aws-sdk-organizations 1.50.0 → 1.55.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +2 -1
- data/lib/aws-sdk-organizations/client.rb +393 -161
- data/lib/aws-sdk-organizations/client_api.rb +6 -0
- data/lib/aws-sdk-organizations/types.rb +334 -120
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 78724d85186dccac0b2496828db237e0b610b857aea289ab281ce7677e19408e
|
4
|
+
data.tar.gz: c5c16b2ee0c89775ea3f7ea2a07e7a7aea737667232de0038013047fcd5c33ec
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06ab60ff1ee0ffe6fe4611de1e6848e7aadf4f47ff579a93eb1bc67fe9667072f14e1706bab64841f15d00e2381bf16e05d3a414445e92fb195c28526371e345
|
7
|
+
data.tar.gz: 05de1c564e725fad7202ca270285023448fff8f59e06841c88e5abfc8e45718757a1146ad076356d28affd7de7ebd035d04d316bf11c509785f4d2cb8aef9312
|
@@ -7,6 +7,7 @@
|
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
10
|
+
|
10
11
|
require 'aws-sdk-core'
|
11
12
|
require 'aws-sigv4'
|
12
13
|
|
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-organizations/customizations'
|
|
47
48
|
# @!group service
|
48
49
|
module Aws::Organizations
|
49
50
|
|
50
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.55.0'
|
51
52
|
|
52
53
|
end
|
@@ -356,7 +356,7 @@ module Aws::Organizations
|
|
356
356
|
# User Guide*.
|
357
357
|
#
|
358
358
|
# * **Enable all features final confirmation** handshake: only a
|
359
|
-
# principal from the
|
359
|
+
# principal from the management account.
|
360
360
|
#
|
361
361
|
# For more information about invitations, see [Inviting an AWS Account
|
362
362
|
# to Join Your Organization][2] in the *AWS Organizations User Guide.*
|
@@ -487,15 +487,15 @@ module Aws::Organizations
|
|
487
487
|
#
|
488
488
|
# * [TAG\_POLICY][4]
|
489
489
|
#
|
490
|
-
# This operation can be called only from the organization's
|
490
|
+
# This operation can be called only from the organization's management
|
491
491
|
# account.
|
492
492
|
#
|
493
493
|
#
|
494
494
|
#
|
495
|
-
# [1]:
|
496
|
-
# [2]:
|
497
|
-
# [3]:
|
498
|
-
# [4]:
|
495
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
496
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
497
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
498
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
499
499
|
#
|
500
500
|
# @option params [required, String] :policy_id
|
501
501
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -695,16 +695,15 @@ module Aws::Organizations
|
|
695
695
|
# successfully access the account. To check the status of the request,
|
696
696
|
# do one of the following:
|
697
697
|
#
|
698
|
-
# * Use the `
|
699
|
-
# provide as a parameter to the
|
698
|
+
# * Use the `Id` member of the `CreateAccountStatus` response element
|
699
|
+
# from this operation to provide as a parameter to the
|
700
|
+
# DescribeCreateAccountStatus operation.
|
700
701
|
#
|
701
702
|
# * Check the AWS CloudTrail log for the `CreateAccountResult` event.
|
702
703
|
# For information on using AWS CloudTrail with AWS Organizations, see
|
703
704
|
# [Monitoring the Activity in Your Organization][1] in the *AWS
|
704
705
|
# Organizations User Guide.*
|
705
706
|
#
|
706
|
-
#
|
707
|
-
#
|
708
707
|
# The user who calls the API to create an account must have the
|
709
708
|
# `organizations:CreateAccount` permission. If you enabled all features
|
710
709
|
# in the organization, AWS Organizations creates the required
|
@@ -712,14 +711,17 @@ module Aws::Organizations
|
|
712
711
|
# information, see [AWS Organizations and Service-Linked Roles][2] in
|
713
712
|
# the *AWS Organizations User Guide*.
|
714
713
|
#
|
714
|
+
# If the request includes tags, then the requester must have the
|
715
|
+
# `organizations:TagResource` permission.
|
716
|
+
#
|
715
717
|
# AWS Organizations preconfigures the new member account with a role
|
716
718
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
717
|
-
# in the
|
718
|
-
# account. Principals in the
|
719
|
+
# in the management account administrator permissions in the new member
|
720
|
+
# account. Principals in the management account can assume the role. AWS
|
719
721
|
# Organizations clones the company name and address information for the
|
720
|
-
# new account from the organization's
|
722
|
+
# new account from the organization's management account.
|
721
723
|
#
|
722
|
-
# This operation can be called only from the organization's
|
724
|
+
# This operation can be called only from the organization's management
|
723
725
|
# account.
|
724
726
|
#
|
725
727
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -784,10 +786,10 @@ module Aws::Organizations
|
|
784
786
|
# (Optional)
|
785
787
|
#
|
786
788
|
# The name of an IAM role that AWS Organizations automatically
|
787
|
-
# preconfigures in the new member account. This role trusts the
|
788
|
-
# account, allowing users in the
|
789
|
-
# permitted by the
|
790
|
-
# administrator permissions in the new member account.
|
789
|
+
# preconfigures in the new member account. This role trusts the
|
790
|
+
# management account, allowing users in the management account to assume
|
791
|
+
# the role, as permitted by the management account administrator. The
|
792
|
+
# role has administrator permissions in the new member account.
|
791
793
|
#
|
792
794
|
# If you don't specify this parameter, the role name defaults to
|
793
795
|
# `OrganizationAccountAccessRole`.
|
@@ -827,6 +829,23 @@ module Aws::Organizations
|
|
827
829
|
#
|
828
830
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
829
831
|
#
|
832
|
+
# @option params [Array<Types::Tag>] :tags
|
833
|
+
# A list of tags that you want to attach to the newly created account.
|
834
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
835
|
+
# You can set the value to an empty string, but you can't set it to
|
836
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
837
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
838
|
+
#
|
839
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
840
|
+
# of tags for an account, then the entire request fails and the account
|
841
|
+
# is not created.
|
842
|
+
#
|
843
|
+
# </note>
|
844
|
+
#
|
845
|
+
#
|
846
|
+
#
|
847
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
848
|
+
#
|
830
849
|
# @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
831
850
|
#
|
832
851
|
# * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -859,6 +878,12 @@ module Aws::Organizations
|
|
859
878
|
# account_name: "AccountName", # required
|
860
879
|
# role_name: "RoleName",
|
861
880
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
881
|
+
# tags: [
|
882
|
+
# {
|
883
|
+
# key: "TagKey", # required
|
884
|
+
# value: "TagValue", # required
|
885
|
+
# },
|
886
|
+
# ],
|
862
887
|
# })
|
863
888
|
#
|
864
889
|
# @example Response structure
|
@@ -888,16 +913,18 @@ module Aws::Organizations
|
|
888
913
|
# the [ *AWS GovCloud User Guide*.][1]
|
889
914
|
#
|
890
915
|
# * You already have an account in the AWS GovCloud (US) Region that is
|
891
|
-
#
|
916
|
+
# paired with a management account of an organization in the
|
917
|
+
# commercial Region.
|
892
918
|
#
|
893
|
-
# * You call this action from the
|
894
|
-
# the commercial Region.
|
919
|
+
# * You call this action from the management account of your
|
920
|
+
# organization in the commercial Region.
|
895
921
|
#
|
896
|
-
# * You have the `organizations:CreateGovCloudAccount` permission.
|
897
|
-
#
|
898
|
-
#
|
899
|
-
#
|
900
|
-
#
|
922
|
+
# * You have the `organizations:CreateGovCloudAccount` permission.
|
923
|
+
#
|
924
|
+
# AWS Organizations automatically creates the required service-linked
|
925
|
+
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
926
|
+
# [AWS Organizations and Service-Linked Roles][2] in the *AWS
|
927
|
+
# Organizations User Guide.*
|
901
928
|
#
|
902
929
|
# AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
|
903
930
|
# accounts, but you should also do the following:
|
@@ -909,11 +936,18 @@ module Aws::Organizations
|
|
909
936
|
# For more information, see [Verifying AWS CloudTrail Is Enabled][3]
|
910
937
|
# in the *AWS GovCloud User Guide*.
|
911
938
|
#
|
912
|
-
#
|
913
|
-
#
|
914
|
-
#
|
915
|
-
#
|
916
|
-
#
|
939
|
+
# If the request includes tags, then the requester must have the
|
940
|
+
# `organizations:TagResource` permission. The tags are attached to the
|
941
|
+
# commercial account associated with the GovCloud account, rather than
|
942
|
+
# the GovCloud account itself. To add tags to the GovCloud account, call
|
943
|
+
# the TagResource operation in the GovCloud Region after the new
|
944
|
+
# GovCloud account exists.
|
945
|
+
#
|
946
|
+
# You call this action from the management account of your organization
|
947
|
+
# in the commercial Region to create a standalone AWS account in the AWS
|
948
|
+
# GovCloud (US) Region. After the account is created, the management
|
949
|
+
# account of an organization in the AWS GovCloud (US) Region can invite
|
950
|
+
# it to that organization. For more information on inviting standalone
|
917
951
|
# accounts in the AWS GovCloud (US) to join an organization, see [AWS
|
918
952
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
919
953
|
#
|
@@ -942,14 +976,14 @@ module Aws::Organizations
|
|
942
976
|
# accounts are associated with the same email address.
|
943
977
|
#
|
944
978
|
# A role is created in the new account in the commercial Region that
|
945
|
-
# allows the
|
946
|
-
# to assume it. An AWS GovCloud (US) account is then created and
|
979
|
+
# allows the management account in the organization in the commercial
|
980
|
+
# Region to assume it. An AWS GovCloud (US) account is then created and
|
947
981
|
# associated with the commercial account that you just created. A role
|
948
|
-
# is created in the new AWS GovCloud (US) account that can be
|
949
|
-
# the AWS GovCloud (US) account that is associated with the
|
950
|
-
# account of the commercial organization. For more
|
951
|
-
# view a diagram that explains how account access
|
952
|
-
# Organizations][4] in the *AWS GovCloud User Guide.*
|
982
|
+
# is also created in the new AWS GovCloud (US) account that can be
|
983
|
+
# assumed by the AWS GovCloud (US) account that is associated with the
|
984
|
+
# management account of the commercial organization. For more
|
985
|
+
# information and to view a diagram that explains how account access
|
986
|
+
# works, see [AWS Organizations][4] in the *AWS GovCloud User Guide.*
|
953
987
|
#
|
954
988
|
# For more information about creating accounts, see [Creating an AWS
|
955
989
|
# Account in Your Organization][6] in the *AWS Organizations User
|
@@ -1022,9 +1056,9 @@ module Aws::Organizations
|
|
1022
1056
|
#
|
1023
1057
|
# The name of an IAM role that AWS Organizations automatically
|
1024
1058
|
# preconfigures in the new member accounts in both the AWS GovCloud (US)
|
1025
|
-
# Region and in the commercial Region. This role trusts the
|
1026
|
-
# account, allowing users in the
|
1027
|
-
# permitted by the
|
1059
|
+
# Region and in the commercial Region. This role trusts the management
|
1060
|
+
# account, allowing users in the management account to assume the role,
|
1061
|
+
# as permitted by the management account administrator. The role has
|
1028
1062
|
# administrator permissions in the new member account.
|
1029
1063
|
#
|
1030
1064
|
# If you don't specify this parameter, the role name defaults to
|
@@ -1062,6 +1096,28 @@ module Aws::Organizations
|
|
1062
1096
|
#
|
1063
1097
|
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
1064
1098
|
#
|
1099
|
+
# @option params [Array<Types::Tag>] :tags
|
1100
|
+
# A list of tags that you want to attach to the newly created account.
|
1101
|
+
# These tags are attached to the commercial account associated with the
|
1102
|
+
# GovCloud account, and not to the GovCloud account itself. To add tags
|
1103
|
+
# to the actual GovCloud account, call the TagResource operation in the
|
1104
|
+
# GovCloud region after the new GovCloud account exists.
|
1105
|
+
#
|
1106
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1107
|
+
# You can set the value to an empty string, but you can't set it to
|
1108
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1109
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1110
|
+
#
|
1111
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1112
|
+
# of tags for an account, then the entire request fails and the account
|
1113
|
+
# is not created.
|
1114
|
+
#
|
1115
|
+
# </note>
|
1116
|
+
#
|
1117
|
+
#
|
1118
|
+
#
|
1119
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1120
|
+
#
|
1065
1121
|
# @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1066
1122
|
#
|
1067
1123
|
# * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
|
@@ -1073,6 +1129,12 @@ module Aws::Organizations
|
|
1073
1129
|
# account_name: "AccountName", # required
|
1074
1130
|
# role_name: "RoleName",
|
1075
1131
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
1132
|
+
# tags: [
|
1133
|
+
# {
|
1134
|
+
# key: "TagKey", # required
|
1135
|
+
# value: "TagValue", # required
|
1136
|
+
# },
|
1137
|
+
# ],
|
1076
1138
|
# })
|
1077
1139
|
#
|
1078
1140
|
# @example Response structure
|
@@ -1096,11 +1158,11 @@ module Aws::Organizations
|
|
1096
1158
|
end
|
1097
1159
|
|
1098
1160
|
# Creates an AWS organization. The account whose user is calling the
|
1099
|
-
# `CreateOrganization` operation automatically becomes the [
|
1161
|
+
# `CreateOrganization` operation automatically becomes the [management
|
1100
1162
|
# account][1] of the new organization.
|
1101
1163
|
#
|
1102
1164
|
# This operation must be called using credentials from the account that
|
1103
|
-
# is to become the new organization's
|
1165
|
+
# is to become the new organization's management account. The principal
|
1104
1166
|
# must also have the relevant IAM permissions.
|
1105
1167
|
#
|
1106
1168
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
@@ -1113,14 +1175,14 @@ module Aws::Organizations
|
|
1113
1175
|
#
|
1114
1176
|
#
|
1115
1177
|
#
|
1116
|
-
# [1]: https://docs.aws.amazon.com/
|
1178
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
|
1117
1179
|
#
|
1118
1180
|
# @option params [String] :feature_set
|
1119
1181
|
# Specifies the feature set supported by the new organization. Each
|
1120
1182
|
# feature set supports different levels of functionality.
|
1121
1183
|
#
|
1122
1184
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
1123
|
-
# consolidated to and paid by the
|
1185
|
+
# consolidated to and paid by the management account. For more
|
1124
1186
|
# information, see [Consolidated billing][1] in the *AWS Organizations
|
1125
1187
|
# User Guide.*
|
1126
1188
|
#
|
@@ -1128,10 +1190,10 @@ module Aws::Organizations
|
|
1128
1190
|
# organizations in the AWS GovCloud (US) Region.
|
1129
1191
|
#
|
1130
1192
|
# * `ALL`\: In addition to all the features supported by the
|
1131
|
-
# consolidated billing feature set, the
|
1132
|
-
# any policy type to any member account in the organization. For
|
1133
|
-
# information, see [All features][2] in the *AWS Organizations
|
1134
|
-
# Guide.*
|
1193
|
+
# consolidated billing feature set, the management account can also
|
1194
|
+
# apply any policy type to any member account in the organization. For
|
1195
|
+
# more information, see [All features][2] in the *AWS Organizations
|
1196
|
+
# User Guide.*
|
1135
1197
|
#
|
1136
1198
|
#
|
1137
1199
|
#
|
@@ -1230,7 +1292,10 @@ module Aws::Organizations
|
|
1230
1292
|
# For more information about OUs, see [Managing Organizational Units][1]
|
1231
1293
|
# in the *AWS Organizations User Guide.*
|
1232
1294
|
#
|
1233
|
-
#
|
1295
|
+
# If the request includes tags, then the requester must have the
|
1296
|
+
# `organizations:TagResource` permission.
|
1297
|
+
#
|
1298
|
+
# This operation can be called only from the organization's management
|
1234
1299
|
# account.
|
1235
1300
|
#
|
1236
1301
|
#
|
@@ -1259,6 +1324,23 @@ module Aws::Organizations
|
|
1259
1324
|
# @option params [required, String] :name
|
1260
1325
|
# The friendly name to assign to the new OU.
|
1261
1326
|
#
|
1327
|
+
# @option params [Array<Types::Tag>] :tags
|
1328
|
+
# A list of tags that you want to attach to the newly created OU. For
|
1329
|
+
# each tag in the list, you must specify both a tag key and a value. You
|
1330
|
+
# can set the value to an empty string, but you can't set it to `null`.
|
1331
|
+
# For more information about tagging, see [Tagging AWS Organizations
|
1332
|
+
# resources][1] in the AWS Organizations User Guide.
|
1333
|
+
#
|
1334
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1335
|
+
# of tags for an OU, then the entire request fails and the OU is not
|
1336
|
+
# created.
|
1337
|
+
#
|
1338
|
+
# </note>
|
1339
|
+
#
|
1340
|
+
#
|
1341
|
+
#
|
1342
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1343
|
+
#
|
1262
1344
|
# @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1263
1345
|
#
|
1264
1346
|
# * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
|
@@ -1287,6 +1369,12 @@ module Aws::Organizations
|
|
1287
1369
|
# resp = client.create_organizational_unit({
|
1288
1370
|
# parent_id: "ParentId", # required
|
1289
1371
|
# name: "OrganizationalUnitName", # required
|
1372
|
+
# tags: [
|
1373
|
+
# {
|
1374
|
+
# key: "TagKey", # required
|
1375
|
+
# value: "TagValue", # required
|
1376
|
+
# },
|
1377
|
+
# ],
|
1290
1378
|
# })
|
1291
1379
|
#
|
1292
1380
|
# @example Response structure
|
@@ -1310,7 +1398,10 @@ module Aws::Organizations
|
|
1310
1398
|
# For more information about policies and their use, see [Managing
|
1311
1399
|
# Organization Policies][1].
|
1312
1400
|
#
|
1313
|
-
#
|
1401
|
+
# If the request includes tags, then the requester must have the
|
1402
|
+
# `organizations:TagResource` permission.
|
1403
|
+
#
|
1404
|
+
# This operation can be called only from the organization's management
|
1314
1405
|
# account.
|
1315
1406
|
#
|
1316
1407
|
#
|
@@ -1349,10 +1440,27 @@ module Aws::Organizations
|
|
1349
1440
|
#
|
1350
1441
|
#
|
1351
1442
|
#
|
1352
|
-
# [1]:
|
1353
|
-
# [2]:
|
1354
|
-
# [3]:
|
1355
|
-
# [4]:
|
1443
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1444
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1445
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1446
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1447
|
+
#
|
1448
|
+
# @option params [Array<Types::Tag>] :tags
|
1449
|
+
# A list of tags that you want to attach to the newly created policy.
|
1450
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
1451
|
+
# You can set the value to an empty string, but you can't set it to
|
1452
|
+
# `null`. For more information about tagging, see [Tagging AWS
|
1453
|
+
# Organizations resources][1] in the AWS Organizations User Guide.
|
1454
|
+
#
|
1455
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1456
|
+
# of tags for a policy, then the entire request fails and the policy is
|
1457
|
+
# not created.
|
1458
|
+
#
|
1459
|
+
# </note>
|
1460
|
+
#
|
1461
|
+
#
|
1462
|
+
#
|
1463
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
1356
1464
|
#
|
1357
1465
|
# @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1358
1466
|
#
|
@@ -1393,6 +1501,12 @@ module Aws::Organizations
|
|
1393
1501
|
# description: "PolicyDescription", # required
|
1394
1502
|
# name: "PolicyName", # required
|
1395
1503
|
# type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
|
1504
|
+
# tags: [
|
1505
|
+
# {
|
1506
|
+
# key: "TagKey", # required
|
1507
|
+
# value: "TagValue", # required
|
1508
|
+
# },
|
1509
|
+
# ],
|
1396
1510
|
# })
|
1397
1511
|
#
|
1398
1512
|
# @example Response structure
|
@@ -1528,8 +1642,8 @@ module Aws::Organizations
|
|
1528
1642
|
end
|
1529
1643
|
|
1530
1644
|
# Deletes the organization. You can delete an organization only by using
|
1531
|
-
# credentials from the
|
1532
|
-
# member accounts.
|
1645
|
+
# credentials from the management account. The organization must be
|
1646
|
+
# empty of member accounts.
|
1533
1647
|
#
|
1534
1648
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1535
1649
|
#
|
@@ -1546,7 +1660,7 @@ module Aws::Organizations
|
|
1546
1660
|
# must first remove all accounts and child OUs from the OU that you want
|
1547
1661
|
# to delete.
|
1548
1662
|
#
|
1549
|
-
# This operation can be called only from the organization's
|
1663
|
+
# This operation can be called only from the organization's management
|
1550
1664
|
# account.
|
1551
1665
|
#
|
1552
1666
|
# @option params [required, String] :organizational_unit_id
|
@@ -1594,7 +1708,7 @@ module Aws::Organizations
|
|
1594
1708
|
# perform this operation, you must first detach the policy from all
|
1595
1709
|
# organizational units (OUs), roots, and accounts.
|
1596
1710
|
#
|
1597
|
-
# This operation can be called only from the organization's
|
1711
|
+
# This operation can be called only from the organization's management
|
1598
1712
|
# account.
|
1599
1713
|
#
|
1600
1714
|
# @option params [required, String] :policy_id
|
@@ -1651,7 +1765,7 @@ module Aws::Organizations
|
|
1651
1765
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
1652
1766
|
# Organizations User Guide.*
|
1653
1767
|
#
|
1654
|
-
# This operation can be called only from the organization's
|
1768
|
+
# This operation can be called only from the organization's management
|
1655
1769
|
# account.
|
1656
1770
|
#
|
1657
1771
|
#
|
@@ -1693,7 +1807,7 @@ module Aws::Organizations
|
|
1693
1807
|
# Retrieves AWS Organizations-related information about the specified
|
1694
1808
|
# account.
|
1695
1809
|
#
|
1696
|
-
# This operation can be called only from the organization's
|
1810
|
+
# This operation can be called only from the organization's management
|
1697
1811
|
# account or by a member account that is a delegated administrator for
|
1698
1812
|
# an AWS service.
|
1699
1813
|
#
|
@@ -1760,14 +1874,15 @@ module Aws::Organizations
|
|
1760
1874
|
# Retrieves the current status of an asynchronous request to create an
|
1761
1875
|
# account.
|
1762
1876
|
#
|
1763
|
-
# This operation can be called only from the organization's
|
1877
|
+
# This operation can be called only from the organization's management
|
1764
1878
|
# account or by a member account that is a delegated administrator for
|
1765
1879
|
# an AWS service.
|
1766
1880
|
#
|
1767
1881
|
# @option params [required, String] :create_account_request_id
|
1768
|
-
# Specifies the `
|
1769
|
-
# can get the
|
1770
|
-
# or from the
|
1882
|
+
# Specifies the `Id` value that uniquely identifies the `CreateAccount`
|
1883
|
+
# request. You can get the value from the `CreateAccountStatus.Id`
|
1884
|
+
# response in an earlier CreateAccount request, or from the
|
1885
|
+
# ListCreateAccountStatus operation.
|
1771
1886
|
#
|
1772
1887
|
# The [regex pattern][1] for a create account request ID string requires
|
1773
1888
|
# "car-" followed by from 8 to 32 lowercase letters or digits.
|
@@ -1837,7 +1952,7 @@ module Aws::Organizations
|
|
1837
1952
|
# For more information about policy inheritance, see [How Policy
|
1838
1953
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1839
1954
|
#
|
1840
|
-
# This operation can be called only from the organization's
|
1955
|
+
# This operation can be called only from the organization's management
|
1841
1956
|
# account or by a member account that is a delegated administrator for
|
1842
1957
|
# an AWS service.
|
1843
1958
|
#
|
@@ -1857,14 +1972,14 @@ module Aws::Organizations
|
|
1857
1972
|
#
|
1858
1973
|
#
|
1859
1974
|
#
|
1860
|
-
# [1]:
|
1861
|
-
# [2]:
|
1862
|
-
# [3]:
|
1975
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1976
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1977
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1863
1978
|
#
|
1864
1979
|
# @option params [String] :target_id
|
1865
|
-
# When you're signed in as the
|
1866
|
-
# account that you want details about. Specifying an organization
|
1867
|
-
# or organizational unit (OU) as the target is not supported.
|
1980
|
+
# When you're signed in as the management account, specify the ID of
|
1981
|
+
# the account that you want details about. Specifying an organization
|
1982
|
+
# root or organizational unit (OU) as the target is not supported.
|
1868
1983
|
#
|
1869
1984
|
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1870
1985
|
#
|
@@ -2067,7 +2182,7 @@ module Aws::Organizations
|
|
2067
2182
|
|
2068
2183
|
# Retrieves information about an organizational unit (OU).
|
2069
2184
|
#
|
2070
|
-
# This operation can be called only from the organization's
|
2185
|
+
# This operation can be called only from the organization's management
|
2071
2186
|
# account or by a member account that is a delegated administrator for
|
2072
2187
|
# an AWS service.
|
2073
2188
|
#
|
@@ -2130,7 +2245,7 @@ module Aws::Organizations
|
|
2130
2245
|
|
2131
2246
|
# Retrieves information about a policy.
|
2132
2247
|
#
|
2133
|
-
# This operation can be called only from the organization's
|
2248
|
+
# This operation can be called only from the organization's management
|
2134
2249
|
# account or by a member account that is a delegated administrator for
|
2135
2250
|
# an AWS service.
|
2136
2251
|
#
|
@@ -2218,7 +2333,7 @@ module Aws::Organizations
|
|
2218
2333
|
# attached SCP), you're using the authorization strategy of a "[deny
|
2219
2334
|
# list][2]".
|
2220
2335
|
#
|
2221
|
-
# This operation can be called only from the organization's
|
2336
|
+
# This operation can be called only from the organization's management
|
2222
2337
|
# account.
|
2223
2338
|
#
|
2224
2339
|
#
|
@@ -2317,7 +2432,7 @@ module Aws::Organizations
|
|
2317
2432
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2318
2433
|
# Services][2] in the *AWS Organizations User Guide.*
|
2319
2434
|
#
|
2320
|
-
# This operation can be called only from the organization's
|
2435
|
+
# This operation can be called only from the organization's management
|
2321
2436
|
# account.
|
2322
2437
|
#
|
2323
2438
|
#
|
@@ -2361,7 +2476,7 @@ module Aws::Organizations
|
|
2361
2476
|
# status of policy types for a specified root, and then use this
|
2362
2477
|
# operation.
|
2363
2478
|
#
|
2364
|
-
# This operation can be called only from the organization's
|
2479
|
+
# This operation can be called only from the organization's management
|
2365
2480
|
# account.
|
2366
2481
|
#
|
2367
2482
|
# To view the status of available policy types in the organization, use
|
@@ -2396,10 +2511,10 @@ module Aws::Organizations
|
|
2396
2511
|
#
|
2397
2512
|
#
|
2398
2513
|
#
|
2399
|
-
# [1]:
|
2400
|
-
# [2]:
|
2401
|
-
# [3]:
|
2402
|
-
# [4]:
|
2514
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2515
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2516
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2517
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2403
2518
|
#
|
2404
2519
|
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2405
2520
|
#
|
@@ -2471,7 +2586,7 @@ module Aws::Organizations
|
|
2471
2586
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2472
2587
|
# Services][2] in the *AWS Organizations User Guide.*
|
2473
2588
|
#
|
2474
|
-
# This operation can be called only from the organization's
|
2589
|
+
# This operation can be called only from the organization's management
|
2475
2590
|
# account and only if the organization has [enabled all features][3].
|
2476
2591
|
#
|
2477
2592
|
#
|
@@ -2526,14 +2641,14 @@ module Aws::Organizations
|
|
2526
2641
|
# the feature set change by accepting the handshake that contains
|
2527
2642
|
# `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
|
2528
2643
|
#
|
2529
|
-
# After you enable all features in your organization, the
|
2530
|
-
# in the organization can apply policies on all member accounts.
|
2531
|
-
# policies can restrict what users and even administrators in
|
2532
|
-
# accounts can do. The
|
2533
|
-
# accounts from leaving the organization. Ensure that your
|
2534
|
-
# administrators are aware of this.
|
2644
|
+
# After you enable all features in your organization, the management
|
2645
|
+
# account in the organization can apply policies on all member accounts.
|
2646
|
+
# These policies can restrict what users and even administrators in
|
2647
|
+
# those accounts can do. The management account can apply policies that
|
2648
|
+
# prevent accounts from leaving the organization. Ensure that your
|
2649
|
+
# account administrators are aware of this.
|
2535
2650
|
#
|
2536
|
-
# This operation can be called only from the organization's
|
2651
|
+
# This operation can be called only from the organization's management
|
2537
2652
|
# account.
|
2538
2653
|
#
|
2539
2654
|
#
|
@@ -2614,7 +2729,7 @@ module Aws::Organizations
|
|
2614
2729
|
# AWS recommends that you first use ListRoots to see the status of
|
2615
2730
|
# policy types for a specified root, and then use this operation.
|
2616
2731
|
#
|
2617
|
-
# This operation can be called only from the organization's
|
2732
|
+
# This operation can be called only from the organization's management
|
2618
2733
|
# account.
|
2619
2734
|
#
|
2620
2735
|
# You can enable a policy type in a root only if that policy type is
|
@@ -2646,10 +2761,10 @@ module Aws::Organizations
|
|
2646
2761
|
#
|
2647
2762
|
#
|
2648
2763
|
#
|
2649
|
-
# [1]:
|
2650
|
-
# [2]:
|
2651
|
-
# [3]:
|
2652
|
-
# [4]:
|
2764
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2765
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2766
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2767
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2653
2768
|
#
|
2654
2769
|
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2655
2770
|
#
|
@@ -2712,12 +2827,12 @@ module Aws::Organizations
|
|
2712
2827
|
# invitation is implemented as a Handshake whose details are in the
|
2713
2828
|
# response.
|
2714
2829
|
#
|
2715
|
-
# * You can invite AWS accounts only from the same seller as the
|
2716
|
-
# account. For example, if your organization's
|
2717
|
-
# created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2718
|
-
# in India, you can invite only other AISPL accounts to
|
2719
|
-
# organization. You can't combine accounts from AISPL and AWS or
|
2720
|
-
# any other AWS seller. For more information, see [Consolidated
|
2830
|
+
# * You can invite AWS accounts only from the same seller as the
|
2831
|
+
# management account. For example, if your organization's management
|
2832
|
+
# account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2833
|
+
# AWS seller in India, you can invite only other AISPL accounts to
|
2834
|
+
# your organization. You can't combine accounts from AISPL and AWS or
|
2835
|
+
# from any other AWS seller. For more information, see [Consolidated
|
2721
2836
|
# Billing in India][1].
|
2722
2837
|
#
|
2723
2838
|
# * If you receive an exception that indicates that you exceeded your
|
@@ -2726,7 +2841,10 @@ module Aws::Organizations
|
|
2726
2841
|
# then try again. If the error persists after an hour, contact [AWS
|
2727
2842
|
# Support][2].
|
2728
2843
|
#
|
2729
|
-
#
|
2844
|
+
# If the request includes tags, then the requester must have the
|
2845
|
+
# `organizations:TagResource` permission.
|
2846
|
+
#
|
2847
|
+
# This operation can be called only from the organization's management
|
2730
2848
|
# account.
|
2731
2849
|
#
|
2732
2850
|
#
|
@@ -2756,6 +2874,33 @@ module Aws::Organizations
|
|
2756
2874
|
# Additional information that you want to include in the generated email
|
2757
2875
|
# to the recipient account owner.
|
2758
2876
|
#
|
2877
|
+
# @option params [Array<Types::Tag>] :tags
|
2878
|
+
# A list of tags that you want to attach to the account when it becomes
|
2879
|
+
# a member of the organization. For each tag in the list, you must
|
2880
|
+
# specify both a tag key and a value. You can set the value to an empty
|
2881
|
+
# string, but you can't set it to `null`. For more information about
|
2882
|
+
# tagging, see [Tagging AWS Organizations resources][1] in the AWS
|
2883
|
+
# Organizations User Guide.
|
2884
|
+
#
|
2885
|
+
# Any tags in the request are checked for compliance with any applicable
|
2886
|
+
# tag policies when the request is made. The request is rejected if the
|
2887
|
+
# tags in the request don't match the requirements of the policy at
|
2888
|
+
# that time. Tag policy compliance is <i> <b>not</b> </i> checked again
|
2889
|
+
# when the invitation is accepted and the tags are actually attached to
|
2890
|
+
# the account. That means that if the tag policy changes between the
|
2891
|
+
# invitation and the acceptance, then that tags could potentially be
|
2892
|
+
# non-compliant.
|
2893
|
+
#
|
2894
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
2895
|
+
# of tags for an account, then the entire request fails and invitations
|
2896
|
+
# are not sent.
|
2897
|
+
#
|
2898
|
+
# </note>
|
2899
|
+
#
|
2900
|
+
#
|
2901
|
+
#
|
2902
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
|
2903
|
+
#
|
2759
2904
|
# @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2760
2905
|
#
|
2761
2906
|
# * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
|
@@ -2828,6 +2973,12 @@ module Aws::Organizations
|
|
2828
2973
|
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
|
2829
2974
|
# },
|
2830
2975
|
# notes: "HandshakeNotes",
|
2976
|
+
# tags: [
|
2977
|
+
# {
|
2978
|
+
# key: "TagKey", # required
|
2979
|
+
# value: "TagValue", # required
|
2980
|
+
# },
|
2981
|
+
# ],
|
2831
2982
|
# })
|
2832
2983
|
#
|
2833
2984
|
# @example Response structure
|
@@ -2857,14 +3008,14 @@ module Aws::Organizations
|
|
2857
3008
|
|
2858
3009
|
# Removes a member account from its parent organization. This version of
|
2859
3010
|
# the operation is performed by the account that wants to leave. To
|
2860
|
-
# remove a member account as a user in the
|
3011
|
+
# remove a member account as a user in the management account, use
|
2861
3012
|
# RemoveAccountFromOrganization instead.
|
2862
3013
|
#
|
2863
3014
|
# This operation can be called only from a member account in the
|
2864
3015
|
# organization.
|
2865
3016
|
#
|
2866
|
-
# * The
|
2867
|
-
# set service control policies (SCPs) that can restrict what
|
3017
|
+
# * The management account in an organization with all features enabled
|
3018
|
+
# can set service control policies (SCPs) that can restrict what
|
2868
3019
|
# administrators of member accounts can do. This includes preventing
|
2869
3020
|
# them from successfully calling `LeaveOrganization` and leaving the
|
2870
3021
|
# organization.
|
@@ -2895,6 +3046,10 @@ module Aws::Organizations
|
|
2895
3046
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
2896
3047
|
# Billing and Cost Management User Guide.*
|
2897
3048
|
#
|
3049
|
+
# * After the account leaves the organization, all tags that were
|
3050
|
+
# attached to the account object in the organization are deleted. AWS
|
3051
|
+
# accounts outside of an organization do not support tags.
|
3052
|
+
#
|
2898
3053
|
#
|
2899
3054
|
#
|
2900
3055
|
# [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
@@ -2929,7 +3084,7 @@ module Aws::Organizations
|
|
2929
3084
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2930
3085
|
# Services][1] in the *AWS Organizations User Guide.*
|
2931
3086
|
#
|
2932
|
-
# This operation can be called only from the organization's
|
3087
|
+
# This operation can be called only from the organization's management
|
2933
3088
|
# account or by a member account that is a delegated administrator for
|
2934
3089
|
# an AWS service.
|
2935
3090
|
#
|
@@ -2998,7 +3153,7 @@ module Aws::Organizations
|
|
2998
3153
|
#
|
2999
3154
|
# </note>
|
3000
3155
|
#
|
3001
|
-
# This operation can be called only from the organization's
|
3156
|
+
# This operation can be called only from the organization's management
|
3002
3157
|
# account or by a member account that is a delegated administrator for
|
3003
3158
|
# an AWS service.
|
3004
3159
|
#
|
@@ -3121,7 +3276,7 @@ module Aws::Organizations
|
|
3121
3276
|
#
|
3122
3277
|
# </note>
|
3123
3278
|
#
|
3124
|
-
# This operation can be called only from the organization's
|
3279
|
+
# This operation can be called only from the organization's management
|
3125
3280
|
# account or by a member account that is a delegated administrator for
|
3126
3281
|
# an AWS service.
|
3127
3282
|
#
|
@@ -3230,7 +3385,7 @@ module Aws::Organizations
|
|
3230
3385
|
#
|
3231
3386
|
# </note>
|
3232
3387
|
#
|
3233
|
-
# This operation can be called only from the organization's
|
3388
|
+
# This operation can be called only from the organization's management
|
3234
3389
|
# account or by a member account that is a delegated administrator for
|
3235
3390
|
# an AWS service.
|
3236
3391
|
#
|
@@ -3342,7 +3497,7 @@ module Aws::Organizations
|
|
3342
3497
|
#
|
3343
3498
|
# </note>
|
3344
3499
|
#
|
3345
|
-
# This operation can be called only from the organization's
|
3500
|
+
# This operation can be called only from the organization's management
|
3346
3501
|
# account or by a member account that is a delegated administrator for
|
3347
3502
|
# an AWS service.
|
3348
3503
|
#
|
@@ -3459,7 +3614,7 @@ module Aws::Organizations
|
|
3459
3614
|
# Lists the AWS accounts that are designated as delegated administrators
|
3460
3615
|
# in this organization.
|
3461
3616
|
#
|
3462
|
-
# This operation can be called only from the organization's
|
3617
|
+
# This operation can be called only from the organization's management
|
3463
3618
|
# account or by a member account that is a delegated administrator for
|
3464
3619
|
# an AWS service.
|
3465
3620
|
#
|
@@ -3529,7 +3684,7 @@ module Aws::Organizations
|
|
3529
3684
|
# List the AWS services for which the specified account is a delegated
|
3530
3685
|
# administrator.
|
3531
3686
|
#
|
3532
|
-
# This operation can be called only from the organization's
|
3687
|
+
# This operation can be called only from the organization's management
|
3533
3688
|
# account or by a member account that is a delegated administrator for
|
3534
3689
|
# an AWS service.
|
3535
3690
|
#
|
@@ -3751,7 +3906,7 @@ module Aws::Organizations
|
|
3751
3906
|
#
|
3752
3907
|
# </note>
|
3753
3908
|
#
|
3754
|
-
# This operation can be called only from the organization's
|
3909
|
+
# This operation can be called only from the organization's management
|
3755
3910
|
# account or by a member account that is a delegated administrator for
|
3756
3911
|
# an AWS service.
|
3757
3912
|
#
|
@@ -3937,7 +4092,7 @@ module Aws::Organizations
|
|
3937
4092
|
#
|
3938
4093
|
# </note>
|
3939
4094
|
#
|
3940
|
-
# This operation can be called only from the organization's
|
4095
|
+
# This operation can be called only from the organization's management
|
3941
4096
|
# account or by a member account that is a delegated administrator for
|
3942
4097
|
# an AWS service.
|
3943
4098
|
#
|
@@ -4049,7 +4204,7 @@ module Aws::Organizations
|
|
4049
4204
|
#
|
4050
4205
|
# </note>
|
4051
4206
|
#
|
4052
|
-
# This operation can be called only from the organization's
|
4207
|
+
# This operation can be called only from the organization's management
|
4053
4208
|
# account or by a member account that is a delegated administrator for
|
4054
4209
|
# an AWS service.
|
4055
4210
|
#
|
@@ -4155,7 +4310,7 @@ module Aws::Organizations
|
|
4155
4310
|
#
|
4156
4311
|
# </note>
|
4157
4312
|
#
|
4158
|
-
# This operation can be called only from the organization's
|
4313
|
+
# This operation can be called only from the organization's management
|
4159
4314
|
# account or by a member account that is a delegated administrator for
|
4160
4315
|
# an AWS service.
|
4161
4316
|
#
|
@@ -4173,10 +4328,10 @@ module Aws::Organizations
|
|
4173
4328
|
#
|
4174
4329
|
#
|
4175
4330
|
#
|
4176
|
-
# [1]:
|
4177
|
-
# [2]:
|
4178
|
-
# [3]:
|
4179
|
-
# [4]:
|
4331
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4332
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4333
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4334
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4180
4335
|
#
|
4181
4336
|
# @option params [String] :next_token
|
4182
4337
|
# The parameter for receiving additional results if you receive a
|
@@ -4283,7 +4438,7 @@ module Aws::Organizations
|
|
4283
4438
|
#
|
4284
4439
|
# </note>
|
4285
4440
|
#
|
4286
|
-
# This operation can be called only from the organization's
|
4441
|
+
# This operation can be called only from the organization's management
|
4287
4442
|
# account or by a member account that is a delegated administrator for
|
4288
4443
|
# an AWS service.
|
4289
4444
|
#
|
@@ -4322,10 +4477,10 @@ module Aws::Organizations
|
|
4322
4477
|
#
|
4323
4478
|
#
|
4324
4479
|
#
|
4325
|
-
# [1]:
|
4326
|
-
# [2]:
|
4327
|
-
# [3]:
|
4328
|
-
# [4]:
|
4480
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4481
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4482
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4483
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4329
4484
|
#
|
4330
4485
|
# @option params [String] :next_token
|
4331
4486
|
# The parameter for receiving additional results if you receive a
|
@@ -4418,7 +4573,7 @@ module Aws::Organizations
|
|
4418
4573
|
#
|
4419
4574
|
# </note>
|
4420
4575
|
#
|
4421
|
-
# This operation can be called only from the organization's
|
4576
|
+
# This operation can be called only from the organization's management
|
4422
4577
|
# account or by a member account that is a delegated administrator for
|
4423
4578
|
# an AWS service.
|
4424
4579
|
#
|
@@ -4509,16 +4664,37 @@ module Aws::Organizations
|
|
4509
4664
|
req.send_request(options)
|
4510
4665
|
end
|
4511
4666
|
|
4512
|
-
# Lists tags
|
4667
|
+
# Lists tags that are attached to the specified resource.
|
4668
|
+
#
|
4669
|
+
# You can attach tags to the following resources in AWS Organizations.
|
4670
|
+
#
|
4671
|
+
# * AWS account
|
4672
|
+
#
|
4673
|
+
# * Organization root
|
4513
4674
|
#
|
4514
|
-
#
|
4675
|
+
# * Organizational unit (OU)
|
4515
4676
|
#
|
4516
|
-
#
|
4677
|
+
# * Policy (any type)
|
4678
|
+
#
|
4679
|
+
# This operation can be called only from the organization's management
|
4517
4680
|
# account or by a member account that is a delegated administrator for
|
4518
4681
|
# an AWS service.
|
4519
4682
|
#
|
4520
4683
|
# @option params [required, String] :resource_id
|
4521
|
-
# The ID of the resource
|
4684
|
+
# The ID of the resource with the tags to list.
|
4685
|
+
#
|
4686
|
+
# You can specify any of the following taggable resources.
|
4687
|
+
#
|
4688
|
+
# * AWS account – specify the account ID number.
|
4689
|
+
#
|
4690
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4691
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
4692
|
+
#
|
4693
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
4694
|
+
# to: `r-1a2b `
|
4695
|
+
#
|
4696
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4697
|
+
# similar to: `p-12abcdefg3 `
|
4522
4698
|
#
|
4523
4699
|
# @option params [String] :next_token
|
4524
4700
|
# The parameter for receiving additional results if you receive a
|
@@ -4568,7 +4744,7 @@ module Aws::Organizations
|
|
4568
4744
|
#
|
4569
4745
|
# </note>
|
4570
4746
|
#
|
4571
|
-
# This operation can be called only from the organization's
|
4747
|
+
# This operation can be called only from the organization's management
|
4572
4748
|
# account or by a member account that is a delegated administrator for
|
4573
4749
|
# an AWS service.
|
4574
4750
|
#
|
@@ -4673,7 +4849,7 @@ module Aws::Organizations
|
|
4673
4849
|
# Moves an account from its current source parent root or organizational
|
4674
4850
|
# unit (OU) to the specified destination parent root or OU.
|
4675
4851
|
#
|
4676
|
-
# This operation can be called only from the organization's
|
4852
|
+
# This operation can be called only from the organization's management
|
4677
4853
|
# account.
|
4678
4854
|
#
|
4679
4855
|
# @option params [required, String] :account_id
|
@@ -4765,7 +4941,7 @@ module Aws::Organizations
|
|
4765
4941
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
4766
4942
|
# Organizations User Guide.*
|
4767
4943
|
#
|
4768
|
-
# This operation can be called only from the organization's
|
4944
|
+
# This operation can be called only from the organization's management
|
4769
4945
|
# account.
|
4770
4946
|
#
|
4771
4947
|
#
|
@@ -4802,28 +4978,33 @@ module Aws::Organizations
|
|
4802
4978
|
#
|
4803
4979
|
# The removed account becomes a standalone account that isn't a member
|
4804
4980
|
# of any organization. It's no longer subject to any policies and is
|
4805
|
-
# responsible for its own bill payments. The organization's
|
4981
|
+
# responsible for its own bill payments. The organization's management
|
4806
4982
|
# account is no longer charged for any expenses accrued by the member
|
4807
4983
|
# account after it's removed from the organization.
|
4808
4984
|
#
|
4809
|
-
# This operation can be called only from the organization's
|
4985
|
+
# This operation can be called only from the organization's management
|
4810
4986
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4811
4987
|
# instead.
|
4812
4988
|
#
|
4813
|
-
# You can remove an account from your organization only if the account
|
4814
|
-
#
|
4815
|
-
# account. When you create an account in an organization
|
4816
|
-
# Organizations console, API, or CLI commands, the
|
4817
|
-
# of standalone accounts is *not* automatically
|
4818
|
-
# account that you want to make standalone, you must
|
4819
|
-
# plan, provide and verify the required contact
|
4820
|
-
# a current payment method. AWS uses the
|
4821
|
-
# any billable (not free tier) AWS
|
4822
|
-
# account isn't attached to an
|
4823
|
-
# doesn't yet have this
|
4824
|
-
#
|
4825
|
-
#
|
4826
|
-
#
|
4989
|
+
# * You can remove an account from your organization only if the account
|
4990
|
+
# is configured with the information required to operate as a
|
4991
|
+
# standalone account. When you create an account in an organization
|
4992
|
+
# using the AWS Organizations console, API, or CLI commands, the
|
4993
|
+
# information required of standalone accounts is *not* automatically
|
4994
|
+
# collected. For an account that you want to make standalone, you must
|
4995
|
+
# choose a support plan, provide and verify the required contact
|
4996
|
+
# information, and provide a current payment method. AWS uses the
|
4997
|
+
# payment method to charge for any billable (not free tier) AWS
|
4998
|
+
# activity that occurs while the account isn't attached to an
|
4999
|
+
# organization. To remove an account that doesn't yet have this
|
5000
|
+
# information, you must sign in as the member account and follow the
|
5001
|
+
# steps at [ To leave an organization when all required account
|
5002
|
+
# information has not yet been provided][1] in the *AWS Organizations
|
5003
|
+
# User Guide.*
|
5004
|
+
#
|
5005
|
+
# * After the account leaves the organization, all tags that were
|
5006
|
+
# attached to the account object in the organization are deleted. AWS
|
5007
|
+
# accounts outside of an organization do not support tags.
|
4827
5008
|
#
|
4828
5009
|
#
|
4829
5010
|
#
|
@@ -4868,18 +5049,48 @@ module Aws::Organizations
|
|
4868
5049
|
|
4869
5050
|
# Adds one or more tags to the specified resource.
|
4870
5051
|
#
|
4871
|
-
# Currently, you can
|
5052
|
+
# Currently, you can attach tags to the following resources in AWS
|
5053
|
+
# Organizations.
|
5054
|
+
#
|
5055
|
+
# * AWS account
|
4872
5056
|
#
|
4873
|
-
#
|
5057
|
+
# * Organization root
|
5058
|
+
#
|
5059
|
+
# * Organizational unit (OU)
|
5060
|
+
#
|
5061
|
+
# * Policy (any type)
|
5062
|
+
#
|
5063
|
+
# This operation can be called only from the organization's management
|
4874
5064
|
# account.
|
4875
5065
|
#
|
4876
5066
|
# @option params [required, String] :resource_id
|
4877
5067
|
# The ID of the resource to add a tag to.
|
4878
5068
|
#
|
4879
5069
|
# @option params [required, Array<Types::Tag>] :tags
|
4880
|
-
#
|
4881
|
-
#
|
4882
|
-
#
|
5070
|
+
# A list of tags to add to the specified resource.
|
5071
|
+
#
|
5072
|
+
# You can specify any of the following taggable resources.
|
5073
|
+
#
|
5074
|
+
# * AWS account – specify the account ID number.
|
5075
|
+
#
|
5076
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5077
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5078
|
+
#
|
5079
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5080
|
+
# to: `r-1a2b `
|
5081
|
+
#
|
5082
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5083
|
+
# similar to: `p-12abcdefg3 `
|
5084
|
+
#
|
5085
|
+
# For each tag in the list, you must specify both a tag key and a value.
|
5086
|
+
# You can set the value to an empty string, but you can't set it to
|
5087
|
+
# `null`.
|
5088
|
+
#
|
5089
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
5090
|
+
# of tags for an account user, then the entire request fails and the
|
5091
|
+
# account is not created.
|
5092
|
+
#
|
5093
|
+
# </note>
|
4883
5094
|
#
|
4884
5095
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4885
5096
|
#
|
@@ -4904,18 +5115,39 @@ module Aws::Organizations
|
|
4904
5115
|
req.send_request(options)
|
4905
5116
|
end
|
4906
5117
|
|
4907
|
-
# Removes
|
5118
|
+
# Removes any tags with the specified keys from the specified resource.
|
5119
|
+
#
|
5120
|
+
# You can attach tags to the following resources in AWS Organizations.
|
5121
|
+
#
|
5122
|
+
# * AWS account
|
5123
|
+
#
|
5124
|
+
# * Organization root
|
4908
5125
|
#
|
4909
|
-
#
|
5126
|
+
# * Organizational unit (OU)
|
4910
5127
|
#
|
4911
|
-
#
|
5128
|
+
# * Policy (any type)
|
5129
|
+
#
|
5130
|
+
# This operation can be called only from the organization's management
|
4912
5131
|
# account.
|
4913
5132
|
#
|
4914
5133
|
# @option params [required, String] :resource_id
|
4915
|
-
# The ID of the resource to remove
|
5134
|
+
# The ID of the resource to remove a tag from.
|
5135
|
+
#
|
5136
|
+
# You can specify any of the following taggable resources.
|
5137
|
+
#
|
5138
|
+
# * AWS account – specify the account ID number.
|
5139
|
+
#
|
5140
|
+
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5141
|
+
# looks similar to: `ou-1a2b-34uvwxyz `
|
5142
|
+
#
|
5143
|
+
# * Root – specify the root ID that begins with `r-` and looks similar
|
5144
|
+
# to: `r-1a2b `
|
5145
|
+
#
|
5146
|
+
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5147
|
+
# similar to: `p-12abcdefg3 `
|
4916
5148
|
#
|
4917
5149
|
# @option params [required, Array<String>] :tag_keys
|
4918
|
-
# The
|
5150
|
+
# The list of keys for tags to remove from the specified resource.
|
4919
5151
|
#
|
4920
5152
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
4921
5153
|
#
|
@@ -4939,7 +5171,7 @@ module Aws::Organizations
|
|
4939
5171
|
# change. The child OUs and accounts remain in place, and any attached
|
4940
5172
|
# policies of the OU remain attached.
|
4941
5173
|
#
|
4942
|
-
# This operation can be called only from the organization's
|
5174
|
+
# This operation can be called only from the organization's management
|
4943
5175
|
# account.
|
4944
5176
|
#
|
4945
5177
|
# @option params [required, String] :organizational_unit_id
|
@@ -5014,7 +5246,7 @@ module Aws::Organizations
|
|
5014
5246
|
# If you don't supply any parameter, that value remains unchanged. You
|
5015
5247
|
# can't change a policy's type.
|
5016
5248
|
#
|
5017
|
-
# This operation can be called only from the organization's
|
5249
|
+
# This operation can be called only from the organization's management
|
5018
5250
|
# account.
|
5019
5251
|
#
|
5020
5252
|
# @option params [required, String] :policy_id
|
@@ -5148,7 +5380,7 @@ module Aws::Organizations
|
|
5148
5380
|
params: params,
|
5149
5381
|
config: config)
|
5150
5382
|
context[:gem_name] = 'aws-sdk-organizations'
|
5151
|
-
context[:gem_version] = '1.
|
5383
|
+
context[:gem_version] = '1.55.0'
|
5152
5384
|
Seahorse::Client::Request.new(handlers, context)
|
5153
5385
|
end
|
5154
5386
|
|