2120
2250
|
# an AWS service.
|
2121
2251
|
#
|
@@ -2203,7 +2333,7 @@ module Aws::Organizations
|
|
2203
2333
|
# attached SCP), you're using the authorization strategy of a "[deny
|
2204
2334
|
# list][2]".
|
2205
2335
|
#
|
2206
|
-
# This operation can be called only from the organization's
|
2336
|
+
# This operation can be called only from the organization's management
|
2207
2337
|
# account.
|
2208
2338
|
#
|
2209
2339
|
#
|
@@ -2302,7 +2432,7 @@ module Aws::Organizations
|
|
2302
2432
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2303
2433
|
# Services][2] in the *AWS Organizations User Guide.*
|
2304
2434
|
#
|
2305
|
-
# This operation can be called only from the organization's
|
2435
|
+
# This operation can be called only from the organization's management
|
2306
2436
|
# account.
|
2307
2437
|
#
|
2308
2438
|
#
|
@@ -2346,7 +2476,7 @@ module Aws::Organizations
|
|
2346
2476
|
# status of policy types for a specified root, and then use this
|
2347
2477
|
# operation.
|
2348
2478
|
#
|
2349
|
-
# This operation can be called only from the organization's
|
2479
|
+
# This operation can be called only from the organization's management
|
2350
2480
|
# account.
|
2351
2481
|
#
|
2352
2482
|
# To view the status of available policy types in the organization, use
|
@@ -2381,10 +2511,10 @@ module Aws::Organizations
|
|
2381
2511
|
#
|
2382
2512
|
#
|
2383
2513
|
#
|
2384
|
-
# [1]:
|
2385
|
-
# [2]:
|
2386
|
-
# [3]:
|
2387
|
-
# [4]:
|
2514
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2515
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2516
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2517
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2388
2518
|
#
|
2389
2519
|
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2390
2520
|
#
|
@@ -2456,7 +2586,7 @@ module Aws::Organizations
|
|
2456
2586
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2457
2587
|
# Services][2] in the *AWS Organizations User Guide.*
|
2458
2588
|
#
|
2459
|
-
# This operation can be called only from the organization's
|
2589
|
+
# This operation can be called only from the organization's management
|
2460
2590
|
# account and only if the organization has [enabled all features][3].
|
2461
2591
|
#
|
2462
2592
|
#
|
@@ -2511,14 +2641,14 @@ module Aws::Organizations
|
|
2511
2641
|
# the feature set change by accepting the handshake that contains
|
2512
2642
|
# `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
|
2513
2643
|
#
|
2514
|
-
# After you enable all features in your organization, the
|
2515
|
-
# in the organization can apply policies on all member accounts.
|
2516
|
-
# policies can restrict what users and even administrators in
|
2517
|
-
# accounts can do. The
|
2518
|
-
# accounts from leaving the organization. Ensure that your
|
2519
|
-
# administrators are aware of this.
|
2644
|
+
# After you enable all features in your organization, the management
|
2645
|
+
# account in the organization can apply policies on all member accounts.
|
2646
|
+
# These policies can restrict what users and even administrators in
|
2647
|
+
# those accounts can do. The management account can apply policies that
|
2648
|
+
# prevent accounts from leaving the organization. Ensure that your
|
2649
|
+
# account administrators are aware of this.
|
2520
2650
|
#
|
2521
|
-
# This operation can be called only from the organization's
|
2651
|
+
# This operation can be called only from the organization's management
|
2522
2652
|
# account.
|
2523
2653
|
#
|
2524
2654
|
#
|
@@ -2599,7 +2729,7 @@ module Aws::Organizations
|
|
2599
2729
|
# AWS recommends that you first use ListRoots to see the status of
|
2600
2730
|
# policy types for a specified root, and then use this operation.
|
2601
2731
|
#
|
2602
|
-
# This operation can be called only from the organization's
|
2732
|
+
# This operation can be called only from the organization's management
|
2603
2733
|
# account.
|
2604
2734
|
#
|
2605
2735
|
# You can enable a policy type in a root only if that policy type is
|
@@ -2631,10 +2761,10 @@ module Aws::Organizations
|
|
2631
2761
|
#
|
2632
2762
|
#
|
2633
2763
|
#
|
2634
|
-
# [1]:
|
2635
|
-
# [2]:
|
2636
|
-
# [3]:
|
2637
|
-
# [4]:
|
2764
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2765
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2766
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2767
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2638
2768
|
#
|
2639
2769
|
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2640
2770
|
#
|
@@ -2697,12 +2827,12 @@ module Aws::Organizations
|
|
2697
2827
|
# invitation is implemented as a Handshake whose details are in the
|
2698
2828
|
# response.
|
2699
2829
|
#
|
2700
|
-
# * You can invite AWS accounts only from the same seller as the
|
2701
|
-
# account. For example, if your organization's
|
2702
|
-
# created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2703
|
-
# in India, you can invite only other AISPL accounts to
|
2704
|
-
# organization. You can't combine accounts from AISPL and AWS or
|
2705
|
-
# any other AWS seller. For more information, see [Consolidated
|
2830
|
+
# * You can invite AWS accounts only from the same seller as the
|
2831
|
+
# management account. For example, if your organization's management
|
2832
|
+
# account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2833
|
+
# AWS seller in India, you can invite only other AISPL accounts to
|
2834
|
+
# your organization. You can't combine accounts from AISPL and AWS or
|
2835
|
+
# from any other AWS seller. For more information, see [Consolidated
|
2706
2836
|
# Billing in India][1].
|
2707
2837
|
#
|
2708
2838
|
# * If you receive an exception that indicates that you exceeded your
|
@@ -2711,7 +2841,10 @@ module Aws::Organizations
|
|
2711
2841
|
# then try again. If the error persists after an hour, contact [AWS
|
2712
2842
|
# Support][2].
|
2713
2843
|
#
|
2714
|
-
#
|
2844
|
+
# If the request includes tags, then the requester must have the
|
2845
|
+
# `organizations:TagResource` permission.
|
2846
|
+
#
|
2847
|
+
# This operation can be called only from the organization's management
|
2715
2848
|
# account.
|
2716
2849
|
#
|
2717
2850
|
#
|
@@ -2741,6 +2874,33 @@ module Aws::Organizations
|
|
2741
2874
|
# Additional information that you want to include in the generated email
|
2742
2875
|
# to the recipient account owner.
|
2743
2876
|
#
|
2877
|
+
# @option params [Array<Types::Tag>] :tags
|
2878
|
+
# A list of tags that you want to attach to the account when it becomes
|
2879
|
+
# a member of the organization. For each tag in the list, you must
|
2880
|
+
# specify both a tag key and a value. You can set the value to an empty
|
2881
|
+
# string, but you can't set it to `null`. For more information about
|
2882
|
+
# tagging, see [Tagging AWS Organizations resources][1] in the AWS
|
2883
|
+
# Organizations User Guide.
|
2884
|
+
#
|
2885
|
+
# Any tags in the request are checked for compliance with any applicable
|
2886
|
+
# tag policies when the request is made. The request is rejected if the
|
2887
|
+
# tags in the request don't match the requirements of the policy at
|
2888
|
+
# that time. Tag policy compliance is <i> <b>not</b> </i> checked again
|
2889
|
+
# when the invitation is accepted and the tags are actually attached to
|
2890
|
+
# the account. That means that if the tag policy changes between the
|
2891
|
+
# invitation and the acceptance, then that tags could potentially be
|
2892
|
+
# non-compliant.
|
2893
|
+
#
|
2894
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
2895
|
+
# of tags for an account, then the entire request fails and invitations
|
2896
|
+
# are not sent.
|
2897
|
+
#
|
2898
|
+
# </note>
|
2899
|
+
#
|
2900
|
+
#
|
2901
|
+
#
|
2902
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2903
|
+
#
|
2744
2904
|
# @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2745
2905
|
#
|
2746
2906
|
# * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
|
@@ -2813,6 +2973,12 @@ module Aws::Organizations
|
|
2813
2973
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2814
2974
|
# },
|
2815
2975
|
# notes: "HandshakeNotes",
|
2976
|
+
# tags: [
|
2977
|
+
# {
|
2978
|
+
# key: "TagKey", # required
|
2979
|
+
# value: "TagValue", # required
|
2980
|
+
# },
|
2981
|
+
# ],
|
2816
2982
|
# })
|
2817
2983
|
#
|
2818
2984
|
# @example Response structure
|
@@ -2842,14 +3008,14 @@ module Aws::Organizations
|
|
2842
3008
|
|
2843
3009
|
# Removes a member account from its parent organization. This version of
|
2844
3010
|
# the operation is performed by the account that wants to leave. To
|
2845
|
-
# remove a member account as a user in the
|
3011
|
+
# remove a member account as a user in the management account, use
|
2846
3012
|
# RemoveAccountFromOrganization instead.
|
2847
3013
|
#
|
2848
3014
|
# This operation can be called only from a member account in the
|
2849
3015
|
# organization.
|
2850
3016
|
#
|
2851
|
-
# * The
|
2852
|
-
# set service control policies (SCPs) that can restrict what
|
3017
|
+
# * The management account in an organization with all features enabled
|
3018
|
+
# can set service control policies (SCPs) that can restrict what
|
2853
3019
|
# administrators of member accounts can do. This includes preventing
|
2854
3020
|
# them from successfully calling `LeaveOrganization` and leaving the
|
2855
3021
|
# organization.
|
@@ -2880,6 +3046,10 @@ module Aws::Organizations
|
|
2880
3046
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
2881
3047
|
# Billing and Cost Management User Guide.*
|
2882
3048
|
#
|
3049
|
+
# * After the account leaves the organization, all tags that were
|
3050
|
+
# attached to the account object in the organization are deleted. AWS
|
3051
|
+
# accounts outside of an organization do not support tags.
|
3052
|
+
#
|
2883
3053
|
#
|
2884
3054
|
#
|
2885
3055
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
@@ -2914,7 +3084,7 @@ module Aws::Organizations
|
|
2914
3084
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2915
3085
|
# Services][1] in the *AWS Organizations User Guide.*
|
2916
3086
|
#
|
2917
|
-
# This operation can be called only from the organization's
|
3087
|
+
# This operation can be called only from the organization's management
|
2918
3088
|
# account or by a member account that is a delegated administrator for
|
2919
3089
|
# an AWS service.
|
2920
3090
|
#
|
@@ -2983,7 +3153,7 @@ module Aws::Organizations
|
|
2983
3153
|
#
|
2984
3154
|
# </note>
|
2985
3155
|
#
|
2986
|
-
# This operation can be called only from the organization's
|
3156
|
+
# This operation can be called only from the organization's management
|
2987
3157
|
# account or by a member account that is a delegated administrator for
|
2988
3158
|
# an AWS service.
|
2989
3159
|
#
|
@@ -3106,7 +3276,7 @@ module Aws::Organizations
|
|
3106
3276
|
#
|
3107
3277
|
# </note>
|
3108
3278
|
#
|
3109
|
-
# This operation can be called only from the organization's
|
3279
|
+
# This operation can be called only from the organization's management
|
3110
3280
|
# account or by a member account that is a delegated administrator for
|
3111
3281
|
# an AWS service.
|
3112
3282
|
#
|
@@ -3215,7 +3385,7 @@ module Aws::Organizations
|
|
3215
3385
|
#
|
3216
3386
|
# </note>
|
3217
3387
|
#
|
3218
|
-
# This operation can be called only from the organization's
|
3388
|
+
# This operation can be called only from the organization's management
|
3219
3389
|
# account or by a member account that is a delegated administrator for
|
3220
3390
|
# an AWS service.
|
3221
3391
|
#
|
@@ -3327,7 +3497,7 @@ module Aws::Organizations
|
|
3327
3497
|
#
|
3328
3498
|
# </note>
|
3329
3499
|
#
|
3330
|
-
# This operation can be called only from the organization's
|
3500
|
+
# This operation can be called only from the organization's management
|
3331
3501
|
# account or by a member account that is a delegated administrator for
|
3332
3502
|
# an AWS service.
|
3333
3503
|
#
|
@@ -3444,7 +3614,7 @@ module Aws::Organizations
|
|
3444
3614
|
# Lists the AWS accounts that are designated as delegated administrators
|
3445
3615
|
# in this organization.
|
3446
3616
|
#
|
3447
|
-
# This operation can be called only from the organization's
|
3617
|
+
# This operation can be called only from the organization's management
|
3448
3618
|
# account or by a member account that is a delegated administrator for
|
3449
3619
|
# an AWS service.
|
3450
3620
|
#
|
@@ -3514,7 +3684,7 @@ module Aws::Organizations
|
|
3514
3684
|
# List the AWS services for which the specified account is a delegated
|
3515
3685
|
# administrator.
|
3516
3686
|
#
|
3517
|
-
# This operation can be called only from the organization's
|
3687
|
+
# This operation can be called only from the organization's management
|
3518
3688
|
# account or by a member account that is a delegated administrator for
|
3519
3689
|
# an AWS service.
|
3520
3690
|
#
|
@@ -3736,7 +3906,7 @@ module Aws::Organizations
|
|
3736
3906
|
#
|
3737
3907
|
# </note>
|
3738
3908
|
#
|
3739
|
-
# This operation can be called only from the organization's
|
3909
|
+
# This operation can be called only from the organization's management
|
3740
3910
|
# account or by a member account that is a delegated administrator for
|
3741
3911
|
# an AWS service.
|
3742
3912
|
#
|
@@ -3922,7 +4092,7 @@ module Aws::Organizations
|
|
3922
4092
|
#
|
3923
4093
|
# </note>
|
3924
4094
|
#
|
3925
|
-
# This operation can be called only from the organization's
|
4095
|
+
# This operation can be called only from the organization's management
|
3926
4096
|
# account or by a member account that is a delegated administrator for
|
3927
4097
|
# an AWS service.
|
3928
4098
|
#
|
@@ -4034,7 +4204,7 @@ module Aws::Organizations
|
|
4034
4204
|
#
|
4035
4205
|
# </note>
|
4036
4206
|
#
|
4037
|
-
# This operation can be called only from the organization's
|
4207
|
+
# This operation can be called only from the organization's management
|
4038
4208
|
# account or by a member account that is a delegated administrator for
|
4039
4209
|
# an AWS service.
|
4040
4210
|
#
|
@@ -4140,7 +4310,7 @@ module Aws::Organizations
|
|
4140
4310
|
#
|
4141
4311
|
# </note>
|
4142
4312
|
#
|
4143
|
-
# This operation can be called only from the organization's
|
4313
|
+
# This operation can be called only from the organization's management
|
4144
4314
|
# account or by a member account that is a delegated administrator for
|
4145
4315
|
# an AWS service.
|
4146
4316
|
#
|
@@ -4158,10 +4328,10 @@ module Aws::Organizations
|
|
4158
4328
|
#
|
4159
4329
|
#
|
4160
4330
|
#
|
4161
|
-
# [1]:
|
4162
|
-
# [2]:
|
4163
|
-
# [3]:
|
4164
|
-
# [4]:
|
4331
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4332
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4333
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4334
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4165
4335
|
#
|
4166
4336
|
# @option params [String] :next_token
|
4167
4337
|
# The parameter for receiving additional results if you receive a
|
@@ -4268,7 +4438,7 @@ module Aws::Organizations
|
|
4268
4438
|
#
|
4269
4439
|
# </note>
|
4270
4440
|
#
|
4271
|
-
# This operation can be called only from the organization's
|
4441
|
+
# This operation can be called only from the organization's management
|
4272
4442
|
# account or by a member account that is a delegated administrator for
|
4273
4443
|
# an AWS service.
|
4274
4444
|
#
|
@@ -4307,10 +4477,10 @@ module Aws::Organizations
|
|
4307
4477
|
#
|
4308
4478
|
#
|
4309
4479
|
#
|
4310
|
-
# [1]:
|
4311
|
-
# [2]:
|
4312
|
-
# [3]:
|
4313
|
-
# [4]:
|
4480
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4481
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4482
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4483
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4314
4484
|
#
|
4315
4485
|
# @option params [String] :next_token
|
4316
4486
|
# The parameter for receiving additional results if you receive a
|
@@ -4403,7 +4573,7 @@ module Aws::Organizations
|
|
4403
4573
|
#
|
4404
4574
|
# </note>
|
4405
4575
|
#
|
4406
|
-
# This operation can be called only from the organization's
|
4576
|
+
# This operation can be called only from the organization's management
|
4407
4577
|
# account or by a member account that is a delegated administrator for
|
4408
4578
|
# an AWS service.
|
4409
4579
|
#
|
@@ -4494,16 +4664,37 @@ module Aws::Organizations
|
|
4494
4664
|
req.send_request(options)
|
4495
4665
|
end
|
4496
4666
|
|
4497
|
-
# Lists tags
|
4667
|
+
# Lists tags that are attached to the specified resource.
|
4498
4668
|
#
|
4499
|
-
#
|
4669
|
+
# You can attach tags to the following resources in AWS Organizations.
|
4500
4670
|
#
|
4501
|
-
#
|
4671
|
+
# * AWS account
|
4672
|
+
#
|
4673
|
+
# * Organization root
|
4674
|
+
#
|
4675
|
+
# * Organizational unit (OU)
|
4676
|
+
#
|
4677
|
+
# * Policy (any type)
|
4678
|
+
#
|
4679
|
+
# This operation can be called only from the organization's management
|
4502
4680
|
# account or by a member account that is a delegated administrator for
|
4503
4681
|
# an AWS service.
|
4504
4682
|
#
|
4505
4683
|
# @option params [required, String] :resource_id
|
4506
|
-
# The ID of the resource
|
4684
|
+
# The ID of the resource with the tags to list.
|
4685
|
+
#
|
4686
|
+
# You can specify any of the following taggable resources.
|
4687
|
+
#
|
4688
|
+
# * AWS account – specify the account ID number.
|
4689
|
+
#
|
4690
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4691
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4692
|
+
#
|
4693
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4694
|
+
# to: `r-1a2b `
|
4695
|
+
#
|
4696
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4697
|
+
# similar to: `p-12abcdefg3 `
|
4507
4698
|
#
|
4508
4699
|
# @option params [String] :next_token
|
4509
4700
|
# The parameter for receiving additional results if you receive a
|
@@ -4553,7 +4744,7 @@ module Aws::Organizations
|
|
4553
4744
|
#
|
4554
4745
|
# </note>
|
4555
4746
|
#
|
4556
|
-
# This operation can be called only from the organization's
|
4747
|
+
# This operation can be called only from the organization's management
|
4557
4748
|
# account or by a member account that is a delegated administrator for
|
4558
4749
|
# an AWS service.
|
4559
4750
|
#
|
@@ -4658,7 +4849,7 @@ module Aws::Organizations
|
|
4658
4849
|
# Moves an account from its current source parent root or organizational
|
4659
4850
|
# unit (OU) to the specified destination parent root or OU.
|
4660
4851
|
#
|
4661
|
-
# This operation can be called only from the organization's
|
4852
|
+
# This operation can be called only from the organization's management
|
4662
4853
|
# account.
|
4663
4854
|
#
|
4664
4855
|
# @option params [required, String] :account_id
|
@@ -4750,7 +4941,7 @@ module Aws::Organizations
|
|
4750
4941
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
4751
4942
|
# Organizations User Guide.*
|
4752
4943
|
#
|
4753
|
-
# This operation can be called only from the organization's
|
4944
|
+
# This operation can be called only from the organization's management
|
4754
4945
|
# account.
|
4755
4946
|
#
|
4756
4947
|
#
|
@@ -4787,28 +4978,33 @@ module Aws::Organizations
|
|
4787
4978
|
#
|
4788
4979
|
# The removed account becomes a standalone account that isn't a member
|
4789
4980
|
# of any organization. It's no longer subject to any policies and is
|
4790
|
-
# responsible for its own bill payments. The organization's
|
4981
|
+
# responsible for its own bill payments. The organization's management
|
4791
4982
|
# account is no longer charged for any expenses accrued by the member
|
4792
4983
|
# account after it's removed from the organization.
|
4793
4984
|
#
|
4794
|
-
# This operation can be called only from the organization's
|
4985
|
+
# This operation can be called only from the organization's management
|
4795
4986
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4796
4987
|
# instead.
|
4797
4988
|
#
|
4798
|
-
# You can remove an account from your organization only if the account
|
4799
|
-
#
|
4800
|
-
# account. When you create an account in an organization
|
4801
|
-
# Organizations console, API, or CLI commands, the
|
4802
|
-
# of standalone accounts is *not* automatically
|
4803
|
-
# account that you want to make standalone, you must
|
4804
|
-
# plan, provide and verify the required contact
|
4805
|
-
# a current payment method. AWS uses the
|
4806
|
-
# any billable (not free tier) AWS
|
4807
|
-
# account isn't attached to an
|
4808
|
-
# doesn't yet have this
|
4809
|
-
#
|
4810
|
-
#
|
4811
|
-
#
|
4989
|
+
# * You can remove an account from your organization only if the account
|
4990
|
+
# is configured with the information required to operate as a
|
4991
|
+
# standalone account. When you create an account in an organization
|
4992
|
+
# using the AWS Organizations console, API, or CLI commands, the
|
4993
|
+
# information required of standalone accounts is *not* automatically
|
4994
|
+
# collected. For an account that you want to make standalone, you must
|
4995
|
+
# choose a support plan, provide and verify the required contact
|
4996
|
+
# information, and provide a current payment method. AWS uses the
|
4997
|
+
# payment method to charge for any billable (not free tier) AWS
|
4998
|
+
# activity that occurs while the account isn't attached to an
|
4999
|
+
# organization. To remove an account that doesn't yet have this
|
5000
|
+
# information, you must sign in as the member account and follow the
|
5001
|
+
# steps at [ To leave an organization when all required account
|
5002
|
+
# information has not yet been provided][1] in the *AWS Organizations
|
5003
|
+
# User Guide.*
|
5004
|
+
#
|
5005
|
+
# * After the account leaves the organization, all tags that were
|
5006
|
+
# attached to the account object in the organization are deleted. AWS
|
5007
|
+
# accounts outside of an organization do not support tags.
|
4812
5008
|
#
|
4813
5009
|
#
|
4814
5010
|
#
|
@@ -4853,18 +5049,48 @@ module Aws::Organizations
|
|
4853
5049
|
|
4854
5050
|
# Adds one or more tags to the specified resource.
|
4855
5051
|
#
|
4856
|
-
# Currently, you can
|
5052
|
+
# Currently, you can attach tags to the following resources in AWS
|
5053
|
+
# Organizations.
|
4857
5054
|
#
|
4858
|
-
#
|
5055
|
+
# * AWS account
|
5056
|
+
#
|
5057
|
+
# * Organization root
|
5058
|
+
#
|
5059
|
+
# * Organizational unit (OU)
|
5060
|
+
#
|
5061
|
+
# * Policy (any type)
|
5062
|
+
#
|
5063
|
+
# This operation can be called only from the organization's management
|
4859
5064
|
# account.
|
4860
5065
|
#
|
4861
5066
|
# @option params [required, String] :resource_id
|
4862
5067
|
# The ID of the resource to add a tag to.
|
4863
5068
|
#
|
4864
5069
|
# @option params [required, Array<Types::Tag>] :tags
|
4865
|
-
#
|
4866
|
-
#
|
4867
|
-
#
|
5070
|
+
# A list of tags to add to the specified resource.
|
5071
|
+
#
|
5072
|
+
# You can specify any of the following taggable resources.
|
5073
|
+
#
|
5074
|
+
# * AWS account – specify the account ID number.
|
5075
|
+
#
|
5076
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5077
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5078
|
+
#
|
5079
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5080
|
+
# to: `r-1a2b `
|
5081
|
+
#
|
5082
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5083
|
+
# similar to: `p-12abcdefg3 `
|
5084
|
+
#
|
5085
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
5086
|
+
# You can set the value to an empty string, but you can't set it to
|
5087
|
+
# `null`.
|
5088
|
+
#
|
5089
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
5090
|
+
# of tags for an account user, then the entire request fails and the
|
5091
|
+
# account is not created.
|
5092
|
+
#
|
5093
|
+
# </note>
|
4868
5094
|
#
|
4869
5095
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4870
5096
|
#
|
@@ -4889,18 +5115,39 @@ module Aws::Organizations
|
|
4889
5115
|
req.send_request(options)
|
4890
5116
|
end
|
4891
5117
|
|
4892
|
-
# Removes
|
5118
|
+
# Removes any tags with the specified keys from the specified resource.
|
5119
|
+
#
|
5120
|
+
# You can attach tags to the following resources in AWS Organizations.
|
5121
|
+
#
|
5122
|
+
# * AWS account
|
4893
5123
|
#
|
4894
|
-
#
|
5124
|
+
# * Organization root
|
4895
5125
|
#
|
4896
|
-
#
|
5126
|
+
# * Organizational unit (OU)
|
5127
|
+
#
|
5128
|
+
# * Policy (any type)
|
5129
|
+
#
|
5130
|
+
# This operation can be called only from the organization's management
|
4897
5131
|
# account.
|
4898
5132
|
#
|
4899
5133
|
# @option params [required, String] :resource_id
|
4900
|
-
# The ID of the resource to remove
|
5134
|
+
# The ID of the resource to remove a tag from.
|
5135
|
+
#
|
5136
|
+
# You can specify any of the following taggable resources.
|
5137
|
+
#
|
5138
|
+
# * AWS account – specify the account ID number.
|
5139
|
+
#
|
5140
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5141
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5142
|
+
#
|
5143
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5144
|
+
# to: `r-1a2b `
|
5145
|
+
#
|
5146
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5147
|
+
# similar to: `p-12abcdefg3 `
|
4901
5148
|
#
|
4902
5149
|
# @option params [required, Array<String>] :tag_keys
|
4903
|
-
# The
|
5150
|
+
# The list of keys for tags to remove from the specified resource.
|
4904
5151
|
#
|
4905
5152
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4906
5153
|
#
|
@@ -4924,7 +5171,7 @@ module Aws::Organizations
|
|
4924
5171
|
# change. The child OUs and accounts remain in place, and any attached
|
4925
5172
|
# policies of the OU remain attached.
|
4926
5173
|
#
|
4927
|
-
# This operation can be called only from the organization's
|
5174
|
+
# This operation can be called only from the organization's management
|
4928
5175
|
# account.
|
4929
5176
|
#
|
4930
5177
|
# @option params [required, String] :organizational_unit_id
|
@@ -4999,7 +5246,7 @@ module Aws::Organizations
|
|
4999
5246
|
# If you don't supply any parameter, that value remains unchanged. You
|
5000
5247
|
# can't change a policy's type.
|
5001
5248
|
#
|
5002
|
-
# This operation can be called only from the organization's
|
5249
|
+
# This operation can be called only from the organization's management
|
5003
5250
|
# account.
|
5004
5251
|
#
|
5005
5252
|
# @option params [required, String] :policy_id
|
@@ -5133,7 +5380,7 @@ module Aws::Organizations
|
|
5133
5380
|
params: params,
|
5134
5381
|
config: config)
|
5135
5382
|
context[:gem_name] = 'aws-sdk-organizations'
|
5136
|
-
context[:gem_version] = '1.
|
5383
|
+
context[:gem_version] = '1.54.0'
|
5137
5384
|
Seahorse::Client::Request.new(handlers, context)
|
5138
5385
|
end
|
5139
5386
|
|