aws-sdk-organizations 1.51.0 → 1.56.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b6f5921109742aaa83544abde06a32cae7102b883e54767fe4e5567affe73a6
-  data.tar.gz: 0fdaeb797a8f94bca291bedaa02f83098032626aa70e1e304010bbc9926d7b25
+  metadata.gz: d9a6d3418bcf41035fd568ef4c68f1cd02fc5ad6f1f3db79de42301657632dcd
+  data.tar.gz: a3c1007cea9a8f8b3065d6d23414c5af2f5bc9351c457f6425b75fec756aa972
 SHA512:
-  metadata.gz: 40a50363452745e1f6a6ef0aef7f5688754608588f65766d59e5786d40dc54a718ee5d67b404f852459dc5a4a47491dcbee044c82b90ce7f589ec17a87e51fcd
-  data.tar.gz: 5bc9c7b9b676bee453d617114739d234a0203ba6ff31298dcb34cb7254f336d96feeb91aaa85ea0cbd5dbb7a829fd2a0401500158f969150dd28bb4a3c24c2cc
+  metadata.gz: ad153b4698b5c59652b26f098b084576044db4f9a47595514434096eac2f6a5030bdc97abe4762f0f71301f49346e309273f1c82ed9da024e8402dfb94615463
+  data.tar.gz: 50e46f63f650e662fcd681ed02a23beaeb4e18a8a15774ebf84fa858c56a680206365ab64c53998ace1cd1a411aaf8b08e2e909356aca9462982618c9301a482

data/lib/aws-sdk-organizations.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-organizations/customizations'
 # @!group service
 module Aws::Organizations
 
-  GEM_VERSION = '1.51.0'
+  GEM_VERSION = '1.56.0'
 
 end

data/lib/aws-sdk-organizations/client.rb

@@ -356,7 +356,7 @@ module Aws::Organizations
     #   User Guide*.
     #
     # * **Enable all features final confirmation** handshake: only a
-    #   principal from the master account.
+    #   principal from the management account.
     #
     #   For more information about invitations, see [Inviting an AWS Account
     #   to Join Your Organization][2] in the *AWS Organizations User Guide.*
@@ -487,15 +487,15 @@ module Aws::Organizations
     #
     # * [TAG\_POLICY][4]
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
     #
-    # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    # [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    # [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    # [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [required, String] :policy_id
     #   The unique identifier (ID) of the policy that you want to attach to
@@ -695,8 +695,9 @@ module Aws::Organizations
     # successfully access the account. To check the status of the request,
     # do one of the following:
     #
-    # * Use the `OperationId` response element from this operation to
-    #   provide as a parameter to the DescribeCreateAccountStatus operation.
+    # * Use the `Id` member of the `CreateAccountStatus` response element
+    #   from this operation to provide as a parameter to the
+    #   DescribeCreateAccountStatus operation.
     #
     # * Check the AWS CloudTrail log for the `CreateAccountResult` event.
     #   For information on using AWS CloudTrail with AWS Organizations, see
@@ -715,12 +716,12 @@ module Aws::Organizations
     #
     # AWS Organizations preconfigures the new member account with a role
     # (named `OrganizationAccountAccessRole` by default) that grants users
-    # in the master account administrator permissions in the new member
-    # account. Principals in the master account can assume the role. AWS
+    # in the management account administrator permissions in the new member
+    # account. Principals in the management account can assume the role. AWS
     # Organizations clones the company name and address information for the
-    # new account from the organization's master account.
+    # new account from the organization's management account.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # For more information about creating accounts, see [Creating an AWS
@@ -785,10 +786,10 @@ module Aws::Organizations
     #   (Optional)
     #
     #   The name of an IAM role that AWS Organizations automatically
-    #   preconfigures in the new member account. This role trusts the master
-    #   account, allowing users in the master account to assume the role, as
-    #   permitted by the master account administrator. The role has
-    #   administrator permissions in the new member account.
+    #   preconfigures in the new member account. This role trusts the
+    #   management account, allowing users in the management account to assume
+    #   the role, as permitted by the management account administrator. The
+    #   role has administrator permissions in the new member account.
     #
     #   If you don't specify this parameter, the role name defaults to
     #   `OrganizationAccountAccessRole`.
@@ -912,10 +913,11 @@ module Aws::Organizations
     #   the [ *AWS GovCloud User Guide*.][1]
     #
     # * You already have an account in the AWS GovCloud (US) Region that is
-    #   associated with your master account in the commercial Region.
+    #   paired with a management account of an organization in the
+    #   commercial Region.
     #
-    # * You call this action from the master account of your organization in
-    #   the commercial Region.
+    # * You call this action from the management account of your
+    #   organization in the commercial Region.
     #
     # * You have the `organizations:CreateGovCloudAccount` permission.
     #
@@ -941,11 +943,11 @@ module Aws::Organizations
     # the TagResource operation in the GovCloud Region after the new
     # GovCloud account exists.
     #
-    # You call this action from the master account of your organization in
-    # the commercial Region to create a standalone AWS account in the AWS
-    # GovCloud (US) Region. After the account is created, the master account
-    # of an organization in the AWS GovCloud (US) Region can invite it to
-    # that organization. For more information on inviting standalone
+    # You call this action from the management account of your organization
+    # in the commercial Region to create a standalone AWS account in the AWS
+    # GovCloud (US) Region. After the account is created, the management
+    # account of an organization in the AWS GovCloud (US) Region can invite
+    # it to that organization. For more information on inviting standalone
     # accounts in the AWS GovCloud (US) to join an organization, see [AWS
     # Organizations][4] in the *AWS GovCloud User Guide.*
     #
@@ -974,14 +976,14 @@ module Aws::Organizations
     # accounts are associated with the same email address.
     #
     # A role is created in the new account in the commercial Region that
-    # allows the master account in the organization in the commercial Region
-    # to assume it. An AWS GovCloud (US) account is then created and
+    # allows the management account in the organization in the commercial
+    # Region to assume it. An AWS GovCloud (US) account is then created and
     # associated with the commercial account that you just created. A role
     # is also created in the new AWS GovCloud (US) account that can be
     # assumed by the AWS GovCloud (US) account that is associated with the
-    # master account of the commercial organization. For more information
-    # and to view a diagram that explains how account access works, see [AWS
-    # Organizations][4] in the *AWS GovCloud User Guide.*
+    # management account of the commercial organization. For more
+    # information and to view a diagram that explains how account access
+    # works, see [AWS Organizations][4] in the *AWS GovCloud User Guide.*
     #
     # For more information about creating accounts, see [Creating an AWS
     # Account in Your Organization][6] in the *AWS Organizations User
@@ -1054,9 +1056,9 @@ module Aws::Organizations
     #
     #   The name of an IAM role that AWS Organizations automatically
     #   preconfigures in the new member accounts in both the AWS GovCloud (US)
-    #   Region and in the commercial Region. This role trusts the master
-    #   account, allowing users in the master account to assume the role, as
-    #   permitted by the master account administrator. The role has
+    #   Region and in the commercial Region. This role trusts the management
+    #   account, allowing users in the management account to assume the role,
+    #   as permitted by the management account administrator. The role has
     #   administrator permissions in the new member account.
     #
     #   If you don't specify this parameter, the role name defaults to
@@ -1156,11 +1158,11 @@ module Aws::Organizations
     end
 
     # Creates an AWS organization. The account whose user is calling the
-    # `CreateOrganization` operation automatically becomes the [master
+    # `CreateOrganization` operation automatically becomes the [management
     # account][1] of the new organization.
     #
     # This operation must be called using credentials from the account that
-    # is to become the new organization's master account. The principal
+    # is to become the new organization's management account. The principal
     # must also have the relevant IAM permissions.
     #
     # By default (or if you set the `FeatureSet` parameter to `ALL`), the
@@ -1180,7 +1182,7 @@ module Aws::Organizations
     #   feature set supports different levels of functionality.
     #
     #   * `CONSOLIDATED_BILLING`\: All member accounts have their bills
-    #     consolidated to and paid by the master account. For more
+    #     consolidated to and paid by the management account. For more
     #     information, see [Consolidated billing][1] in the *AWS Organizations
     #     User Guide.*
     #
@@ -1188,10 +1190,10 @@ module Aws::Organizations
     #     organizations in the AWS GovCloud (US) Region.
     #
     #   * `ALL`\: In addition to all the features supported by the
-    #     consolidated billing feature set, the master account can also apply
-    #     any policy type to any member account in the organization. For more
-    #     information, see [All features][2] in the *AWS Organizations User
-    #     Guide.*
+    #     consolidated billing feature set, the management account can also
+    #     apply any policy type to any member account in the organization. For
+    #     more information, see [All features][2] in the *AWS Organizations
+    #     User Guide.*
     #
     #
     #
@@ -1293,7 +1295,7 @@ module Aws::Organizations
     # If the request includes tags, then the requester must have the
     # `organizations:TagResource` permission.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
@@ -1399,7 +1401,7 @@ module Aws::Organizations
     # If the request includes tags, then the requester must have the
     # `organizations:TagResource` permission.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
@@ -1438,10 +1440,10 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags that you want to attach to the newly created policy.
@@ -1640,8 +1642,8 @@ module Aws::Organizations
     end
 
     # Deletes the organization. You can delete an organization only by using
-    # credentials from the master account. The organization must be empty of
-    # member accounts.
+    # credentials from the management account. The organization must be
+    # empty of member accounts.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1658,7 +1660,7 @@ module Aws::Organizations
     # must first remove all accounts and child OUs from the OU that you want
     # to delete.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :organizational_unit_id
@@ -1706,7 +1708,7 @@ module Aws::Organizations
     # perform this operation, you must first detach the policy from all
     # organizational units (OUs), roots, and accounts.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :policy_id
@@ -1763,12 +1765,12 @@ module Aws::Organizations
     # Services that you can use with AWS Organizations][1] in the *AWS
     # Organizations User Guide.*
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
     #
     # @option params [required, String] :account_id
     #   The account ID number of the member account in the organization that
@@ -1805,7 +1807,7 @@ module Aws::Organizations
     # Retrieves AWS Organizations-related information about the specified
     # account.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -1872,14 +1874,15 @@ module Aws::Organizations
     # Retrieves the current status of an asynchronous request to create an
     # account.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
     # @option params [required, String] :create_account_request_id
-    #   Specifies the `operationId` that uniquely identifies the request. You
-    #   can get the ID from the response to an earlier CreateAccount request,
-    #   or from the ListCreateAccountStatus operation.
+    #   Specifies the `Id` value that uniquely identifies the `CreateAccount`
+    #   request. You can get the value from the `CreateAccountStatus.Id`
+    #   response in an earlier CreateAccount request, or from the
+    #   ListCreateAccountStatus operation.
     #
     #   The [regex pattern][1] for a create account request ID string requires
     #   "car-" followed by from 8 to 32 lowercase letters or digits.
@@ -1949,7 +1952,7 @@ module Aws::Organizations
     # For more information about policy inheritance, see [How Policy
     # Inheritance Works][1] in the *AWS Organizations User Guide*.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -1969,14 +1972,14 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :target_id
-    #   When you're signed in as the master account, specify the ID of the
-    #   account that you want details about. Specifying an organization root
-    #   or organizational unit (OU) as the target is not supported.
+    #   When you're signed in as the management account, specify the ID of
+    #   the account that you want details about. Specifying an organization
+    #   root or organizational unit (OU) as the target is not supported.
     #
     # @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2179,7 +2182,7 @@ module Aws::Organizations
 
     # Retrieves information about an organizational unit (OU).
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -2242,7 +2245,7 @@ module Aws::Organizations
 
     # Retrieves information about a policy.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -2330,7 +2333,7 @@ module Aws::Organizations
     # attached SCP), you're using the authorization strategy of a "[deny
     # list][2]".
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
@@ -2409,33 +2412,65 @@ module Aws::Organizations
     # operations in older accounts until the service completes its clean-up
     # from AWS Organizations.
     #
-    #
-    #
-    # We recommend that you disable integration between AWS Organizations
-    # and the specified AWS service by using the console or commands that
-    # are provided by the specified service. Doing so ensures that the other
-    # service is aware that it can clean up any resources that are required
-    # only for the integration. How the service cleans up its resources in
-    # the organization's accounts depends on that service. For more
-    # information, see the documentation for the other AWS service.
+    # We <b> <i>strongly recommend</i> </b> that you don't use this command
+    # to disable integration between AWS Organizations and the specified AWS
+    # service. Instead, use the console or commands that are provided by the
+    # specified service. This lets the trusted service perform any required
+    # initialization when enabling trusted access, such as creating any
+    # required resources and any required clean up of resources when
+    # disabling trusted access.
+    #
+    #  For information about how to disable trusted service access to your
+    # organization using the trusted service, see the **Learn more** link
+    # under the **Supports Trusted Access** column at [AWS services that you
+    # can use with AWS Organizations][2]. on this page.
+    #
+    #  If you disable access by using this command, it causes the following
+    # actions to occur:
+    #
+    #  * The service can no longer create a service-linked role in the
+    #   accounts in your organization. This means that the service can't
+    #   perform operations on your behalf on any new accounts in your
+    #   organization. The service can still perform operations in older
+    #   accounts until the service completes its clean-up from AWS
+    #   Organizations.
+    #
+    # * The service can no longer perform tasks in the member accounts in
+    #   the organization, unless those operations are explicitly permitted
+    #   by the IAM policies that are attached to your roles. This includes
+    #   any data aggregation from the member accounts to the management
+    #   account, or to a delegated administrator account, where relevant.
+    #
+    # * Some services detect this and clean up any remaining data or
+    #   resources related to the integration, while other services stop
+    #   accessing the organization but leave any historical data and
+    #   configuration in place to support a possible re-enabling of the
+    #   integration.
+    #
+    #  Using the other service's console or commands to disable the
+    # integration ensures that the other service is aware that it can clean
+    # up any resources that are required only for the integration. How the
+    # service cleans up its resources in the organization's accounts
+    # depends on that service. For more information, see the documentation
+    # for the other AWS service.
     #
     # After you perform the `DisableAWSServiceAccess` operation, the
     # specified service can no longer perform operations in your
-    # organization's accounts unless the operations are explicitly
-    # permitted by the IAM policies that are attached to your roles.
+    # organization's accounts
     #
     # For more information about integrating other services with AWS
     # Organizations, including the list of services that work with
     # Organizations, see [Integrating AWS Organizations with Other AWS
-    # Services][2] in the *AWS Organizations User Guide.*
+    # Services][3] in the *AWS Organizations User Guide.*
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
     #
     # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
-    # [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
+    # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
+    # [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
     #
     # @option params [required, String] :service_principal
     #   The service principal name of the AWS service for which you want to
@@ -2473,7 +2508,7 @@ module Aws::Organizations
     # status of policy types for a specified root, and then use this
     # operation.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # To view the status of available policy types in the organization, use
@@ -2508,10 +2543,10 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2583,7 +2618,7 @@ module Aws::Organizations
     # Organizations, see [Integrating AWS Organizations with Other AWS
     # Services][2] in the *AWS Organizations User Guide.*
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account and only if the organization has [enabled all features][3].
     #
     #
@@ -2638,14 +2673,14 @@ module Aws::Organizations
     # the feature set change by accepting the handshake that contains
     # `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
     #
-    # After you enable all features in your organization, the master account
-    # in the organization can apply policies on all member accounts. These
-    # policies can restrict what users and even administrators in those
-    # accounts can do. The master account can apply policies that prevent
-    # accounts from leaving the organization. Ensure that your account
-    # administrators are aware of this.
+    # After you enable all features in your organization, the management
+    # account in the organization can apply policies on all member accounts.
+    # These policies can restrict what users and even administrators in
+    # those accounts can do. The management account can apply policies that
+    # prevent accounts from leaving the organization. Ensure that your
+    # account administrators are aware of this.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
@@ -2726,7 +2761,7 @@ module Aws::Organizations
     # AWS recommends that you first use ListRoots to see the status of
     # policy types for a specified root, and then use this operation.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # You can enable a policy type in a root only if that policy type is
@@ -2758,10 +2793,10 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2824,12 +2859,12 @@ module Aws::Organizations
     # invitation is implemented as a Handshake whose details are in the
     # response.
     #
-    # * You can invite AWS accounts only from the same seller as the master
-    #   account. For example, if your organization's master account was
-    #   created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller
-    #   in India, you can invite only other AISPL accounts to your
-    #   organization. You can't combine accounts from AISPL and AWS or from
-    #   any other AWS seller. For more information, see [Consolidated
+    # * You can invite AWS accounts only from the same seller as the
+    #   management account. For example, if your organization's management
+    #   account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
+    #   AWS seller in India, you can invite only other AISPL accounts to
+    #   your organization. You can't combine accounts from AISPL and AWS or
+    #   from any other AWS seller. For more information, see [Consolidated
     #   Billing in India][1].
     #
     # * If you receive an exception that indicates that you exceeded your
@@ -2841,7 +2876,7 @@ module Aws::Organizations
     # If the request includes tags, then the requester must have the
     # `organizations:TagResource` permission.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
@@ -3005,14 +3040,14 @@ module Aws::Organizations
 
     # Removes a member account from its parent organization. This version of
     # the operation is performed by the account that wants to leave. To
-    # remove a member account as a user in the master account, use
+    # remove a member account as a user in the management account, use
     # RemoveAccountFromOrganization instead.
     #
     # This operation can be called only from a member account in the
     # organization.
     #
-    # * The master account in an organization with all features enabled can
-    #   set service control policies (SCPs) that can restrict what
+    # * The management account in an organization with all features enabled
+    #   can set service control policies (SCPs) that can restrict what
     #   administrators of member accounts can do. This includes preventing
     #   them from successfully calling `LeaveOrganization` and leaving the
     #   organization.
@@ -3038,6 +3073,12 @@ module Aws::Organizations
     #   all required account information has not yet been provided][1] in
     #   the *AWS Organizations User Guide.*
     #
+    # * The account that you want to leave must not be a delegated
+    #   administrator account for any AWS service enabled for your
+    #   organization. If the account is a delegated administrator, you must
+    #   first change the delegated administrator account to another account
+    #   that is remaining in the organization.
+    #
     # * You can leave an organization only after you enable IAM user access
     #   to billing in your account. For more information, see [Activating
     #   Access to the Billing and Cost Management Console][2] in the *AWS
@@ -3081,7 +3122,7 @@ module Aws::Organizations
     # Organizations, see [Integrating AWS Organizations with Other AWS
     # Services][1] in the *AWS Organizations User Guide.*
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3150,7 +3191,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3273,7 +3314,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3382,7 +3423,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3494,7 +3535,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3611,7 +3652,7 @@ module Aws::Organizations
     # Lists the AWS accounts that are designated as delegated administrators
     # in this organization.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3681,7 +3722,7 @@ module Aws::Organizations
     # List the AWS services for which the specified account is a delegated
     # administrator.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -3903,7 +3944,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4089,7 +4130,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4201,7 +4242,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4307,7 +4348,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4325,10 +4366,10 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :next_token
     #   The parameter for receiving additional results if you receive a
@@ -4435,7 +4476,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4474,10 +4515,10 @@ module Aws::Organizations
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
-    #   [2]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
-    #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
-    #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
+    #   [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
+    #   [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
+    #   [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
     # @option params [String] :next_token
     #   The parameter for receiving additional results if you receive a
@@ -4570,7 +4611,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4673,7 +4714,7 @@ module Aws::Organizations
     #
     # * Policy (any type)
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4741,7 +4782,7 @@ module Aws::Organizations
     #
     #  </note>
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
@@ -4846,7 +4887,7 @@ module Aws::Organizations
     # Moves an account from its current source parent root or organizational
     # unit (OU) to the specified destination parent root or OU.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :account_id
@@ -4938,12 +4979,12 @@ module Aws::Organizations
     # Services that you can use with AWS Organizations][1] in the *AWS
     # Organizations User Guide.*
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
     #
     # @option params [required, String] :account_id
     #   The account ID number of the member account in the organization to
@@ -4975,11 +5016,11 @@ module Aws::Organizations
     #
     # The removed account becomes a standalone account that isn't a member
     # of any organization. It's no longer subject to any policies and is
-    # responsible for its own bill payments. The organization's master
+    # responsible for its own bill payments. The organization's management
     # account is no longer charged for any expenses accrued by the member
     # account after it's removed from the organization.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account. Member accounts can remove themselves with LeaveOrganization
     # instead.
     #
@@ -4999,6 +5040,12 @@ module Aws::Organizations
     #   information has not yet been provided][1] in the *AWS Organizations
     #   User Guide.*
     #
+    # * The account that you want to leave must not be a delegated
+    #   administrator account for any AWS service enabled for your
+    #   organization. If the account is a delegated administrator, you must
+    #   first change the delegated administrator account to another account
+    #   that is remaining in the organization.
+    #
     # * After the account leaves the organization, all tags that were
     #   attached to the account object in the organization are deleted. AWS
     #   accounts outside of an organization do not support tags.
@@ -5057,7 +5104,7 @@ module Aws::Organizations
     #
     # * Policy (any type)
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :resource_id
@@ -5124,7 +5171,7 @@ module Aws::Organizations
     #
     # * Policy (any type)
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :resource_id
@@ -5168,7 +5215,7 @@ module Aws::Organizations
     # change. The child OUs and accounts remain in place, and any attached
     # policies of the OU remain attached.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :organizational_unit_id
@@ -5243,7 +5290,7 @@ module Aws::Organizations
     # If you don't supply any parameter, that value remains unchanged. You
     # can't change a policy's type.
     #
-    # This operation can be called only from the organization's master
+    # This operation can be called only from the organization's management
     # account.
     #
     # @option params [required, String] :policy_id
@@ -5377,7 +5424,7 @@ module Aws::Organizations
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-organizations'
-      context[:gem_version] = '1.51.0'
+      context[:gem_version] = '1.56.0'
       Seahorse::Client::Request.new(handlers, context)
     end