aws-sdk-organizations 1.49.0 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +3 -2
- data/lib/aws-sdk-organizations/client.rb +415 -168
- data/lib/aws-sdk-organizations/client_api.rb +6 -0
- data/lib/aws-sdk-organizations/types.rb +334 -120
- metadata +4 -4
@@ -312,6 +312,7 @@ module Aws::Organizations
|
|
312
312
|
CreateAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
|
313
313
|
CreateAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
|
314
314
|
CreateAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
|
315
|
+
CreateAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
315
316
|
CreateAccountRequest.struct_class = Types::CreateAccountRequest
|
316
317
|
|
317
318
|
CreateAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
|
@@ -338,6 +339,7 @@ module Aws::Organizations
|
|
338
339
|
CreateGovCloudAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
|
339
340
|
CreateGovCloudAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
|
340
341
|
CreateGovCloudAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
|
342
|
+
CreateGovCloudAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
341
343
|
CreateGovCloudAccountRequest.struct_class = Types::CreateGovCloudAccountRequest
|
342
344
|
|
343
345
|
CreateGovCloudAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
|
@@ -351,6 +353,7 @@ module Aws::Organizations
|
|
351
353
|
|
352
354
|
CreateOrganizationalUnitRequest.add_member(:parent_id, Shapes::ShapeRef.new(shape: ParentId, required: true, location_name: "ParentId"))
|
353
355
|
CreateOrganizationalUnitRequest.add_member(:name, Shapes::ShapeRef.new(shape: OrganizationalUnitName, required: true, location_name: "Name"))
|
356
|
+
CreateOrganizationalUnitRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
354
357
|
CreateOrganizationalUnitRequest.struct_class = Types::CreateOrganizationalUnitRequest
|
355
358
|
|
356
359
|
CreateOrganizationalUnitResponse.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: OrganizationalUnit, location_name: "OrganizationalUnit"))
|
@@ -360,6 +363,7 @@ module Aws::Organizations
|
|
360
363
|
CreatePolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: PolicyDescription, required: true, location_name: "Description"))
|
361
364
|
CreatePolicyRequest.add_member(:name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "Name"))
|
362
365
|
CreatePolicyRequest.add_member(:type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "Type"))
|
366
|
+
CreatePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
363
367
|
CreatePolicyRequest.struct_class = Types::CreatePolicyRequest
|
364
368
|
|
365
369
|
CreatePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
|
@@ -552,6 +556,7 @@ module Aws::Organizations
|
|
552
556
|
|
553
557
|
InviteAccountToOrganizationRequest.add_member(:target, Shapes::ShapeRef.new(shape: HandshakeParty, required: true, location_name: "Target"))
|
554
558
|
InviteAccountToOrganizationRequest.add_member(:notes, Shapes::ShapeRef.new(shape: HandshakeNotes, location_name: "Notes"))
|
559
|
+
InviteAccountToOrganizationRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
|
555
560
|
InviteAccountToOrganizationRequest.struct_class = Types::InviteAccountToOrganizationRequest
|
556
561
|
|
557
562
|
InviteAccountToOrganizationResponse.add_member(:handshake, Shapes::ShapeRef.new(shape: Handshake, location_name: "Handshake"))
|
@@ -1322,6 +1327,7 @@ module Aws::Organizations
|
|
1322
1327
|
o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
|
1323
1328
|
o.errors << Shapes::ShapeRef.new(shape: HandshakeConstraintViolationException)
|
1324
1329
|
o.errors << Shapes::ShapeRef.new(shape: DuplicateHandshakeException)
|
1330
|
+
o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
|
1325
1331
|
o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
|
1326
1332
|
o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
|
1327
1333
|
o.errors << Shapes::ShapeRef.new(shape: ServiceException)
|
@@ -221,7 +221,7 @@ module Aws::Organizations
|
|
221
221
|
end
|
222
222
|
|
223
223
|
# You can't invite an existing account to your organization until you
|
224
|
-
# verify that you own the email address associated with the
|
224
|
+
# verify that you own the email address associated with the management
|
225
225
|
# account. For more information, see [Email Address Verification][1] in
|
226
226
|
# the *AWS Organizations User Guide.*
|
227
227
|
#
|
@@ -358,13 +358,13 @@ module Aws::Organizations
|
|
358
358
|
# The [regex pattern][1] for a child ID string requires one of the
|
359
359
|
# following:
|
360
360
|
#
|
361
|
-
# * Account
|
361
|
+
# * **Account** - A string that consists of exactly 12 digits.
|
362
362
|
#
|
363
|
-
# * Organizational unit (OU)
|
364
|
-
# followed by from 4 to 32
|
363
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
364
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
365
365
|
# the root that contains the OU). This string is followed by a
|
366
|
-
# second "-" dash and from 8 to 32 additional
|
367
|
-
#
|
366
|
+
# second "-" dash and from 8 to 32 additional lowercase letters or
|
367
|
+
# digits.
|
368
368
|
#
|
369
369
|
#
|
370
370
|
#
|
@@ -425,9 +425,9 @@ module Aws::Organizations
|
|
425
425
|
# </note>
|
426
426
|
#
|
427
427
|
# * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
|
428
|
-
#
|
429
|
-
# account. Instead, after you remove all member accounts,
|
430
|
-
# organization itself.
|
428
|
+
# management account from the organization. You can't remove the
|
429
|
+
# management account. Instead, after you remove all member accounts,
|
430
|
+
# delete the organization itself.
|
431
431
|
#
|
432
432
|
# * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_EULA: You attempted to remove an
|
433
433
|
# account from the organization that doesn't yet have enough
|
@@ -466,8 +466,8 @@ module Aws::Organizations
|
|
466
466
|
# Support][2].
|
467
467
|
#
|
468
468
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
469
|
-
# attempted to register the
|
470
|
-
# delegated administrator for an AWS service integrated with
|
469
|
+
# attempted to register the management account of the organization as
|
470
|
+
# a delegated administrator for an AWS service integrated with
|
471
471
|
# Organizations. You can designate only a member account as a
|
472
472
|
# delegated administrator.
|
473
473
|
#
|
@@ -496,11 +496,11 @@ module Aws::Organizations
|
|
496
496
|
#
|
497
497
|
# * MASTER\_ACCOUNT\_ADDRESS\_DOES\_NOT\_MATCH\_MARKETPLACE: To create
|
498
498
|
# an account in this organization, you first must migrate the
|
499
|
-
# organization's
|
500
|
-
# to the
|
501
|
-
# addresses must be associated with the AISPL
|
502
|
-
# accounts in an organization must be associated with
|
503
|
-
# marketplace.
|
499
|
+
# organization's management account to the marketplace that
|
500
|
+
# corresponds to the management account's address. For example,
|
501
|
+
# accounts with India addresses must be associated with the AISPL
|
502
|
+
# marketplace. All accounts in an organization must be associated with
|
503
|
+
# the same marketplace.
|
504
504
|
#
|
505
505
|
# * MASTER\_ACCOUNT\_MISSING\_BUSINESS\_LICENSE: Applies only to the AWS
|
506
506
|
# Regions in China. To create an organization, the master must have an
|
@@ -509,16 +509,16 @@ module Aws::Organizations
|
|
509
509
|
#
|
510
510
|
# * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
|
511
511
|
# you must first provide a valid contact address and phone number for
|
512
|
-
# the
|
512
|
+
# the management account. Then try the operation again.
|
513
513
|
#
|
514
514
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
515
|
-
# the
|
515
|
+
# the management account must have an associated account in the AWS
|
516
516
|
# GovCloud (US-West) Region. For more information, see [AWS
|
517
517
|
# Organizations][3] in the *AWS GovCloud User Guide.*
|
518
518
|
#
|
519
519
|
# * MASTER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To create an
|
520
|
-
# organization with this
|
521
|
-
# valid payment instrument, such as a credit card, with the account.
|
520
|
+
# organization with this management account, you first must associate
|
521
|
+
# a valid payment instrument, such as a credit card, with the account.
|
522
522
|
# Follow the steps at [To leave an organization when all required
|
523
523
|
# account information has not yet been provided][4] in the *AWS
|
524
524
|
# Organizations User Guide.*
|
@@ -597,6 +597,12 @@ module Aws::Organizations
|
|
597
597
|
# account_name: "AccountName", # required
|
598
598
|
# role_name: "RoleName",
|
599
599
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
600
|
+
# tags: [
|
601
|
+
# {
|
602
|
+
# key: "TagKey", # required
|
603
|
+
# value: "TagValue", # required
|
604
|
+
# },
|
605
|
+
# ],
|
600
606
|
# }
|
601
607
|
#
|
602
608
|
# @!attribute [rw] email
|
@@ -615,10 +621,11 @@ module Aws::Organizations
|
|
615
621
|
# (Optional)
|
616
622
|
#
|
617
623
|
# The name of an IAM role that AWS Organizations automatically
|
618
|
-
# preconfigures in the new member account. This role trusts the
|
619
|
-
# account, allowing users in the
|
620
|
-
# permitted by the
|
621
|
-
# administrator permissions in the new
|
624
|
+
# preconfigures in the new member account. This role trusts the
|
625
|
+
# management account, allowing users in the management account to
|
626
|
+
# assume the role, as permitted by the management account
|
627
|
+
# administrator. The role has administrator permissions in the new
|
628
|
+
# member account.
|
622
629
|
#
|
623
630
|
# If you don't specify this parameter, the role name defaults to
|
624
631
|
# `OrganizationAccountAccessRole`.
|
@@ -660,13 +667,32 @@ module Aws::Organizations
|
|
660
667
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
661
668
|
# @return [String]
|
662
669
|
#
|
670
|
+
# @!attribute [rw] tags
|
671
|
+
# A list of tags that you want to attach to the newly created account.
|
672
|
+
# For each tag in the list, you must specify both a tag key and a
|
673
|
+
# value. You can set the value to an empty string, but you can't set
|
674
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
675
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
676
|
+
#
|
677
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
678
|
+
# number of tags for an account, then the entire request fails and the
|
679
|
+
# account is not created.
|
680
|
+
#
|
681
|
+
# </note>
|
682
|
+
#
|
683
|
+
#
|
684
|
+
#
|
685
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
686
|
+
# @return [Array<Types::Tag>]
|
687
|
+
#
|
663
688
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountRequest AWS API Documentation
|
664
689
|
#
|
665
690
|
class CreateAccountRequest < Struct.new(
|
666
691
|
:email,
|
667
692
|
:account_name,
|
668
693
|
:role_name,
|
669
|
-
:iam_user_access_to_billing
|
694
|
+
:iam_user_access_to_billing,
|
695
|
+
:tags)
|
670
696
|
SENSITIVE = [:email, :account_name]
|
671
697
|
include Aws::Structure
|
672
698
|
end
|
@@ -705,7 +731,7 @@ module Aws::Organizations
|
|
705
731
|
# create the account.
|
706
732
|
#
|
707
733
|
# The [regex pattern][1] for a create account request ID string
|
708
|
-
# requires "car-" followed by from 8 to 32
|
734
|
+
# requires "car-" followed by from 8 to 32 lowercase letters or
|
709
735
|
# digits.
|
710
736
|
#
|
711
737
|
#
|
@@ -778,7 +804,7 @@ module Aws::Organizations
|
|
778
804
|
# * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
|
779
805
|
# organization has not received Business Validation.
|
780
806
|
#
|
781
|
-
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the
|
807
|
+
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the management
|
782
808
|
# account with a valid payment method, such as a credit card.
|
783
809
|
# @return [String]
|
784
810
|
#
|
@@ -819,6 +845,12 @@ module Aws::Organizations
|
|
819
845
|
# account_name: "AccountName", # required
|
820
846
|
# role_name: "RoleName",
|
821
847
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
848
|
+
# tags: [
|
849
|
+
# {
|
850
|
+
# key: "TagKey", # required
|
851
|
+
# value: "TagValue", # required
|
852
|
+
# },
|
853
|
+
# ],
|
822
854
|
# }
|
823
855
|
#
|
824
856
|
# @!attribute [rw] email
|
@@ -843,9 +875,10 @@ module Aws::Organizations
|
|
843
875
|
# The name of an IAM role that AWS Organizations automatically
|
844
876
|
# preconfigures in the new member accounts in both the AWS GovCloud
|
845
877
|
# (US) Region and in the commercial Region. This role trusts the
|
846
|
-
#
|
847
|
-
# role, as permitted by the
|
848
|
-
# administrator permissions in the new
|
878
|
+
# management account, allowing users in the management account to
|
879
|
+
# assume the role, as permitted by the management account
|
880
|
+
# administrator. The role has administrator permissions in the new
|
881
|
+
# member account.
|
849
882
|
#
|
850
883
|
# If you don't specify this parameter, the role name defaults to
|
851
884
|
# `OrganizationAccountAccessRole`.
|
@@ -885,13 +918,37 @@ module Aws::Organizations
|
|
885
918
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
886
919
|
# @return [String]
|
887
920
|
#
|
921
|
+
# @!attribute [rw] tags
|
922
|
+
# A list of tags that you want to attach to the newly created account.
|
923
|
+
# These tags are attached to the commercial account associated with
|
924
|
+
# the GovCloud account, and not to the GovCloud account itself. To add
|
925
|
+
# tags to the actual GovCloud account, call the TagResource operation
|
926
|
+
# in the GovCloud region after the new GovCloud account exists.
|
927
|
+
#
|
928
|
+
# For each tag in the list, you must specify both a tag key and a
|
929
|
+
# value. You can set the value to an empty string, but you can't set
|
930
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
931
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
932
|
+
#
|
933
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
934
|
+
# number of tags for an account, then the entire request fails and the
|
935
|
+
# account is not created.
|
936
|
+
#
|
937
|
+
# </note>
|
938
|
+
#
|
939
|
+
#
|
940
|
+
#
|
941
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
942
|
+
# @return [Array<Types::Tag>]
|
943
|
+
#
|
888
944
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountRequest AWS API Documentation
|
889
945
|
#
|
890
946
|
class CreateGovCloudAccountRequest < Struct.new(
|
891
947
|
:email,
|
892
948
|
:account_name,
|
893
949
|
:role_name,
|
894
|
-
:iam_user_access_to_billing
|
950
|
+
:iam_user_access_to_billing,
|
951
|
+
:tags)
|
895
952
|
SENSITIVE = [:email, :account_name]
|
896
953
|
include Aws::Structure
|
897
954
|
end
|
@@ -922,7 +979,7 @@ module Aws::Organizations
|
|
922
979
|
# feature set supports different levels of functionality.
|
923
980
|
#
|
924
981
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
925
|
-
# consolidated to and paid by the
|
982
|
+
# consolidated to and paid by the management account. For more
|
926
983
|
# information, see [Consolidated billing][1] in the *AWS
|
927
984
|
# Organizations User Guide.*
|
928
985
|
#
|
@@ -930,7 +987,7 @@ module Aws::Organizations
|
|
930
987
|
# organizations in the AWS GovCloud (US) Region.
|
931
988
|
#
|
932
989
|
# * `ALL`\: In addition to all the features supported by the
|
933
|
-
# consolidated billing feature set, the
|
990
|
+
# consolidated billing feature set, the management account can also
|
934
991
|
# apply any policy type to any member account in the organization.
|
935
992
|
# For more information, see [All features][2] in the *AWS
|
936
993
|
# Organizations User Guide.*
|
@@ -968,6 +1025,12 @@ module Aws::Organizations
|
|
968
1025
|
# {
|
969
1026
|
# parent_id: "ParentId", # required
|
970
1027
|
# name: "OrganizationalUnitName", # required
|
1028
|
+
# tags: [
|
1029
|
+
# {
|
1030
|
+
# key: "TagKey", # required
|
1031
|
+
# value: "TagValue", # required
|
1032
|
+
# },
|
1033
|
+
# ],
|
971
1034
|
# }
|
972
1035
|
#
|
973
1036
|
# @!attribute [rw] parent_id
|
@@ -995,11 +1058,30 @@ module Aws::Organizations
|
|
995
1058
|
# The friendly name to assign to the new OU.
|
996
1059
|
# @return [String]
|
997
1060
|
#
|
1061
|
+
# @!attribute [rw] tags
|
1062
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1063
|
+
# each tag in the list, you must specify both a tag key and a value.
|
1064
|
+
# You can set the value to an empty string, but you can't set it to
|
1065
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1066
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1067
|
+
#
|
1068
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1069
|
+
# number of tags for an OU, then the entire request fails and the OU
|
1070
|
+
# is not created.
|
1071
|
+
#
|
1072
|
+
# </note>
|
1073
|
+
#
|
1074
|
+
#
|
1075
|
+
#
|
1076
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1077
|
+
# @return [Array<Types::Tag>]
|
1078
|
+
#
|
998
1079
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitRequest AWS API Documentation
|
999
1080
|
#
|
1000
1081
|
class CreateOrganizationalUnitRequest < Struct.new(
|
1001
1082
|
:parent_id,
|
1002
|
-
:name
|
1083
|
+
:name,
|
1084
|
+
:tags)
|
1003
1085
|
SENSITIVE = []
|
1004
1086
|
include Aws::Structure
|
1005
1087
|
end
|
@@ -1024,6 +1106,12 @@ module Aws::Organizations
|
|
1024
1106
|
# description: "PolicyDescription", # required
|
1025
1107
|
# name: "PolicyName", # required
|
1026
1108
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1109
|
+
# tags: [
|
1110
|
+
# {
|
1111
|
+
# key: "TagKey", # required
|
1112
|
+
# value: "TagValue", # required
|
1113
|
+
# },
|
1114
|
+
# ],
|
1027
1115
|
# }
|
1028
1116
|
#
|
1029
1117
|
# @!attribute [rw] content
|
@@ -1061,19 +1149,38 @@ module Aws::Organizations
|
|
1061
1149
|
#
|
1062
1150
|
#
|
1063
1151
|
#
|
1064
|
-
# [1]:
|
1065
|
-
# [2]:
|
1066
|
-
# [3]:
|
1067
|
-
# [4]:
|
1152
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1153
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1154
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1155
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1068
1156
|
# @return [String]
|
1069
1157
|
#
|
1158
|
+
# @!attribute [rw] tags
|
1159
|
+
# A list of tags that you want to attach to the newly created policy.
|
1160
|
+
# For each tag in the list, you must specify both a tag key and a
|
1161
|
+
# value. You can set the value to an empty string, but you can't set
|
1162
|
+
# it to `null`. For more information about tagging, see [Tagging AWS
|
1163
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1164
|
+
#
|
1165
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1166
|
+
# number of tags for a policy, then the entire request fails and the
|
1167
|
+
# policy is not created.
|
1168
|
+
#
|
1169
|
+
# </note>
|
1170
|
+
#
|
1171
|
+
#
|
1172
|
+
#
|
1173
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1174
|
+
# @return [Array<Types::Tag>]
|
1175
|
+
#
|
1070
1176
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
|
1071
1177
|
#
|
1072
1178
|
class CreatePolicyRequest < Struct.new(
|
1073
1179
|
:content,
|
1074
1180
|
:description,
|
1075
1181
|
:name,
|
1076
|
-
:type
|
1182
|
+
:type,
|
1183
|
+
:tags)
|
1077
1184
|
SENSITIVE = []
|
1078
1185
|
include Aws::Structure
|
1079
1186
|
end
|
@@ -1350,8 +1457,9 @@ module Aws::Organizations
|
|
1350
1457
|
# }
|
1351
1458
|
#
|
1352
1459
|
# @!attribute [rw] create_account_request_id
|
1353
|
-
# Specifies the `
|
1354
|
-
# You can get the
|
1460
|
+
# Specifies the `Id` value that uniquely identifies the
|
1461
|
+
# `CreateAccount` request. You can get the value from the
|
1462
|
+
# `CreateAccountStatus.Id` response in an earlier CreateAccount
|
1355
1463
|
# request, or from the ListCreateAccountStatus operation.
|
1356
1464
|
#
|
1357
1465
|
# The [regex pattern][1] for a create account request ID string
|
@@ -1404,15 +1512,15 @@ module Aws::Organizations
|
|
1404
1512
|
#
|
1405
1513
|
#
|
1406
1514
|
#
|
1407
|
-
# [1]:
|
1408
|
-
# [2]:
|
1409
|
-
# [3]:
|
1515
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1516
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1517
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1410
1518
|
# @return [String]
|
1411
1519
|
#
|
1412
1520
|
# @!attribute [rw] target_id
|
1413
|
-
# When you're signed in as the
|
1414
|
-
# account that you want details about. Specifying an organization
|
1415
|
-
# or organizational unit (OU) as the target is not supported.
|
1521
|
+
# When you're signed in as the management account, specify the ID of
|
1522
|
+
# the account that you want details about. Specifying an organization
|
1523
|
+
# root or organizational unit (OU) as the target is not supported.
|
1416
1524
|
# @return [String]
|
1417
1525
|
#
|
1418
1526
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
|
@@ -1703,10 +1811,10 @@ module Aws::Organizations
|
|
1703
1811
|
#
|
1704
1812
|
#
|
1705
1813
|
#
|
1706
|
-
# [1]:
|
1707
|
-
# [2]:
|
1708
|
-
# [3]:
|
1709
|
-
# [4]:
|
1814
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1815
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1816
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1817
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1710
1818
|
# @return [String]
|
1711
1819
|
#
|
1712
1820
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
|
@@ -1832,8 +1940,8 @@ module Aws::Organizations
|
|
1832
1940
|
include Aws::Structure
|
1833
1941
|
end
|
1834
1942
|
|
1835
|
-
# If you ran this action on the
|
1836
|
-
# enabled. If you ran the action on a member account, the account
|
1943
|
+
# If you ran this action on the management account, this policy type is
|
1944
|
+
# not enabled. If you ran the action on a member account, the account
|
1837
1945
|
# doesn't have an effective policy of this type. Contact the
|
1838
1946
|
# administrator of your organization about attaching a policy of this
|
1839
1947
|
# type to the account.
|
@@ -1923,10 +2031,10 @@ module Aws::Organizations
|
|
1923
2031
|
#
|
1924
2032
|
#
|
1925
2033
|
#
|
1926
|
-
# [1]:
|
1927
|
-
# [2]:
|
1928
|
-
# [3]:
|
1929
|
-
# [4]:
|
2034
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2035
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2036
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2037
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1930
2038
|
# @return [String]
|
1931
2039
|
#
|
1932
2040
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
|
@@ -1996,9 +2104,10 @@ module Aws::Organizations
|
|
1996
2104
|
|
1997
2105
|
# Contains information that must be exchanged to securely establish a
|
1998
2106
|
# relationship between two accounts (an *originator* and a *recipient*).
|
1999
|
-
# For example, when a
|
2000
|
-
# account (the recipient) to join its organization, the two
|
2001
|
-
# exchange information as a series of handshake requests and
|
2107
|
+
# For example, when a management account (the originator) invites
|
2108
|
+
# another account (the recipient) to join its organization, the two
|
2109
|
+
# accounts exchange information as a series of handshake requests and
|
2110
|
+
# responses.
|
2002
2111
|
#
|
2003
2112
|
# **Note:** Handshakes that are CANCELED, ACCEPTED, or DECLINED show up
|
2004
2113
|
# in lists for only 30 days after entering that state After that they
|
@@ -2009,7 +2118,7 @@ module Aws::Organizations
|
|
2009
2118
|
# creates the ID when it initiates the handshake.
|
2010
2119
|
#
|
2011
2120
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2012
|
-
# followed by from 8 to 32
|
2121
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2013
2122
|
#
|
2014
2123
|
#
|
2015
2124
|
#
|
@@ -2078,20 +2187,20 @@ module Aws::Organizations
|
|
2078
2187
|
# supported:
|
2079
2188
|
#
|
2080
2189
|
# * **INVITE**\: This type of handshake represents a request to join
|
2081
|
-
# an organization. It is always sent from the
|
2082
|
-
# non-member accounts.
|
2190
|
+
# an organization. It is always sent from the management account to
|
2191
|
+
# only non-member accounts.
|
2083
2192
|
#
|
2084
2193
|
# * **ENABLE\_ALL\_FEATURES**\: This type of handshake represents a
|
2085
2194
|
# request to enable all features in an organization. It is always
|
2086
|
-
# sent from the
|
2087
|
-
# Created accounts do not receive this because those
|
2088
|
-
# created by the organization's
|
2089
|
-
# inferred.
|
2195
|
+
# sent from the management account to only *invited* member
|
2196
|
+
# accounts. Created accounts do not receive this because those
|
2197
|
+
# accounts were created by the organization's management account
|
2198
|
+
# and approval is inferred.
|
2090
2199
|
#
|
2091
2200
|
# * **APPROVE\_ALL\_FEATURES**\: This type of handshake is sent from
|
2092
2201
|
# the Organizations service when all member accounts have approved
|
2093
2202
|
# the `ENABLE_ALL_FEATURES` invitation. It is sent only to the
|
2094
|
-
#
|
2203
|
+
# management account and signals the master that it can finalize the
|
2095
2204
|
# process to enable all features.
|
2096
2205
|
# @return [String]
|
2097
2206
|
#
|
@@ -2217,7 +2326,7 @@ module Aws::Organizations
|
|
2217
2326
|
# `ActionType`.
|
2218
2327
|
#
|
2219
2328
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2220
|
-
# followed by from 8 to 32
|
2329
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2221
2330
|
#
|
2222
2331
|
#
|
2223
2332
|
#
|
@@ -2260,7 +2369,7 @@ module Aws::Organizations
|
|
2260
2369
|
# The unique identifier (ID) for the party.
|
2261
2370
|
#
|
2262
2371
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2263
|
-
# followed by from 8 to 32
|
2372
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2264
2373
|
#
|
2265
2374
|
#
|
2266
2375
|
#
|
@@ -2300,9 +2409,9 @@ module Aws::Organizations
|
|
2300
2409
|
# account that receives the handshake.
|
2301
2410
|
#
|
2302
2411
|
# * `OWNER_EMAIL` - Specifies the email address associated with the
|
2303
|
-
#
|
2412
|
+
# management account. Included as information about an organization.
|
2304
2413
|
#
|
2305
|
-
# * `OWNER_NAME` - Specifies the name associated with the
|
2414
|
+
# * `OWNER_NAME` - Specifies the name associated with the management
|
2306
2415
|
# account. Included as information about an organization.
|
2307
2416
|
#
|
2308
2417
|
# * `NOTES` - Additional text provided by the handshake initiator and
|
@@ -2348,6 +2457,9 @@ module Aws::Organizations
|
|
2348
2457
|
#
|
2349
2458
|
# </note>
|
2350
2459
|
#
|
2460
|
+
# * DUPLICATE\_TAG\_KEY: Tag keys must be unique among the tags attached
|
2461
|
+
# to the same entity.
|
2462
|
+
#
|
2351
2463
|
# * IMMUTABLE\_POLICY: You specified a policy that is managed by AWS and
|
2352
2464
|
# can't be modified.
|
2353
2465
|
#
|
@@ -2356,6 +2468,9 @@ module Aws::Organizations
|
|
2356
2468
|
#
|
2357
2469
|
# * INVALID\_ENUM: You specified an invalid value.
|
2358
2470
|
#
|
2471
|
+
# * INVALID\_ENUM\_POLICY\_TYPE: You specified an invalid policy type
|
2472
|
+
# string.
|
2473
|
+
#
|
2359
2474
|
# * INVALID\_FULL\_NAME\_TARGET: You specified a full name that contains
|
2360
2475
|
# invalid characters.
|
2361
2476
|
#
|
@@ -2405,6 +2520,12 @@ module Aws::Organizations
|
|
2405
2520
|
# * MOVING\_ACCOUNT\_BETWEEN\_DIFFERENT\_ROOTS: You can move an account
|
2406
2521
|
# only between entities in the same root.
|
2407
2522
|
#
|
2523
|
+
# * TARGET\_NOT\_SUPPORTED: You can't perform the specified operation
|
2524
|
+
# on that target entity.
|
2525
|
+
#
|
2526
|
+
# * UNRECOGNIZED\_SERVICE\_PRINCIPAL: You specified a service principal
|
2527
|
+
# that isn't recognized.
|
2528
|
+
#
|
2408
2529
|
# @!attribute [rw] message
|
2409
2530
|
# @return [String]
|
2410
2531
|
#
|
@@ -2429,6 +2550,12 @@ module Aws::Organizations
|
|
2429
2550
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2430
2551
|
# },
|
2431
2552
|
# notes: "HandshakeNotes",
|
2553
|
+
# tags: [
|
2554
|
+
# {
|
2555
|
+
# key: "TagKey", # required
|
2556
|
+
# value: "TagValue", # required
|
2557
|
+
# },
|
2558
|
+
# ],
|
2432
2559
|
# }
|
2433
2560
|
#
|
2434
2561
|
# @!attribute [rw] target
|
@@ -2455,11 +2582,40 @@ module Aws::Organizations
|
|
2455
2582
|
# email to the recipient account owner.
|
2456
2583
|
# @return [String]
|
2457
2584
|
#
|
2585
|
+
# @!attribute [rw] tags
|
2586
|
+
# A list of tags that you want to attach to the account when it
|
2587
|
+
# becomes a member of the organization. For each tag in the list, you
|
2588
|
+
# must specify both a tag key and a value. You can set the value to an
|
2589
|
+
# empty string, but you can't set it to `null`. For more information
|
2590
|
+
# about tagging, see [Tagging AWS Organizations resources][1] in the
|
2591
|
+
# AWS Organizations User Guide.
|
2592
|
+
#
|
2593
|
+
# Any tags in the request are checked for compliance with any
|
2594
|
+
# applicable tag policies when the request is made. The request is
|
2595
|
+
# rejected if the tags in the request don't match the requirements of
|
2596
|
+
# the policy at that time. Tag policy compliance is <i> <b>not</b>
|
2597
|
+
# </i> checked again when the invitation is accepted and the tags are
|
2598
|
+
# actually attached to the account. That means that if the tag policy
|
2599
|
+
# changes between the invitation and the acceptance, then that tags
|
2600
|
+
# could potentially be non-compliant.
|
2601
|
+
#
|
2602
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
2603
|
+
# number of tags for an account, then the entire request fails and
|
2604
|
+
# invitations are not sent.
|
2605
|
+
#
|
2606
|
+
# </note>
|
2607
|
+
#
|
2608
|
+
#
|
2609
|
+
#
|
2610
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2611
|
+
# @return [Array<Types::Tag>]
|
2612
|
+
#
|
2458
2613
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationRequest AWS API Documentation
|
2459
2614
|
#
|
2460
2615
|
class InviteAccountToOrganizationRequest < Struct.new(
|
2461
2616
|
:target,
|
2462
|
-
:notes
|
2617
|
+
:notes,
|
2618
|
+
:tags)
|
2463
2619
|
SENSITIVE = [:notes]
|
2464
2620
|
include Aws::Structure
|
2465
2621
|
end
|
@@ -3318,10 +3474,10 @@ module Aws::Organizations
|
|
3318
3474
|
#
|
3319
3475
|
#
|
3320
3476
|
#
|
3321
|
-
# [1]:
|
3322
|
-
# [2]:
|
3323
|
-
# [3]:
|
3324
|
-
# [4]:
|
3477
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3478
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3479
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3480
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3325
3481
|
# @return [String]
|
3326
3482
|
#
|
3327
3483
|
# @!attribute [rw] next_token
|
@@ -3400,10 +3556,10 @@ module Aws::Organizations
|
|
3400
3556
|
#
|
3401
3557
|
#
|
3402
3558
|
#
|
3403
|
-
# [1]:
|
3404
|
-
# [2]:
|
3405
|
-
# [3]:
|
3406
|
-
# [4]:
|
3559
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3560
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3561
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3562
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3407
3563
|
# @return [String]
|
3408
3564
|
#
|
3409
3565
|
# @!attribute [rw] next_token
|
@@ -3528,7 +3684,20 @@ module Aws::Organizations
|
|
3528
3684
|
# }
|
3529
3685
|
#
|
3530
3686
|
# @!attribute [rw] resource_id
|
3531
|
-
# The ID of the resource
|
3687
|
+
# The ID of the resource with the tags to list.
|
3688
|
+
#
|
3689
|
+
# You can specify any of the following taggable resources.
|
3690
|
+
#
|
3691
|
+
# * AWS account – specify the account ID number.
|
3692
|
+
#
|
3693
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
3694
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
3695
|
+
#
|
3696
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
3697
|
+
# to: `r-1a2b `
|
3698
|
+
#
|
3699
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
3700
|
+
# similar to: `p-12abcdefg3 `
|
3532
3701
|
# @return [String]
|
3533
3702
|
#
|
3534
3703
|
# @!attribute [rw] next_token
|
@@ -3664,9 +3833,10 @@ module Aws::Organizations
|
|
3664
3833
|
include Aws::Structure
|
3665
3834
|
end
|
3666
3835
|
|
3667
|
-
# You can't remove a
|
3668
|
-
# the
|
3669
|
-
# you must first delete the current organization of the
|
3836
|
+
# You can't remove a management account from an organization. If you
|
3837
|
+
# want the management account to become a member account in another
|
3838
|
+
# organization, you must first delete the current organization of the
|
3839
|
+
# management account.
|
3670
3840
|
#
|
3671
3841
|
# @!attribute [rw] message
|
3672
3842
|
# @return [String]
|
@@ -3760,7 +3930,7 @@ module Aws::Organizations
|
|
3760
3930
|
# The unique identifier (ID) of an organization.
|
3761
3931
|
#
|
3762
3932
|
# The [regex pattern][1] for an organization ID string requires "o-"
|
3763
|
-
# followed by from 10 to 32
|
3933
|
+
# followed by from 10 to 32 lowercase letters or digits.
|
3764
3934
|
#
|
3765
3935
|
#
|
3766
3936
|
#
|
@@ -3795,7 +3965,7 @@ module Aws::Organizations
|
|
3795
3965
|
#
|
3796
3966
|
# @!attribute [rw] master_account_arn
|
3797
3967
|
# The Amazon Resource Name (ARN) of the account that is designated as
|
3798
|
-
# the
|
3968
|
+
# the management account for the organization.
|
3799
3969
|
#
|
3800
3970
|
# For more information about ARNs in Organizations, see [ARN Formats
|
3801
3971
|
# Supported by Organizations][1] in the *AWS Organizations User
|
@@ -3807,7 +3977,8 @@ module Aws::Organizations
|
|
3807
3977
|
# @return [String]
|
3808
3978
|
#
|
3809
3979
|
# @!attribute [rw] master_account_id
|
3810
|
-
# The unique identifier (ID) of the
|
3980
|
+
# The unique identifier (ID) of the management account of an
|
3981
|
+
# organization.
|
3811
3982
|
#
|
3812
3983
|
# The [regex pattern][1] for an account ID string requires exactly 12
|
3813
3984
|
# digits.
|
@@ -3819,7 +3990,7 @@ module Aws::Organizations
|
|
3819
3990
|
#
|
3820
3991
|
# @!attribute [rw] master_account_email
|
3821
3992
|
# The email address that is associated with the AWS account that is
|
3822
|
-
# designated as the
|
3993
|
+
# designated as the management account for the organization.
|
3823
3994
|
# @return [String]
|
3824
3995
|
#
|
3825
3996
|
# @!attribute [rw] available_policy_types
|
@@ -3845,8 +4016,8 @@ module Aws::Organizations
|
|
3845
4016
|
end
|
3846
4017
|
|
3847
4018
|
# The organization isn't empty. To delete an organization, you must
|
3848
|
-
# first remove all accounts except the
|
3849
|
-
# and delete all policies.
|
4019
|
+
# first remove all accounts except the management account, delete all
|
4020
|
+
# OUs, and delete all policies.
|
3850
4021
|
#
|
3851
4022
|
# @!attribute [rw] message
|
3852
4023
|
# @return [String]
|
@@ -3868,9 +4039,9 @@ module Aws::Organizations
|
|
3868
4039
|
# The unique identifier (ID) associated with this OU.
|
3869
4040
|
#
|
3870
4041
|
# The [regex pattern][1] for an organizational unit ID string requires
|
3871
|
-
# "ou-" followed by from 4 to 32
|
3872
|
-
#
|
3873
|
-
# second "-" dash and from 8 to 32 additional
|
4042
|
+
# "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
|
4043
|
+
# of the root that contains the OU). This string is followed by a
|
4044
|
+
# second "-" dash and from 8 to 32 additional lowercase letters or
|
3874
4045
|
# digits.
|
3875
4046
|
#
|
3876
4047
|
#
|
@@ -3948,13 +4119,13 @@ module Aws::Organizations
|
|
3948
4119
|
# The [regex pattern][1] for a parent ID string requires one of the
|
3949
4120
|
# following:
|
3950
4121
|
#
|
3951
|
-
# * Root
|
3952
|
-
#
|
4122
|
+
# * **Root** - A string that begins with "r-" followed by from 4 to
|
4123
|
+
# 32 lowercase letters or digits.
|
3953
4124
|
#
|
3954
|
-
# * Organizational unit (OU)
|
3955
|
-
# followed by from 4 to 32
|
4125
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4126
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
3956
4127
|
# the root that the OU is in). This string is followed by a second
|
3957
|
-
# "-" dash and from 8 to 32 additional
|
4128
|
+
# "-" dash and from 8 to 32 additional lowercase letters or
|
3958
4129
|
# digits.
|
3959
4130
|
#
|
3960
4131
|
#
|
@@ -4071,7 +4242,8 @@ module Aws::Organizations
|
|
4071
4242
|
# The unique identifier (ID) of the policy.
|
4072
4243
|
#
|
4073
4244
|
# The [regex pattern][1] for a policy ID string requires "p-"
|
4074
|
-
# followed by from 8 to 128
|
4245
|
+
# followed by from 8 to 128 lowercase or uppercase letters, digits, or
|
4246
|
+
# the underscore character (\_).
|
4075
4247
|
#
|
4076
4248
|
#
|
4077
4249
|
#
|
@@ -4137,15 +4309,15 @@ module Aws::Organizations
|
|
4137
4309
|
# The [regex pattern][1] for a target ID string requires one of the
|
4138
4310
|
# following:
|
4139
4311
|
#
|
4140
|
-
# * Root
|
4141
|
-
#
|
4312
|
+
# * **Root** - A string that begins with "r-" followed by from 4 to
|
4313
|
+
# 32 lowercase letters or digits.
|
4142
4314
|
#
|
4143
|
-
# * Account
|
4315
|
+
# * **Account** - A string that consists of exactly 12 digits.
|
4144
4316
|
#
|
4145
|
-
# * Organizational unit (OU)
|
4146
|
-
# followed by from 4 to 32
|
4317
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4318
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
4147
4319
|
# the root that the OU is in). This string is followed by a second
|
4148
|
-
# "-" dash and from 8 to 32 additional
|
4320
|
+
# "-" dash and from 8 to 32 additional lowercase letters or
|
4149
4321
|
# digits.
|
4150
4322
|
#
|
4151
4323
|
#
|
@@ -4325,16 +4497,14 @@ module Aws::Organizations
|
|
4325
4497
|
|
4326
4498
|
# Contains details about a root. A root is a top-level parent node in
|
4327
4499
|
# the hierarchy of an organization that can contain organizational units
|
4328
|
-
# (OUs) and accounts.
|
4329
|
-
# organization.
|
4330
|
-
# different way and to have different policy types enabled for use in
|
4331
|
-
# that root.
|
4500
|
+
# (OUs) and accounts. The root contains every AWS account in the
|
4501
|
+
# organization.
|
4332
4502
|
#
|
4333
4503
|
# @!attribute [rw] id
|
4334
4504
|
# The unique identifier (ID) for the root.
|
4335
4505
|
#
|
4336
4506
|
# The [regex pattern][1] for a root ID string requires "r-" followed
|
4337
|
-
# by from 4 to 32
|
4507
|
+
# by from 4 to 32 lowercase letters or digits.
|
4338
4508
|
#
|
4339
4509
|
#
|
4340
4510
|
#
|
@@ -4428,8 +4598,18 @@ module Aws::Organizations
|
|
4428
4598
|
include Aws::Structure
|
4429
4599
|
end
|
4430
4600
|
|
4431
|
-
# A custom key-value pair associated with a resource
|
4432
|
-
#
|
4601
|
+
# A custom key-value pair associated with a resource within your
|
4602
|
+
# organization.
|
4603
|
+
#
|
4604
|
+
# You can attach tags to any of the following organization resources.
|
4605
|
+
#
|
4606
|
+
# * AWS account
|
4607
|
+
#
|
4608
|
+
# * Organizational unit (OU)
|
4609
|
+
#
|
4610
|
+
# * Organization root
|
4611
|
+
#
|
4612
|
+
# * Policy
|
4433
4613
|
#
|
4434
4614
|
# @note When making an API call, you may pass Tag
|
4435
4615
|
# data as a hash:
|
@@ -4476,9 +4656,30 @@ module Aws::Organizations
|
|
4476
4656
|
# @return [String]
|
4477
4657
|
#
|
4478
4658
|
# @!attribute [rw] tags
|
4479
|
-
#
|
4480
|
-
#
|
4481
|
-
#
|
4659
|
+
# A list of tags to add to the specified resource.
|
4660
|
+
#
|
4661
|
+
# You can specify any of the following taggable resources.
|
4662
|
+
#
|
4663
|
+
# * AWS account – specify the account ID number.
|
4664
|
+
#
|
4665
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4666
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4667
|
+
#
|
4668
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4669
|
+
# to: `r-1a2b `
|
4670
|
+
#
|
4671
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4672
|
+
# similar to: `p-12abcdefg3 `
|
4673
|
+
#
|
4674
|
+
# For each tag in the list, you must specify both a tag key and a
|
4675
|
+
# value. You can set the value to an empty string, but you can't set
|
4676
|
+
# it to `null`.
|
4677
|
+
#
|
4678
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
4679
|
+
# number of tags for an account user, then the entire request fails
|
4680
|
+
# and the account is not created.
|
4681
|
+
#
|
4682
|
+
# </note>
|
4482
4683
|
# @return [Array<Types::Tag>]
|
4483
4684
|
#
|
4484
4685
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
|
@@ -4490,8 +4691,8 @@ module Aws::Organizations
|
|
4490
4691
|
include Aws::Structure
|
4491
4692
|
end
|
4492
4693
|
|
4493
|
-
# We can't find a root, OU, or
|
4494
|
-
# specified.
|
4694
|
+
# We can't find a root, OU, account, or policy with the `TargetId` that
|
4695
|
+
# you specified.
|
4495
4696
|
#
|
4496
4697
|
# @!attribute [rw] message
|
4497
4698
|
# @return [String]
|
@@ -4553,11 +4754,24 @@ module Aws::Organizations
|
|
4553
4754
|
# }
|
4554
4755
|
#
|
4555
4756
|
# @!attribute [rw] resource_id
|
4556
|
-
# The ID of the resource to remove
|
4757
|
+
# The ID of the resource to remove a tag from.
|
4758
|
+
#
|
4759
|
+
# You can specify any of the following taggable resources.
|
4760
|
+
#
|
4761
|
+
# * AWS account – specify the account ID number.
|
4762
|
+
#
|
4763
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4764
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4765
|
+
#
|
4766
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4767
|
+
# to: `r-1a2b `
|
4768
|
+
#
|
4769
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4770
|
+
# similar to: `p-12abcdefg3 `
|
4557
4771
|
# @return [String]
|
4558
4772
|
#
|
4559
4773
|
# @!attribute [rw] tag_keys
|
4560
|
-
# The
|
4774
|
+
# The list of keys for tags to remove from the specified resource.
|
4561
4775
|
# @return [Array<String>]
|
4562
4776
|
#
|
4563
4777
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResourceRequest AWS API Documentation
|