aws-sdk-organizations 1.52.0 → 1.57.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-organizations.rb +1 -1
- data/lib/aws-sdk-organizations/client.rb +192 -145
- data/lib/aws-sdk-organizations/types.rb +156 -129
- metadata +4 -4
@@ -121,12 +121,12 @@ module Aws::Organizations
|
|
121
121
|
# The Amazon Resource Name (ARN) of the account.
|
122
122
|
#
|
123
123
|
# For more information about ARNs in Organizations, see [ARN Formats
|
124
|
-
# Supported by Organizations][1] in the *AWS
|
125
|
-
#
|
124
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
125
|
+
# Reference*.
|
126
126
|
#
|
127
127
|
#
|
128
128
|
#
|
129
|
-
# [1]: https://docs.aws.amazon.com/
|
129
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
130
130
|
# @return [String]
|
131
131
|
#
|
132
132
|
# @!attribute [rw] email
|
@@ -221,7 +221,7 @@ module Aws::Organizations
|
|
221
221
|
end
|
222
222
|
|
223
223
|
# You can't invite an existing account to your organization until you
|
224
|
-
# verify that you own the email address associated with the
|
224
|
+
# verify that you own the email address associated with the management
|
225
225
|
# account. For more information, see [Email Address Verification][1] in
|
226
226
|
# the *AWS Organizations User Guide.*
|
227
227
|
#
|
@@ -358,13 +358,13 @@ module Aws::Organizations
|
|
358
358
|
# The [regex pattern][1] for a child ID string requires one of the
|
359
359
|
# following:
|
360
360
|
#
|
361
|
-
# * Account
|
361
|
+
# * **Account** - A string that consists of exactly 12 digits.
|
362
362
|
#
|
363
|
-
# * Organizational unit (OU)
|
364
|
-
# followed by from 4 to 32
|
363
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
364
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
365
365
|
# the root that contains the OU). This string is followed by a
|
366
|
-
# second "-" dash and from 8 to 32 additional
|
367
|
-
#
|
366
|
+
# second "-" dash and from 8 to 32 additional lowercase letters or
|
367
|
+
# digits.
|
368
368
|
#
|
369
369
|
#
|
370
370
|
#
|
@@ -425,9 +425,9 @@ module Aws::Organizations
|
|
425
425
|
# </note>
|
426
426
|
#
|
427
427
|
# * ACCOUNT\_CANNOT\_LEAVE\_ORGANIZAION: You attempted to remove the
|
428
|
-
#
|
429
|
-
# account. Instead, after you remove all member accounts,
|
430
|
-
# organization itself.
|
428
|
+
# management account from the organization. You can't remove the
|
429
|
+
# management account. Instead, after you remove all member accounts,
|
430
|
+
# delete the organization itself.
|
431
431
|
#
|
432
432
|
# * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_EULA: You attempted to remove an
|
433
433
|
# account from the organization that doesn't yet have enough
|
@@ -466,8 +466,8 @@ module Aws::Organizations
|
|
466
466
|
# Support][2].
|
467
467
|
#
|
468
468
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
469
|
-
# attempted to register the
|
470
|
-
# delegated administrator for an AWS service integrated with
|
469
|
+
# attempted to register the management account of the organization as
|
470
|
+
# a delegated administrator for an AWS service integrated with
|
471
471
|
# Organizations. You can designate only a member account as a
|
472
472
|
# delegated administrator.
|
473
473
|
#
|
@@ -496,11 +496,11 @@ module Aws::Organizations
|
|
496
496
|
#
|
497
497
|
# * MASTER\_ACCOUNT\_ADDRESS\_DOES\_NOT\_MATCH\_MARKETPLACE: To create
|
498
498
|
# an account in this organization, you first must migrate the
|
499
|
-
# organization's
|
500
|
-
# to the
|
501
|
-
# addresses must be associated with the AISPL
|
502
|
-
# accounts in an organization must be associated with
|
503
|
-
# marketplace.
|
499
|
+
# organization's management account to the marketplace that
|
500
|
+
# corresponds to the management account's address. For example,
|
501
|
+
# accounts with India addresses must be associated with the AISPL
|
502
|
+
# marketplace. All accounts in an organization must be associated with
|
503
|
+
# the same marketplace.
|
504
504
|
#
|
505
505
|
# * MASTER\_ACCOUNT\_MISSING\_BUSINESS\_LICENSE: Applies only to the AWS
|
506
506
|
# Regions in China. To create an organization, the master must have an
|
@@ -509,16 +509,16 @@ module Aws::Organizations
|
|
509
509
|
#
|
510
510
|
# * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
|
511
511
|
# you must first provide a valid contact address and phone number for
|
512
|
-
# the
|
512
|
+
# the management account. Then try the operation again.
|
513
513
|
#
|
514
514
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
515
|
-
# the
|
515
|
+
# the management account must have an associated account in the AWS
|
516
516
|
# GovCloud (US-West) Region. For more information, see [AWS
|
517
517
|
# Organizations][3] in the *AWS GovCloud User Guide.*
|
518
518
|
#
|
519
519
|
# * MASTER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To create an
|
520
|
-
# organization with this
|
521
|
-
# valid payment instrument, such as a credit card, with the account.
|
520
|
+
# organization with this management account, you first must associate
|
521
|
+
# a valid payment instrument, such as a credit card, with the account.
|
522
522
|
# Follow the steps at [To leave an organization when all required
|
523
523
|
# account information has not yet been provided][4] in the *AWS
|
524
524
|
# Organizations User Guide.*
|
@@ -621,10 +621,11 @@ module Aws::Organizations
|
|
621
621
|
# (Optional)
|
622
622
|
#
|
623
623
|
# The name of an IAM role that AWS Organizations automatically
|
624
|
-
# preconfigures in the new member account. This role trusts the
|
625
|
-
# account, allowing users in the
|
626
|
-
# permitted by the
|
627
|
-
# administrator permissions in the new
|
624
|
+
# preconfigures in the new member account. This role trusts the
|
625
|
+
# management account, allowing users in the management account to
|
626
|
+
# assume the role, as permitted by the management account
|
627
|
+
# administrator. The role has administrator permissions in the new
|
628
|
+
# member account.
|
628
629
|
#
|
629
630
|
# If you don't specify this parameter, the role name defaults to
|
630
631
|
# `OrganizationAccountAccessRole`.
|
@@ -730,7 +731,7 @@ module Aws::Organizations
|
|
730
731
|
# create the account.
|
731
732
|
#
|
732
733
|
# The [regex pattern][1] for a create account request ID string
|
733
|
-
# requires "car-" followed by from 8 to 32
|
734
|
+
# requires "car-" followed by from 8 to 32 lowercase letters or
|
734
735
|
# digits.
|
735
736
|
#
|
736
737
|
#
|
@@ -786,10 +787,17 @@ module Aws::Organizations
|
|
786
787
|
# * EMAIL\_ALREADY\_EXISTS: The account could not be created because
|
787
788
|
# another AWS account with that email address already exists.
|
788
789
|
#
|
790
|
+
# * FAILED\_BUSINESS\_VALIDATION: The AWS account that owns your
|
791
|
+
# organization failed to receive business license validation.
|
792
|
+
#
|
789
793
|
# * GOVCLOUD\_ACCOUNT\_ALREADY\_EXISTS: The account in the AWS
|
790
794
|
# GovCloud (US) Region could not be created because this Region
|
791
795
|
# already includes an account with that email address.
|
792
796
|
#
|
797
|
+
# * IDENTITY\_INVALID\_BUSINESS\_VALIDATION: The AWS account that owns
|
798
|
+
# your organization can't complete business license validation
|
799
|
+
# because it doesn't have valid identity data.
|
800
|
+
#
|
793
801
|
# * INVALID\_ADDRESS: The account could not be created because the
|
794
802
|
# address you provided is not valid.
|
795
803
|
#
|
@@ -803,8 +811,16 @@ module Aws::Organizations
|
|
803
811
|
# * MISSING\_BUSINESS\_VALIDATION: The AWS account that owns your
|
804
812
|
# organization has not received Business Validation.
|
805
813
|
#
|
806
|
-
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the
|
814
|
+
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the management
|
807
815
|
# account with a valid payment method, such as a credit card.
|
816
|
+
#
|
817
|
+
# * PENDING\_BUSINESS\_VALIDATION: The AWS account that owns your
|
818
|
+
# organization is still in the process of completing business
|
819
|
+
# license validation.
|
820
|
+
#
|
821
|
+
# * UNKNOWN\_BUSINESS\_VALIDATION: The AWS account that owns your
|
822
|
+
# organization has an unknown issue with business license
|
823
|
+
# validation.
|
808
824
|
# @return [String]
|
809
825
|
#
|
810
826
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
|
@@ -874,9 +890,10 @@ module Aws::Organizations
|
|
874
890
|
# The name of an IAM role that AWS Organizations automatically
|
875
891
|
# preconfigures in the new member accounts in both the AWS GovCloud
|
876
892
|
# (US) Region and in the commercial Region. This role trusts the
|
877
|
-
#
|
878
|
-
# role, as permitted by the
|
879
|
-
# administrator permissions in the new
|
893
|
+
# management account, allowing users in the management account to
|
894
|
+
# assume the role, as permitted by the management account
|
895
|
+
# administrator. The role has administrator permissions in the new
|
896
|
+
# member account.
|
880
897
|
#
|
881
898
|
# If you don't specify this parameter, the role name defaults to
|
882
899
|
# `OrganizationAccountAccessRole`.
|
@@ -977,7 +994,7 @@ module Aws::Organizations
|
|
977
994
|
# feature set supports different levels of functionality.
|
978
995
|
#
|
979
996
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
980
|
-
# consolidated to and paid by the
|
997
|
+
# consolidated to and paid by the management account. For more
|
981
998
|
# information, see [Consolidated billing][1] in the *AWS
|
982
999
|
# Organizations User Guide.*
|
983
1000
|
#
|
@@ -985,7 +1002,7 @@ module Aws::Organizations
|
|
985
1002
|
# organizations in the AWS GovCloud (US) Region.
|
986
1003
|
#
|
987
1004
|
# * `ALL`\: In addition to all the features supported by the
|
988
|
-
# consolidated billing feature set, the
|
1005
|
+
# consolidated billing feature set, the management account can also
|
989
1006
|
# apply any policy type to any member account in the organization.
|
990
1007
|
# For more information, see [All features][2] in the *AWS
|
991
1008
|
# Organizations User Guide.*
|
@@ -1147,10 +1164,10 @@ module Aws::Organizations
|
|
1147
1164
|
#
|
1148
1165
|
#
|
1149
1166
|
#
|
1150
|
-
# [1]:
|
1151
|
-
# [2]:
|
1152
|
-
# [3]:
|
1153
|
-
# [4]:
|
1167
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1168
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1169
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1170
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1154
1171
|
# @return [String]
|
1155
1172
|
#
|
1156
1173
|
# @!attribute [rw] tags
|
@@ -1455,8 +1472,9 @@ module Aws::Organizations
|
|
1455
1472
|
# }
|
1456
1473
|
#
|
1457
1474
|
# @!attribute [rw] create_account_request_id
|
1458
|
-
# Specifies the `
|
1459
|
-
# You can get the
|
1475
|
+
# Specifies the `Id` value that uniquely identifies the
|
1476
|
+
# `CreateAccount` request. You can get the value from the
|
1477
|
+
# `CreateAccountStatus.Id` response in an earlier CreateAccount
|
1460
1478
|
# request, or from the ListCreateAccountStatus operation.
|
1461
1479
|
#
|
1462
1480
|
# The [regex pattern][1] for a create account request ID string
|
@@ -1509,15 +1527,15 @@ module Aws::Organizations
|
|
1509
1527
|
#
|
1510
1528
|
#
|
1511
1529
|
#
|
1512
|
-
# [1]:
|
1513
|
-
# [2]:
|
1514
|
-
# [3]:
|
1530
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1531
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1532
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1515
1533
|
# @return [String]
|
1516
1534
|
#
|
1517
1535
|
# @!attribute [rw] target_id
|
1518
|
-
# When you're signed in as the
|
1519
|
-
# account that you want details about. Specifying an organization
|
1520
|
-
# or organizational unit (OU) as the target is not supported.
|
1536
|
+
# When you're signed in as the management account, specify the ID of
|
1537
|
+
# the account that you want details about. Specifying an organization
|
1538
|
+
# root or organizational unit (OU) as the target is not supported.
|
1521
1539
|
# @return [String]
|
1522
1540
|
#
|
1523
1541
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicyRequest AWS API Documentation
|
@@ -1808,10 +1826,10 @@ module Aws::Organizations
|
|
1808
1826
|
#
|
1809
1827
|
#
|
1810
1828
|
#
|
1811
|
-
# [1]:
|
1812
|
-
# [2]:
|
1813
|
-
# [3]:
|
1814
|
-
# [4]:
|
1829
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
1830
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
1831
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
1832
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1815
1833
|
# @return [String]
|
1816
1834
|
#
|
1817
1835
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyTypeRequest AWS API Documentation
|
@@ -1937,8 +1955,8 @@ module Aws::Organizations
|
|
1937
1955
|
include Aws::Structure
|
1938
1956
|
end
|
1939
1957
|
|
1940
|
-
# If you ran this action on the
|
1941
|
-
# enabled. If you ran the action on a member account, the account
|
1958
|
+
# If you ran this action on the management account, this policy type is
|
1959
|
+
# not enabled. If you ran the action on a member account, the account
|
1942
1960
|
# doesn't have an effective policy of this type. Contact the
|
1943
1961
|
# administrator of your organization about attaching a policy of this
|
1944
1962
|
# type to the account.
|
@@ -2028,10 +2046,10 @@ module Aws::Organizations
|
|
2028
2046
|
#
|
2029
2047
|
#
|
2030
2048
|
#
|
2031
|
-
# [1]:
|
2032
|
-
# [2]:
|
2033
|
-
# [3]:
|
2034
|
-
# [4]:
|
2049
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
2050
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
2051
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
2052
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
2035
2053
|
# @return [String]
|
2036
2054
|
#
|
2037
2055
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyTypeRequest AWS API Documentation
|
@@ -2101,9 +2119,10 @@ module Aws::Organizations
|
|
2101
2119
|
|
2102
2120
|
# Contains information that must be exchanged to securely establish a
|
2103
2121
|
# relationship between two accounts (an *originator* and a *recipient*).
|
2104
|
-
# For example, when a
|
2105
|
-
# account (the recipient) to join its organization, the two
|
2106
|
-
# exchange information as a series of handshake requests and
|
2122
|
+
# For example, when a management account (the originator) invites
|
2123
|
+
# another account (the recipient) to join its organization, the two
|
2124
|
+
# accounts exchange information as a series of handshake requests and
|
2125
|
+
# responses.
|
2107
2126
|
#
|
2108
2127
|
# **Note:** Handshakes that are CANCELED, ACCEPTED, or DECLINED show up
|
2109
2128
|
# in lists for only 30 days after entering that state After that they
|
@@ -2114,7 +2133,7 @@ module Aws::Organizations
|
|
2114
2133
|
# creates the ID when it initiates the handshake.
|
2115
2134
|
#
|
2116
2135
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2117
|
-
# followed by from 8 to 32
|
2136
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2118
2137
|
#
|
2119
2138
|
#
|
2120
2139
|
#
|
@@ -2125,12 +2144,12 @@ module Aws::Organizations
|
|
2125
2144
|
# The Amazon Resource Name (ARN) of a handshake.
|
2126
2145
|
#
|
2127
2146
|
# For more information about ARNs in Organizations, see [ARN Formats
|
2128
|
-
# Supported by Organizations][1] in the *AWS
|
2129
|
-
#
|
2147
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
2148
|
+
# Reference*.
|
2130
2149
|
#
|
2131
2150
|
#
|
2132
2151
|
#
|
2133
|
-
# [1]: https://docs.aws.amazon.com/
|
2152
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
2134
2153
|
# @return [String]
|
2135
2154
|
#
|
2136
2155
|
# @!attribute [rw] parties
|
@@ -2183,20 +2202,20 @@ module Aws::Organizations
|
|
2183
2202
|
# supported:
|
2184
2203
|
#
|
2185
2204
|
# * **INVITE**\: This type of handshake represents a request to join
|
2186
|
-
# an organization. It is always sent from the
|
2187
|
-
# non-member accounts.
|
2205
|
+
# an organization. It is always sent from the management account to
|
2206
|
+
# only non-member accounts.
|
2188
2207
|
#
|
2189
2208
|
# * **ENABLE\_ALL\_FEATURES**\: This type of handshake represents a
|
2190
2209
|
# request to enable all features in an organization. It is always
|
2191
|
-
# sent from the
|
2192
|
-
# Created accounts do not receive this because those
|
2193
|
-
# created by the organization's
|
2194
|
-
# inferred.
|
2210
|
+
# sent from the management account to only *invited* member
|
2211
|
+
# accounts. Created accounts do not receive this because those
|
2212
|
+
# accounts were created by the organization's management account
|
2213
|
+
# and approval is inferred.
|
2195
2214
|
#
|
2196
2215
|
# * **APPROVE\_ALL\_FEATURES**\: This type of handshake is sent from
|
2197
2216
|
# the Organizations service when all member accounts have approved
|
2198
2217
|
# the `ENABLE_ALL_FEATURES` invitation. It is sent only to the
|
2199
|
-
#
|
2218
|
+
# management account and signals the master that it can finalize the
|
2200
2219
|
# process to enable all features.
|
2201
2220
|
# @return [String]
|
2202
2221
|
#
|
@@ -2263,6 +2282,10 @@ module Aws::Organizations
|
|
2263
2282
|
# * ORGANIZATION\_ALREADY\_HAS\_ALL\_FEATURES: The handshake request is
|
2264
2283
|
# invalid because the organization has already enabled all features.
|
2265
2284
|
#
|
2285
|
+
# * ORGANIZATION\_IS\_ALREADY\_PENDING\_ALL\_FEATURES\_MIGRATION: The
|
2286
|
+
# handshake request is invalid because the organization has already
|
2287
|
+
# started the process to enable all features.
|
2288
|
+
#
|
2266
2289
|
# * ORGANIZATION\_FROM\_DIFFERENT\_SELLER\_OF\_RECORD: The request
|
2267
2290
|
# failed because the account is from a different marketplace than the
|
2268
2291
|
# accounts in the organization. For example, accounts with India
|
@@ -2322,7 +2345,7 @@ module Aws::Organizations
|
|
2322
2345
|
# `ActionType`.
|
2323
2346
|
#
|
2324
2347
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2325
|
-
# followed by from 8 to 32
|
2348
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2326
2349
|
#
|
2327
2350
|
#
|
2328
2351
|
#
|
@@ -2365,7 +2388,7 @@ module Aws::Organizations
|
|
2365
2388
|
# The unique identifier (ID) for the party.
|
2366
2389
|
#
|
2367
2390
|
# The [regex pattern][1] for handshake ID string requires "h-"
|
2368
|
-
# followed by from 8 to 32
|
2391
|
+
# followed by from 8 to 32 lowercase letters or digits.
|
2369
2392
|
#
|
2370
2393
|
#
|
2371
2394
|
#
|
@@ -2405,9 +2428,9 @@ module Aws::Organizations
|
|
2405
2428
|
# account that receives the handshake.
|
2406
2429
|
#
|
2407
2430
|
# * `OWNER_EMAIL` - Specifies the email address associated with the
|
2408
|
-
#
|
2431
|
+
# management account. Included as information about an organization.
|
2409
2432
|
#
|
2410
|
-
# * `OWNER_NAME` - Specifies the name associated with the
|
2433
|
+
# * `OWNER_NAME` - Specifies the name associated with the management
|
2411
2434
|
# account. Included as information about an organization.
|
2412
2435
|
#
|
2413
2436
|
# * `NOTES` - Additional text provided by the handshake initiator and
|
@@ -2462,6 +2485,9 @@ module Aws::Organizations
|
|
2462
2485
|
# * INPUT\_REQUIRED: You must include a value for all required
|
2463
2486
|
# parameters.
|
2464
2487
|
#
|
2488
|
+
# * INVALID\_EMAIL\_ADDRESS\_TARGET: You specified an invalid email
|
2489
|
+
# address for the invited account owner.
|
2490
|
+
#
|
2465
2491
|
# * INVALID\_ENUM: You specified an invalid value.
|
2466
2492
|
#
|
2467
2493
|
# * INVALID\_ENUM\_POLICY\_TYPE: You specified an invalid policy type
|
@@ -3470,10 +3496,10 @@ module Aws::Organizations
|
|
3470
3496
|
#
|
3471
3497
|
#
|
3472
3498
|
#
|
3473
|
-
# [1]:
|
3474
|
-
# [2]:
|
3475
|
-
# [3]:
|
3476
|
-
# [4]:
|
3499
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3500
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3501
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3502
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3477
3503
|
# @return [String]
|
3478
3504
|
#
|
3479
3505
|
# @!attribute [rw] next_token
|
@@ -3552,10 +3578,10 @@ module Aws::Organizations
|
|
3552
3578
|
#
|
3553
3579
|
#
|
3554
3580
|
#
|
3555
|
-
# [1]:
|
3556
|
-
# [2]:
|
3557
|
-
# [3]:
|
3558
|
-
# [4]:
|
3581
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html
|
3582
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html
|
3583
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
|
3584
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
3559
3585
|
# @return [String]
|
3560
3586
|
#
|
3561
3587
|
# @!attribute [rw] next_token
|
@@ -3829,9 +3855,10 @@ module Aws::Organizations
|
|
3829
3855
|
include Aws::Structure
|
3830
3856
|
end
|
3831
3857
|
|
3832
|
-
# You can't remove a
|
3833
|
-
# the
|
3834
|
-
# you must first delete the current organization of the
|
3858
|
+
# You can't remove a management account from an organization. If you
|
3859
|
+
# want the management account to become a member account in another
|
3860
|
+
# organization, you must first delete the current organization of the
|
3861
|
+
# management account.
|
3835
3862
|
#
|
3836
3863
|
# @!attribute [rw] message
|
3837
3864
|
# @return [String]
|
@@ -3925,7 +3952,7 @@ module Aws::Organizations
|
|
3925
3952
|
# The unique identifier (ID) of an organization.
|
3926
3953
|
#
|
3927
3954
|
# The [regex pattern][1] for an organization ID string requires "o-"
|
3928
|
-
# followed by from 10 to 32
|
3955
|
+
# followed by from 10 to 32 lowercase letters or digits.
|
3929
3956
|
#
|
3930
3957
|
#
|
3931
3958
|
#
|
@@ -3936,12 +3963,12 @@ module Aws::Organizations
|
|
3936
3963
|
# The Amazon Resource Name (ARN) of an organization.
|
3937
3964
|
#
|
3938
3965
|
# For more information about ARNs in Organizations, see [ARN Formats
|
3939
|
-
# Supported by Organizations][1] in the *AWS
|
3940
|
-
#
|
3966
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
3967
|
+
# Reference*.
|
3941
3968
|
#
|
3942
3969
|
#
|
3943
3970
|
#
|
3944
|
-
# [1]: https://docs.aws.amazon.com/
|
3971
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
3945
3972
|
# @return [String]
|
3946
3973
|
#
|
3947
3974
|
# @!attribute [rw] feature_set
|
@@ -3960,19 +3987,20 @@ module Aws::Organizations
|
|
3960
3987
|
#
|
3961
3988
|
# @!attribute [rw] master_account_arn
|
3962
3989
|
# The Amazon Resource Name (ARN) of the account that is designated as
|
3963
|
-
# the
|
3990
|
+
# the management account for the organization.
|
3964
3991
|
#
|
3965
3992
|
# For more information about ARNs in Organizations, see [ARN Formats
|
3966
|
-
# Supported by Organizations][1] in the *AWS
|
3967
|
-
#
|
3993
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
3994
|
+
# Reference*.
|
3968
3995
|
#
|
3969
3996
|
#
|
3970
3997
|
#
|
3971
|
-
# [1]: https://docs.aws.amazon.com/
|
3998
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
3972
3999
|
# @return [String]
|
3973
4000
|
#
|
3974
4001
|
# @!attribute [rw] master_account_id
|
3975
|
-
# The unique identifier (ID) of the
|
4002
|
+
# The unique identifier (ID) of the management account of an
|
4003
|
+
# organization.
|
3976
4004
|
#
|
3977
4005
|
# The [regex pattern][1] for an account ID string requires exactly 12
|
3978
4006
|
# digits.
|
@@ -3984,7 +4012,7 @@ module Aws::Organizations
|
|
3984
4012
|
#
|
3985
4013
|
# @!attribute [rw] master_account_email
|
3986
4014
|
# The email address that is associated with the AWS account that is
|
3987
|
-
# designated as the
|
4015
|
+
# designated as the management account for the organization.
|
3988
4016
|
# @return [String]
|
3989
4017
|
#
|
3990
4018
|
# @!attribute [rw] available_policy_types
|
@@ -4010,8 +4038,8 @@ module Aws::Organizations
|
|
4010
4038
|
end
|
4011
4039
|
|
4012
4040
|
# The organization isn't empty. To delete an organization, you must
|
4013
|
-
# first remove all accounts except the
|
4014
|
-
# and delete all policies.
|
4041
|
+
# first remove all accounts except the management account, delete all
|
4042
|
+
# OUs, and delete all policies.
|
4015
4043
|
#
|
4016
4044
|
# @!attribute [rw] message
|
4017
4045
|
# @return [String]
|
@@ -4033,9 +4061,9 @@ module Aws::Organizations
|
|
4033
4061
|
# The unique identifier (ID) associated with this OU.
|
4034
4062
|
#
|
4035
4063
|
# The [regex pattern][1] for an organizational unit ID string requires
|
4036
|
-
# "ou-" followed by from 4 to 32
|
4037
|
-
#
|
4038
|
-
# second "-" dash and from 8 to 32 additional
|
4064
|
+
# "ou-" followed by from 4 to 32 lowercase letters or digits (the ID
|
4065
|
+
# of the root that contains the OU). This string is followed by a
|
4066
|
+
# second "-" dash and from 8 to 32 additional lowercase letters or
|
4039
4067
|
# digits.
|
4040
4068
|
#
|
4041
4069
|
#
|
@@ -4047,12 +4075,12 @@ module Aws::Organizations
|
|
4047
4075
|
# The Amazon Resource Name (ARN) of this OU.
|
4048
4076
|
#
|
4049
4077
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4050
|
-
# Supported by Organizations][1] in the *AWS
|
4051
|
-
#
|
4078
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
4079
|
+
# Reference*.
|
4052
4080
|
#
|
4053
4081
|
#
|
4054
4082
|
#
|
4055
|
-
# [1]: https://docs.aws.amazon.com/
|
4083
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
4056
4084
|
# @return [String]
|
4057
4085
|
#
|
4058
4086
|
# @!attribute [rw] name
|
@@ -4113,13 +4141,13 @@ module Aws::Organizations
|
|
4113
4141
|
# The [regex pattern][1] for a parent ID string requires one of the
|
4114
4142
|
# following:
|
4115
4143
|
#
|
4116
|
-
# * Root
|
4117
|
-
#
|
4144
|
+
# * **Root** - A string that begins with "r-" followed by from 4 to
|
4145
|
+
# 32 lowercase letters or digits.
|
4118
4146
|
#
|
4119
|
-
# * Organizational unit (OU)
|
4120
|
-
# followed by from 4 to 32
|
4147
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4148
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
4121
4149
|
# the root that the OU is in). This string is followed by a second
|
4122
|
-
# "-" dash and from 8 to 32 additional
|
4150
|
+
# "-" dash and from 8 to 32 additional lowercase letters or
|
4123
4151
|
# digits.
|
4124
4152
|
#
|
4125
4153
|
#
|
@@ -4236,7 +4264,8 @@ module Aws::Organizations
|
|
4236
4264
|
# The unique identifier (ID) of the policy.
|
4237
4265
|
#
|
4238
4266
|
# The [regex pattern][1] for a policy ID string requires "p-"
|
4239
|
-
# followed by from 8 to 128
|
4267
|
+
# followed by from 8 to 128 lowercase or uppercase letters, digits, or
|
4268
|
+
# the underscore character (\_).
|
4240
4269
|
#
|
4241
4270
|
#
|
4242
4271
|
#
|
@@ -4247,12 +4276,12 @@ module Aws::Organizations
|
|
4247
4276
|
# The Amazon Resource Name (ARN) of the policy.
|
4248
4277
|
#
|
4249
4278
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4250
|
-
# Supported by Organizations][1] in the *AWS
|
4251
|
-
#
|
4279
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
4280
|
+
# Reference*.
|
4252
4281
|
#
|
4253
4282
|
#
|
4254
4283
|
#
|
4255
|
-
# [1]: https://docs.aws.amazon.com/
|
4284
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
4256
4285
|
# @return [String]
|
4257
4286
|
#
|
4258
4287
|
# @!attribute [rw] name
|
@@ -4302,15 +4331,15 @@ module Aws::Organizations
|
|
4302
4331
|
# The [regex pattern][1] for a target ID string requires one of the
|
4303
4332
|
# following:
|
4304
4333
|
#
|
4305
|
-
# * Root
|
4306
|
-
#
|
4334
|
+
# * **Root** - A string that begins with "r-" followed by from 4 to
|
4335
|
+
# 32 lowercase letters or digits.
|
4307
4336
|
#
|
4308
|
-
# * Account
|
4337
|
+
# * **Account** - A string that consists of exactly 12 digits.
|
4309
4338
|
#
|
4310
|
-
# * Organizational unit (OU)
|
4311
|
-
# followed by from 4 to 32
|
4339
|
+
# * **Organizational unit (OU)** - A string that begins with "ou-"
|
4340
|
+
# followed by from 4 to 32 lowercase letters or digits (the ID of
|
4312
4341
|
# the root that the OU is in). This string is followed by a second
|
4313
|
-
# "-" dash and from 8 to 32 additional
|
4342
|
+
# "-" dash and from 8 to 32 additional lowercase letters or
|
4314
4343
|
# digits.
|
4315
4344
|
#
|
4316
4345
|
#
|
@@ -4322,12 +4351,12 @@ module Aws::Organizations
|
|
4322
4351
|
# The Amazon Resource Name (ARN) of the policy target.
|
4323
4352
|
#
|
4324
4353
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4325
|
-
# Supported by Organizations][1] in the *AWS
|
4326
|
-
#
|
4354
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
4355
|
+
# Reference*.
|
4327
4356
|
#
|
4328
4357
|
#
|
4329
4358
|
#
|
4330
|
-
# [1]: https://docs.aws.amazon.com/
|
4359
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
4331
4360
|
# @return [String]
|
4332
4361
|
#
|
4333
4362
|
# @!attribute [rw] name
|
@@ -4490,16 +4519,14 @@ module Aws::Organizations
|
|
4490
4519
|
|
4491
4520
|
# Contains details about a root. A root is a top-level parent node in
|
4492
4521
|
# the hierarchy of an organization that can contain organizational units
|
4493
|
-
# (OUs) and accounts.
|
4494
|
-
# organization.
|
4495
|
-
# different way and to have different policy types enabled for use in
|
4496
|
-
# that root.
|
4522
|
+
# (OUs) and accounts. The root contains every AWS account in the
|
4523
|
+
# organization.
|
4497
4524
|
#
|
4498
4525
|
# @!attribute [rw] id
|
4499
4526
|
# The unique identifier (ID) for the root.
|
4500
4527
|
#
|
4501
4528
|
# The [regex pattern][1] for a root ID string requires "r-" followed
|
4502
|
-
# by from 4 to 32
|
4529
|
+
# by from 4 to 32 lowercase letters or digits.
|
4503
4530
|
#
|
4504
4531
|
#
|
4505
4532
|
#
|
@@ -4510,12 +4537,12 @@ module Aws::Organizations
|
|
4510
4537
|
# The Amazon Resource Name (ARN) of the root.
|
4511
4538
|
#
|
4512
4539
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4513
|
-
# Supported by Organizations][1] in the *AWS
|
4514
|
-
#
|
4540
|
+
# Supported by Organizations][1] in the *AWS Service Authorization
|
4541
|
+
# Reference*.
|
4515
4542
|
#
|
4516
4543
|
#
|
4517
4544
|
#
|
4518
|
-
# [1]: https://docs.aws.amazon.com/
|
4545
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies
|
4519
4546
|
# @return [String]
|
4520
4547
|
#
|
4521
4548
|
# @!attribute [rw] name
|