aws-sdk-organizations 1.67.0 → 1.70.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-organizations/client.rb +517 -376
- data/lib/aws-sdk-organizations/client_api.rb +35 -3
- data/lib/aws-sdk-organizations/errors.rb +32 -0
- data/lib/aws-sdk-organizations/types.rb +367 -227
- data/lib/aws-sdk-organizations.rb +1 -1
- metadata +4 -4
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::Organizations
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -371,27 +373,27 @@ module Aws::Organizations
|
|
371
373
|
# The user who calls the API for an invitation to join must have the
|
372
374
|
# `organizations:AcceptHandshake` permission. If you enabled all
|
373
375
|
# features in the organization, the user must also have the
|
374
|
-
# `iam:CreateServiceLinkedRole` permission so that
|
375
|
-
#
|
376
|
-
# `AWSServiceRoleForOrganizations`. For more information, see
|
377
|
-
# Organizations and Service-Linked Roles][1] in the *
|
376
|
+
# `iam:CreateServiceLinkedRole` permission so that Organizations can
|
377
|
+
# create the required service-linked role named
|
378
|
+
# `AWSServiceRoleForOrganizations`. For more information, see
|
379
|
+
# [Organizations and Service-Linked Roles][1] in the *Organizations
|
378
380
|
# User Guide*.
|
379
381
|
#
|
380
382
|
# * **Enable all features final confirmation** handshake: only a
|
381
383
|
# principal from the management account.
|
382
384
|
#
|
383
|
-
# For more information about invitations, see [Inviting an
|
384
|
-
# to
|
385
|
-
# For more information about requests to enable all
|
386
|
-
# organization, see [Enabling
|
387
|
-
# the *
|
385
|
+
# For more information about invitations, see [Inviting an Amazon Web
|
386
|
+
# Services account to join your organization][2] in the *Organizations
|
387
|
+
# User Guide.* For more information about requests to enable all
|
388
|
+
# features in the organization, see [Enabling all features in your
|
389
|
+
# organization][3] in the *Organizations User Guide.*
|
388
390
|
#
|
389
391
|
# After you accept a handshake, it continues to appear in the results of
|
390
392
|
# relevant APIs for only 30 days. After that, it's deleted.
|
391
393
|
#
|
392
394
|
#
|
393
395
|
#
|
394
|
-
# [1]:
|
396
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles
|
395
397
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html
|
396
398
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
397
399
|
#
|
@@ -498,7 +500,7 @@ module Aws::Organizations
|
|
498
500
|
|
499
501
|
# Attaches a policy to a root, an organizational unit (OU), or an
|
500
502
|
# individual account. How the policy affects accounts depends on the
|
501
|
-
# type of policy. Refer to the *
|
503
|
+
# type of policy. Refer to the *Organizations User Guide* for
|
502
504
|
# information about each policy type:
|
503
505
|
#
|
504
506
|
# * [AISERVICES\_OPT\_OUT\_POLICY][1]
|
@@ -708,70 +710,139 @@ module Aws::Organizations
|
|
708
710
|
req.send_request(options)
|
709
711
|
end
|
710
712
|
|
711
|
-
#
|
712
|
-
#
|
713
|
-
# asynchronous request that
|
714
|
-
# `
|
715
|
-
# completion message even though account
|
716
|
-
# in progress. You
|
717
|
-
#
|
718
|
-
#
|
713
|
+
# Closes an Amazon Web Services member account within an organization.
|
714
|
+
# You can't close the management account with this API. This is an
|
715
|
+
# asynchronous request that Amazon Web Services performs in the
|
716
|
+
# background. Because `CloseAccount` operates asynchronously, it can
|
717
|
+
# return a successful completion message even though account closure
|
718
|
+
# might still be in progress. You need to wait a few minutes before the
|
719
|
+
# account is fully closed. To check the status of the request, do one of
|
720
|
+
# the following:
|
721
|
+
#
|
722
|
+
# * Use the `AccountId` that you sent in the `CloseAccount` request to
|
723
|
+
# provide as a parameter to the DescribeAccount operation.
|
724
|
+
#
|
725
|
+
# While the close account request is in progress, Account status will
|
726
|
+
# indicate PENDING\_CLOSURE. When the close account request completes,
|
727
|
+
# the status will change to SUSPENDED.
|
728
|
+
#
|
729
|
+
# * Check the CloudTrail log for the `CloseAccountResult` event that
|
730
|
+
# gets published after the account closes successfully. For
|
731
|
+
# information on using CloudTrail with Organizations, see [Logging and
|
732
|
+
# monitoring in Organizations][1] in the *Organizations User Guide.*
|
733
|
+
#
|
734
|
+
# <note markdown="1"> * You can only close 10% of active member accounts within a rolling 30
|
735
|
+
# day period. This quota is not bound by a calendar month, but starts
|
736
|
+
# when you close an account. Within 30 days of that initial account
|
737
|
+
# closure, you can't exceed the 10% account closure limit.
|
738
|
+
#
|
739
|
+
# * To reinstate a closed account, contact Amazon Web Services Support
|
740
|
+
# within the 90-day grace period while the account is in SUSPENDED
|
741
|
+
# status.
|
742
|
+
#
|
743
|
+
# * If the Amazon Web Services account you attempt to close is linked to
|
744
|
+
# an Amazon Web Services GovCloud (US) account, the `CloseAccount`
|
745
|
+
# request will close both accounts. To learn important pre-closure
|
746
|
+
# details, see [ Closing an Amazon Web Services GovCloud (US)
|
747
|
+
# account][2] in the <i> Amazon Web Services GovCloud User Guide</i>.
|
748
|
+
#
|
749
|
+
# </note>
|
750
|
+
#
|
751
|
+
# For more information about closing accounts, see [Closing an Amazon
|
752
|
+
# Web Services account][3] in the *Organizations User Guide.*
|
753
|
+
#
|
754
|
+
#
|
755
|
+
#
|
756
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
757
|
+
# [2]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/Closing-govcloud-account.html
|
758
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
759
|
+
#
|
760
|
+
# @option params [required, String] :account_id
|
761
|
+
# Retrieves the Amazon Web Services account Id for the current
|
762
|
+
# `CloseAccount` API request.
|
763
|
+
#
|
764
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
765
|
+
#
|
766
|
+
# @example Request syntax with placeholder values
|
767
|
+
#
|
768
|
+
# resp = client.close_account({
|
769
|
+
# account_id: "AccountId", # required
|
770
|
+
# })
|
771
|
+
#
|
772
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CloseAccount AWS API Documentation
|
773
|
+
#
|
774
|
+
# @overload close_account(params = {})
|
775
|
+
# @param [Hash] params ({})
|
776
|
+
def close_account(params = {}, options = {})
|
777
|
+
req = build_request(:close_account, params)
|
778
|
+
req.send_request(options)
|
779
|
+
end
|
780
|
+
|
781
|
+
# Creates an Amazon Web Services account that is automatically a member
|
782
|
+
# of the organization whose credentials made the request. This is an
|
783
|
+
# asynchronous request that Amazon Web Services performs in the
|
784
|
+
# background. Because `CreateAccount` operates asynchronously, it can
|
785
|
+
# return a successful completion message even though account
|
786
|
+
# initialization might still be in progress. You might need to wait a
|
787
|
+
# few minutes before you can successfully access the account. To check
|
788
|
+
# the status of the request, do one of the following:
|
719
789
|
#
|
720
790
|
# * Use the `Id` member of the `CreateAccountStatus` response element
|
721
791
|
# from this operation to provide as a parameter to the
|
722
792
|
# DescribeCreateAccountStatus operation.
|
723
793
|
#
|
724
|
-
# * Check the
|
725
|
-
#
|
726
|
-
#
|
727
|
-
# Organizations User Guide.*
|
794
|
+
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
795
|
+
# information on using CloudTrail with Organizations, see [Logging and
|
796
|
+
# monitoring in Organizations][1] in the *Organizations User Guide.*
|
728
797
|
#
|
729
798
|
# The user who calls the API to create an account must have the
|
730
799
|
# `organizations:CreateAccount` permission. If you enabled all features
|
731
|
-
# in the organization,
|
732
|
-
#
|
733
|
-
#
|
734
|
-
#
|
800
|
+
# in the organization, Organizations creates the required service-linked
|
801
|
+
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
802
|
+
# [Organizations and Service-Linked Roles][2] in the *Organizations User
|
803
|
+
# Guide*.
|
735
804
|
#
|
736
805
|
# If the request includes tags, then the requester must have the
|
737
806
|
# `organizations:TagResource` permission.
|
738
807
|
#
|
739
|
-
#
|
740
|
-
#
|
741
|
-
#
|
742
|
-
# account. Principals in the management account can assume the role.
|
808
|
+
# Organizations preconfigures the new member account with a role (named
|
809
|
+
# `OrganizationAccountAccessRole` by default) that grants users in the
|
810
|
+
# management account administrator permissions in the new member
|
811
|
+
# account. Principals in the management account can assume the role.
|
743
812
|
# Organizations clones the company name and address information for the
|
744
813
|
# new account from the organization's management account.
|
745
814
|
#
|
746
815
|
# This operation can be called only from the organization's management
|
747
816
|
# account.
|
748
817
|
#
|
749
|
-
# For more information about creating accounts, see [Creating an
|
750
|
-
#
|
751
|
-
# Guide.*
|
818
|
+
# For more information about creating accounts, see [Creating an Amazon
|
819
|
+
# Web Services account in Your Organization][3] in the *Organizations
|
820
|
+
# User Guide.*
|
752
821
|
#
|
753
|
-
# * When you create an account in an organization using the
|
822
|
+
# * When you create an account in an organization using the
|
754
823
|
# Organizations console, API, or CLI commands, the information
|
755
824
|
# required for the account to operate as a standalone account, such as
|
756
825
|
# a payment method and signing the end user license agreement (EULA)
|
757
826
|
# is *not* automatically collected. If you must remove an account from
|
758
827
|
# your organization later, you can do so only after you provide the
|
759
828
|
# missing information. Follow the steps at [ To leave an organization
|
760
|
-
# as a member account][4] in the *
|
829
|
+
# as a member account][4] in the *Organizations User Guide*.
|
761
830
|
#
|
762
831
|
# * If you get an exception that indicates that you exceeded your
|
763
|
-
# account limits for the organization, contact [
|
832
|
+
# account limits for the organization, contact [Amazon Web Services
|
833
|
+
# Support][5].
|
764
834
|
#
|
765
835
|
# * If you get an exception that indicates that the operation failed
|
766
836
|
# because your organization is still initializing, wait one hour and
|
767
|
-
# then try again. If the error persists, contact [
|
837
|
+
# then try again. If the error persists, contact [Amazon Web Services
|
838
|
+
# Support][5].
|
768
839
|
#
|
769
840
|
# * Using `CreateAccount` to create multiple temporary accounts isn't
|
770
841
|
# recommended. You can only close an account from the Billing and Cost
|
771
|
-
# Management
|
842
|
+
# Management console, and you must be signed in as the root user. For
|
772
843
|
# information on the requirements and process for closing an account,
|
773
|
-
# see [Closing an
|
774
|
-
# Guide*.
|
844
|
+
# see [Closing an Amazon Web Services account][6] in the
|
845
|
+
# *Organizations User Guide*.
|
775
846
|
#
|
776
847
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
777
848
|
# whether to create the account with the **IAM User and Role Access to
|
@@ -786,20 +857,45 @@ module Aws::Organizations
|
|
786
857
|
#
|
787
858
|
#
|
788
859
|
#
|
789
|
-
# [1]:
|
790
|
-
# [2]:
|
860
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
861
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
791
862
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
792
|
-
# [4]:
|
863
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
793
864
|
# [5]: https://console.aws.amazon.com/support/home#/
|
794
|
-
# [6]:
|
865
|
+
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
795
866
|
# [7]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
|
796
867
|
#
|
797
868
|
# @option params [required, String] :email
|
798
869
|
# The email address of the owner to assign to the new member account.
|
799
|
-
# This email address must not already be associated with another
|
800
|
-
# account. You must use a valid email address to complete
|
801
|
-
# creation.
|
802
|
-
#
|
870
|
+
# This email address must not already be associated with another Amazon
|
871
|
+
# Web Services account. You must use a valid email address to complete
|
872
|
+
# account creation.
|
873
|
+
#
|
874
|
+
# The rules for a valid email address:
|
875
|
+
#
|
876
|
+
# * The address must be a minimum of 6 and a maximum of 64 characters
|
877
|
+
# long.
|
878
|
+
#
|
879
|
+
# * All characters must be 7-bit ASCII characters.
|
880
|
+
#
|
881
|
+
# * There must be one and only one @ symbol, which separates the local
|
882
|
+
# name from the domain name.
|
883
|
+
#
|
884
|
+
# * The local name can't contain any of the following characters:
|
885
|
+
#
|
886
|
+
# whitespace, " ' ( ) < > \[ \] : ; , \\ \| % &
|
887
|
+
#
|
888
|
+
# * The local name can't begin with a dot (.)
|
889
|
+
#
|
890
|
+
# * The domain name can consist of only the characters
|
891
|
+
# \[a-z\],\[A-Z\],\[0-9\], hyphen (-), or dot (.)
|
892
|
+
#
|
893
|
+
# * The domain name can't begin or end with a hyphen (-) or dot (.)
|
894
|
+
#
|
895
|
+
# * The domain name must contain at least one dot
|
896
|
+
#
|
897
|
+
# You can't access the root user of the account or remove an account
|
898
|
+
# that was created with an invalid email address.
|
803
899
|
#
|
804
900
|
# @option params [required, String] :account_name
|
805
901
|
# The friendly name of the member account.
|
@@ -807,11 +903,11 @@ module Aws::Organizations
|
|
807
903
|
# @option params [String] :role_name
|
808
904
|
# (Optional)
|
809
905
|
#
|
810
|
-
# The name of an IAM role that
|
811
|
-
#
|
812
|
-
#
|
813
|
-
#
|
814
|
-
#
|
906
|
+
# The name of an IAM role that Organizations automatically preconfigures
|
907
|
+
# in the new member account. This role trusts the management account,
|
908
|
+
# allowing users in the management account to assume the role, as
|
909
|
+
# permitted by the management account administrator. The role has
|
910
|
+
# administrator permissions in the new member account.
|
815
911
|
#
|
816
912
|
# If you don't specify this parameter, the role name defaults to
|
817
913
|
# `OrganizationAccountAccessRole`.
|
@@ -820,10 +916,10 @@ module Aws::Organizations
|
|
820
916
|
# account, see the following links:
|
821
917
|
#
|
822
918
|
# * [Accessing and Administering the Member Accounts in Your
|
823
|
-
# Organization][1] in the *
|
919
|
+
# Organization][1] in the *Organizations User Guide*
|
824
920
|
#
|
825
|
-
# * Steps 2 and 3 in [Tutorial: Delegate Access Across
|
826
|
-
# Using IAM Roles][2] in the *IAM User Guide*
|
921
|
+
# * Steps 2 and 3 in [Tutorial: Delegate Access Across Amazon Web
|
922
|
+
# Services accounts Using IAM Roles][2] in the *IAM User Guide*
|
827
923
|
#
|
828
924
|
# The [regex pattern][3] that is used to validate this parameter. The
|
829
925
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -840,8 +936,8 @@ module Aws::Organizations
|
|
840
936
|
# billing information *if* they have the required permissions. If set to
|
841
937
|
# `DENY`, only the root user of the new account can access account
|
842
938
|
# billing information. For more information, see [Activating Access to
|
843
|
-
# the Billing and Cost Management Console][1] in the *
|
844
|
-
# Cost Management User Guide*.
|
939
|
+
# the Billing and Cost Management Console][1] in the *Amazon Web
|
940
|
+
# Services Billing and Cost Management User Guide*.
|
845
941
|
#
|
846
942
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
847
943
|
# and IAM users and roles with the required permissions can access
|
@@ -855,12 +951,12 @@ module Aws::Organizations
|
|
855
951
|
# A list of tags that you want to attach to the newly created account.
|
856
952
|
# For each tag in the list, you must specify both a tag key and a value.
|
857
953
|
# You can set the value to an empty string, but you can't set it to
|
858
|
-
# `null`. For more information about tagging, see [Tagging
|
859
|
-
#
|
954
|
+
# `null`. For more information about tagging, see [Tagging Organizations
|
955
|
+
# resources][1] in the Organizations User Guide.
|
860
956
|
#
|
861
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
862
|
-
# of tags for an account, then the entire request fails and the
|
863
|
-
# is not created.
|
957
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum allowed
|
958
|
+
# number of tags for an account, then the entire request fails and the
|
959
|
+
# account is not created.
|
864
960
|
#
|
865
961
|
# </note>
|
866
962
|
#
|
@@ -897,7 +993,7 @@ module Aws::Organizations
|
|
897
993
|
#
|
898
994
|
# resp = client.create_account({
|
899
995
|
# email: "Email", # required
|
900
|
-
# account_name: "
|
996
|
+
# account_name: "CreateAccountName", # required
|
901
997
|
# role_name: "RoleName",
|
902
998
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
903
999
|
# tags: [
|
@@ -917,7 +1013,7 @@ module Aws::Organizations
|
|
917
1013
|
# resp.create_account_status.completed_timestamp #=> Time
|
918
1014
|
# resp.create_account_status.account_id #=> String
|
919
1015
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
920
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1016
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
|
921
1017
|
#
|
922
1018
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
|
923
1019
|
#
|
@@ -930,33 +1026,34 @@ module Aws::Organizations
|
|
930
1026
|
|
931
1027
|
# This action is available if all of the following are true:
|
932
1028
|
#
|
933
|
-
# * You're authorized to create accounts in the
|
934
|
-
# Region. For more information on the
|
935
|
-
# the [ *
|
1029
|
+
# * You're authorized to create accounts in the Amazon Web Services
|
1030
|
+
# GovCloud (US) Region. For more information on the Amazon Web
|
1031
|
+
# Services GovCloud (US) Region, see the [ *Amazon Web Services
|
1032
|
+
# GovCloud User Guide*.][1]
|
936
1033
|
#
|
937
|
-
# * You already have an account in the
|
938
|
-
# paired with a management account of an organization
|
939
|
-
# commercial Region.
|
1034
|
+
# * You already have an account in the Amazon Web Services GovCloud (US)
|
1035
|
+
# Region that is paired with a management account of an organization
|
1036
|
+
# in the commercial Region.
|
940
1037
|
#
|
941
1038
|
# * You call this action from the management account of your
|
942
1039
|
# organization in the commercial Region.
|
943
1040
|
#
|
944
1041
|
# * You have the `organizations:CreateGovCloudAccount` permission.
|
945
1042
|
#
|
946
|
-
#
|
947
|
-
#
|
948
|
-
# [
|
949
|
-
#
|
1043
|
+
# Organizations automatically creates the required service-linked role
|
1044
|
+
# named `AWSServiceRoleForOrganizations`. For more information, see
|
1045
|
+
# [Organizations and Service-Linked Roles][2] in the *Organizations User
|
1046
|
+
# Guide.*
|
950
1047
|
#
|
951
|
-
#
|
952
|
-
# accounts, but you should also do the following:
|
1048
|
+
# Amazon Web Services automatically enables CloudTrail for Amazon Web
|
1049
|
+
# Services GovCloud (US) accounts, but you should also do the following:
|
953
1050
|
#
|
954
|
-
# * Verify that
|
1051
|
+
# * Verify that CloudTrail is enabled to store logs.
|
955
1052
|
#
|
956
|
-
# * Create an S3 bucket for
|
1053
|
+
# * Create an Amazon S3 bucket for CloudTrail log storage.
|
957
1054
|
#
|
958
|
-
# For more information, see [Verifying
|
959
|
-
#
|
1055
|
+
# For more information, see [Verifying CloudTrail Is Enabled][3] in
|
1056
|
+
# the *Amazon Web Services GovCloud User Guide*.
|
960
1057
|
#
|
961
1058
|
# If the request includes tags, then the requester must have the
|
962
1059
|
# `organizations:TagResource` permission. The tags are attached to the
|
@@ -966,74 +1063,79 @@ module Aws::Organizations
|
|
966
1063
|
# GovCloud account exists.
|
967
1064
|
#
|
968
1065
|
# You call this action from the management account of your organization
|
969
|
-
# in the commercial Region to create a standalone
|
970
|
-
# GovCloud (US) Region. After the
|
971
|
-
# account of an organization in the
|
972
|
-
#
|
973
|
-
#
|
974
|
-
#
|
975
|
-
#
|
976
|
-
#
|
977
|
-
#
|
978
|
-
#
|
979
|
-
#
|
980
|
-
#
|
981
|
-
#
|
1066
|
+
# in the commercial Region to create a standalone Amazon Web Services
|
1067
|
+
# account in the Amazon Web Services GovCloud (US) Region. After the
|
1068
|
+
# account is created, the management account of an organization in the
|
1069
|
+
# Amazon Web Services GovCloud (US) Region can invite it to that
|
1070
|
+
# organization. For more information on inviting standalone accounts in
|
1071
|
+
# the Amazon Web Services GovCloud (US) to join an organization, see
|
1072
|
+
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide.*
|
1073
|
+
#
|
1074
|
+
# Calling `CreateGovCloudAccount` is an asynchronous request that Amazon
|
1075
|
+
# Web Services performs in the background. Because
|
1076
|
+
# `CreateGovCloudAccount` operates asynchronously, it can return a
|
1077
|
+
# successful completion message even though account initialization might
|
1078
|
+
# still be in progress. You might need to wait a few minutes before you
|
1079
|
+
# can successfully access the account. To check the status of the
|
1080
|
+
# request, do one of the following:
|
982
1081
|
#
|
983
1082
|
# * Use the `OperationId` response element from this operation to
|
984
1083
|
# provide as a parameter to the DescribeCreateAccountStatus operation.
|
985
1084
|
#
|
986
|
-
# * Check the
|
987
|
-
#
|
988
|
-
#
|
989
|
-
#
|
1085
|
+
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
1086
|
+
# information on using CloudTrail with Organizations, see [Monitoring
|
1087
|
+
# the Activity in Your Organization][5] in the *Organizations User
|
1088
|
+
# Guide.*
|
990
1089
|
#
|
991
1090
|
#
|
992
1091
|
#
|
993
1092
|
# When you call the `CreateGovCloudAccount` action, you create two
|
994
|
-
# accounts: a standalone account in the
|
995
|
-
# associated account in the commercial Region for
|
996
|
-
# purposes. The account in the commercial Region is
|
997
|
-
# member of the organization whose credentials made the
|
998
|
-
# accounts are associated with the same email address.
|
1093
|
+
# accounts: a standalone account in the Amazon Web Services GovCloud
|
1094
|
+
# (US) Region and an associated account in the commercial Region for
|
1095
|
+
# billing and support purposes. The account in the commercial Region is
|
1096
|
+
# automatically a member of the organization whose credentials made the
|
1097
|
+
# request. Both accounts are associated with the same email address.
|
999
1098
|
#
|
1000
1099
|
# A role is created in the new account in the commercial Region that
|
1001
1100
|
# allows the management account in the organization in the commercial
|
1002
|
-
# Region to assume it. An
|
1003
|
-
# associated with the commercial account that you just
|
1004
|
-
# is also created in the new
|
1005
|
-
#
|
1006
|
-
#
|
1007
|
-
#
|
1008
|
-
# works, see [
|
1009
|
-
#
|
1010
|
-
#
|
1011
|
-
#
|
1012
|
-
#
|
1013
|
-
#
|
1014
|
-
#
|
1101
|
+
# Region to assume it. An Amazon Web Services GovCloud (US) account is
|
1102
|
+
# then created and associated with the commercial account that you just
|
1103
|
+
# created. A role is also created in the new Amazon Web Services
|
1104
|
+
# GovCloud (US) account that can be assumed by the Amazon Web Services
|
1105
|
+
# GovCloud (US) account that is associated with the management account
|
1106
|
+
# of the commercial organization. For more information and to view a
|
1107
|
+
# diagram that explains how account access works, see [Organizations][4]
|
1108
|
+
# in the *Amazon Web Services GovCloud User Guide.*
|
1109
|
+
#
|
1110
|
+
# For more information about creating accounts, see [Creating an Amazon
|
1111
|
+
# Web Services account in Your Organization][6] in the *Organizations
|
1112
|
+
# User Guide.*
|
1113
|
+
#
|
1114
|
+
# * When you create an account in an organization using the
|
1015
1115
|
# Organizations console, API, or CLI commands, the information
|
1016
1116
|
# required for the account to operate as a standalone account is *not*
|
1017
1117
|
# automatically collected. This includes a payment method and signing
|
1018
1118
|
# the end user license agreement (EULA). If you must remove an account
|
1019
1119
|
# from your organization later, you can do so only after you provide
|
1020
1120
|
# the missing information. Follow the steps at [ To leave an
|
1021
|
-
# organization as a member account][7] in the *
|
1121
|
+
# organization as a member account][7] in the *Organizations User
|
1022
1122
|
# Guide.*
|
1023
1123
|
#
|
1024
1124
|
# * If you get an exception that indicates that you exceeded your
|
1025
|
-
# account limits for the organization, contact [
|
1125
|
+
# account limits for the organization, contact [Amazon Web Services
|
1126
|
+
# Support][8].
|
1026
1127
|
#
|
1027
1128
|
# * If you get an exception that indicates that the operation failed
|
1028
1129
|
# because your organization is still initializing, wait one hour and
|
1029
|
-
# then try again. If the error persists, contact [
|
1130
|
+
# then try again. If the error persists, contact [Amazon Web Services
|
1131
|
+
# Support][8].
|
1030
1132
|
#
|
1031
1133
|
# * Using `CreateGovCloudAccount` to create multiple temporary accounts
|
1032
|
-
# isn't recommended. You can only close an account from the
|
1033
|
-
# Billing and Cost Management console, and you must be
|
1034
|
-
# the root user. For information on the requirements and
|
1035
|
-
# closing an account, see [Closing an
|
1036
|
-
# Organizations User Guide*.
|
1134
|
+
# isn't recommended. You can only close an account from the Amazon
|
1135
|
+
# Web Services Billing and Cost Management console, and you must be
|
1136
|
+
# signed in as the root user. For information on the requirements and
|
1137
|
+
# process for closing an account, see [Closing an Amazon Web Services
|
1138
|
+
# account][9] in the *Organizations User Guide*.
|
1037
1139
|
#
|
1038
1140
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
1039
1141
|
# whether to create the account with the **IAM User and Role Access to
|
@@ -1048,49 +1150,78 @@ module Aws::Organizations
|
|
1048
1150
|
#
|
1049
1151
|
#
|
1050
1152
|
#
|
1051
|
-
# [1]:
|
1052
|
-
# [2]:
|
1053
|
-
# [3]:
|
1054
|
-
# [4]:
|
1055
|
-
# [5]:
|
1153
|
+
# [1]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html
|
1154
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
1155
|
+
# [3]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html
|
1156
|
+
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
1157
|
+
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html
|
1056
1158
|
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
1057
|
-
# [7]:
|
1159
|
+
# [7]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
1058
1160
|
# [8]: https://console.aws.amazon.com/support/home#/
|
1059
|
-
# [9]:
|
1161
|
+
# [9]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
1060
1162
|
# [10]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
|
1061
1163
|
#
|
1062
1164
|
# @option params [required, String] :email
|
1063
|
-
#
|
1064
|
-
# the commercial Region. This email address must not already
|
1065
|
-
# associated with another
|
1066
|
-
# address to complete account creation.
|
1067
|
-
#
|
1068
|
-
#
|
1069
|
-
#
|
1070
|
-
#
|
1071
|
-
#
|
1165
|
+
# Specifies the email address of the owner to assign to the new member
|
1166
|
+
# account in the commercial Region. This email address must not already
|
1167
|
+
# be associated with another Amazon Web Services account. You must use a
|
1168
|
+
# valid email address to complete account creation.
|
1169
|
+
#
|
1170
|
+
# The rules for a valid email address:
|
1171
|
+
#
|
1172
|
+
# * The address must be a minimum of 6 and a maximum of 64 characters
|
1173
|
+
# long.
|
1174
|
+
#
|
1175
|
+
# * All characters must be 7-bit ASCII characters.
|
1176
|
+
#
|
1177
|
+
# * There must be one and only one @ symbol, which separates the local
|
1178
|
+
# name from the domain name.
|
1179
|
+
#
|
1180
|
+
# * The local name can't contain any of the following characters:
|
1181
|
+
#
|
1182
|
+
# whitespace, " ' ( ) < > \[ \] : ; , \\ \| % &
|
1183
|
+
#
|
1184
|
+
# * The local name can't begin with a dot (.)
|
1185
|
+
#
|
1186
|
+
# * The domain name can consist of only the characters
|
1187
|
+
# \[a-z\],\[A-Z\],\[0-9\], hyphen (-), or dot (.)
|
1188
|
+
#
|
1189
|
+
# * The domain name can't begin or end with a hyphen (-) or dot (.)
|
1190
|
+
#
|
1191
|
+
# * The domain name must contain at least one dot
|
1192
|
+
#
|
1193
|
+
# You can't access the root user of the account or remove an account
|
1194
|
+
# that was created with an invalid email address. Like all request
|
1195
|
+
# parameters for `CreateGovCloudAccount`, the request for the email
|
1196
|
+
# address for the Amazon Web Services GovCloud (US) account originates
|
1197
|
+
# from the commercial Region, not from the Amazon Web Services GovCloud
|
1198
|
+
# (US) Region.
|
1072
1199
|
#
|
1073
1200
|
# @option params [required, String] :account_name
|
1074
1201
|
# The friendly name of the member account.
|
1075
1202
|
#
|
1203
|
+
# The account name can consist of only the characters
|
1204
|
+
# \[a-z\],\[A-Z\],\[0-9\], hyphen (-), or dot (.) You can't separate
|
1205
|
+
# characters with a dash (–).
|
1206
|
+
#
|
1076
1207
|
# @option params [String] :role_name
|
1077
1208
|
# (Optional)
|
1078
1209
|
#
|
1079
|
-
# The name of an IAM role that
|
1080
|
-
#
|
1081
|
-
# Region and in the commercial Region. This role trusts the
|
1082
|
-
# account, allowing users in the management account to assume
|
1083
|
-
# as permitted by the management account administrator. The
|
1084
|
-
# administrator permissions in the new member account.
|
1210
|
+
# The name of an IAM role that Organizations automatically preconfigures
|
1211
|
+
# in the new member accounts in both the Amazon Web Services GovCloud
|
1212
|
+
# (US) Region and in the commercial Region. This role trusts the
|
1213
|
+
# management account, allowing users in the management account to assume
|
1214
|
+
# the role, as permitted by the management account administrator. The
|
1215
|
+
# role has administrator permissions in the new member account.
|
1085
1216
|
#
|
1086
1217
|
# If you don't specify this parameter, the role name defaults to
|
1087
1218
|
# `OrganizationAccountAccessRole`.
|
1088
1219
|
#
|
1089
1220
|
# For more information about how to use this role to access the member
|
1090
1221
|
# account, see [Accessing and Administering the Member Accounts in Your
|
1091
|
-
# Organization][1] in the *
|
1092
|
-
#
|
1093
|
-
# Roles][2] in the *IAM User Guide.*
|
1222
|
+
# Organization][1] in the *Organizations User Guide* and steps 2 and 3
|
1223
|
+
# in [Tutorial: Delegate Access Across Amazon Web Services accounts
|
1224
|
+
# Using IAM Roles][2] in the *IAM User Guide.*
|
1094
1225
|
#
|
1095
1226
|
# The [regex pattern][3] that is used to validate this parameter. The
|
1096
1227
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -1108,7 +1239,8 @@ module Aws::Organizations
|
|
1108
1239
|
# the required permissions. If set to `DENY`, only the root user of the
|
1109
1240
|
# new account can access account billing information. For more
|
1110
1241
|
# information, see [Activating Access to the Billing and Cost Management
|
1111
|
-
# Console][1] in the *
|
1242
|
+
# Console][1] in the *Amazon Web Services Billing and Cost Management
|
1243
|
+
# User Guide.*
|
1112
1244
|
#
|
1113
1245
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
1114
1246
|
# and IAM users and roles with the required permissions can access
|
@@ -1127,12 +1259,12 @@ module Aws::Organizations
|
|
1127
1259
|
#
|
1128
1260
|
# For each tag in the list, you must specify both a tag key and a value.
|
1129
1261
|
# You can set the value to an empty string, but you can't set it to
|
1130
|
-
# `null`. For more information about tagging, see [Tagging
|
1131
|
-
#
|
1262
|
+
# `null`. For more information about tagging, see [Tagging Organizations
|
1263
|
+
# resources][1] in the Organizations User Guide.
|
1132
1264
|
#
|
1133
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1134
|
-
# of tags for an account, then the entire request fails and the
|
1135
|
-
# is not created.
|
1265
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum allowed
|
1266
|
+
# number of tags for an account, then the entire request fails and the
|
1267
|
+
# account is not created.
|
1136
1268
|
#
|
1137
1269
|
# </note>
|
1138
1270
|
#
|
@@ -1148,7 +1280,7 @@ module Aws::Organizations
|
|
1148
1280
|
#
|
1149
1281
|
# resp = client.create_gov_cloud_account({
|
1150
1282
|
# email: "Email", # required
|
1151
|
-
# account_name: "
|
1283
|
+
# account_name: "CreateAccountName", # required
|
1152
1284
|
# role_name: "RoleName",
|
1153
1285
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
1154
1286
|
# tags: [
|
@@ -1168,7 +1300,7 @@ module Aws::Organizations
|
|
1168
1300
|
# resp.create_account_status.completed_timestamp #=> Time
|
1169
1301
|
# resp.create_account_status.account_id #=> String
|
1170
1302
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1171
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
1303
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
|
1172
1304
|
#
|
1173
1305
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
|
1174
1306
|
#
|
@@ -1179,9 +1311,9 @@ module Aws::Organizations
|
|
1179
1311
|
req.send_request(options)
|
1180
1312
|
end
|
1181
1313
|
|
1182
|
-
# Creates an
|
1183
|
-
# `CreateOrganization` operation automatically becomes the
|
1184
|
-
# account][1] of the new organization.
|
1314
|
+
# Creates an Amazon Web Services organization. The account whose user is
|
1315
|
+
# calling the `CreateOrganization` operation automatically becomes the
|
1316
|
+
# [management account][1] of the new organization.
|
1185
1317
|
#
|
1186
1318
|
# This operation must be called using credentials from the account that
|
1187
1319
|
# is to become the new organization's management account. The principal
|
@@ -1205,17 +1337,17 @@ module Aws::Organizations
|
|
1205
1337
|
#
|
1206
1338
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
1207
1339
|
# consolidated to and paid by the management account. For more
|
1208
|
-
# information, see [Consolidated billing][1] in the *
|
1340
|
+
# information, see [Consolidated billing][1] in the *Organizations
|
1209
1341
|
# User Guide.*
|
1210
1342
|
#
|
1211
1343
|
# The consolidated billing feature subset isn't available for
|
1212
|
-
# organizations in the
|
1344
|
+
# organizations in the Amazon Web Services GovCloud (US) Region.
|
1213
1345
|
#
|
1214
1346
|
# * `ALL`\: In addition to all the features supported by the
|
1215
1347
|
# consolidated billing feature set, the management account can also
|
1216
1348
|
# apply any policy type to any member account in the organization. For
|
1217
|
-
# more information, see [All features][2] in the *
|
1218
|
-
#
|
1349
|
+
# more information, see [All features][2] in the *Organizations User
|
1350
|
+
# Guide.*
|
1219
1351
|
#
|
1220
1352
|
#
|
1221
1353
|
#
|
@@ -1312,7 +1444,7 @@ module Aws::Organizations
|
|
1312
1444
|
# is five.
|
1313
1445
|
#
|
1314
1446
|
# For more information about OUs, see [Managing Organizational Units][1]
|
1315
|
-
# in the *
|
1447
|
+
# in the *Organizations User Guide.*
|
1316
1448
|
#
|
1317
1449
|
# If the request includes tags, then the requester must have the
|
1318
1450
|
# `organizations:TagResource` permission.
|
@@ -1350,8 +1482,8 @@ module Aws::Organizations
|
|
1350
1482
|
# A list of tags that you want to attach to the newly created OU. For
|
1351
1483
|
# each tag in the list, you must specify both a tag key and a value. You
|
1352
1484
|
# can set the value to an empty string, but you can't set it to `null`.
|
1353
|
-
# For more information about tagging, see [Tagging
|
1354
|
-
# resources][1] in the
|
1485
|
+
# For more information about tagging, see [Tagging Organizations
|
1486
|
+
# resources][1] in the Organizations User Guide.
|
1355
1487
|
#
|
1356
1488
|
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1357
1489
|
# of tags for an OU, then the entire request fails and the OU is not
|
@@ -1415,7 +1547,8 @@ module Aws::Organizations
|
|
1415
1547
|
end
|
1416
1548
|
|
1417
1549
|
# Creates a policy of a specified type that you can attach to a root, an
|
1418
|
-
# organizational unit (OU), or an individual
|
1550
|
+
# organizational unit (OU), or an individual Amazon Web Services
|
1551
|
+
# account.
|
1419
1552
|
#
|
1420
1553
|
# For more information about policies and their use, see [Managing
|
1421
1554
|
# Organization Policies][1].
|
@@ -1471,8 +1604,8 @@ module Aws::Organizations
|
|
1471
1604
|
# A list of tags that you want to attach to the newly created policy.
|
1472
1605
|
# For each tag in the list, you must specify both a tag key and a value.
|
1473
1606
|
# You can set the value to an empty string, but you can't set it to
|
1474
|
-
# `null`. For more information about tagging, see [Tagging
|
1475
|
-
#
|
1607
|
+
# `null`. For more information about tagging, see [Tagging Organizations
|
1608
|
+
# resources][1] in the Organizations User Guide.
|
1476
1609
|
#
|
1477
1610
|
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
|
1478
1611
|
# of tags for a policy, then the entire request fails and the policy is
|
@@ -1773,19 +1906,19 @@ module Aws::Organizations
|
|
1773
1906
|
req.send_request(options)
|
1774
1907
|
end
|
1775
1908
|
|
1776
|
-
# Removes the specified member
|
1777
|
-
# for the specified
|
1909
|
+
# Removes the specified member Amazon Web Services account as a
|
1910
|
+
# delegated administrator for the specified Amazon Web Services service.
|
1778
1911
|
#
|
1779
1912
|
# Deregistering a delegated administrator can have unintended impacts on
|
1780
|
-
# the functionality of the enabled
|
1781
|
-
# for the enabled service before you deregister a
|
1782
|
-
# administrator so that you understand any potential impacts.
|
1913
|
+
# the functionality of the enabled Amazon Web Services service. See the
|
1914
|
+
# documentation for the enabled service before you deregister a
|
1915
|
+
# delegated administrator so that you understand any potential impacts.
|
1783
1916
|
#
|
1784
|
-
# You can run this action only for
|
1785
|
-
# feature. For a current list of services that support it,
|
1786
|
-
# column *Supports Delegated Administrator* in the table at
|
1787
|
-
# Services that you can use with
|
1788
|
-
# Organizations User Guide.*
|
1917
|
+
# You can run this action only for Amazon Web Services services that
|
1918
|
+
# support this feature. For a current list of services that support it,
|
1919
|
+
# see the column *Supports Delegated Administrator* in the table at
|
1920
|
+
# [Amazon Web Services Services that you can use with Organizations][1]
|
1921
|
+
# in the *Organizations User Guide.*
|
1789
1922
|
#
|
1790
1923
|
# This operation can be called only from the organization's management
|
1791
1924
|
# account.
|
@@ -1799,14 +1932,14 @@ module Aws::Organizations
|
|
1799
1932
|
# you want to deregister as a delegated administrator.
|
1800
1933
|
#
|
1801
1934
|
# @option params [required, String] :service_principal
|
1802
|
-
# The service principal name of an
|
1803
|
-
# a delegated administrator.
|
1935
|
+
# The service principal name of an Amazon Web Services service for which
|
1936
|
+
# the account is a delegated administrator.
|
1804
1937
|
#
|
1805
1938
|
# Delegated administrator privileges are revoked for only the specified
|
1806
|
-
#
|
1807
|
-
# only service for which the member account is a
|
1808
|
-
# administrator, the operation also revokes Organizations read
|
1809
|
-
# permissions.
|
1939
|
+
# Amazon Web Services service from the member account. If the specified
|
1940
|
+
# service is the only service for which the member account is a
|
1941
|
+
# delegated administrator, the operation also revokes Organizations read
|
1942
|
+
# action permissions.
|
1810
1943
|
#
|
1811
1944
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1812
1945
|
#
|
@@ -1826,16 +1959,16 @@ module Aws::Organizations
|
|
1826
1959
|
req.send_request(options)
|
1827
1960
|
end
|
1828
1961
|
|
1829
|
-
# Retrieves
|
1962
|
+
# Retrieves Organizations-related information about the specified
|
1830
1963
|
# account.
|
1831
1964
|
#
|
1832
1965
|
# This operation can be called only from the organization's management
|
1833
1966
|
# account or by a member account that is a delegated administrator for
|
1834
|
-
# an
|
1967
|
+
# an Amazon Web Services service.
|
1835
1968
|
#
|
1836
1969
|
# @option params [required, String] :account_id
|
1837
|
-
# The unique identifier (ID) of the
|
1838
|
-
# information about. You can get the ID from the ListAccounts or
|
1970
|
+
# The unique identifier (ID) of the Amazon Web Services account that you
|
1971
|
+
# want information about. You can get the ID from the ListAccounts or
|
1839
1972
|
# ListAccountsForParent operations.
|
1840
1973
|
#
|
1841
1974
|
# The [regex pattern][1] for an account ID string requires exactly 12
|
@@ -1880,7 +2013,7 @@ module Aws::Organizations
|
|
1880
2013
|
# resp.account.arn #=> String
|
1881
2014
|
# resp.account.email #=> String
|
1882
2015
|
# resp.account.name #=> String
|
1883
|
-
# resp.account.status #=> String, one of "ACTIVE", "SUSPENDED"
|
2016
|
+
# resp.account.status #=> String, one of "ACTIVE", "SUSPENDED", "PENDING_CLOSURE"
|
1884
2017
|
# resp.account.joined_method #=> String, one of "INVITED", "CREATED"
|
1885
2018
|
# resp.account.joined_timestamp #=> Time
|
1886
2019
|
#
|
@@ -1898,7 +2031,7 @@ module Aws::Organizations
|
|
1898
2031
|
#
|
1899
2032
|
# This operation can be called only from the organization's management
|
1900
2033
|
# account or by a member account that is a delegated administrator for
|
1901
|
-
# an
|
2034
|
+
# an Amazon Web Services service.
|
1902
2035
|
#
|
1903
2036
|
# @option params [required, String] :create_account_request_id
|
1904
2037
|
# Specifies the `Id` value that uniquely identifies the `CreateAccount`
|
@@ -1952,7 +2085,7 @@ module Aws::Organizations
|
|
1952
2085
|
# resp.create_account_status.completed_timestamp #=> Time
|
1953
2086
|
# resp.create_account_status.account_id #=> String
|
1954
2087
|
# resp.create_account_status.gov_cloud_account_id #=> String
|
1955
|
-
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
2088
|
+
# resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
|
1956
2089
|
#
|
1957
2090
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
|
1958
2091
|
#
|
@@ -1972,15 +2105,15 @@ module Aws::Organizations
|
|
1972
2105
|
# control policies (SCPs).
|
1973
2106
|
#
|
1974
2107
|
# For more information about policy inheritance, see [How Policy
|
1975
|
-
# Inheritance Works][1] in the *
|
2108
|
+
# Inheritance Works][1] in the *Organizations User Guide*.
|
1976
2109
|
#
|
1977
2110
|
# This operation can be called only from the organization's management
|
1978
2111
|
# account or by a member account that is a delegated administrator for
|
1979
|
-
# an
|
2112
|
+
# an Amazon Web Services service.
|
1980
2113
|
#
|
1981
2114
|
#
|
1982
2115
|
#
|
1983
|
-
# [1]:
|
2116
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html
|
1984
2117
|
#
|
1985
2118
|
# @option params [required, String] :policy_type
|
1986
2119
|
# The type of policy that you want information about. You can specify
|
@@ -2206,7 +2339,7 @@ module Aws::Organizations
|
|
2206
2339
|
#
|
2207
2340
|
# This operation can be called only from the organization's management
|
2208
2341
|
# account or by a member account that is a delegated administrator for
|
2209
|
-
# an
|
2342
|
+
# an Amazon Web Services service.
|
2210
2343
|
#
|
2211
2344
|
# @option params [required, String] :organizational_unit_id
|
2212
2345
|
# The unique identifier (ID) of the organizational unit that you want
|
@@ -2269,7 +2402,7 @@ module Aws::Organizations
|
|
2269
2402
|
#
|
2270
2403
|
# This operation can be called only from the organization's management
|
2271
2404
|
# account or by a member account that is a delegated administrator for
|
2272
|
-
# an
|
2405
|
+
# an Amazon Web Services service.
|
2273
2406
|
#
|
2274
2407
|
# @option params [required, String] :policy_id
|
2275
2408
|
# The unique identifier (ID) of the policy that you want details about.
|
@@ -2341,8 +2474,8 @@ module Aws::Organizations
|
|
2341
2474
|
# account.
|
2342
2475
|
#
|
2343
2476
|
# If the policy being detached is a service control policy (SCP), the
|
2344
|
-
# changes to permissions for
|
2345
|
-
#
|
2477
|
+
# changes to permissions for Identity and Access Management (IAM) users
|
2478
|
+
# and roles in affected accounts are immediate.
|
2346
2479
|
#
|
2347
2480
|
# Every root, OU, and account must have at least one SCP attached. If
|
2348
2481
|
# you want to replace the default `FullAWSAccess` policy with an SCP
|
@@ -2425,27 +2558,27 @@ module Aws::Organizations
|
|
2425
2558
|
req.send_request(options)
|
2426
2559
|
end
|
2427
2560
|
|
2428
|
-
# Disables the integration of an
|
2429
|
-
# specified by `ServicePrincipal`) with
|
2430
|
-
# disable integration, the specified service no longer can
|
2431
|
-
# [service-linked role][1] in *new* accounts in your
|
2432
|
-
# means the service can't perform operations on your
|
2433
|
-
# accounts in your organization. The service can still
|
2434
|
-
# operations in older accounts until the service completes its
|
2435
|
-
# from
|
2561
|
+
# Disables the integration of an Amazon Web Services service (the
|
2562
|
+
# service that is specified by `ServicePrincipal`) with Organizations.
|
2563
|
+
# When you disable integration, the specified service no longer can
|
2564
|
+
# create a [service-linked role][1] in *new* accounts in your
|
2565
|
+
# organization. This means the service can't perform operations on your
|
2566
|
+
# behalf on any new accounts in your organization. The service can still
|
2567
|
+
# perform operations in older accounts until the service completes its
|
2568
|
+
# clean-up from Organizations.
|
2436
2569
|
#
|
2437
2570
|
# We <b> <i>strongly recommend</i> </b> that you don't use this command
|
2438
|
-
# to disable integration between
|
2439
|
-
# service. Instead, use the console or commands that are
|
2440
|
-
# specified service. This lets the trusted service
|
2441
|
-
# initialization when enabling trusted access, such
|
2442
|
-
# required resources and any required clean up of
|
2443
|
-
# disabling trusted access.
|
2571
|
+
# to disable integration between Organizations and the specified Amazon
|
2572
|
+
# Web Services service. Instead, use the console or commands that are
|
2573
|
+
# provided by the specified service. This lets the trusted service
|
2574
|
+
# perform any required initialization when enabling trusted access, such
|
2575
|
+
# as creating any required resources and any required clean up of
|
2576
|
+
# resources when disabling trusted access.
|
2444
2577
|
#
|
2445
2578
|
# For information about how to disable trusted service access to your
|
2446
2579
|
# organization using the trusted service, see the **Learn more** link
|
2447
|
-
# under the **Supports Trusted Access** column at [
|
2448
|
-
# can use with
|
2580
|
+
# under the **Supports Trusted Access** column at [Amazon Web Services
|
2581
|
+
# services that you can use with Organizations][2]. on this page.
|
2449
2582
|
#
|
2450
2583
|
# If you disable access by using this command, it causes the following
|
2451
2584
|
# actions to occur:
|
@@ -2454,7 +2587,7 @@ module Aws::Organizations
|
|
2454
2587
|
# accounts in your organization. This means that the service can't
|
2455
2588
|
# perform operations on your behalf on any new accounts in your
|
2456
2589
|
# organization. The service can still perform operations in older
|
2457
|
-
# accounts until the service completes its clean-up from
|
2590
|
+
# accounts until the service completes its clean-up from
|
2458
2591
|
# Organizations.
|
2459
2592
|
#
|
2460
2593
|
# * The service can no longer perform tasks in the member accounts in
|
@@ -2474,30 +2607,31 @@ module Aws::Organizations
|
|
2474
2607
|
# up any resources that are required only for the integration. How the
|
2475
2608
|
# service cleans up its resources in the organization's accounts
|
2476
2609
|
# depends on that service. For more information, see the documentation
|
2477
|
-
# for the other
|
2610
|
+
# for the other Amazon Web Services service.
|
2478
2611
|
#
|
2479
2612
|
# After you perform the `DisableAWSServiceAccess` operation, the
|
2480
2613
|
# specified service can no longer perform operations in your
|
2481
2614
|
# organization's accounts
|
2482
2615
|
#
|
2483
|
-
# For more information about integrating other services with
|
2616
|
+
# For more information about integrating other services with
|
2484
2617
|
# Organizations, including the list of services that work with
|
2485
|
-
# Organizations, see [Integrating
|
2486
|
-
# Services][3] in the *
|
2618
|
+
# Organizations, see [Integrating Organizations with Other Amazon Web
|
2619
|
+
# Services Services][3] in the *Organizations User Guide.*
|
2487
2620
|
#
|
2488
2621
|
# This operation can be called only from the organization's management
|
2489
2622
|
# account.
|
2490
2623
|
#
|
2491
2624
|
#
|
2492
2625
|
#
|
2493
|
-
# [1]:
|
2626
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
|
2494
2627
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
|
2495
|
-
# [3]:
|
2628
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
2496
2629
|
#
|
2497
2630
|
# @option params [required, String] :service_principal
|
2498
|
-
# The service principal name of the
|
2499
|
-
# disable integration with your organization. This is
|
2500
|
-
# form of a URL, such as `
|
2631
|
+
# The service principal name of the Amazon Web Services service for
|
2632
|
+
# which you want to disable integration with your organization. This is
|
2633
|
+
# typically in the form of a URL, such as `
|
2634
|
+
# service-abbreviation.amazonaws.com`.
|
2501
2635
|
#
|
2502
2636
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2503
2637
|
#
|
@@ -2523,12 +2657,12 @@ module Aws::Organizations
|
|
2523
2657
|
# any organizational unit (OU) or account in that root. You can undo
|
2524
2658
|
# this by using the EnablePolicyType operation.
|
2525
2659
|
#
|
2526
|
-
# This is an asynchronous request that
|
2527
|
-
# If you disable a policy type for a root, it still
|
2528
|
-
# the organization if [all features][1] are enabled
|
2529
|
-
# organization.
|
2530
|
-
# status of policy types for a specified root,
|
2531
|
-
# operation.
|
2660
|
+
# This is an asynchronous request that Amazon Web Services performs in
|
2661
|
+
# the background. If you disable a policy type for a root, it still
|
2662
|
+
# appears enabled for the organization if [all features][1] are enabled
|
2663
|
+
# for the organization. Amazon Web Services recommends that you first
|
2664
|
+
# use ListRoots to see the status of policy types for a specified root,
|
2665
|
+
# and then use this operation.
|
2532
2666
|
#
|
2533
2667
|
# This operation can be called only from the organization's management
|
2534
2668
|
# account.
|
@@ -2621,38 +2755,40 @@ module Aws::Organizations
|
|
2621
2755
|
req.send_request(options)
|
2622
2756
|
end
|
2623
2757
|
|
2624
|
-
# Enables the integration of an
|
2625
|
-
# specified by `ServicePrincipal`) with
|
2758
|
+
# Enables the integration of an Amazon Web Services service (the service
|
2759
|
+
# that is specified by `ServicePrincipal`) with Organizations. When you
|
2626
2760
|
# enable integration, you allow the specified service to create a
|
2627
2761
|
# [service-linked role][1] in all the accounts in your organization.
|
2628
2762
|
# This allows the service to perform operations on your behalf in your
|
2629
2763
|
# organization and its accounts.
|
2630
2764
|
#
|
2631
|
-
# We recommend that you enable integration between
|
2632
|
-
#
|
2633
|
-
# provided by the specified service. Doing so ensures that the
|
2634
|
-
# is aware that it can create the resources that are required
|
2635
|
-
# integration. How the service creates those resources in the
|
2765
|
+
# We recommend that you enable integration between Organizations and the
|
2766
|
+
# specified Amazon Web Services service by using the console or commands
|
2767
|
+
# that are provided by the specified service. Doing so ensures that the
|
2768
|
+
# service is aware that it can create the resources that are required
|
2769
|
+
# for the integration. How the service creates those resources in the
|
2636
2770
|
# organization's accounts depends on that service. For more
|
2637
|
-
# information, see the documentation for the other
|
2771
|
+
# information, see the documentation for the other Amazon Web Services
|
2772
|
+
# service.
|
2638
2773
|
#
|
2639
|
-
# For more information about enabling services to integrate with
|
2640
|
-
# Organizations, see [Integrating
|
2641
|
-
# Services][2] in the *
|
2774
|
+
# For more information about enabling services to integrate with
|
2775
|
+
# Organizations, see [Integrating Organizations with Other Amazon Web
|
2776
|
+
# Services Services][2] in the *Organizations User Guide.*
|
2642
2777
|
#
|
2643
2778
|
# This operation can be called only from the organization's management
|
2644
2779
|
# account and only if the organization has [enabled all features][3].
|
2645
2780
|
#
|
2646
2781
|
#
|
2647
2782
|
#
|
2648
|
-
# [1]:
|
2649
|
-
# [2]:
|
2650
|
-
# [3]:
|
2783
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
|
2784
|
+
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
2785
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
2651
2786
|
#
|
2652
2787
|
# @option params [required, String] :service_principal
|
2653
|
-
# The service principal name of the
|
2654
|
-
# enable integration with your organization. This is
|
2655
|
-
# form of a URL, such as `
|
2788
|
+
# The service principal name of the Amazon Web Services service for
|
2789
|
+
# which you want to enable integration with your organization. This is
|
2790
|
+
# typically in the form of a URL, such as `
|
2791
|
+
# service-abbreviation.amazonaws.com`.
|
2656
2792
|
#
|
2657
2793
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2658
2794
|
#
|
@@ -2675,9 +2811,9 @@ module Aws::Organizations
|
|
2675
2811
|
# organization policies that can restrict the services and actions that
|
2676
2812
|
# can be called in each account. Until you enable all features, you have
|
2677
2813
|
# access only to consolidated billing, and you can't use any of the
|
2678
|
-
# advanced account administration features that
|
2679
|
-
#
|
2680
|
-
# Organization][1] in the *
|
2814
|
+
# advanced account administration features that Organizations supports.
|
2815
|
+
# For more information, see [Enabling All Features in Your
|
2816
|
+
# Organization][1] in the *Organizations User Guide.*
|
2681
2817
|
#
|
2682
2818
|
# This operation is required only for organizations that were created
|
2683
2819
|
# explicitly with only the consolidated billing features enabled.
|
@@ -2779,9 +2915,10 @@ module Aws::Organizations
|
|
2779
2915
|
# organizational unit (OU), or account in that root. You can undo this
|
2780
2916
|
# by using the DisablePolicyType operation.
|
2781
2917
|
#
|
2782
|
-
# This is an asynchronous request that
|
2783
|
-
#
|
2784
|
-
# policy types for a specified root, and
|
2918
|
+
# This is an asynchronous request that Amazon Web Services performs in
|
2919
|
+
# the background. Amazon Web Services recommends that you first use
|
2920
|
+
# ListRoots to see the status of policy types for a specified root, and
|
2921
|
+
# then use this operation.
|
2785
2922
|
#
|
2786
2923
|
# This operation can be called only from the organization's management
|
2787
2924
|
# account.
|
@@ -2876,24 +3013,25 @@ module Aws::Organizations
|
|
2876
3013
|
end
|
2877
3014
|
|
2878
3015
|
# Sends an invitation to another account to join your organization as a
|
2879
|
-
# member account.
|
2880
|
-
#
|
3016
|
+
# member account. Organizations sends email on your behalf to the email
|
3017
|
+
# address that is associated with the other account's owner. The
|
2881
3018
|
# invitation is implemented as a Handshake whose details are in the
|
2882
3019
|
# response.
|
2883
3020
|
#
|
2884
|
-
# * You can invite
|
2885
|
-
# management account. For example, if your
|
2886
|
-
# account was created by Amazon Internet
|
2887
|
-
#
|
2888
|
-
#
|
2889
|
-
#
|
2890
|
-
#
|
3021
|
+
# * You can invite Amazon Web Services accounts only from the same
|
3022
|
+
# seller as the management account. For example, if your
|
3023
|
+
# organization's management account was created by Amazon Internet
|
3024
|
+
# Services Pvt. Ltd (AISPL), an Amazon Web Services seller in India,
|
3025
|
+
# you can invite only other AISPL accounts to your organization. You
|
3026
|
+
# can't combine accounts from AISPL and Amazon Web Services or from
|
3027
|
+
# any other Amazon Web Services seller. For more information, see
|
3028
|
+
# [Consolidated Billing in India][1].
|
2891
3029
|
#
|
2892
3030
|
# * If you receive an exception that indicates that you exceeded your
|
2893
3031
|
# account limits for the organization or that the operation failed
|
2894
3032
|
# because your organization is still initializing, wait one hour and
|
2895
|
-
# then try again. If the error persists after an hour, contact [
|
2896
|
-
# Support][2].
|
3033
|
+
# then try again. If the error persists after an hour, contact [Amazon
|
3034
|
+
# Web Services Support][2].
|
2897
3035
|
#
|
2898
3036
|
# If the request includes tags, then the requester must have the
|
2899
3037
|
# `organizations:TagResource` permission.
|
@@ -2903,24 +3041,25 @@ module Aws::Organizations
|
|
2903
3041
|
#
|
2904
3042
|
#
|
2905
3043
|
#
|
2906
|
-
# [1]:
|
3044
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html
|
2907
3045
|
# [2]: https://console.aws.amazon.com/support/home#/
|
2908
3046
|
#
|
2909
3047
|
# @option params [required, Types::HandshakeParty] :target
|
2910
|
-
# The identifier (ID) of the
|
2911
|
-
# your organization. This is a JSON object that
|
2912
|
-
# elements:
|
3048
|
+
# The identifier (ID) of the Amazon Web Services account that you want
|
3049
|
+
# to invite to join your organization. This is a JSON object that
|
3050
|
+
# contains the following elements:
|
2913
3051
|
#
|
2914
3052
|
# `\{ "Type": "ACCOUNT", "Id": "< account id number >" \}`
|
2915
3053
|
#
|
2916
|
-
# If you use the
|
2917
|
-
#
|
3054
|
+
# If you use the CLI, you can submit this as a single string, similar to
|
3055
|
+
# the following example:
|
2918
3056
|
#
|
2919
3057
|
# `--target Id=123456789012,Type=ACCOUNT`
|
2920
3058
|
#
|
2921
|
-
# If you specify `"Type": "ACCOUNT"`, you must provide the
|
2922
|
-
# ID number as the `Id`. If you specify `"Type":
|
2923
|
-
# specify the email address that is associated with
|
3059
|
+
# If you specify `"Type": "ACCOUNT"`, you must provide the Amazon Web
|
3060
|
+
# Services account ID number as the `Id`. If you specify `"Type":
|
3061
|
+
# "EMAIL"`, you must specify the email address that is associated with
|
3062
|
+
# the account.
|
2924
3063
|
#
|
2925
3064
|
# `--target Id=diego@example.com,Type=EMAIL`
|
2926
3065
|
#
|
@@ -2933,8 +3072,8 @@ module Aws::Organizations
|
|
2933
3072
|
# a member of the organization. For each tag in the list, you must
|
2934
3073
|
# specify both a tag key and a value. You can set the value to an empty
|
2935
3074
|
# string, but you can't set it to `null`. For more information about
|
2936
|
-
# tagging, see [Tagging
|
2937
|
-
#
|
3075
|
+
# tagging, see [Tagging Organizations resources][1] in the Organizations
|
3076
|
+
# User Guide.
|
2938
3077
|
#
|
2939
3078
|
# Any tags in the request are checked for compliance with any applicable
|
2940
3079
|
# tag policies when the request is made. The request is rejected if the
|
@@ -3077,7 +3216,7 @@ module Aws::Organizations
|
|
3077
3216
|
# * You can leave an organization as a member account only if the
|
3078
3217
|
# account is configured with the information required to operate as a
|
3079
3218
|
# standalone account. When you create an account in an organization
|
3080
|
-
# using the
|
3219
|
+
# using the Organizations console, API, or CLI commands, the
|
3081
3220
|
# information required of standalone accounts is *not* automatically
|
3082
3221
|
# collected. For each account that you want to make standalone, you
|
3083
3222
|
# must perform the following steps. If any of the steps are already
|
@@ -3089,26 +3228,28 @@ module Aws::Organizations
|
|
3089
3228
|
#
|
3090
3229
|
# * Provide a current payment method
|
3091
3230
|
#
|
3092
|
-
#
|
3093
|
-
# tier)
|
3094
|
-
#
|
3095
|
-
#
|
3096
|
-
# the *
|
3231
|
+
# Amazon Web Services uses the payment method to charge for any
|
3232
|
+
# billable (not free tier) Amazon Web Services activity that occurs
|
3233
|
+
# while the account isn't attached to an organization. Follow the
|
3234
|
+
# steps at [ To leave an organization when all required account
|
3235
|
+
# information has not yet been provided][1] in the *Organizations User
|
3236
|
+
# Guide.*
|
3097
3237
|
#
|
3098
3238
|
# * The account that you want to leave must not be a delegated
|
3099
|
-
# administrator account for any
|
3100
|
-
# organization. If the account is a delegated administrator,
|
3101
|
-
# first change the delegated administrator account to another
|
3102
|
-
# that is remaining in the organization.
|
3239
|
+
# administrator account for any Amazon Web Services service enabled
|
3240
|
+
# for your organization. If the account is a delegated administrator,
|
3241
|
+
# you must first change the delegated administrator account to another
|
3242
|
+
# account that is remaining in the organization.
|
3103
3243
|
#
|
3104
3244
|
# * You can leave an organization only after you enable IAM user access
|
3105
3245
|
# to billing in your account. For more information, see [Activating
|
3106
|
-
# Access to the Billing and Cost Management Console][2] in the *
|
3107
|
-
# Billing and Cost Management User Guide.*
|
3246
|
+
# Access to the Billing and Cost Management Console][2] in the *Amazon
|
3247
|
+
# Web Services Billing and Cost Management User Guide.*
|
3108
3248
|
#
|
3109
3249
|
# * After the account leaves the organization, all tags that were
|
3110
|
-
# attached to the account object in the organization are deleted.
|
3111
|
-
# accounts outside of an organization do not
|
3250
|
+
# attached to the account object in the organization are deleted.
|
3251
|
+
# Amazon Web Services accounts outside of an organization do not
|
3252
|
+
# support tags.
|
3112
3253
|
#
|
3113
3254
|
# * A newly created account has a waiting period before it can be
|
3114
3255
|
# removed from its organization. If you get an error that indicates
|
@@ -3116,8 +3257,8 @@ module Aws::Organizations
|
|
3116
3257
|
#
|
3117
3258
|
#
|
3118
3259
|
#
|
3119
|
-
# [1]:
|
3120
|
-
# [2]:
|
3260
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
3261
|
+
# [2]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
3121
3262
|
#
|
3122
3263
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
3123
3264
|
#
|
@@ -3138,23 +3279,23 @@ module Aws::Organizations
|
|
3138
3279
|
req.send_request(options)
|
3139
3280
|
end
|
3140
3281
|
|
3141
|
-
# Returns a list of the
|
3142
|
-
# your organization. After a service on this list creates
|
3143
|
-
# that it requires for the integration, it can perform
|
3144
|
-
# your organization and its accounts.
|
3282
|
+
# Returns a list of the Amazon Web Services services that you enabled to
|
3283
|
+
# integrate with your organization. After a service on this list creates
|
3284
|
+
# the resources that it requires for the integration, it can perform
|
3285
|
+
# operations on your organization and its accounts.
|
3145
3286
|
#
|
3146
|
-
# For more information about integrating other services with
|
3287
|
+
# For more information about integrating other services with
|
3147
3288
|
# Organizations, including the list of services that currently work with
|
3148
|
-
# Organizations, see [Integrating
|
3149
|
-
# Services][1] in the *
|
3289
|
+
# Organizations, see [Integrating Organizations with Other Amazon Web
|
3290
|
+
# Services Services][1] in the *Organizations User Guide.*
|
3150
3291
|
#
|
3151
3292
|
# This operation can be called only from the organization's management
|
3152
3293
|
# account or by a member account that is a delegated administrator for
|
3153
|
-
# an
|
3294
|
+
# an Amazon Web Services service.
|
3154
3295
|
#
|
3155
3296
|
#
|
3156
3297
|
#
|
3157
|
-
# [1]:
|
3298
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
|
3158
3299
|
#
|
3159
3300
|
# @option params [String] :next_token
|
3160
3301
|
# The parameter for receiving additional results if you receive a
|
@@ -3219,7 +3360,7 @@ module Aws::Organizations
|
|
3219
3360
|
#
|
3220
3361
|
# This operation can be called only from the organization's management
|
3221
3362
|
# account or by a member account that is a delegated administrator for
|
3222
|
-
# an
|
3363
|
+
# an Amazon Web Services service.
|
3223
3364
|
#
|
3224
3365
|
# @option params [String] :next_token
|
3225
3366
|
# The parameter for receiving additional results if you receive a
|
@@ -3311,7 +3452,7 @@ module Aws::Organizations
|
|
3311
3452
|
# resp.accounts[0].arn #=> String
|
3312
3453
|
# resp.accounts[0].email #=> String
|
3313
3454
|
# resp.accounts[0].name #=> String
|
3314
|
-
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
3455
|
+
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED", "PENDING_CLOSURE"
|
3315
3456
|
# resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
|
3316
3457
|
# resp.accounts[0].joined_timestamp #=> Time
|
3317
3458
|
# resp.next_token #=> String
|
@@ -3342,7 +3483,7 @@ module Aws::Organizations
|
|
3342
3483
|
#
|
3343
3484
|
# This operation can be called only from the organization's management
|
3344
3485
|
# account or by a member account that is a delegated administrator for
|
3345
|
-
# an
|
3486
|
+
# an Amazon Web Services service.
|
3346
3487
|
#
|
3347
3488
|
# @option params [required, String] :parent_id
|
3348
3489
|
# The unique identifier (ID) for the parent root or organization unit
|
@@ -3422,7 +3563,7 @@ module Aws::Organizations
|
|
3422
3563
|
# resp.accounts[0].arn #=> String
|
3423
3564
|
# resp.accounts[0].email #=> String
|
3424
3565
|
# resp.accounts[0].name #=> String
|
3425
|
-
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
3566
|
+
# resp.accounts[0].status #=> String, one of "ACTIVE", "SUSPENDED", "PENDING_CLOSURE"
|
3426
3567
|
# resp.accounts[0].joined_method #=> String, one of "INVITED", "CREATED"
|
3427
3568
|
# resp.accounts[0].joined_timestamp #=> Time
|
3428
3569
|
# resp.next_token #=> String
|
@@ -3451,7 +3592,7 @@ module Aws::Organizations
|
|
3451
3592
|
#
|
3452
3593
|
# This operation can be called only from the organization's management
|
3453
3594
|
# account or by a member account that is a delegated administrator for
|
3454
|
-
# an
|
3595
|
+
# an Amazon Web Services service.
|
3455
3596
|
#
|
3456
3597
|
# @option params [required, String] :parent_id
|
3457
3598
|
# The unique identifier (ID) for the parent root or OU whose children
|
@@ -3563,7 +3704,7 @@ module Aws::Organizations
|
|
3563
3704
|
#
|
3564
3705
|
# This operation can be called only from the organization's management
|
3565
3706
|
# account or by a member account that is a delegated administrator for
|
3566
|
-
# an
|
3707
|
+
# an Amazon Web Services service.
|
3567
3708
|
#
|
3568
3709
|
# @option params [Array<String>] :states
|
3569
3710
|
# A list of one or more states that you want included in the response.
|
@@ -3663,7 +3804,7 @@ module Aws::Organizations
|
|
3663
3804
|
# resp.create_account_statuses[0].completed_timestamp #=> Time
|
3664
3805
|
# resp.create_account_statuses[0].account_id #=> String
|
3665
3806
|
# resp.create_account_statuses[0].gov_cloud_account_id #=> String
|
3666
|
-
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT"
|
3807
|
+
# resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
|
3667
3808
|
# resp.next_token #=> String
|
3668
3809
|
#
|
3669
3810
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
|
@@ -3675,12 +3816,12 @@ module Aws::Organizations
|
|
3675
3816
|
req.send_request(options)
|
3676
3817
|
end
|
3677
3818
|
|
3678
|
-
# Lists the
|
3679
|
-
# in this organization.
|
3819
|
+
# Lists the Amazon Web Services accounts that are designated as
|
3820
|
+
# delegated administrators in this organization.
|
3680
3821
|
#
|
3681
3822
|
# This operation can be called only from the organization's management
|
3682
3823
|
# account or by a member account that is a delegated administrator for
|
3683
|
-
# an
|
3824
|
+
# an Amazon Web Services service.
|
3684
3825
|
#
|
3685
3826
|
# @option params [String] :service_principal
|
3686
3827
|
# Specifies a service principal name. If specified, then the operation
|
@@ -3730,7 +3871,7 @@ module Aws::Organizations
|
|
3730
3871
|
# resp.delegated_administrators[0].arn #=> String
|
3731
3872
|
# resp.delegated_administrators[0].email #=> String
|
3732
3873
|
# resp.delegated_administrators[0].name #=> String
|
3733
|
-
# resp.delegated_administrators[0].status #=> String, one of "ACTIVE", "SUSPENDED"
|
3874
|
+
# resp.delegated_administrators[0].status #=> String, one of "ACTIVE", "SUSPENDED", "PENDING_CLOSURE"
|
3734
3875
|
# resp.delegated_administrators[0].joined_method #=> String, one of "INVITED", "CREATED"
|
3735
3876
|
# resp.delegated_administrators[0].joined_timestamp #=> Time
|
3736
3877
|
# resp.delegated_administrators[0].delegation_enabled_date #=> Time
|
@@ -3745,12 +3886,12 @@ module Aws::Organizations
|
|
3745
3886
|
req.send_request(options)
|
3746
3887
|
end
|
3747
3888
|
|
3748
|
-
# List the
|
3749
|
-
# administrator.
|
3889
|
+
# List the Amazon Web Services services for which the specified account
|
3890
|
+
# is a delegated administrator.
|
3750
3891
|
#
|
3751
3892
|
# This operation can be called only from the organization's management
|
3752
3893
|
# account or by a member account that is a delegated administrator for
|
3753
|
-
# an
|
3894
|
+
# an Amazon Web Services service.
|
3754
3895
|
#
|
3755
3896
|
# @option params [required, String] :account_id
|
3756
3897
|
# The account ID number of a delegated administrator account in the
|
@@ -3809,9 +3950,9 @@ module Aws::Organizations
|
|
3809
3950
|
# Lists the current handshakes that are associated with the account of
|
3810
3951
|
# the requesting user.
|
3811
3952
|
#
|
3812
|
-
# Handshakes that are `ACCEPTED`, `DECLINED`, or `
|
3813
|
-
# the results of this API for only 30 days after changing to
|
3814
|
-
# After that, they're deleted and no longer accessible.
|
3953
|
+
# Handshakes that are `ACCEPTED`, `DECLINED`, `CANCELED`, or `EXPIRED`
|
3954
|
+
# appear in the results of this API for only 30 days after changing to
|
3955
|
+
# that state. After that, they're deleted and no longer accessible.
|
3815
3956
|
#
|
3816
3957
|
# <note markdown="1"> Always check the `NextToken` response parameter for a `null` value
|
3817
3958
|
# when calling a `List*` operation. These operations can occasionally
|
@@ -3958,9 +4099,9 @@ module Aws::Organizations
|
|
3958
4099
|
# operation returns a list of handshake structures. Each structure
|
3959
4100
|
# contains details and status about a handshake.
|
3960
4101
|
#
|
3961
|
-
# Handshakes that are `ACCEPTED`, `DECLINED`, or `
|
3962
|
-
# the results of this API for only 30 days after changing to
|
3963
|
-
# After that, they're deleted and no longer accessible.
|
4102
|
+
# Handshakes that are `ACCEPTED`, `DECLINED`, `CANCELED`, or `EXPIRED`
|
4103
|
+
# appear in the results of this API for only 30 days after changing to
|
4104
|
+
# that state. After that, they're deleted and no longer accessible.
|
3964
4105
|
#
|
3965
4106
|
# <note markdown="1"> Always check the `NextToken` response parameter for a `null` value
|
3966
4107
|
# when calling a `List*` operation. These operations can occasionally
|
@@ -3972,7 +4113,7 @@ module Aws::Organizations
|
|
3972
4113
|
#
|
3973
4114
|
# This operation can be called only from the organization's management
|
3974
4115
|
# account or by a member account that is a delegated administrator for
|
3975
|
-
# an
|
4116
|
+
# an Amazon Web Services service.
|
3976
4117
|
#
|
3977
4118
|
# @option params [Types::HandshakeFilter] :filter
|
3978
4119
|
# A filter of the handshakes that you want included in the response. The
|
@@ -4158,7 +4299,7 @@ module Aws::Organizations
|
|
4158
4299
|
#
|
4159
4300
|
# This operation can be called only from the organization's management
|
4160
4301
|
# account or by a member account that is a delegated administrator for
|
4161
|
-
# an
|
4302
|
+
# an Amazon Web Services service.
|
4162
4303
|
#
|
4163
4304
|
# @option params [required, String] :parent_id
|
4164
4305
|
# The unique identifier (ID) of the root or OU whose child OUs you want
|
@@ -4270,7 +4411,7 @@ module Aws::Organizations
|
|
4270
4411
|
#
|
4271
4412
|
# This operation can be called only from the organization's management
|
4272
4413
|
# account or by a member account that is a delegated administrator for
|
4273
|
-
# an
|
4414
|
+
# an Amazon Web Services service.
|
4274
4415
|
#
|
4275
4416
|
# <note markdown="1"> In the current release, a child can have only a single parent.
|
4276
4417
|
#
|
@@ -4376,7 +4517,7 @@ module Aws::Organizations
|
|
4376
4517
|
#
|
4377
4518
|
# This operation can be called only from the organization's management
|
4378
4519
|
# account or by a member account that is a delegated administrator for
|
4379
|
-
# an
|
4520
|
+
# an Amazon Web Services service.
|
4380
4521
|
#
|
4381
4522
|
# @option params [required, String] :filter
|
4382
4523
|
# Specifies the type of policy that you want to include in the response.
|
@@ -4504,7 +4645,7 @@ module Aws::Organizations
|
|
4504
4645
|
#
|
4505
4646
|
# This operation can be called only from the organization's management
|
4506
4647
|
# account or by a member account that is a delegated administrator for
|
4507
|
-
# an
|
4648
|
+
# an Amazon Web Services service.
|
4508
4649
|
#
|
4509
4650
|
# @option params [required, String] :target_id
|
4510
4651
|
# The unique identifier (ID) of the root, organizational unit, or
|
@@ -4639,7 +4780,7 @@ module Aws::Organizations
|
|
4639
4780
|
#
|
4640
4781
|
# This operation can be called only from the organization's management
|
4641
4782
|
# account or by a member account that is a delegated administrator for
|
4642
|
-
# an
|
4783
|
+
# an Amazon Web Services service.
|
4643
4784
|
#
|
4644
4785
|
# <note markdown="1"> Policy types can be enabled and disabled in roots. This is distinct
|
4645
4786
|
# from whether they're available in the organization. When you enable
|
@@ -4730,9 +4871,9 @@ module Aws::Organizations
|
|
4730
4871
|
|
4731
4872
|
# Lists tags that are attached to the specified resource.
|
4732
4873
|
#
|
4733
|
-
# You can attach tags to the following resources in
|
4874
|
+
# You can attach tags to the following resources in Organizations.
|
4734
4875
|
#
|
4735
|
-
# *
|
4876
|
+
# * Amazon Web Services account
|
4736
4877
|
#
|
4737
4878
|
# * Organization root
|
4738
4879
|
#
|
@@ -4742,14 +4883,14 @@ module Aws::Organizations
|
|
4742
4883
|
#
|
4743
4884
|
# This operation can be called only from the organization's management
|
4744
4885
|
# account or by a member account that is a delegated administrator for
|
4745
|
-
# an
|
4886
|
+
# an Amazon Web Services service.
|
4746
4887
|
#
|
4747
4888
|
# @option params [required, String] :resource_id
|
4748
4889
|
# The ID of the resource with the tags to list.
|
4749
4890
|
#
|
4750
4891
|
# You can specify any of the following taggable resources.
|
4751
4892
|
#
|
4752
|
-
# *
|
4893
|
+
# * Amazon Web Services account – specify the account ID number.
|
4753
4894
|
#
|
4754
4895
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4755
4896
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -4810,7 +4951,7 @@ module Aws::Organizations
|
|
4810
4951
|
#
|
4811
4952
|
# This operation can be called only from the organization's management
|
4812
4953
|
# account or by a member account that is a delegated administrator for
|
4813
|
-
# an
|
4954
|
+
# an Amazon Web Services service.
|
4814
4955
|
#
|
4815
4956
|
# @option params [required, String] :policy_id
|
4816
4957
|
# The unique identifier (ID) of the policy whose attachments you want to
|
@@ -4995,15 +5136,16 @@ module Aws::Organizations
|
|
4995
5136
|
end
|
4996
5137
|
|
4997
5138
|
# Enables the specified member account to administer the Organizations
|
4998
|
-
# features of the specified
|
4999
|
-
#
|
5000
|
-
# permissions to access and administer the
|
5139
|
+
# features of the specified Amazon Web Services service. It grants
|
5140
|
+
# read-only access to Organizations service data. The account still
|
5141
|
+
# requires IAM permissions to access and administer the Amazon Web
|
5142
|
+
# Services service.
|
5001
5143
|
#
|
5002
|
-
# You can run this action only for
|
5003
|
-
# feature. For a current list of services that support it,
|
5004
|
-
# column *Supports Delegated Administrator* in the table at
|
5005
|
-
# Services that you can use with
|
5006
|
-
# Organizations User Guide.*
|
5144
|
+
# You can run this action only for Amazon Web Services services that
|
5145
|
+
# support this feature. For a current list of services that support it,
|
5146
|
+
# see the column *Supports Delegated Administrator* in the table at
|
5147
|
+
# [Amazon Web Services Services that you can use with Organizations][1]
|
5148
|
+
# in the *Organizations User Guide.*
|
5007
5149
|
#
|
5008
5150
|
# This operation can be called only from the organization's management
|
5009
5151
|
# account.
|
@@ -5017,8 +5159,8 @@ module Aws::Organizations
|
|
5017
5159
|
# register as a delegated administrator.
|
5018
5160
|
#
|
5019
5161
|
# @option params [required, String] :service_principal
|
5020
|
-
# The service principal of the
|
5021
|
-
# the member account a delegated administrator.
|
5162
|
+
# The service principal of the Amazon Web Services service for which you
|
5163
|
+
# want to make the member account a delegated administrator.
|
5022
5164
|
#
|
5023
5165
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
5024
5166
|
#
|
@@ -5053,32 +5195,33 @@ module Aws::Organizations
|
|
5053
5195
|
# * You can remove an account from your organization only if the account
|
5054
5196
|
# is configured with the information required to operate as a
|
5055
5197
|
# standalone account. When you create an account in an organization
|
5056
|
-
# using the
|
5198
|
+
# using the Organizations console, API, or CLI commands, the
|
5057
5199
|
# information required of standalone accounts is *not* automatically
|
5058
5200
|
# collected. For an account that you want to make standalone, you must
|
5059
5201
|
# choose a support plan, provide and verify the required contact
|
5060
|
-
# information, and provide a current payment method.
|
5061
|
-
# payment method to charge for any billable (not
|
5062
|
-
# activity that occurs while the
|
5063
|
-
# organization. To remove an account
|
5064
|
-
# information, you must sign in as the
|
5065
|
-
# steps at [ To leave an organization
|
5066
|
-
# information has not yet been provided][1]
|
5067
|
-
# User Guide.*
|
5202
|
+
# information, and provide a current payment method. Amazon Web
|
5203
|
+
# Services uses the payment method to charge for any billable (not
|
5204
|
+
# free tier) Amazon Web Services activity that occurs while the
|
5205
|
+
# account isn't attached to an organization. To remove an account
|
5206
|
+
# that doesn't yet have this information, you must sign in as the
|
5207
|
+
# member account and follow the steps at [ To leave an organization
|
5208
|
+
# when all required account information has not yet been provided][1]
|
5209
|
+
# in the *Organizations User Guide.*
|
5068
5210
|
#
|
5069
5211
|
# * The account that you want to leave must not be a delegated
|
5070
|
-
# administrator account for any
|
5071
|
-
# organization. If the account is a delegated administrator,
|
5072
|
-
# first change the delegated administrator account to another
|
5073
|
-
# that is remaining in the organization.
|
5212
|
+
# administrator account for any Amazon Web Services service enabled
|
5213
|
+
# for your organization. If the account is a delegated administrator,
|
5214
|
+
# you must first change the delegated administrator account to another
|
5215
|
+
# account that is remaining in the organization.
|
5074
5216
|
#
|
5075
5217
|
# * After the account leaves the organization, all tags that were
|
5076
|
-
# attached to the account object in the organization are deleted.
|
5077
|
-
# accounts outside of an organization do not
|
5218
|
+
# attached to the account object in the organization are deleted.
|
5219
|
+
# Amazon Web Services accounts outside of an organization do not
|
5220
|
+
# support tags.
|
5078
5221
|
#
|
5079
5222
|
#
|
5080
5223
|
#
|
5081
|
-
# [1]:
|
5224
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
5082
5225
|
#
|
5083
5226
|
# @option params [required, String] :account_id
|
5084
5227
|
# The unique identifier (ID) of the member account that you want to
|
@@ -5119,10 +5262,10 @@ module Aws::Organizations
|
|
5119
5262
|
|
5120
5263
|
# Adds one or more tags to the specified resource.
|
5121
5264
|
#
|
5122
|
-
# Currently, you can attach tags to the following resources in
|
5265
|
+
# Currently, you can attach tags to the following resources in
|
5123
5266
|
# Organizations.
|
5124
5267
|
#
|
5125
|
-
# *
|
5268
|
+
# * Amazon Web Services account
|
5126
5269
|
#
|
5127
5270
|
# * Organization root
|
5128
5271
|
#
|
@@ -5136,12 +5279,9 @@ module Aws::Organizations
|
|
5136
5279
|
# @option params [required, String] :resource_id
|
5137
5280
|
# The ID of the resource to add a tag to.
|
5138
5281
|
#
|
5139
|
-
# @option params [required, Array<Types::Tag>] :tags
|
5140
|
-
# A list of tags to add to the specified resource.
|
5141
|
-
#
|
5142
5282
|
# You can specify any of the following taggable resources.
|
5143
5283
|
#
|
5144
|
-
# *
|
5284
|
+
# * Amazon Web Services account – specify the account ID number.
|
5145
5285
|
#
|
5146
5286
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5147
5287
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -5152,13 +5292,14 @@ module Aws::Organizations
|
|
5152
5292
|
# * Policy – specify the policy ID that begins with `p-` andlooks
|
5153
5293
|
# similar to: `p-12abcdefg3 `
|
5154
5294
|
#
|
5295
|
+
# @option params [required, Array<Types::Tag>] :tags
|
5296
|
+
# A list of tags to add to the specified resource.
|
5297
|
+
#
|
5155
5298
|
# For each tag in the list, you must specify both a tag key and a value.
|
5156
|
-
#
|
5157
|
-
# `null`.
|
5299
|
+
# The value can be an empty string, but you can't set it to `null`.
|
5158
5300
|
#
|
5159
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
5160
|
-
# of tags for
|
5161
|
-
# account is not created.
|
5301
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum allowed
|
5302
|
+
# number of tags for a resource, then the entire request fails.
|
5162
5303
|
#
|
5163
5304
|
# </note>
|
5164
5305
|
#
|
@@ -5187,9 +5328,9 @@ module Aws::Organizations
|
|
5187
5328
|
|
5188
5329
|
# Removes any tags with the specified keys from the specified resource.
|
5189
5330
|
#
|
5190
|
-
# You can attach tags to the following resources in
|
5331
|
+
# You can attach tags to the following resources in Organizations.
|
5191
5332
|
#
|
5192
|
-
# *
|
5333
|
+
# * Amazon Web Services account
|
5193
5334
|
#
|
5194
5335
|
# * Organization root
|
5195
5336
|
#
|
@@ -5205,7 +5346,7 @@ module Aws::Organizations
|
|
5205
5346
|
#
|
5206
5347
|
# You can specify any of the following taggable resources.
|
5207
5348
|
#
|
5208
|
-
# *
|
5349
|
+
# * Amazon Web Services account – specify the account ID number.
|
5209
5350
|
#
|
5210
5351
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
5211
5352
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -5347,7 +5488,7 @@ module Aws::Organizations
|
|
5347
5488
|
# If provided, the new content for the policy. The text must be
|
5348
5489
|
# correctly formatted JSON that complies with the syntax for the
|
5349
5490
|
# policy's type. For more information, see [Service Control Policy
|
5350
|
-
# Syntax][1] in the *
|
5491
|
+
# Syntax][1] in the *Organizations User Guide.*
|
5351
5492
|
#
|
5352
5493
|
#
|
5353
5494
|
#
|
@@ -5450,7 +5591,7 @@ module Aws::Organizations
|
|
5450
5591
|
params: params,
|
5451
5592
|
config: config)
|
5452
5593
|
context[:gem_name] = 'aws-sdk-organizations'
|
5453
|
-
context[:gem_version] = '1.
|
5594
|
+
context[:gem_version] = '1.70.0'
|
5454
5595
|
Seahorse::Client::Request.new(handlers, context)
|
5455
5596
|
end
|
5456
5597
|
|