aws-sdk-organizations 1.53.0 → 1.58.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +363 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-organizations.rb +2 -2
- data/lib/aws-sdk-organizations/client.rb +159 -115
- data/lib/aws-sdk-organizations/client_api.rb +1 -1
- data/lib/aws-sdk-organizations/errors.rb +1 -1
- data/lib/aws-sdk-organizations/resource.rb +1 -1
- data/lib/aws-sdk-organizations/types.rb +102 -75
- metadata +8 -5
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.58.0
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-organizations/customizations'
|
|
48
48
|
# @!group service
|
49
49
|
module Aws::Organizations
|
50
50
|
|
51
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.58.0'
|
52
52
|
|
53
53
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -356,7 +356,7 @@ module Aws::Organizations
|
|
356
356
|
# User Guide*.
|
357
357
|
#
|
358
358
|
# * **Enable all features final confirmation** handshake: only a
|
359
|
-
# principal from the
|
359
|
+
# principal from the management account.
|
360
360
|
#
|
361
361
|
# For more information about invitations, see [Inviting an AWS Account
|
362
362
|
# to Join Your Organization][2] in the *AWS Organizations User Guide.*
|
@@ -487,7 +487,7 @@ module Aws::Organizations
|
|
487
487
|
#
|
488
488
|
# * [TAG\_POLICY][4]
|
489
489
|
#
|
490
|
-
# This operation can be called only from the organization's
|
490
|
+
# This operation can be called only from the organization's management
|
491
491
|
# account.
|
492
492
|
#
|
493
493
|
#
|
@@ -716,12 +716,12 @@ module Aws::Organizations
|
|
716
716
|
#
|
717
717
|
# AWS Organizations preconfigures the new member account with a role
|
718
718
|
# (named `OrganizationAccountAccessRole` by default) that grants users
|
719
|
-
# in the
|
720
|
-
# account. Principals in the
|
719
|
+
# in the management account administrator permissions in the new member
|
720
|
+
# account. Principals in the management account can assume the role. AWS
|
721
721
|
# Organizations clones the company name and address information for the
|
722
|
-
# new account from the organization's
|
722
|
+
# new account from the organization's management account.
|
723
723
|
#
|
724
|
-
# This operation can be called only from the organization's
|
724
|
+
# This operation can be called only from the organization's management
|
725
725
|
# account.
|
726
726
|
#
|
727
727
|
# For more information about creating accounts, see [Creating an AWS
|
@@ -786,10 +786,10 @@ module Aws::Organizations
|
|
786
786
|
# (Optional)
|
787
787
|
#
|
788
788
|
# The name of an IAM role that AWS Organizations automatically
|
789
|
-
# preconfigures in the new member account. This role trusts the
|
790
|
-
# account, allowing users in the
|
791
|
-
# permitted by the
|
792
|
-
# administrator permissions in the new member account.
|
789
|
+
# preconfigures in the new member account. This role trusts the
|
790
|
+
# management account, allowing users in the management account to assume
|
791
|
+
# the role, as permitted by the management account administrator. The
|
792
|
+
# role has administrator permissions in the new member account.
|
793
793
|
#
|
794
794
|
# If you don't specify this parameter, the role name defaults to
|
795
795
|
# `OrganizationAccountAccessRole`.
|
@@ -895,7 +895,7 @@ module Aws::Organizations
|
|
895
895
|
# resp.create_account_status.completed_timestamp #=> Time
|
896
896
|
# resp.create_account_status.account_id #=> String
|
897
897
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
898
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
898
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
899
899
|
#
|
900
900
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
901
901
|
#
|
@@ -913,11 +913,11 @@ module Aws::Organizations
|
|
913
913
|
# the [ *AWS GovCloud User Guide*.][1]
|
914
914
|
#
|
915
915
|
# * You already have an account in the AWS GovCloud (US) Region that is
|
916
|
-
# paired with a
|
917
|
-
# Region.
|
916
|
+
# paired with a management account of an organization in the
|
917
|
+
# commercial Region.
|
918
918
|
#
|
919
|
-
# * You call this action from the
|
920
|
-
# the commercial Region.
|
919
|
+
# * You call this action from the management account of your
|
920
|
+
# organization in the commercial Region.
|
921
921
|
#
|
922
922
|
# * You have the `organizations:CreateGovCloudAccount` permission.
|
923
923
|
#
|
@@ -943,11 +943,11 @@ module Aws::Organizations
|
|
943
943
|
# the TagResource operation in the GovCloud Region after the new
|
944
944
|
# GovCloud account exists.
|
945
945
|
#
|
946
|
-
# You call this action from the
|
947
|
-
# the commercial Region to create a standalone AWS account in the AWS
|
948
|
-
# GovCloud (US) Region. After the account is created, the
|
949
|
-
# of an organization in the AWS GovCloud (US) Region can invite
|
950
|
-
# that organization. For more information on inviting standalone
|
946
|
+
# You call this action from the management account of your organization
|
947
|
+
# in the commercial Region to create a standalone AWS account in the AWS
|
948
|
+
# GovCloud (US) Region. After the account is created, the management
|
949
|
+
# account of an organization in the AWS GovCloud (US) Region can invite
|
950
|
+
# it to that organization. For more information on inviting standalone
|
951
951
|
# accounts in the AWS GovCloud (US) to join an organization, see [AWS
|
952
952
|
# Organizations][4] in the *AWS GovCloud User Guide.*
|
953
953
|
#
|
@@ -976,14 +976,14 @@ module Aws::Organizations
|
|
976
976
|
# accounts are associated with the same email address.
|
977
977
|
#
|
978
978
|
# A role is created in the new account in the commercial Region that
|
979
|
-
# allows the
|
980
|
-
# to assume it. An AWS GovCloud (US) account is then created and
|
979
|
+
# allows the management account in the organization in the commercial
|
980
|
+
# Region to assume it. An AWS GovCloud (US) account is then created and
|
981
981
|
# associated with the commercial account that you just created. A role
|
982
982
|
# is also created in the new AWS GovCloud (US) account that can be
|
983
983
|
# assumed by the AWS GovCloud (US) account that is associated with the
|
984
|
-
#
|
985
|
-
# and to view a diagram that explains how account access
|
986
|
-
# Organizations][4] in the *AWS GovCloud User Guide.*
|
984
|
+
# management account of the commercial organization. For more
|
985
|
+
# information and to view a diagram that explains how account access
|
986
|
+
# works, see [AWS Organizations][4] in the *AWS GovCloud User Guide.*
|
987
987
|
#
|
988
988
|
# For more information about creating accounts, see [Creating an AWS
|
989
989
|
# Account in Your Organization][6] in the *AWS Organizations User
|
@@ -1056,9 +1056,9 @@ module Aws::Organizations
|
|
1056
1056
|
#
|
1057
1057
|
# The name of an IAM role that AWS Organizations automatically
|
1058
1058
|
# preconfigures in the new member accounts in both the AWS GovCloud (US)
|
1059
|
-
# Region and in the commercial Region. This role trusts the
|
1060
|
-
# account, allowing users in the
|
1061
|
-
# permitted by the
|
1059
|
+
# Region and in the commercial Region. This role trusts the management
|
1060
|
+
# account, allowing users in the management account to assume the role,
|
1061
|
+
# as permitted by the management account administrator. The role has
|
1062
1062
|
# administrator permissions in the new member account.
|
1063
1063
|
#
|
1064
1064
|
# If you don't specify this parameter, the role name defaults to
|
@@ -1146,7 +1146,7 @@ module Aws::Organizations
|
|
1146
1146
|
# resp.create_account_status.completed_timestamp #=> Time
|
1147
1147
|
# resp.create_account_status.account_id #=> String
|
1148
1148
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1149
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1149
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1150
1150
|
#
|
1151
1151
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
|
1152
1152
|
#
|
@@ -1158,11 +1158,11 @@ module Aws::Organizations
|
|
1158
1158
|
end
|
1159
1159
|
|
1160
1160
|
# Creates an AWS organization. The account whose user is calling the
|
1161
|
-
# `CreateOrganization` operation automatically becomes the [
|
1161
|
+
# `CreateOrganization` operation automatically becomes the [management
|
1162
1162
|
# account][1] of the new organization.
|
1163
1163
|
#
|
1164
1164
|
# This operation must be called using credentials from the account that
|
1165
|
-
# is to become the new organization's
|
1165
|
+
# is to become the new organization's management account. The principal
|
1166
1166
|
# must also have the relevant IAM permissions.
|
1167
1167
|
#
|
1168
1168
|
# By default (or if you set the `FeatureSet` parameter to `ALL`), the
|
@@ -1182,7 +1182,7 @@ module Aws::Organizations
|
|
1182
1182
|
# feature set supports different levels of functionality.
|
1183
1183
|
#
|
1184
1184
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
1185
|
-
# consolidated to and paid by the
|
1185
|
+
# consolidated to and paid by the management account. For more
|
1186
1186
|
# information, see [Consolidated billing][1] in the *AWS Organizations
|
1187
1187
|
# User Guide.*
|
1188
1188
|
#
|
@@ -1190,10 +1190,10 @@ module Aws::Organizations
|
|
1190
1190
|
# organizations in the AWS GovCloud (US) Region.
|
1191
1191
|
#
|
1192
1192
|
# * `ALL`\: In addition to all the features supported by the
|
1193
|
-
# consolidated billing feature set, the
|
1194
|
-
# any policy type to any member account in the organization. For
|
1195
|
-
# information, see [All features][2] in the *AWS Organizations
|
1196
|
-
# Guide.*
|
1193
|
+
# consolidated billing feature set, the management account can also
|
1194
|
+
# apply any policy type to any member account in the organization. For
|
1195
|
+
# more information, see [All features][2] in the *AWS Organizations
|
1196
|
+
# User Guide.*
|
1197
1197
|
#
|
1198
1198
|
#
|
1199
1199
|
#
|
@@ -1295,7 +1295,7 @@ module Aws::Organizations
|
|
1295
1295
|
# If the request includes tags, then the requester must have the
|
1296
1296
|
# `organizations:TagResource` permission.
|
1297
1297
|
#
|
1298
|
-
# This operation can be called only from the organization's
|
1298
|
+
# This operation can be called only from the organization's management
|
1299
1299
|
# account.
|
1300
1300
|
#
|
1301
1301
|
#
|
@@ -1401,7 +1401,7 @@ module Aws::Organizations
|
|
1401
1401
|
# If the request includes tags, then the requester must have the
|
1402
1402
|
# `organizations:TagResource` permission.
|
1403
1403
|
#
|
1404
|
-
# This operation can be called only from the organization's
|
1404
|
+
# This operation can be called only from the organization's management
|
1405
1405
|
# account.
|
1406
1406
|
#
|
1407
1407
|
#
|
@@ -1642,8 +1642,8 @@ module Aws::Organizations
|
|
1642
1642
|
end
|
1643
1643
|
|
1644
1644
|
# Deletes the organization. You can delete an organization only by using
|
1645
|
-
# credentials from the
|
1646
|
-
# member accounts.
|
1645
|
+
# credentials from the management account. The organization must be
|
1646
|
+
# empty of member accounts.
|
1647
1647
|
#
|
1648
1648
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1649
1649
|
#
|
@@ -1660,7 +1660,7 @@ module Aws::Organizations
|
|
1660
1660
|
# must first remove all accounts and child OUs from the OU that you want
|
1661
1661
|
# to delete.
|
1662
1662
|
#
|
1663
|
-
# This operation can be called only from the organization's
|
1663
|
+
# This operation can be called only from the organization's management
|
1664
1664
|
# account.
|
1665
1665
|
#
|
1666
1666
|
# @option params [required, String] :organizational_unit_id
|
@@ -1708,7 +1708,7 @@ module Aws::Organizations
|
|
1708
1708
|
# perform this operation, you must first detach the policy from all
|
1709
1709
|
# organizational units (OUs), roots, and accounts.
|
1710
1710
|
#
|
1711
|
-
# This operation can be called only from the organization's
|
1711
|
+
# This operation can be called only from the organization's management
|
1712
1712
|
# account.
|
1713
1713
|
#
|
1714
1714
|
# @option params [required, String] :policy_id
|
@@ -1765,12 +1765,12 @@ module Aws::Organizations
|
|
1765
1765
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
1766
1766
|
# Organizations User Guide.*
|
1767
1767
|
#
|
1768
|
-
# This operation can be called only from the organization's
|
1768
|
+
# This operation can be called only from the organization's management
|
1769
1769
|
# account.
|
1770
1770
|
#
|
1771
1771
|
#
|
1772
1772
|
#
|
1773
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1773
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
1774
1774
|
#
|
1775
1775
|
# @option params [required, String] :account_id
|
1776
1776
|
# The account ID number of the member account in the organization that
|
@@ -1807,7 +1807,7 @@ module Aws::Organizations
|
|
1807
1807
|
# Retrieves AWS Organizations-related information about the specified
|
1808
1808
|
# account.
|
1809
1809
|
#
|
1810
|
-
# This operation can be called only from the organization's
|
1810
|
+
# This operation can be called only from the organization's management
|
1811
1811
|
# account or by a member account that is a delegated administrator for
|
1812
1812
|
# an AWS service.
|
1813
1813
|
#
|
@@ -1874,7 +1874,7 @@ module Aws::Organizations
|
|
1874
1874
|
# Retrieves the current status of an asynchronous request to create an
|
1875
1875
|
# account.
|
1876
1876
|
#
|
1877
|
-
# This operation can be called only from the organization's
|
1877
|
+
# This operation can be called only from the organization's management
|
1878
1878
|
# account or by a member account that is a delegated administrator for
|
1879
1879
|
# an AWS service.
|
1880
1880
|
#
|
@@ -1930,7 +1930,7 @@ module Aws::Organizations
|
|
1930
1930
|
# resp.create_account_status.completed_timestamp #=> Time
|
1931
1931
|
# resp.create_account_status.account_id #=> String
|
1932
1932
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1933
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1933
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1934
1934
|
#
|
1935
1935
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
1936
1936
|
#
|
@@ -1952,7 +1952,7 @@ module Aws::Organizations
|
|
1952
1952
|
# For more information about policy inheritance, see [How Policy
|
1953
1953
|
# Inheritance Works][1] in the *AWS Organizations User Guide*.
|
1954
1954
|
#
|
1955
|
-
# This operation can be called only from the organization's
|
1955
|
+
# This operation can be called only from the organization's management
|
1956
1956
|
# account or by a member account that is a delegated administrator for
|
1957
1957
|
# an AWS service.
|
1958
1958
|
#
|
@@ -1977,9 +1977,9 @@ module Aws::Organizations
|
|
1977
1977
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
|
1978
1978
|
#
|
1979
1979
|
# @option params [String] :target_id
|
1980
|
-
# When you're signed in as the
|
1981
|
-
# account that you want details about. Specifying an organization
|
1982
|
-
# or organizational unit (OU) as the target is not supported.
|
1980
|
+
# When you're signed in as the management account, specify the ID of
|
1981
|
+
# the account that you want details about. Specifying an organization
|
1982
|
+
# root or organizational unit (OU) as the target is not supported.
|
1983
1983
|
#
|
1984
1984
|
# @return [Types::DescribeEffectivePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1985
1985
|
#
|
@@ -2182,7 +2182,7 @@ module Aws::Organizations
|
|
2182
2182
|
|
2183
2183
|
# Retrieves information about an organizational unit (OU).
|
2184
2184
|
#
|
2185
|
-
# This operation can be called only from the organization's
|
2185
|
+
# This operation can be called only from the organization's management
|
2186
2186
|
# account or by a member account that is a delegated administrator for
|
2187
2187
|
# an AWS service.
|
2188
2188
|
#
|
@@ -2245,7 +2245,7 @@ module Aws::Organizations
|
|
2245
2245
|
|
2246
2246
|
# Retrieves information about a policy.
|
2247
2247
|
#
|
2248
|
-
# This operation can be called only from the organization's
|
2248
|
+
# This operation can be called only from the organization's management
|
2249
2249
|
# account or by a member account that is a delegated administrator for
|
2250
2250
|
# an AWS service.
|
2251
2251
|
#
|
@@ -2333,7 +2333,7 @@ module Aws::Organizations
|
|
2333
2333
|
# attached SCP), you're using the authorization strategy of a "[deny
|
2334
2334
|
# list][2]".
|
2335
2335
|
#
|
2336
|
-
# This operation can be called only from the organization's
|
2336
|
+
# This operation can be called only from the organization's management
|
2337
2337
|
# account.
|
2338
2338
|
#
|
2339
2339
|
#
|
@@ -2412,33 +2412,65 @@ module Aws::Organizations
|
|
2412
2412
|
# operations in older accounts until the service completes its clean-up
|
2413
2413
|
# from AWS Organizations.
|
2414
2414
|
#
|
2415
|
-
#
|
2416
|
-
#
|
2417
|
-
#
|
2418
|
-
#
|
2419
|
-
#
|
2420
|
-
#
|
2421
|
-
#
|
2422
|
-
#
|
2423
|
-
# information
|
2415
|
+
# We <b> <i>strongly recommend</i> </b> that you don't use this command
|
2416
|
+
# to disable integration between AWS Organizations and the specified AWS
|
2417
|
+
# service. Instead, use the console or commands that are provided by the
|
2418
|
+
# specified service. This lets the trusted service perform any required
|
2419
|
+
# initialization when enabling trusted access, such as creating any
|
2420
|
+
# required resources and any required clean up of resources when
|
2421
|
+
# disabling trusted access.
|
2422
|
+
#
|
2423
|
+
# For information about how to disable trusted service access to your
|
2424
|
+
# organization using the trusted service, see the **Learn more** link
|
2425
|
+
# under the **Supports Trusted Access** column at [AWS services that you
|
2426
|
+
# can use with AWS Organizations][2]. on this page.
|
2427
|
+
#
|
2428
|
+
# If you disable access by using this command, it causes the following
|
2429
|
+
# actions to occur:
|
2430
|
+
#
|
2431
|
+
# * The service can no longer create a service-linked role in the
|
2432
|
+
# accounts in your organization. This means that the service can't
|
2433
|
+
# perform operations on your behalf on any new accounts in your
|
2434
|
+
# organization. The service can still perform operations in older
|
2435
|
+
# accounts until the service completes its clean-up from AWS
|
2436
|
+
# Organizations.
|
2437
|
+
#
|
2438
|
+
# * The service can no longer perform tasks in the member accounts in
|
2439
|
+
# the organization, unless those operations are explicitly permitted
|
2440
|
+
# by the IAM policies that are attached to your roles. This includes
|
2441
|
+
# any data aggregation from the member accounts to the management
|
2442
|
+
# account, or to a delegated administrator account, where relevant.
|
2443
|
+
#
|
2444
|
+
# * Some services detect this and clean up any remaining data or
|
2445
|
+
# resources related to the integration, while other services stop
|
2446
|
+
# accessing the organization but leave any historical data and
|
2447
|
+
# configuration in place to support a possible re-enabling of the
|
2448
|
+
# integration.
|
2449
|
+
#
|
2450
|
+
# Using the other service's console or commands to disable the
|
2451
|
+
# integration ensures that the other service is aware that it can clean
|
2452
|
+
# up any resources that are required only for the integration. How the
|
2453
|
+
# service cleans up its resources in the organization's accounts
|
2454
|
+
# depends on that service. For more information, see the documentation
|
2455
|
+
# for the other AWS service.
|
2424
2456
|
#
|
2425
2457
|
# After you perform the `DisableAWSServiceAccess` operation, the
|
2426
2458
|
# specified service can no longer perform operations in your
|
2427
|
-
# organization's accounts
|
2428
|
-
# permitted by the IAM policies that are attached to your roles.
|
2459
|
+
# organization's accounts
|
2429
2460
|
#
|
2430
2461
|
# For more information about integrating other services with AWS
|
2431
2462
|
# Organizations, including the list of services that work with
|
2432
2463
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2433
|
-
# Services][
|
2464
|
+
# Services][3] in the *AWS Organizations User Guide.*
|
2434
2465
|
#
|
2435
|
-
# This operation can be called only from the organization's
|
2466
|
+
# This operation can be called only from the organization's management
|
2436
2467
|
# account.
|
2437
2468
|
#
|
2438
2469
|
#
|
2439
2470
|
#
|
2440
2471
|
# [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
|
2441
|
-
# [2]:
|
2472
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
2473
|
+
# [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
2442
2474
|
#
|
2443
2475
|
# @option params [required, String] :service_principal
|
2444
2476
|
# The service principal name of the AWS service for which you want to
|
@@ -2476,7 +2508,7 @@ module Aws::Organizations
|
|
2476
2508
|
# status of policy types for a specified root, and then use this
|
2477
2509
|
# operation.
|
2478
2510
|
#
|
2479
|
-
# This operation can be called only from the organization's
|
2511
|
+
# This operation can be called only from the organization's management
|
2480
2512
|
# account.
|
2481
2513
|
#
|
2482
2514
|
# To view the status of available policy types in the organization, use
|
@@ -2586,7 +2618,7 @@ module Aws::Organizations
|
|
2586
2618
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
2587
2619
|
# Services][2] in the *AWS Organizations User Guide.*
|
2588
2620
|
#
|
2589
|
-
# This operation can be called only from the organization's
|
2621
|
+
# This operation can be called only from the organization's management
|
2590
2622
|
# account and only if the organization has [enabled all features][3].
|
2591
2623
|
#
|
2592
2624
|
#
|
@@ -2641,14 +2673,14 @@ module Aws::Organizations
|
|
2641
2673
|
# the feature set change by accepting the handshake that contains
|
2642
2674
|
# `"Action": "ENABLE_ALL_FEATURES"`. This completes the change.
|
2643
2675
|
#
|
2644
|
-
# After you enable all features in your organization, the
|
2645
|
-
# in the organization can apply policies on all member accounts.
|
2646
|
-
# policies can restrict what users and even administrators in
|
2647
|
-
# accounts can do. The
|
2648
|
-
# accounts from leaving the organization. Ensure that your
|
2649
|
-
# administrators are aware of this.
|
2676
|
+
# After you enable all features in your organization, the management
|
2677
|
+
# account in the organization can apply policies on all member accounts.
|
2678
|
+
# These policies can restrict what users and even administrators in
|
2679
|
+
# those accounts can do. The management account can apply policies that
|
2680
|
+
# prevent accounts from leaving the organization. Ensure that your
|
2681
|
+
# account administrators are aware of this.
|
2650
2682
|
#
|
2651
|
-
# This operation can be called only from the organization's
|
2683
|
+
# This operation can be called only from the organization's management
|
2652
2684
|
# account.
|
2653
2685
|
#
|
2654
2686
|
#
|
@@ -2729,7 +2761,7 @@ module Aws::Organizations
|
|
2729
2761
|
# AWS recommends that you first use ListRoots to see the status of
|
2730
2762
|
# policy types for a specified root, and then use this operation.
|
2731
2763
|
#
|
2732
|
-
# This operation can be called only from the organization's
|
2764
|
+
# This operation can be called only from the organization's management
|
2733
2765
|
# account.
|
2734
2766
|
#
|
2735
2767
|
# You can enable a policy type in a root only if that policy type is
|
@@ -2827,12 +2859,12 @@ module Aws::Organizations
|
|
2827
2859
|
# invitation is implemented as a Handshake whose details are in the
|
2828
2860
|
# response.
|
2829
2861
|
#
|
2830
|
-
# * You can invite AWS accounts only from the same seller as the
|
2831
|
-
# account. For example, if your organization's
|
2832
|
-
# created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2833
|
-
# in India, you can invite only other AISPL accounts to
|
2834
|
-
# organization. You can't combine accounts from AISPL and AWS or
|
2835
|
-
# any other AWS seller. For more information, see [Consolidated
|
2862
|
+
# * You can invite AWS accounts only from the same seller as the
|
2863
|
+
# management account. For example, if your organization's management
|
2864
|
+
# account was created by Amazon Internet Services Pvt. Ltd (AISPL), an
|
2865
|
+
# AWS seller in India, you can invite only other AISPL accounts to
|
2866
|
+
# your organization. You can't combine accounts from AISPL and AWS or
|
2867
|
+
# from any other AWS seller. For more information, see [Consolidated
|
2836
2868
|
# Billing in India][1].
|
2837
2869
|
#
|
2838
2870
|
# * If you receive an exception that indicates that you exceeded your
|
@@ -2844,7 +2876,7 @@ module Aws::Organizations
|
|
2844
2876
|
# If the request includes tags, then the requester must have the
|
2845
2877
|
# `organizations:TagResource` permission.
|
2846
2878
|
#
|
2847
|
-
# This operation can be called only from the organization's
|
2879
|
+
# This operation can be called only from the organization's management
|
2848
2880
|
# account.
|
2849
2881
|
#
|
2850
2882
|
#
|
@@ -3008,14 +3040,14 @@ module Aws::Organizations
|
|
3008
3040
|
|
3009
3041
|
# Removes a member account from its parent organization. This version of
|
3010
3042
|
# the operation is performed by the account that wants to leave. To
|
3011
|
-
# remove a member account as a user in the
|
3043
|
+
# remove a member account as a user in the management account, use
|
3012
3044
|
# RemoveAccountFromOrganization instead.
|
3013
3045
|
#
|
3014
3046
|
# This operation can be called only from a member account in the
|
3015
3047
|
# organization.
|
3016
3048
|
#
|
3017
|
-
# * The
|
3018
|
-
# set service control policies (SCPs) that can restrict what
|
3049
|
+
# * The management account in an organization with all features enabled
|
3050
|
+
# can set service control policies (SCPs) that can restrict what
|
3019
3051
|
# administrators of member accounts can do. This includes preventing
|
3020
3052
|
# them from successfully calling `LeaveOrganization` and leaving the
|
3021
3053
|
# organization.
|
@@ -3041,6 +3073,12 @@ module Aws::Organizations
|
|
3041
3073
|
# all required account information has not yet been provided][1] in
|
3042
3074
|
# the *AWS Organizations User Guide.*
|
3043
3075
|
#
|
3076
|
+
# * The account that you want to leave must not be a delegated
|
3077
|
+
# administrator account for any AWS service enabled for your
|
3078
|
+
# organization. If the account is a delegated administrator, you must
|
3079
|
+
# first change the delegated administrator account to another account
|
3080
|
+
# that is remaining in the organization.
|
3081
|
+
#
|
3044
3082
|
# * You can leave an organization only after you enable IAM user access
|
3045
3083
|
# to billing in your account. For more information, see [Activating
|
3046
3084
|
# Access to the Billing and Cost Management Console][2] in the *AWS
|
@@ -3084,7 +3122,7 @@ module Aws::Organizations
|
|
3084
3122
|
# Organizations, see [Integrating AWS Organizations with Other AWS
|
3085
3123
|
# Services][1] in the *AWS Organizations User Guide.*
|
3086
3124
|
#
|
3087
|
-
# This operation can be called only from the organization's
|
3125
|
+
# This operation can be called only from the organization's management
|
3088
3126
|
# account or by a member account that is a delegated administrator for
|
3089
3127
|
# an AWS service.
|
3090
3128
|
#
|
@@ -3153,7 +3191,7 @@ module Aws::Organizations
|
|
3153
3191
|
#
|
3154
3192
|
# </note>
|
3155
3193
|
#
|
3156
|
-
# This operation can be called only from the organization's
|
3194
|
+
# This operation can be called only from the organization's management
|
3157
3195
|
# account or by a member account that is a delegated administrator for
|
3158
3196
|
# an AWS service.
|
3159
3197
|
#
|
@@ -3276,7 +3314,7 @@ module Aws::Organizations
|
|
3276
3314
|
#
|
3277
3315
|
# </note>
|
3278
3316
|
#
|
3279
|
-
# This operation can be called only from the organization's
|
3317
|
+
# This operation can be called only from the organization's management
|
3280
3318
|
# account or by a member account that is a delegated administrator for
|
3281
3319
|
# an AWS service.
|
3282
3320
|
#
|
@@ -3385,7 +3423,7 @@ module Aws::Organizations
|
|
3385
3423
|
#
|
3386
3424
|
# </note>
|
3387
3425
|
#
|
3388
|
-
# This operation can be called only from the organization's
|
3426
|
+
# This operation can be called only from the organization's management
|
3389
3427
|
# account or by a member account that is a delegated administrator for
|
3390
3428
|
# an AWS service.
|
3391
3429
|
#
|
@@ -3497,7 +3535,7 @@ module Aws::Organizations
|
|
3497
3535
|
#
|
3498
3536
|
# </note>
|
3499
3537
|
#
|
3500
|
-
# This operation can be called only from the organization's
|
3538
|
+
# This operation can be called only from the organization's management
|
3501
3539
|
# account or by a member account that is a delegated administrator for
|
3502
3540
|
# an AWS service.
|
3503
3541
|
#
|
@@ -3599,7 +3637,7 @@ module Aws::Organizations
|
|
3599
3637
|
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
3600
3638
|
# resp.create_account_statuses[0].account_id #=> String
|
3601
3639
|
# resp.create_account_statuses[0].gov_cloud_account_id #=> String
|
3602
|
-
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
3640
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
3603
3641
|
# resp.next_token #=> String
|
3604
3642
|
#
|
3605
3643
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
@@ -3614,7 +3652,7 @@ module Aws::Organizations
|
|
3614
3652
|
# Lists the AWS accounts that are designated as delegated administrators
|
3615
3653
|
# in this organization.
|
3616
3654
|
#
|
3617
|
-
# This operation can be called only from the organization's
|
3655
|
+
# This operation can be called only from the organization's management
|
3618
3656
|
# account or by a member account that is a delegated administrator for
|
3619
3657
|
# an AWS service.
|
3620
3658
|
#
|
@@ -3684,7 +3722,7 @@ module Aws::Organizations
|
|
3684
3722
|
# List the AWS services for which the specified account is a delegated
|
3685
3723
|
# administrator.
|
3686
3724
|
#
|
3687
|
-
# This operation can be called only from the organization's
|
3725
|
+
# This operation can be called only from the organization's management
|
3688
3726
|
# account or by a member account that is a delegated administrator for
|
3689
3727
|
# an AWS service.
|
3690
3728
|
#
|
@@ -3906,7 +3944,7 @@ module Aws::Organizations
|
|
3906
3944
|
#
|
3907
3945
|
# </note>
|
3908
3946
|
#
|
3909
|
-
# This operation can be called only from the organization's
|
3947
|
+
# This operation can be called only from the organization's management
|
3910
3948
|
# account or by a member account that is a delegated administrator for
|
3911
3949
|
# an AWS service.
|
3912
3950
|
#
|
@@ -4092,7 +4130,7 @@ module Aws::Organizations
|
|
4092
4130
|
#
|
4093
4131
|
# </note>
|
4094
4132
|
#
|
4095
|
-
# This operation can be called only from the organization's
|
4133
|
+
# This operation can be called only from the organization's management
|
4096
4134
|
# account or by a member account that is a delegated administrator for
|
4097
4135
|
# an AWS service.
|
4098
4136
|
#
|
@@ -4204,7 +4242,7 @@ module Aws::Organizations
|
|
4204
4242
|
#
|
4205
4243
|
# </note>
|
4206
4244
|
#
|
4207
|
-
# This operation can be called only from the organization's
|
4245
|
+
# This operation can be called only from the organization's management
|
4208
4246
|
# account or by a member account that is a delegated administrator for
|
4209
4247
|
# an AWS service.
|
4210
4248
|
#
|
@@ -4310,7 +4348,7 @@ module Aws::Organizations
|
|
4310
4348
|
#
|
4311
4349
|
# </note>
|
4312
4350
|
#
|
4313
|
-
# This operation can be called only from the organization's
|
4351
|
+
# This operation can be called only from the organization's management
|
4314
4352
|
# account or by a member account that is a delegated administrator for
|
4315
4353
|
# an AWS service.
|
4316
4354
|
#
|
@@ -4438,7 +4476,7 @@ module Aws::Organizations
|
|
4438
4476
|
#
|
4439
4477
|
# </note>
|
4440
4478
|
#
|
4441
|
-
# This operation can be called only from the organization's
|
4479
|
+
# This operation can be called only from the organization's management
|
4442
4480
|
# account or by a member account that is a delegated administrator for
|
4443
4481
|
# an AWS service.
|
4444
4482
|
#
|
@@ -4573,7 +4611,7 @@ module Aws::Organizations
|
|
4573
4611
|
#
|
4574
4612
|
# </note>
|
4575
4613
|
#
|
4576
|
-
# This operation can be called only from the organization's
|
4614
|
+
# This operation can be called only from the organization's management
|
4577
4615
|
# account or by a member account that is a delegated administrator for
|
4578
4616
|
# an AWS service.
|
4579
4617
|
#
|
@@ -4676,7 +4714,7 @@ module Aws::Organizations
|
|
4676
4714
|
#
|
4677
4715
|
# * Policy (any type)
|
4678
4716
|
#
|
4679
|
-
# This operation can be called only from the organization's
|
4717
|
+
# This operation can be called only from the organization's management
|
4680
4718
|
# account or by a member account that is a delegated administrator for
|
4681
4719
|
# an AWS service.
|
4682
4720
|
#
|
@@ -4744,7 +4782,7 @@ module Aws::Organizations
|
|
4744
4782
|
#
|
4745
4783
|
# </note>
|
4746
4784
|
#
|
4747
|
-
# This operation can be called only from the organization's
|
4785
|
+
# This operation can be called only from the organization's management
|
4748
4786
|
# account or by a member account that is a delegated administrator for
|
4749
4787
|
# an AWS service.
|
4750
4788
|
#
|
@@ -4849,7 +4887,7 @@ module Aws::Organizations
|
|
4849
4887
|
# Moves an account from its current source parent root or organizational
|
4850
4888
|
# unit (OU) to the specified destination parent root or OU.
|
4851
4889
|
#
|
4852
|
-
# This operation can be called only from the organization's
|
4890
|
+
# This operation can be called only from the organization's management
|
4853
4891
|
# account.
|
4854
4892
|
#
|
4855
4893
|
# @option params [required, String] :account_id
|
@@ -4941,12 +4979,12 @@ module Aws::Organizations
|
|
4941
4979
|
# Services that you can use with AWS Organizations][1] in the *AWS
|
4942
4980
|
# Organizations User Guide.*
|
4943
4981
|
#
|
4944
|
-
# This operation can be called only from the organization's
|
4982
|
+
# This operation can be called only from the organization's management
|
4945
4983
|
# account.
|
4946
4984
|
#
|
4947
4985
|
#
|
4948
4986
|
#
|
4949
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4987
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
4950
4988
|
#
|
4951
4989
|
# @option params [required, String] :account_id
|
4952
4990
|
# The account ID number of the member account in the organization to
|
@@ -4978,11 +5016,11 @@ module Aws::Organizations
|
|
4978
5016
|
#
|
4979
5017
|
# The removed account becomes a standalone account that isn't a member
|
4980
5018
|
# of any organization. It's no longer subject to any policies and is
|
4981
|
-
# responsible for its own bill payments. The organization's
|
5019
|
+
# responsible for its own bill payments. The organization's management
|
4982
5020
|
# account is no longer charged for any expenses accrued by the member
|
4983
5021
|
# account after it's removed from the organization.
|
4984
5022
|
#
|
4985
|
-
# This operation can be called only from the organization's
|
5023
|
+
# This operation can be called only from the organization's management
|
4986
5024
|
# account. Member accounts can remove themselves with LeaveOrganization
|
4987
5025
|
# instead.
|
4988
5026
|
#
|
@@ -5002,6 +5040,12 @@ module Aws::Organizations
|
|
5002
5040
|
# information has not yet been provided][1] in the *AWS Organizations
|
5003
5041
|
# User Guide.*
|
5004
5042
|
#
|
5043
|
+
# * The account that you want to leave must not be a delegated
|
5044
|
+
# administrator account for any AWS service enabled for your
|
5045
|
+
# organization. If the account is a delegated administrator, you must
|
5046
|
+
# first change the delegated administrator account to another account
|
5047
|
+
# that is remaining in the organization.
|
5048
|
+
#
|
5005
5049
|
# * After the account leaves the organization, all tags that were
|
5006
5050
|
# attached to the account object in the organization are deleted. AWS
|
5007
5051
|
# accounts outside of an organization do not support tags.
|
@@ -5060,7 +5104,7 @@ module Aws::Organizations
|
|
5060
5104
|
#
|
5061
5105
|
# * Policy (any type)
|
5062
5106
|
#
|
5063
|
-
# This operation can be called only from the organization's
|
5107
|
+
# This operation can be called only from the organization's management
|
5064
5108
|
# account.
|
5065
5109
|
#
|
5066
5110
|
# @option params [required, String] :resource_id
|
@@ -5127,7 +5171,7 @@ module Aws::Organizations
|
|
5127
5171
|
#
|
5128
5172
|
# * Policy (any type)
|
5129
5173
|
#
|
5130
|
-
# This operation can be called only from the organization's
|
5174
|
+
# This operation can be called only from the organization's management
|
5131
5175
|
# account.
|
5132
5176
|
#
|
5133
5177
|
# @option params [required, String] :resource_id
|
@@ -5171,7 +5215,7 @@ module Aws::Organizations
|
|
5171
5215
|
# change. The child OUs and accounts remain in place, and any attached
|
5172
5216
|
# policies of the OU remain attached.
|
5173
5217
|
#
|
5174
|
-
# This operation can be called only from the organization's
|
5218
|
+
# This operation can be called only from the organization's management
|
5175
5219
|
# account.
|
5176
5220
|
#
|
5177
5221
|
# @option params [required, String] :organizational_unit_id
|
@@ -5246,7 +5290,7 @@ module Aws::Organizations
|
|
5246
5290
|
# If you don't supply any parameter, that value remains unchanged. You
|
5247
5291
|
# can't change a policy's type.
|
5248
5292
|
#
|
5249
|
-
# This operation can be called only from the organization's
|
5293
|
+
# This operation can be called only from the organization's management
|
5250
5294
|
# account.
|
5251
5295
|
#
|
5252
5296
|
# @option params [required, String] :policy_id
|
@@ -5380,7 +5424,7 @@ module Aws::Organizations
|
|
5380
5424
|
params: params,
|
5381
5425
|
config: config)
|
5382
5426
|
context[:gem_name] = 'aws-sdk-organizations'
|
5383
|
-
context[:gem_version] = '1.
|
5427
|
+
context[:gem_version] = '1.58.0'
|
5384
5428
|
Seahorse::Client::Request.new(handlers, context)
|
5385
5429
|
end
|
5386
5430
|
|