aws-sdk-organizations 1.51.0 → 1.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +1 -1
- data/lib/aws-sdk-organizations/client.rb +188 -141
- data/lib/aws-sdk-organizations/types.rb +134 -129
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d9a6d3418bcf41035fd568ef4c68f1cd02fc5ad6f1f3db79de42301657632dcd
|
4
|
+
data.tar.gz: a3c1007cea9a8f8b3065d6d23414c5af2f5bc9351c457f6425b75fec756aa972
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ad153b4698b5c59652b26f098b084576044db4f9a47595514434096eac2f6a5030bdc97abe4762f0f71301f49346e309273f1c82ed9da024e8402dfb94615463
|
7
|
+
data.tar.gz: 50e46f63f650e662fcd681ed02a23beaeb4e18a8a15774ebf84fa858c56a680206365ab64c53998ace1cd1a411aaf8b08e2e909356aca9462982618c9301a482
|
@@ -356,7 +356,7 @@ module Aws::Organizations
|
|
356
356
|
# User Guide*.
|
357
357
|
#
|
358
358
|
# * **Enable all features final confirmation** handshake: only a
|
359
|
-
# principal from the
|
359
|
+
# principal from the management account.
|
360
360
|
#
|
361
361
|
# For more information about invitations, see [Inviting an AWS Account
|
362
362
|
# to Join Your Organization][2] in the *AWS Organizations User Guide.*
|
@@ -487,15 +487,15 @@ module Aws::Organizations
|
|
487
487
|
#
|
488
488
|
# * [TAG\_POLICY][4]
|
489
489
|
#
|
490
|
-
# This operation can be called only from the organization's
|
490
|
+
# This operation can be called only from the organization's management
|
491
491
|
# account.
|
492
492
|
#
|
493
493
|
#
|
494
494
|
#
|
495
|
-
# [1]:
|
496
|
-
# [2]:
|
497
|
-
# [3]:
|
498
|
-
# [4]:
|
495
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
496
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
497
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
498
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
499
499
|
#
|
500
500
|
# @option params [required, String] :policy_id
|
501
501
|
# The unique identifier (ID) of the policy that you want to attach to
|
@@ -695,8 +695,9 @@ module Aws::Organizations
|
|
695
695
|
# successfully access the account. To check the status of the request,
|
696
696
|
# do one of the following:
|
697
697
|
#
|
698
|
-
# * Use the `
|
699
|
-
# provide as a parameter to the
|
698
|
+
# * Use the `Id` member of the `CreateAccountStatus` response element
|
699
|
+
# from this operation to provide as a parameter to the
|
700
|
+
# DescribeCreateAccountStatus operation.
|
700
701
|
#
|
701
702
|
# * Check the AWS CloudTrail log for the `CreateAccountResult` event.
|
702
703
|
# For information on using AWS CloudTrail with AWS Organizations, see
|
@@ -715,12 +716,12 @@ module Aws::Organizations
|
|
715
716
|
#
|
716
717
|
# AWS Organizations preconfigures the new member account with a role
|
717
718
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
718
|
-
# in the
|
719
|
-
# account. Principals in the
|
719
|
+
# in the management account administrator permissions in the new member
|
720
|
+
# account. Principals in the management account can assume the role. AWS
|
720
721
|
# Organizations clones the company name and address information for the
|
721
|
-
# new account from the organization's
|
722
|
+
# new account from the organization's management account.
|
722
723
|
#
|
723
|
-
# This operation can be called only from the organization's
|
724
|
+
# This operation can be called only from the organization's management
|
724
725
|
# account.
|
725
726
|
#
|
726
727
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -785,10 +786,10 @@ module Aws::Organizations
|
|
785
786
|
# (Optional)
|
786
787
|
#
|
787
788
|
# The name of an IAM role that AWS Organizations automatically
|
788
|
-
# preconfigures in the new member account. This role trusts the
|
789
|
-
# account, allowing users in the
|
790
|
-
# permitted by the
|
791
|
-
# administrator permissions in the new member account.
|
789
|
+
# preconfigures in the new member account. This role trusts the
|
790
|
+
# management account, allowing users in the management account to assume
|
791
|
+
# the role, as permitted by the management account administrator. The
|
792
|
+
# role has administrator permissions in the new member account.
|
792
793
|
#
|
793
794
|
# If you don't specify this parameter, the role name defaults to
|
794
795
|
# `OrganizationAccountAccessRole`.
|
@@ -912,10 +913,11 @@ module Aws::Organizations
|
|
912
913
|
# the [ *AWS GovCloud User Guide*.][1]
|
913
914
|
#
|
914
915
|
# * You already have an account in the AWS GovCloud (US) Region that is
|
915
|
-
#
|
916
|
+
# paired with a management account of an organization in the
|
917
|
+
# commercial Region.
|
916
918
|
#
|
917
|
-
# * You call this action from the
|
918
|
-
# the commercial Region.
|
919
|
+
# * You call this action from the management account of your
|
920
|
+
# organization in the commercial Region.
|
919
921
|
#
|
920
922
|
# * You have the `organizations:CreateGovCloudAccount` permission.
|
921
923
|
#
|
@@ -941,11 +943,11 @@ module Aws::Organizations
|
|
941
943
|
# the TagResource operation in the GovCloud Region after the new
|
942
944
|
# GovCloud account exists.
|
943
945
|
#
|
944
|
-
# You call this action from the
|
945
|
-
# the commercial Region to create a standalone AWS account in the AWS
|
946
|
-
# GovCloud (US) Region. After the account is created, the
|
947
|
-
# of an organization in the AWS GovCloud (US) Region can invite
|
948
|
-
# that organization. For more information on inviting standalone
|
946
|
+
# You call this action from the management account of your organization
|
947
|
+
# in the commercial Region to create a standalone AWS account in the AWS
|
948
|
+
# GovCloud (US) Region. After the account is created, the management
|
949
|
+
# account of an organization in the AWS GovCloud (US) Region can invite
|
950
|
+
# it to that organization. For more information on inviting standalone
|
949
951
|
# accounts in the AWS GovCloud (US) to join an organization, see [AWS
|
950
952
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
951
953
|
#
|
@@ -974,14 +976,14 @@ module Aws::Organizations
|
|
974
976
|
# accounts are associated with the same email address.
|
975
977
|
#
|
976
978
|
# A role is created in the new account in the commercial Region that
|
977
|
-
# allows the
|
978
|
-
# to assume it. An AWS GovCloud (US) account is then created and
|
979
|
+
# allows the management account in the organization in the commercial
|
980
|
+
# Region to assume it. An AWS GovCloud (US) account is then created and
|
979
981
|
# associated with the commercial account that you just created. A role
|
980
982
|
# is also created in the new AWS GovCloud (US) account that can be
|
981
983
|
# assumed by the AWS GovCloud (US) account that is associated with the
|
982
|
-
#
|
983
|
-
# and to view a diagram that explains how account access
|
984
|
-
# Organizations][4] in the *AWS GovCloud User Guide.*
|
984
|
+
# management account of the commercial organization. For more
|
985
|
+
# information and to view a diagram that explains how account access
|
986
|
+
# works, see [AWS Organizations][4] in the *AWS GovCloud User Guide.*
|
985
987
|
#
|
986
988
|
# For more information about creating accounts, see [Creating an AWS
|
987
989
|
# Account in Your Organization][6] in the *AWS Organizations User
|
@@ -1054,9 +1056,9 @@ module Aws::Organizations
|
|
1054
1056
|
#
|
1055
1057
|
# The name of an IAM role that AWS Organizations automatically
|
1056
1058
|
# preconfigures in the new member accounts in both the AWS GovCloud (US)
|
1057
|
-
# Region and in the commercial Region. This role trusts the
|
1058
|
-
# account, allowing users in the
|
1059
|
-
# permitted by the
|
1059
|
+
# Region and in the commercial Region. This role trusts the management
|
1060
|
+
# account, allowing users in the management account to assume the role,
|
1061
|
+
# as permitted by the management account administrator. The role has
|
1060
1062
|
# administrator permissions in the new member account.
|
1061
1063
|
#
|
1062
1064
|
# If you don't specify this parameter, the role name defaults to
|
@@ -1156,11 +1158,11 @@ module Aws::Organizations
|
|
1156
1158
|
end
|
1157
1159
|
|
1158
1160
|
# Creates an AWS organization. The account whose user is calling the
|
1159
|
-
# `CreateOrganization` operation automatically becomes the [
|
1161
|
+
# `CreateOrganization` operation automatically becomes the [management
|
1160
1162
|
# account][1] of the new organization.
|
1161
1163
|
#
|
1162
1164
|
# This operation must be called using credentials from the account that
|
1163
|
-
# is to become the new organization's
|
1165
|
+
# is to become the new organization's management account. The principal
|
1164
1166
|
# must also have the relevant IAM permissions.
|
1165
1167
|
#
|
1166
1168
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
@@ -1180,7 +1182,7 @@ module Aws::Organizations
|
|
1180
1182
|
# feature set supports different levels of functionality.
|
1181
1183
|
#
|
1182
1184
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
1183
|
-
# consolidated to and paid by the
|
1185
|
+
# consolidated to and paid by the management account. For more
|
1184
1186
|
# information, see [Consolidated billing][1] in the *AWS Organizations
|
1185
1187
|
# User Guide.*
|
1186
1188
|
#
|
@@ -1188,10 +1190,10 @@ module Aws::Organizations
|
|
1188
1190
|
# organizations in the AWS GovCloud (US) Region.
|
1189
1191
|
#
|
1190
1192
|
# * `ALL`\: In addition to all the features supported by the
|
1191
|
-
# consolidated billing feature set, the
|
1192
|
-
# any policy type to any member account in the organization. For
|
1193
|
-
# information, see [All features][2] in the *AWS Organizations
|
1194
|
-
# Guide.*
|
1193
|
+
# consolidated billing feature set, the management account can also
|
1194
|
+
# apply any policy type to any member account in the organization. For
|
1195
|
+
# more information, see [All features][2] in the *AWS Organizations
|
1196
|
+
# User Guide.*
|
1195
1197
|
#
|
1196
1198
|
#
|
1197
1199
|
#
|
@@ -1293,7 +1295,7 @@ module Aws::Organizations
|
|
1293
1295
|
# If the request includes tags, then the requester must have the
|
1294
1296
|
# `organizations:TagResource` permission.
|
1295
1297
|
#
|
1296
|
-
# This operation can be called only from the organization's
|
1298
|
+
# This operation can be called only from the organization's management
|
1297
1299
|
# account.
|
1298
1300
|
#
|
1299
1301
|
#
|
@@ -1399,7 +1401,7 @@ module Aws::Organizations
|
|
1399
1401
|
# If the request includes tags, then the requester must have the
|
1400
1402
|
# `organizations:TagResource` permission.
|
1401
1403
|
#
|
1402
|
-
# This operation can be called only from the organization's
|
1404
|
+
# This operation can be called only from the organization's management
|
1403
1405
|
# account.
|
1404
1406
|
#
|
1405
1407
|
#
|
@@ -1438,10 +1440,10 @@ module Aws::Organizations
|
|
1438
1440
|
#
|
1439
1441
|
#
|
1440
1442
|
#
|
1441
|
-
# [1]:
|
1442
|
-
# [2]:
|
1443
|
-
# [3]:
|
1444
|
-
# [4]:
|
1443
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1444
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1445
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1446
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1445
1447
|
#
|
1446
1448
|
# @option params [Array<Types::Tag>] :tags
|
1447
1449
|
# A list of tags that you want to attach to the newly created policy.
|
@@ -1640,8 +1642,8 @@ module Aws::Organizations
|
|
1640
1642
|
end
|
1641
1643
|
|
1642
1644
|
# Deletes the organization. You can delete an organization only by using
|
1643
|
-
# credentials from the
|
1644
|
-
# member accounts.
|
1645
|
+
# credentials from the management account. The organization must be
|
1646
|
+
# empty of member accounts.
|
1645
1647
|
#
|
1646
1648
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1647
1649
|
#
|
@@ -1658,7 +1660,7 @@ module Aws::Organizations
|
|
1658
1660
|
# must first remove all accounts and child OUs from the OU that you want
|
1659
1661
|
# to delete.
|
1660
1662
|
#
|
1661
|
-
# This operation can be called only from the organization's
|
1663
|
+
# This operation can be called only from the organization's management
|
1662
1664
|
# account.
|
1663
1665
|
#
|
1664
1666
|
# @option params [required, String] :organizational_unit_id
|
@@ -1706,7 +1708,7 @@ module Aws::Organizations
|
|
1706
1708
|
# perform this operation, you must first detach the policy from all
|
1707
1709
|
# organizational units (OUs), roots, and accounts.
|
1708
1710
|
#
|
1709
|
-
# This operation can be called only from the organization's
|
1711
|
+
# This operation can be called only from the organization's management
|
1710
1712
|
# account.
|
1711
1713
|
#
|
1712
1714
|
# @option params [required, String] :policy_id
|
@@ -1763,12 +1765,12 @@ module Aws::Organizations
|
|
1763
1765
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
1764
1766
|
# Organizations User Guide.*
|
1765
1767
|
#
|
1766
|
-
# This operation can be called only from the organization's
|
1768
|
+
# This operation can be called only from the organization's management
|
1767
1769
|
# account.
|
1768
1770
|
#
|
1769
1771
|
#
|
1770
1772
|
#
|
1771
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1773
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
1772
1774
|
#
|
1773
1775
|
# @option params [required, String] :account_id
|
1774
1776
|
# The account ID number of the member account in the organization that
|
@@ -1805,7 +1807,7 @@ module Aws::Organizations
|
|
1805
1807
|
# Retrieves AWS Organizations-related information about the specified
|
1806
1808
|
# account.
|
1807
1809
|
#
|
1808
|
-
# This operation can be called only from the organization's
|
1810
|
+
# This operation can be called only from the organization's management
|
1809
1811
|
# account or by a member account that is a delegated administrator for
|
1810
1812
|
# an AWS service.
|
1811
1813
|
#
|
@@ -1872,14 +1874,15 @@ module Aws::Organizations
|
|
1872
1874
|
# Retrieves the current status of an asynchronous request to create an
|
1873
1875
|
# account.
|
1874
1876
|
#
|
1875
|
-
# This operation can be called only from the organization's
|
1877
|
+
# This operation can be called only from the organization's management
|
1876
1878
|
# account or by a member account that is a delegated administrator for
|
1877
1879
|
# an AWS service.
|
1878
1880
|
#
|
1879
1881
|
# @option params [required, String] :create_account_request_id
|
1880
|
-
# Specifies the `
|
1881
|
-
# can get the
|
1882
|
-
# or from the
|
1882
|
+
# Specifies the `Id` value that uniquely identifies the `CreateAccount`
|
1883
|
+
# request. You can get the value from the `CreateAccountStatus.Id`
|
1884
|
+
# response in an earlier CreateAccount request, or from the
|
1885
|
+
# ListCreateAccountStatus operation.
|
1883
1886
|
#
|
1884
1887
|
# The [regex pattern][1] for a create account request ID string requires
|
1885
1888
|
# "car-" followed by from 8 to 32 lowercase letters or digits.
|
@@ -1949,7 +1952,7 @@ module Aws::Organizations
|
|
1949
1952
|
# For more information about policy inheritance, see [How Policy
|
1950
1953
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1951
1954
|
#
|
1952
|
-
# This operation can be called only from the organization's
|
1955
|
+
# This operation can be called only from the organization's management
|
1953
1956
|
# account or by a member account that is a delegated administrator for
|
1954
1957
|
# an AWS service.
|
1955
1958
|
#
|
@@ -1969,14 +1972,14 @@ module Aws::Organizations
|
|
1969
1972
|
#
|
1970
1973
|
#
|
1971
1974
|
#
|
1972
|
-
# [1]:
|
1973
|
-
# [2]:
|
1974
|
-
# [3]:
|
1975
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1976
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1977
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1975
1978
|
#
|
1976
1979
|
# @option params [String] :target_id
|
1977
|
-
# When you're signed in as the
|
1978
|
-
# account that you want details about. Specifying an organization
|
1979
|
-
# or organizational unit (OU) as the target is not supported.
|
1980
|
+
# When you're signed in as the management account, specify the ID of
|
1981
|
+
# the account that you want details about. Specifying an organization
|
1982
|
+
# root or organizational unit (OU) as the target is not supported.
|
1980
1983
|
#
|
1981
1984
|
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1982
1985
|
#
|
@@ -2179,7 +2182,7 @@ module Aws::Organizations
|
|
2179
2182
|
|
2180
2183
|
# Retrieves information about an organizational unit (OU).
|
2181
2184
|
#
|
2182
|
-
# This operation can be called only from the organization's
|
2185
|
+
# This operation can be called only from the organization's management
|
2183
2186
|
# account or by a member account that is a delegated administrator for
|
2184
2187
|
# an AWS service.
|
2185
2188
|
#
|
@@ -2242,7 +2245,7 @@ module Aws::Organizations
|
|
2242
2245
|
|
2243
2246
|
# Retrieves information about a policy.
|
2244
2247
|
#
|
2245
|
-
# This operation can be called only from the organization's
|
2248
|
+
# This operation can be called only from the organization's management
|
2246
2249
|
# account or by a member account that is a delegated administrator for
|
2247
2250
|
# an AWS service.
|
2248
2251
|
#
|
@@ -2330,7 +2333,7 @@ module Aws::Organizations
|
|
2330
2333
|
# attached SCP), you're using the authorization strategy of a "[deny
|
2331
2334
|
# list][2]".
|
2332
2335
|
#
|
2333
|
-
# This operation can be called only from the organization's
|
2336
|
+
# This operation can be called only from the organization's management
|
2334
2337
|
# account.
|
2335
2338
|
#
|
2336
2339
|
#
|
@@ -2409,33 +2412,65 @@ module Aws::Organizations
|
|
2409
2412
|
# operations in older accounts until the service completes its clean-up
|
2410
2413
|
# from AWS Organizations.
|
2411
2414
|
#
|
2412
|
-
#
|
2413
|
-
#
|
2414
|
-
#
|
2415
|
-
#
|
2416
|
-
#
|
2417
|
-
#
|
2418
|
-
#
|
2419
|
-
#
|
2420
|
-
# information
|
2415
|
+
# We <b> <i>strongly recommend</i> </b> that you don't use this command
|
2416
|
+
# to disable integration between AWS Organizations and the specified AWS
|
2417
|
+
# service. Instead, use the console or commands that are provided by the
|
2418
|
+
# specified service. This lets the trusted service perform any required
|
2419
|
+
# initialization when enabling trusted access, such as creating any
|
2420
|
+
# required resources and any required clean up of resources when
|
2421
|
+
# disabling trusted access.
|
2422
|
+
#
|
2423
|
+
# For information about how to disable trusted service access to your
|
2424
|
+
# organization using the trusted service, see the **Learn more** link
|
2425
|
+
# under the **Supports Trusted Access** column at [AWS services that you
|
2426
|
+
# can use with AWS Organizations][2]. on this page.
|
2427
|
+
#
|
2428
|
+
# If you disable access by using this command, it causes the following
|
2429
|
+
# actions to occur:
|
2430
|
+
#
|
2431
|
+
# * The service can no longer create a service-linked role in the
|
2432
|
+
# accounts in your organization. This means that the service can't
|
2433
|
+
# perform operations on your behalf on any new accounts in your
|
2434
|
+
# organization. The service can still perform operations in older
|
2435
|
+
# accounts until the service completes its clean-up from AWS
|
2436
|
+
# Organizations.
|
2437
|
+
#
|
2438
|
+
# * The service can no longer perform tasks in the member accounts in
|
2439
|
+
# the organization, unless those operations are explicitly permitted
|
2440
|
+
# by the IAM policies that are attached to your roles. This includes
|
2441
|
+
# any data aggregation from the member accounts to the management
|
2442
|
+
# account, or to a delegated administrator account, where relevant.
|
2443
|
+
#
|
2444
|
+
# * Some services detect this and clean up any remaining data or
|
2445
|
+
# resources related to the integration, while other services stop
|
2446
|
+
# accessing the organization but leave any historical data and
|
2447
|
+
# configuration in place to support a possible re-enabling of the
|
2448
|
+
# integration.
|
2449
|
+
#
|
2450
|
+
# Using the other service's console or commands to disable the
|
2451
|
+
# integration ensures that the other service is aware that it can clean
|
2452
|
+
# up any resources that are required only for the integration. How the
|
2453
|
+
# service cleans up its resources in the organization's accounts
|
2454
|
+
# depends on that service. For more information, see the documentation
|
2455
|
+
# for the other AWS service.
|
2421
2456
|
#
|
2422
2457
|
# After you perform the `DisableAWSServiceAccess` operation, the
|
2423
2458
|
# specified service can no longer perform operations in your
|
2424
|
-
# organization's accounts
|
2425
|
-
# permitted by the IAM policies that are attached to your roles.
|
2459
|
+
# organization's accounts
|
2426
2460
|
#
|
2427
2461
|
# For more information about integrating other services with AWS
|
2428
2462
|
# Organizations, including the list of services that work with
|
2429
2463
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2430
|
-
# Services][
|
2464
|
+
# Services][3] in the *AWS Organizations User Guide.*
|
2431
2465
|
#
|
2432
|
-
# This operation can be called only from the organization's
|
2466
|
+
# This operation can be called only from the organization's management
|
2433
2467
|
# account.
|
2434
2468
|
#
|
2435
2469
|
#
|
2436
2470
|
#
|
2437
2471
|
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
|
2438
|
-
# [2]:
|
2472
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
2473
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
2439
2474
|
#
|
2440
2475
|
# @option params [required, String] :service_principal
|
2441
2476
|
# The service principal name of the AWS service for which you want to
|
@@ -2473,7 +2508,7 @@ module Aws::Organizations
|
|
2473
2508
|
# status of policy types for a specified root, and then use this
|
2474
2509
|
# operation.
|
2475
2510
|
#
|
2476
|
-
# This operation can be called only from the organization's
|
2511
|
+
# This operation can be called only from the organization's management
|
2477
2512
|
# account.
|
2478
2513
|
#
|
2479
2514
|
# To view the status of available policy types in the organization, use
|
@@ -2508,10 +2543,10 @@ module Aws::Organizations
|
|
2508
2543
|
#
|
2509
2544
|
#
|
2510
2545
|
#
|
2511
|
-
# [1]:
|
2512
|
-
# [2]:
|
2513
|
-
# [3]:
|
2514
|
-
# [4]:
|
2546
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2547
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2548
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2549
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2515
2550
|
#
|
2516
2551
|
# @return [Types::DisablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2517
2552
|
#
|
@@ -2583,7 +2618,7 @@ module Aws::Organizations
|
|
2583
2618
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2584
2619
|
# Services][2] in the *AWS Organizations User Guide.*
|
2585
2620
|
#
|
2586
|
-
# This operation can be called only from the organization's
|
2621
|
+
# This operation can be called only from the organization's management
|
2587
2622
|
# account and only if the organization has [enabled all features][3].
|
2588
2623
|
#
|
2589
2624
|
#
|
@@ -2638,14 +2673,14 @@ module Aws::Organizations
|
|
2638
2673
|
# the feature set change by accepting the handshake that contains
|
2639
2674
|
# `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
|
2640
2675
|
#
|
2641
|
-
# After you enable all features in your organization, the
|
2642
|
-
# in the organization can apply policies on all member accounts.
|
2643
|
-
# policies can restrict what users and even administrators in
|
2644
|
-
# accounts can do. The
|
2645
|
-
# accounts from leaving the organization. Ensure that your
|
2646
|
-
# administrators are aware of this.
|
2676
|
+
# After you enable all features in your organization, the management
|
2677
|
+
# account in the organization can apply policies on all member accounts.
|
2678
|
+
# These policies can restrict what users and even administrators in
|
2679
|
+
# those accounts can do. The management account can apply policies that
|
2680
|
+
# prevent accounts from leaving the organization. Ensure that your
|
2681
|
+
# account administrators are aware of this.
|
2647
2682
|
#
|
2648
|
-
# This operation can be called only from the organization's
|
2683
|
+
# This operation can be called only from the organization's management
|
2649
2684
|
# account.
|
2650
2685
|
#
|
2651
2686
|
#
|
@@ -2726,7 +2761,7 @@ module Aws::Organizations
|
|
2726
2761
|
# AWS recommends that you first use ListRoots to see the status of
|
2727
2762
|
# policy types for a specified root, and then use this operation.
|
2728
2763
|
#
|
2729
|
-
# This operation can be called only from the organization's
|
2764
|
+
# This operation can be called only from the organization's management
|
2730
2765
|
# account.
|
2731
2766
|
#
|
2732
2767
|
# You can enable a policy type in a root only if that policy type is
|
@@ -2758,10 +2793,10 @@ module Aws::Organizations
|
|
2758
2793
|
#
|
2759
2794
|
#
|
2760
2795
|
#
|
2761
|
-
# [1]:
|
2762
|
-
# [2]:
|
2763
|
-
# [3]:
|
2764
|
-
# [4]:
|
2796
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2797
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2798
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2799
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2765
2800
|
#
|
2766
2801
|
# @return [Types::EnablePolicyTypeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2767
2802
|
#
|
@@ -2824,12 +2859,12 @@ module Aws::Organizations
|
|
2824
2859
|
# invitation is implemented as a Handshake whose details are in the
|
2825
2860
|
# response.
|
2826
2861
|
#
|
2827
|
-
# * You can invite AWS accounts only from the same seller as the
|
2828
|
-
# account. For example, if your organization's
|
2829
|
-
# created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2830
|
-
# in India, you can invite only other AISPL accounts to
|
2831
|
-
# organization. You can't combine accounts from AISPL and AWS or
|
2832
|
-
# any other AWS seller. For more information, see [Consolidated
|
2862
|
+
# * You can invite AWS accounts only from the same seller as the
|
2863
|
+
# management account. For example, if your organization's management
|
2864
|
+
# account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2865
|
+
# AWS seller in India, you can invite only other AISPL accounts to
|
2866
|
+
# your organization. You can't combine accounts from AISPL and AWS or
|
2867
|
+
# from any other AWS seller. For more information, see [Consolidated
|
2833
2868
|
# Billing in India][1].
|
2834
2869
|
#
|
2835
2870
|
# * If you receive an exception that indicates that you exceeded your
|
@@ -2841,7 +2876,7 @@ module Aws::Organizations
|
|
2841
2876
|
# If the request includes tags, then the requester must have the
|
2842
2877
|
# `organizations:TagResource` permission.
|
2843
2878
|
#
|
2844
|
-
# This operation can be called only from the organization's
|
2879
|
+
# This operation can be called only from the organization's management
|
2845
2880
|
# account.
|
2846
2881
|
#
|
2847
2882
|
#
|
@@ -3005,14 +3040,14 @@ module Aws::Organizations
|
|
3005
3040
|
|
3006
3041
|
# Removes a member account from its parent organization. This version of
|
3007
3042
|
# the operation is performed by the account that wants to leave. To
|
3008
|
-
# remove a member account as a user in the
|
3043
|
+
# remove a member account as a user in the management account, use
|
3009
3044
|
# RemoveAccountFromOrganization instead.
|
3010
3045
|
#
|
3011
3046
|
# This operation can be called only from a member account in the
|
3012
3047
|
# organization.
|
3013
3048
|
#
|
3014
|
-
# * The
|
3015
|
-
# set service control policies (SCPs) that can restrict what
|
3049
|
+
# * The management account in an organization with all features enabled
|
3050
|
+
# can set service control policies (SCPs) that can restrict what
|
3016
3051
|
# administrators of member accounts can do. This includes preventing
|
3017
3052
|
# them from successfully calling `LeaveOrganization` and leaving the
|
3018
3053
|
# organization.
|
@@ -3038,6 +3073,12 @@ module Aws::Organizations
|
|
3038
3073
|
# all required account information has not yet been provided][1] in
|
3039
3074
|
# the *AWS Organizations User Guide.*
|
3040
3075
|
#
|
3076
|
+
# * The account that you want to leave must not be a delegated
|
3077
|
+
# administrator account for any AWS service enabled for your
|
3078
|
+
# organization. If the account is a delegated administrator, you must
|
3079
|
+
# first change the delegated administrator account to another account
|
3080
|
+
# that is remaining in the organization.
|
3081
|
+
#
|
3041
3082
|
# * You can leave an organization only after you enable IAM user access
|
3042
3083
|
# to billing in your account. For more information, see [Activating
|
3043
3084
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
@@ -3081,7 +3122,7 @@ module Aws::Organizations
|
|
3081
3122
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
3082
3123
|
# Services][1] in the *AWS Organizations User Guide.*
|
3083
3124
|
#
|
3084
|
-
# This operation can be called only from the organization's
|
3125
|
+
# This operation can be called only from the organization's management
|
3085
3126
|
# account or by a member account that is a delegated administrator for
|
3086
3127
|
# an AWS service.
|
3087
3128
|
#
|
@@ -3150,7 +3191,7 @@ module Aws::Organizations
|
|
3150
3191
|
#
|
3151
3192
|
# </note>
|
3152
3193
|
#
|
3153
|
-
# This operation can be called only from the organization's
|
3194
|
+
# This operation can be called only from the organization's management
|
3154
3195
|
# account or by a member account that is a delegated administrator for
|
3155
3196
|
# an AWS service.
|
3156
3197
|
#
|
@@ -3273,7 +3314,7 @@ module Aws::Organizations
|
|
3273
3314
|
#
|
3274
3315
|
# </note>
|
3275
3316
|
#
|
3276
|
-
# This operation can be called only from the organization's
|
3317
|
+
# This operation can be called only from the organization's management
|
3277
3318
|
# account or by a member account that is a delegated administrator for
|
3278
3319
|
# an AWS service.
|
3279
3320
|
#
|
@@ -3382,7 +3423,7 @@ module Aws::Organizations
|
|
3382
3423
|
#
|
3383
3424
|
# </note>
|
3384
3425
|
#
|
3385
|
-
# This operation can be called only from the organization's
|
3426
|
+
# This operation can be called only from the organization's management
|
3386
3427
|
# account or by a member account that is a delegated administrator for
|
3387
3428
|
# an AWS service.
|
3388
3429
|
#
|
@@ -3494,7 +3535,7 @@ module Aws::Organizations
|
|
3494
3535
|
#
|
3495
3536
|
# </note>
|
3496
3537
|
#
|
3497
|
-
# This operation can be called only from the organization's
|
3538
|
+
# This operation can be called only from the organization's management
|
3498
3539
|
# account or by a member account that is a delegated administrator for
|
3499
3540
|
# an AWS service.
|
3500
3541
|
#
|
@@ -3611,7 +3652,7 @@ module Aws::Organizations
|
|
3611
3652
|
# Lists the AWS accounts that are designated as delegated administrators
|
3612
3653
|
# in this organization.
|
3613
3654
|
#
|
3614
|
-
# This operation can be called only from the organization's
|
3655
|
+
# This operation can be called only from the organization's management
|
3615
3656
|
# account or by a member account that is a delegated administrator for
|
3616
3657
|
# an AWS service.
|
3617
3658
|
#
|
@@ -3681,7 +3722,7 @@ module Aws::Organizations
|
|
3681
3722
|
# List the AWS services for which the specified account is a delegated
|
3682
3723
|
# administrator.
|
3683
3724
|
#
|
3684
|
-
# This operation can be called only from the organization's
|
3725
|
+
# This operation can be called only from the organization's management
|
3685
3726
|
# account or by a member account that is a delegated administrator for
|
3686
3727
|
# an AWS service.
|
3687
3728
|
#
|
@@ -3903,7 +3944,7 @@ module Aws::Organizations
|
|
3903
3944
|
#
|
3904
3945
|
# </note>
|
3905
3946
|
#
|
3906
|
-
# This operation can be called only from the organization's
|
3947
|
+
# This operation can be called only from the organization's management
|
3907
3948
|
# account or by a member account that is a delegated administrator for
|
3908
3949
|
# an AWS service.
|
3909
3950
|
#
|
@@ -4089,7 +4130,7 @@ module Aws::Organizations
|
|
4089
4130
|
#
|
4090
4131
|
# </note>
|
4091
4132
|
#
|
4092
|
-
# This operation can be called only from the organization's
|
4133
|
+
# This operation can be called only from the organization's management
|
4093
4134
|
# account or by a member account that is a delegated administrator for
|
4094
4135
|
# an AWS service.
|
4095
4136
|
#
|
@@ -4201,7 +4242,7 @@ module Aws::Organizations
|
|
4201
4242
|
#
|
4202
4243
|
# </note>
|
4203
4244
|
#
|
4204
|
-
# This operation can be called only from the organization's
|
4245
|
+
# This operation can be called only from the organization's management
|
4205
4246
|
# account or by a member account that is a delegated administrator for
|
4206
4247
|
# an AWS service.
|
4207
4248
|
#
|
@@ -4307,7 +4348,7 @@ module Aws::Organizations
|
|
4307
4348
|
#
|
4308
4349
|
# </note>
|
4309
4350
|
#
|
4310
|
-
# This operation can be called only from the organization's
|
4351
|
+
# This operation can be called only from the organization's management
|
4311
4352
|
# account or by a member account that is a delegated administrator for
|
4312
4353
|
# an AWS service.
|
4313
4354
|
#
|
@@ -4325,10 +4366,10 @@ module Aws::Organizations
|
|
4325
4366
|
#
|
4326
4367
|
#
|
4327
4368
|
#
|
4328
|
-
# [1]:
|
4329
|
-
# [2]:
|
4330
|
-
# [3]:
|
4331
|
-
# [4]:
|
4369
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4370
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4371
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4372
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4332
4373
|
#
|
4333
4374
|
# @option params [String] :next_token
|
4334
4375
|
# The parameter for receiving additional results if you receive a
|
@@ -4435,7 +4476,7 @@ module Aws::Organizations
|
|
4435
4476
|
#
|
4436
4477
|
# </note>
|
4437
4478
|
#
|
4438
|
-
# This operation can be called only from the organization's
|
4479
|
+
# This operation can be called only from the organization's management
|
4439
4480
|
# account or by a member account that is a delegated administrator for
|
4440
4481
|
# an AWS service.
|
4441
4482
|
#
|
@@ -4474,10 +4515,10 @@ module Aws::Organizations
|
|
4474
4515
|
#
|
4475
4516
|
#
|
4476
4517
|
#
|
4477
|
-
# [1]:
|
4478
|
-
# [2]:
|
4479
|
-
# [3]:
|
4480
|
-
# [4]:
|
4518
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
4519
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
4520
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
4521
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
4481
4522
|
#
|
4482
4523
|
# @option params [String] :next_token
|
4483
4524
|
# The parameter for receiving additional results if you receive a
|
@@ -4570,7 +4611,7 @@ module Aws::Organizations
|
|
4570
4611
|
#
|
4571
4612
|
# </note>
|
4572
4613
|
#
|
4573
|
-
# This operation can be called only from the organization's
|
4614
|
+
# This operation can be called only from the organization's management
|
4574
4615
|
# account or by a member account that is a delegated administrator for
|
4575
4616
|
# an AWS service.
|
4576
4617
|
#
|
@@ -4673,7 +4714,7 @@ module Aws::Organizations
|
|
4673
4714
|
#
|
4674
4715
|
# * Policy (any type)
|
4675
4716
|
#
|
4676
|
-
# This operation can be called only from the organization's
|
4717
|
+
# This operation can be called only from the organization's management
|
4677
4718
|
# account or by a member account that is a delegated administrator for
|
4678
4719
|
# an AWS service.
|
4679
4720
|
#
|
@@ -4741,7 +4782,7 @@ module Aws::Organizations
|
|
4741
4782
|
#
|
4742
4783
|
# </note>
|
4743
4784
|
#
|
4744
|
-
# This operation can be called only from the organization's
|
4785
|
+
# This operation can be called only from the organization's management
|
4745
4786
|
# account or by a member account that is a delegated administrator for
|
4746
4787
|
# an AWS service.
|
4747
4788
|
#
|
@@ -4846,7 +4887,7 @@ module Aws::Organizations
|
|
4846
4887
|
# Moves an account from its current source parent root or organizational
|
4847
4888
|
# unit (OU) to the specified destination parent root or OU.
|
4848
4889
|
#
|
4849
|
-
# This operation can be called only from the organization's
|
4890
|
+
# This operation can be called only from the organization's management
|
4850
4891
|
# account.
|
4851
4892
|
#
|
4852
4893
|
# @option params [required, String] :account_id
|
@@ -4938,12 +4979,12 @@ module Aws::Organizations
|
|
4938
4979
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
4939
4980
|
# Organizations User Guide.*
|
4940
4981
|
#
|
4941
|
-
# This operation can be called only from the organization's
|
4982
|
+
# This operation can be called only from the organization's management
|
4942
4983
|
# account.
|
4943
4984
|
#
|
4944
4985
|
#
|
4945
4986
|
#
|
4946
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4987
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
4947
4988
|
#
|
4948
4989
|
# @option params [required, String] :account_id
|
4949
4990
|
# The account ID number of the member account in the organization to
|
@@ -4975,11 +5016,11 @@ module Aws::Organizations
|
|
4975
5016
|
#
|
4976
5017
|
# The removed account becomes a standalone account that isn't a member
|
4977
5018
|
# of any organization. It's no longer subject to any policies and is
|
4978
|
-
# responsible for its own bill payments. The organization's
|
5019
|
+
# responsible for its own bill payments. The organization's management
|
4979
5020
|
# account is no longer charged for any expenses accrued by the member
|
4980
5021
|
# account after it's removed from the organization.
|
4981
5022
|
#
|
4982
|
-
# This operation can be called only from the organization's
|
5023
|
+
# This operation can be called only from the organization's management
|
4983
5024
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4984
5025
|
# instead.
|
4985
5026
|
#
|
@@ -4999,6 +5040,12 @@ module Aws::Organizations
|
|
4999
5040
|
# information has not yet been provided][1] in the *AWS Organizations
|
5000
5041
|
# User Guide.*
|
5001
5042
|
#
|
5043
|
+
# * The account that you want to leave must not be a delegated
|
5044
|
+
# administrator account for any AWS service enabled for your
|
5045
|
+
# organization. If the account is a delegated administrator, you must
|
5046
|
+
# first change the delegated administrator account to another account
|
5047
|
+
# that is remaining in the organization.
|
5048
|
+
#
|
5002
5049
|
# * After the account leaves the organization, all tags that were
|
5003
5050
|
# attached to the account object in the organization are deleted. AWS
|
5004
5051
|
# accounts outside of an organization do not support tags.
|
@@ -5057,7 +5104,7 @@ module Aws::Organizations
|
|
5057
5104
|
#
|
5058
5105
|
# * Policy (any type)
|
5059
5106
|
#
|
5060
|
-
# This operation can be called only from the organization's
|
5107
|
+
# This operation can be called only from the organization's management
|
5061
5108
|
# account.
|
5062
5109
|
#
|
5063
5110
|
# @option params [required, String] :resource_id
|
@@ -5124,7 +5171,7 @@ module Aws::Organizations
|
|
5124
5171
|
#
|
5125
5172
|
# * Policy (any type)
|
5126
5173
|
#
|
5127
|
-
# This operation can be called only from the organization's
|
5174
|
+
# This operation can be called only from the organization's management
|
5128
5175
|
# account.
|
5129
5176
|
#
|
5130
5177
|
# @option params [required, String] :resource_id
|
@@ -5168,7 +5215,7 @@ module Aws::Organizations
|
|
5168
5215
|
# change. The child OUs and accounts remain in place, and any attached
|
5169
5216
|
# policies of the OU remain attached.
|
5170
5217
|
#
|
5171
|
-
# This operation can be called only from the organization's
|
5218
|
+
# This operation can be called only from the organization's management
|
5172
5219
|
# account.
|
5173
5220
|
#
|
5174
5221
|
# @option params [required, String] :organizational_unit_id
|
@@ -5243,7 +5290,7 @@ module Aws::Organizations
|
|
5243
5290
|
# If you don't supply any parameter, that value remains unchanged. You
|
5244
5291
|
# can't change a policy's type.
|
5245
5292
|
#
|
5246
|
-
# This operation can be called only from the organization's
|
5293
|
+
# This operation can be called only from the organization's management
|
5247
5294
|
# account.
|
5248
5295
|
#
|
5249
5296
|
# @option params [required, String] :policy_id
|
@@ -5377,7 +5424,7 @@ module Aws::Organizations
|
|
5377
5424
|
params: params,
|
5378
5425
|
config: config)
|
5379
5426
|
context[:gem_name] = 'aws-sdk-organizations'
|
5380
|
-
context[:gem_version] = '1.
|
5427
|
+
context[:gem_version] = '1.56.0'
|
5381
5428
|
Seahorse::Client::Request.new(handlers, context)
|
5382
5429
|
end
|
5383
5430
|
|