aws-sdk-organizations 1.68.0 → 1.69.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-organizations/client.rb +464 -372
- data/lib/aws-sdk-organizations/client_api.rb +35 -3
- data/lib/aws-sdk-organizations/errors.rb +32 -0
- data/lib/aws-sdk-organizations/types.rb +334 -228
- data/lib/aws-sdk-organizations.rb +1 -1
- metadata +2 -2
@@ -85,7 +85,7 @@ module Aws::Organizations
|
|
85
85
|
|
86
86
|
# The operation that you attempted requires you to have the
|
87
87
|
# `iam:CreateServiceLinkedRole` for `organizations.amazonaws.com`
|
88
|
-
# permission so that
|
88
|
+
# permission so that Organizations can create the required
|
89
89
|
# service-linked role. You don't have that permission.
|
90
90
|
#
|
91
91
|
# @!attribute [rw] message
|
@@ -103,8 +103,8 @@ module Aws::Organizations
|
|
103
103
|
include Aws::Structure
|
104
104
|
end
|
105
105
|
|
106
|
-
# Contains information about an
|
107
|
-
# organization.
|
106
|
+
# Contains information about an Amazon Web Services account that is a
|
107
|
+
# member of an organization.
|
108
108
|
#
|
109
109
|
# @!attribute [rw] id
|
110
110
|
# The unique identifier (ID) of the account.
|
@@ -121,8 +121,8 @@ module Aws::Organizations
|
|
121
121
|
# The Amazon Resource Name (ARN) of the account.
|
122
122
|
#
|
123
123
|
# For more information about ARNs in Organizations, see [ARN Formats
|
124
|
-
# Supported by Organizations][1] in the *
|
125
|
-
# Reference*.
|
124
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
125
|
+
# Authorization Reference*.
|
126
126
|
#
|
127
127
|
#
|
128
128
|
#
|
@@ -130,7 +130,7 @@ module Aws::Organizations
|
|
130
130
|
# @return [String]
|
131
131
|
#
|
132
132
|
# @!attribute [rw] email
|
133
|
-
# The email address associated with the
|
133
|
+
# The email address associated with the Amazon Web Services account.
|
134
134
|
#
|
135
135
|
# The [regex pattern][1] for this parameter is a string of characters
|
136
136
|
# that represents a standard internet email address.
|
@@ -177,8 +177,21 @@ module Aws::Organizations
|
|
177
177
|
include Aws::Structure
|
178
178
|
end
|
179
179
|
|
180
|
+
# You attempted to close an account that is already closed.
|
181
|
+
#
|
182
|
+
# @!attribute [rw] message
|
183
|
+
# @return [String]
|
184
|
+
#
|
185
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AccountAlreadyClosedException AWS API Documentation
|
186
|
+
#
|
187
|
+
class AccountAlreadyClosedException < Struct.new(
|
188
|
+
:message)
|
189
|
+
SENSITIVE = []
|
190
|
+
include Aws::Structure
|
191
|
+
end
|
192
|
+
|
180
193
|
# The specified account is already a delegated administrator for this
|
181
|
-
#
|
194
|
+
# Amazon Web Services service.
|
182
195
|
#
|
183
196
|
# @!attribute [rw] message
|
184
197
|
# @return [String]
|
@@ -191,9 +204,9 @@ module Aws::Organizations
|
|
191
204
|
include Aws::Structure
|
192
205
|
end
|
193
206
|
|
194
|
-
# We can't find an
|
195
|
-
# or the account whose credentials you used to make
|
196
|
-
# a member of an organization.
|
207
|
+
# We can't find an Amazon Web Services account with the `AccountId`
|
208
|
+
# that you specified, or the account whose credentials you used to make
|
209
|
+
# this request isn't a member of an organization.
|
197
210
|
#
|
198
211
|
# @!attribute [rw] message
|
199
212
|
# @return [String]
|
@@ -206,8 +219,8 @@ module Aws::Organizations
|
|
206
219
|
include Aws::Structure
|
207
220
|
end
|
208
221
|
|
209
|
-
# The specified account is not a delegated administrator for this
|
210
|
-
# service.
|
222
|
+
# The specified account is not a delegated administrator for this Amazon
|
223
|
+
# Web Services service.
|
211
224
|
#
|
212
225
|
# @!attribute [rw] message
|
213
226
|
# @return [String]
|
@@ -223,11 +236,11 @@ module Aws::Organizations
|
|
223
236
|
# You can't invite an existing account to your organization until you
|
224
237
|
# verify that you own the email address associated with the management
|
225
238
|
# account. For more information, see [Email Address Verification][1] in
|
226
|
-
# the *
|
239
|
+
# the *Organizations User Guide.*
|
227
240
|
#
|
228
241
|
#
|
229
242
|
#
|
230
|
-
# [1]:
|
243
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification
|
231
244
|
#
|
232
245
|
# @!attribute [rw] message
|
233
246
|
# @return [String]
|
@@ -384,8 +397,8 @@ module Aws::Organizations
|
|
384
397
|
include Aws::Structure
|
385
398
|
end
|
386
399
|
|
387
|
-
# We can't find an organizational unit (OU) or
|
388
|
-
# `ChildId` that you specified.
|
400
|
+
# We can't find an organizational unit (OU) or Amazon Web Services
|
401
|
+
# account with the `ChildId` that you specified.
|
389
402
|
#
|
390
403
|
# @!attribute [rw] message
|
391
404
|
# @return [String]
|
@@ -398,6 +411,26 @@ module Aws::Organizations
|
|
398
411
|
include Aws::Structure
|
399
412
|
end
|
400
413
|
|
414
|
+
# @note When making an API call, you may pass CloseAccountRequest
|
415
|
+
# data as a hash:
|
416
|
+
#
|
417
|
+
# {
|
418
|
+
# account_id: "AccountId", # required
|
419
|
+
# }
|
420
|
+
#
|
421
|
+
# @!attribute [rw] account_id
|
422
|
+
# Retrieves the Amazon Web Services account Id for the current
|
423
|
+
# `CloseAccount` API request.
|
424
|
+
# @return [String]
|
425
|
+
#
|
426
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CloseAccountRequest AWS API Documentation
|
427
|
+
#
|
428
|
+
class CloseAccountRequest < Struct.new(
|
429
|
+
:account_id)
|
430
|
+
SENSITIVE = []
|
431
|
+
include Aws::Structure
|
432
|
+
end
|
433
|
+
|
401
434
|
# The target of the operation is currently being modified by a different
|
402
435
|
# request. Try again later.
|
403
436
|
#
|
@@ -412,6 +445,20 @@ module Aws::Organizations
|
|
412
445
|
include Aws::Structure
|
413
446
|
end
|
414
447
|
|
448
|
+
# The request failed because it conflicts with the current state of the
|
449
|
+
# specified resource.
|
450
|
+
#
|
451
|
+
# @!attribute [rw] message
|
452
|
+
# @return [String]
|
453
|
+
#
|
454
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ConflictException AWS API Documentation
|
455
|
+
#
|
456
|
+
class ConflictException < Struct.new(
|
457
|
+
:message)
|
458
|
+
SENSITIVE = []
|
459
|
+
include Aws::Structure
|
460
|
+
end
|
461
|
+
|
415
462
|
# Performing this operation violates a minimum or maximum value limit.
|
416
463
|
# For example, attempting to remove the last service control policy
|
417
464
|
# (SCP) from an OU or root, inviting or creating too many accounts to
|
@@ -429,32 +476,25 @@ module Aws::Organizations
|
|
429
476
|
# management account. Instead, after you remove all member accounts,
|
430
477
|
# delete the organization itself.
|
431
478
|
#
|
432
|
-
# * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_EULA: You attempted to remove an
|
433
|
-
# account from the organization that doesn't yet have enough
|
434
|
-
# information to exist as a standalone account. This account requires
|
435
|
-
# you to first agree to the AWS Customer Agreement. Follow the steps
|
436
|
-
# at [Removing a member account from your organization][1]in the *AWS
|
437
|
-
# Organizations User Guide.*
|
438
|
-
#
|
439
479
|
# * ACCOUNT\_CANNOT\_LEAVE\_WITHOUT\_PHONE\_VERIFICATION: You attempted
|
440
480
|
# to remove an account from the organization that doesn't yet have
|
441
481
|
# enough information to exist as a standalone account. This account
|
442
482
|
# requires you to first complete phone verification. Follow the steps
|
443
|
-
# at [Removing a member account from your organization][1] in the
|
444
|
-
# Organizations User Guide.*
|
483
|
+
# at [Removing a member account from your organization][1] in the
|
484
|
+
# *Organizations User Guide.*
|
445
485
|
#
|
446
486
|
# * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
|
447
487
|
# the number of accounts that you can create in one day.
|
448
488
|
#
|
449
489
|
# * ACCOUNT\_NUMBER\_LIMIT\_EXCEEDED: You attempted to exceed the limit
|
450
490
|
# on the number of accounts in an organization. If you need more
|
451
|
-
# accounts, contact [
|
452
|
-
# limit.
|
491
|
+
# accounts, contact [Amazon Web Services Support][2] to request an
|
492
|
+
# increase in your limit.
|
453
493
|
#
|
454
494
|
# Or the number of invitations that you tried to send would cause you
|
455
495
|
# to exceed the limit of accounts in your organization. Send fewer
|
456
|
-
# invitations or contact
|
457
|
-
# number of accounts.
|
496
|
+
# invitations or contact Amazon Web Services Support to request an
|
497
|
+
# increase in the number of accounts.
|
458
498
|
#
|
459
499
|
# <note markdown="1"> Deleted and closed accounts still count toward your limit.
|
460
500
|
#
|
@@ -462,14 +502,14 @@ module Aws::Organizations
|
|
462
502
|
#
|
463
503
|
# If you get this exception when running a command immediately after
|
464
504
|
# creating the organization, wait one hour and try again. After an
|
465
|
-
# hour, if the command continues to fail with this error, contact
|
466
|
-
# Support][2].
|
505
|
+
# hour, if the command continues to fail with this error, contact
|
506
|
+
# [Amazon Web Services Support][2].
|
467
507
|
#
|
468
508
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
469
509
|
# attempted to register the management account of the organization as
|
470
|
-
# a delegated administrator for an
|
471
|
-
# Organizations. You can designate only a member
|
472
|
-
# delegated administrator.
|
510
|
+
# a delegated administrator for an Amazon Web Services service
|
511
|
+
# integrated with Organizations. You can designate only a member
|
512
|
+
# account as a delegated administrator.
|
473
513
|
#
|
474
514
|
# * CANNOT\_REMOVE\_DELEGATED\_ADMINISTRATOR\_FROM\_ORG: You attempted
|
475
515
|
# to remove an account that is registered as a delegated administrator
|
@@ -482,10 +522,10 @@ module Aws::Organizations
|
|
482
522
|
# features mode.
|
483
523
|
#
|
484
524
|
# * DELEGATED\_ADMINISTRATOR\_EXISTS\_FOR\_THIS\_SERVICE: You attempted
|
485
|
-
# to register an
|
486
|
-
# service that already has a
|
487
|
-
# operation, you must first
|
488
|
-
# administrators for this service.
|
525
|
+
# to register an Amazon Web Services account as a delegated
|
526
|
+
# administrator for an Amazon Web Services service that already has a
|
527
|
+
# delegated administrator. To complete this operation, you must first
|
528
|
+
# deregister any existing delegated administrators for this service.
|
489
529
|
#
|
490
530
|
# * EMAIL\_VERIFICATION\_CODE\_EXPIRED: The email verification code is
|
491
531
|
# only valid for a limited period of time. You must resubmit the
|
@@ -502,26 +542,26 @@ module Aws::Organizations
|
|
502
542
|
# marketplace. All accounts in an organization must be associated with
|
503
543
|
# the same marketplace.
|
504
544
|
#
|
505
|
-
# * MASTER\_ACCOUNT\_MISSING\_BUSINESS\_LICENSE: Applies only to the
|
506
|
-
# Regions in China. To create an
|
507
|
-
# valid business license. For
|
508
|
-
# support.
|
545
|
+
# * MASTER\_ACCOUNT\_MISSING\_BUSINESS\_LICENSE: Applies only to the
|
546
|
+
# Amazon Web Services /> Regions in China. To create an
|
547
|
+
# organization, the master must have a valid business license. For
|
548
|
+
# more information, contact customer support.
|
509
549
|
#
|
510
550
|
# * MASTER\_ACCOUNT\_MISSING\_CONTACT\_INFO: To complete this operation,
|
511
551
|
# you must first provide a valid contact address and phone number for
|
512
552
|
# the management account. Then try the operation again.
|
513
553
|
#
|
514
554
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
515
|
-
# the management account must have an associated account in the
|
516
|
-
# GovCloud (US-West) Region. For more information, see
|
517
|
-
# Organizations][3] in the *
|
555
|
+
# the management account must have an associated account in the Amazon
|
556
|
+
# Web Services GovCloud (US-West) Region. For more information, see
|
557
|
+
# [Organizations][3] in the *Amazon Web Services GovCloud User Guide.*
|
518
558
|
#
|
519
559
|
# * MASTER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To create an
|
520
560
|
# organization with this management account, you first must associate
|
521
561
|
# a valid payment instrument, such as a credit card, with the account.
|
522
562
|
# Follow the steps at [To leave an organization when all required
|
523
|
-
# account information has not yet been provided][4] in the
|
524
|
-
# Organizations User Guide.*
|
563
|
+
# account information has not yet been provided][4] in the
|
564
|
+
# *Organizations User Guide.*
|
525
565
|
#
|
526
566
|
# * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
|
527
567
|
# attempted to register more delegated administrators than allowed for
|
@@ -538,8 +578,8 @@ module Aws::Organizations
|
|
538
578
|
# operation with this member account, you first must associate a valid
|
539
579
|
# payment instrument, such as a credit card, with the account. Follow
|
540
580
|
# the steps at [To leave an organization when all required account
|
541
|
-
# information has not yet been provided][4] in the *
|
542
|
-
#
|
581
|
+
# information has not yet been provided][4] in the *Organizations User
|
582
|
+
# Guide.*
|
543
583
|
#
|
544
584
|
# * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
|
545
585
|
# detach a policy from an entity that would cause the entity to have
|
@@ -563,16 +603,25 @@ module Aws::Organizations
|
|
563
603
|
# * POLICY\_NUMBER\_LIMIT\_EXCEEDED: You attempted to exceed the number
|
564
604
|
# of policies that you can have in an organization.
|
565
605
|
#
|
606
|
+
# * SERVICE\_ACCESS\_NOT\_ENABLED: You attempted to register a delegated
|
607
|
+
# administrator before you enabled service access. Call the
|
608
|
+
# `EnableAWSServiceAccess` API first.
|
609
|
+
#
|
566
610
|
# * TAG\_POLICY\_VIOLATION: You attempted to create or update a resource
|
567
611
|
# with tags that are not compliant with the tag policy requirements
|
568
612
|
# for this account.
|
569
613
|
#
|
614
|
+
# * WAIT\_PERIOD\_ACTIVE: After you create an Amazon Web Services
|
615
|
+
# account, there is a waiting period before you can remove it from the
|
616
|
+
# organization. If you get an error that indicates that a wait period
|
617
|
+
# is required, try again in a few days.
|
570
618
|
#
|
571
619
|
#
|
572
|
-
#
|
573
|
-
# [
|
574
|
-
# [
|
575
|
-
# [
|
620
|
+
#
|
621
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
|
622
|
+
# [2]: https://docs.aws.amazon.com/support/home#/
|
623
|
+
# [3]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
624
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
|
576
625
|
#
|
577
626
|
# @!attribute [rw] message
|
578
627
|
# @return [String]
|
@@ -594,7 +643,7 @@ module Aws::Organizations
|
|
594
643
|
#
|
595
644
|
# {
|
596
645
|
# email: "Email", # required
|
597
|
-
# account_name: "
|
646
|
+
# account_name: "CreateAccountName", # required
|
598
647
|
# role_name: "RoleName",
|
599
648
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
600
649
|
# tags: [
|
@@ -607,10 +656,35 @@ module Aws::Organizations
|
|
607
656
|
#
|
608
657
|
# @!attribute [rw] email
|
609
658
|
# The email address of the owner to assign to the new member account.
|
610
|
-
# This email address must not already be associated with another
|
611
|
-
# account. You must use a valid email address to
|
612
|
-
#
|
613
|
-
#
|
659
|
+
# This email address must not already be associated with another
|
660
|
+
# Amazon Web Services account. You must use a valid email address to
|
661
|
+
# complete account creation.
|
662
|
+
#
|
663
|
+
# The rules for a valid email address:
|
664
|
+
#
|
665
|
+
# * The address must be a minimum of 6 and a maximum of 64 characters
|
666
|
+
# long.
|
667
|
+
#
|
668
|
+
# * All characters must be 7-bit ASCII characters.
|
669
|
+
#
|
670
|
+
# * There must be one and only one @ symbol, which separates the local
|
671
|
+
# name from the domain name.
|
672
|
+
#
|
673
|
+
# * The local name can't contain any of the following characters:
|
674
|
+
#
|
675
|
+
# whitespace, " ' ( ) < > \[ \] : ; , \\ \| % &
|
676
|
+
#
|
677
|
+
# * The local name can't begin with a dot (.)
|
678
|
+
#
|
679
|
+
# * The domain name can consist of only the characters
|
680
|
+
# \[a-z\],\[A-Z\],\[0-9\], hyphen (-), or dot (.)
|
681
|
+
#
|
682
|
+
# * The domain name can't begin or end with a hyphen (-) or dot (.)
|
683
|
+
#
|
684
|
+
# * The domain name must contain at least one dot
|
685
|
+
#
|
686
|
+
# You can't access the root user of the account or remove an account
|
687
|
+
# that was created with an invalid email address.
|
614
688
|
# @return [String]
|
615
689
|
#
|
616
690
|
# @!attribute [rw] account_name
|
@@ -620,7 +694,7 @@ module Aws::Organizations
|
|
620
694
|
# @!attribute [rw] role_name
|
621
695
|
# (Optional)
|
622
696
|
#
|
623
|
-
# The name of an IAM role that
|
697
|
+
# The name of an IAM role that Organizations automatically
|
624
698
|
# preconfigures in the new member account. This role trusts the
|
625
699
|
# management account, allowing users in the management account to
|
626
700
|
# assume the role, as permitted by the management account
|
@@ -634,10 +708,10 @@ module Aws::Organizations
|
|
634
708
|
# account, see the following links:
|
635
709
|
#
|
636
710
|
# * [Accessing and Administering the Member Accounts in Your
|
637
|
-
# Organization][1] in the *
|
711
|
+
# Organization][1] in the *Organizations User Guide*
|
638
712
|
#
|
639
|
-
# * Steps 2 and 3 in [Tutorial: Delegate Access Across
|
640
|
-
# Using IAM Roles][2] in the *IAM User Guide*
|
713
|
+
# * Steps 2 and 3 in [Tutorial: Delegate Access Across Amazon Web
|
714
|
+
# Services accounts Using IAM Roles][2] in the *IAM User Guide*
|
641
715
|
#
|
642
716
|
# The [regex pattern][3] that is used to validate this parameter. The
|
643
717
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -655,8 +729,8 @@ module Aws::Organizations
|
|
655
729
|
# account billing information *if* they have the required permissions.
|
656
730
|
# If set to `DENY`, only the root user of the new account can access
|
657
731
|
# account billing information. For more information, see [Activating
|
658
|
-
# Access to the Billing and Cost Management Console][1] in the *
|
659
|
-
# Billing and Cost Management User Guide*.
|
732
|
+
# Access to the Billing and Cost Management Console][1] in the *Amazon
|
733
|
+
# Web Services Billing and Cost Management User Guide*.
|
660
734
|
#
|
661
735
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
662
736
|
# and IAM users and roles with the required permissions can access
|
@@ -671,12 +745,12 @@ module Aws::Organizations
|
|
671
745
|
# A list of tags that you want to attach to the newly created account.
|
672
746
|
# For each tag in the list, you must specify both a tag key and a
|
673
747
|
# value. You can set the value to an empty string, but you can't set
|
674
|
-
# it to `null`. For more information about tagging, see [Tagging
|
675
|
-
# Organizations resources][1] in the
|
748
|
+
# it to `null`. For more information about tagging, see [Tagging
|
749
|
+
# Organizations resources][1] in the Organizations User Guide.
|
676
750
|
#
|
677
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the
|
678
|
-
# number of tags for an account, then the entire request fails
|
679
|
-
# account is not created.
|
751
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum
|
752
|
+
# allowed number of tags for an account, then the entire request fails
|
753
|
+
# and the account is not created.
|
680
754
|
#
|
681
755
|
# </note>
|
682
756
|
#
|
@@ -703,14 +777,14 @@ module Aws::Organizations
|
|
703
777
|
# you first receive it because account creation is an asynchronous
|
704
778
|
# process. You can pass the returned `CreateAccountStatus` ID as a
|
705
779
|
# parameter to DescribeCreateAccountStatus to get status about the
|
706
|
-
# progress of the request at later times. You can also check the
|
780
|
+
# progress of the request at later times. You can also check the
|
707
781
|
# CloudTrail log for the `CreateAccountResult` event. For more
|
708
782
|
# information, see [Monitoring the Activity in Your Organization][1]
|
709
|
-
# in the *
|
783
|
+
# in the *Organizations User Guide*.
|
710
784
|
#
|
711
785
|
#
|
712
786
|
#
|
713
|
-
# [1]:
|
787
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html
|
714
788
|
# @return [Types::CreateAccountStatus]
|
715
789
|
#
|
716
790
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountResponse AWS API Documentation
|
@@ -722,8 +796,8 @@ module Aws::Organizations
|
|
722
796
|
end
|
723
797
|
|
724
798
|
# Contains the status about a CreateAccount or CreateGovCloudAccount
|
725
|
-
# request to create an
|
726
|
-
# organization.
|
799
|
+
# request to create an Amazon Web Services account or an Amazon Web
|
800
|
+
# Services GovCloud (US) account in an organization.
|
727
801
|
#
|
728
802
|
# @!attribute [rw] id
|
729
803
|
# The unique identifier (ID) that references this request. You get
|
@@ -744,7 +818,8 @@ module Aws::Organizations
|
|
744
818
|
# @return [String]
|
745
819
|
#
|
746
820
|
# @!attribute [rw] state
|
747
|
-
# The status of the asynchronous request to create an
|
821
|
+
# The status of the asynchronous request to create an Amazon Web
|
822
|
+
# Services account.
|
748
823
|
# @return [String]
|
749
824
|
#
|
750
825
|
# @!attribute [rw] requested_timestamp
|
@@ -771,7 +846,7 @@ module Aws::Organizations
|
|
771
846
|
#
|
772
847
|
# @!attribute [rw] gov_cloud_account_id
|
773
848
|
# If the account was created successfully, the unique identifier (ID)
|
774
|
-
# of the new account in the
|
849
|
+
# of the new account in the Amazon Web Services GovCloud (US) Region.
|
775
850
|
# @return [String]
|
776
851
|
#
|
777
852
|
# @!attribute [rw] failure_reason
|
@@ -785,18 +860,20 @@ module Aws::Organizations
|
|
785
860
|
# with the same information.
|
786
861
|
#
|
787
862
|
# * EMAIL\_ALREADY\_EXISTS: The account could not be created because
|
788
|
-
# another
|
863
|
+
# another Amazon Web Services account with that email address
|
864
|
+
# already exists.
|
789
865
|
#
|
790
|
-
# * FAILED\_BUSINESS\_VALIDATION: The
|
791
|
-
# organization failed to receive business license
|
866
|
+
# * FAILED\_BUSINESS\_VALIDATION: The Amazon Web Services account that
|
867
|
+
# owns your organization failed to receive business license
|
868
|
+
# validation.
|
792
869
|
#
|
793
|
-
# * GOVCLOUD\_ACCOUNT\_ALREADY\_EXISTS: The account in the
|
794
|
-
# GovCloud (US) Region could not be created because this
|
795
|
-
# already includes an account with that email address.
|
870
|
+
# * GOVCLOUD\_ACCOUNT\_ALREADY\_EXISTS: The account in the Amazon Web
|
871
|
+
# Services GovCloud (US) Region could not be created because this
|
872
|
+
# Region already includes an account with that email address.
|
796
873
|
#
|
797
|
-
# * IDENTITY\_INVALID\_BUSINESS\_VALIDATION: The
|
798
|
-
# your organization can't complete business
|
799
|
-
# because it doesn't have valid identity data.
|
874
|
+
# * IDENTITY\_INVALID\_BUSINESS\_VALIDATION: The Amazon Web Services
|
875
|
+
# account that owns your organization can't complete business
|
876
|
+
# license validation because it doesn't have valid identity data.
|
800
877
|
#
|
801
878
|
# * INVALID\_ADDRESS: The account could not be created because the
|
802
879
|
# address you provided is not valid.
|
@@ -806,21 +883,21 @@ module Aws::Organizations
|
|
806
883
|
#
|
807
884
|
# * INTERNAL\_FAILURE: The account could not be created because of an
|
808
885
|
# internal failure. Try again later. If the problem persists,
|
809
|
-
# contact
|
886
|
+
# contact Amazon Web Services Customer Support.
|
810
887
|
#
|
811
|
-
# * MISSING\_BUSINESS\_VALIDATION: The
|
812
|
-
# organization has not received Business Validation.
|
888
|
+
# * MISSING\_BUSINESS\_VALIDATION: The Amazon Web Services account
|
889
|
+
# that owns your organization has not received Business Validation.
|
813
890
|
#
|
814
891
|
# * MISSING\_PAYMENT\_INSTRUMENT: You must configure the management
|
815
892
|
# account with a valid payment method, such as a credit card.
|
816
893
|
#
|
817
|
-
# * PENDING\_BUSINESS\_VALIDATION: The
|
818
|
-
# organization is still in the process of completing
|
819
|
-
# license validation.
|
894
|
+
# * PENDING\_BUSINESS\_VALIDATION: The Amazon Web Services account
|
895
|
+
# that owns your organization is still in the process of completing
|
896
|
+
# business license validation.
|
820
897
|
#
|
821
|
-
# * UNKNOWN\_BUSINESS\_VALIDATION: The
|
822
|
-
# organization has an unknown issue with business
|
823
|
-
# validation.
|
898
|
+
# * UNKNOWN\_BUSINESS\_VALIDATION: The Amazon Web Services account
|
899
|
+
# that owns your organization has an unknown issue with business
|
900
|
+
# license validation.
|
824
901
|
# @return [String]
|
825
902
|
#
|
826
903
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountStatus AWS API Documentation
|
@@ -857,7 +934,7 @@ module Aws::Organizations
|
|
857
934
|
#
|
858
935
|
# {
|
859
936
|
# email: "Email", # required
|
860
|
-
# account_name: "
|
937
|
+
# account_name: "CreateAccountName", # required
|
861
938
|
# role_name: "RoleName",
|
862
939
|
# iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
|
863
940
|
# tags: [
|
@@ -869,15 +946,40 @@ module Aws::Organizations
|
|
869
946
|
# }
|
870
947
|
#
|
871
948
|
# @!attribute [rw] email
|
872
|
-
#
|
873
|
-
# in the commercial Region. This email address must not
|
874
|
-
# associated with another
|
875
|
-
# address to complete account creation.
|
876
|
-
#
|
877
|
-
#
|
878
|
-
#
|
879
|
-
#
|
880
|
-
#
|
949
|
+
# Specifies the email address of the owner to assign to the new member
|
950
|
+
# account in the commercial Region. This email address must not
|
951
|
+
# already be associated with another Amazon Web Services account. You
|
952
|
+
# must use a valid email address to complete account creation.
|
953
|
+
#
|
954
|
+
# The rules for a valid email address:
|
955
|
+
#
|
956
|
+
# * The address must be a minimum of 6 and a maximum of 64 characters
|
957
|
+
# long.
|
958
|
+
#
|
959
|
+
# * All characters must be 7-bit ASCII characters.
|
960
|
+
#
|
961
|
+
# * There must be one and only one @ symbol, which separates the local
|
962
|
+
# name from the domain name.
|
963
|
+
#
|
964
|
+
# * The local name can't contain any of the following characters:
|
965
|
+
#
|
966
|
+
# whitespace, " ' ( ) < > \[ \] : ; , \\ \| % &
|
967
|
+
#
|
968
|
+
# * The local name can't begin with a dot (.)
|
969
|
+
#
|
970
|
+
# * The domain name can consist of only the characters
|
971
|
+
# \[a-z\],\[A-Z\],\[0-9\], hyphen (-), or dot (.)
|
972
|
+
#
|
973
|
+
# * The domain name can't begin or end with a hyphen (-) or dot (.)
|
974
|
+
#
|
975
|
+
# * The domain name must contain at least one dot
|
976
|
+
#
|
977
|
+
# You can't access the root user of the account or remove an account
|
978
|
+
# that was created with an invalid email address. Like all request
|
979
|
+
# parameters for `CreateGovCloudAccount`, the request for the email
|
980
|
+
# address for the Amazon Web Services GovCloud (US) account originates
|
981
|
+
# from the commercial Region, not from the Amazon Web Services
|
982
|
+
# GovCloud (US) Region.
|
881
983
|
# @return [String]
|
882
984
|
#
|
883
985
|
# @!attribute [rw] account_name
|
@@ -887,11 +989,11 @@ module Aws::Organizations
|
|
887
989
|
# @!attribute [rw] role_name
|
888
990
|
# (Optional)
|
889
991
|
#
|
890
|
-
# The name of an IAM role that
|
891
|
-
# preconfigures in the new member accounts in both the
|
892
|
-
# (US) Region and in the commercial Region. This
|
893
|
-
# management account, allowing users in the management
|
894
|
-
# assume the role, as permitted by the management account
|
992
|
+
# The name of an IAM role that Organizations automatically
|
993
|
+
# preconfigures in the new member accounts in both the Amazon Web
|
994
|
+
# Services GovCloud (US) Region and in the commercial Region. This
|
995
|
+
# role trusts the management account, allowing users in the management
|
996
|
+
# account to assume the role, as permitted by the management account
|
895
997
|
# administrator. The role has administrator permissions in the new
|
896
998
|
# member account.
|
897
999
|
#
|
@@ -900,9 +1002,9 @@ module Aws::Organizations
|
|
900
1002
|
#
|
901
1003
|
# For more information about how to use this role to access the member
|
902
1004
|
# account, see [Accessing and Administering the Member Accounts in
|
903
|
-
# Your Organization][1] in the *
|
904
|
-
#
|
905
|
-
# Using IAM Roles][2] in the *IAM User Guide.*
|
1005
|
+
# Your Organization][1] in the *Organizations User Guide* and steps 2
|
1006
|
+
# and 3 in [Tutorial: Delegate Access Across Amazon Web Services
|
1007
|
+
# accounts Using IAM Roles][2] in the *IAM User Guide.*
|
906
1008
|
#
|
907
1009
|
# The [regex pattern][3] that is used to validate this parameter. The
|
908
1010
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -921,8 +1023,8 @@ module Aws::Organizations
|
|
921
1023
|
# have the required permissions. If set to `DENY`, only the root user
|
922
1024
|
# of the new account can access account billing information. For more
|
923
1025
|
# information, see [Activating Access to the Billing and Cost
|
924
|
-
# Management Console][1] in the *
|
925
|
-
# Guide.*
|
1026
|
+
# Management Console][1] in the *Amazon Web Services Billing and Cost
|
1027
|
+
# Management User Guide.*
|
926
1028
|
#
|
927
1029
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
928
1030
|
# and IAM users and roles with the required permissions can access
|
@@ -942,12 +1044,12 @@ module Aws::Organizations
|
|
942
1044
|
#
|
943
1045
|
# For each tag in the list, you must specify both a tag key and a
|
944
1046
|
# value. You can set the value to an empty string, but you can't set
|
945
|
-
# it to `null`. For more information about tagging, see [Tagging
|
946
|
-
# Organizations resources][1] in the
|
1047
|
+
# it to `null`. For more information about tagging, see [Tagging
|
1048
|
+
# Organizations resources][1] in the Organizations User Guide.
|
947
1049
|
#
|
948
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the
|
949
|
-
# number of tags for an account, then the entire request fails
|
950
|
-
# account is not created.
|
1050
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum
|
1051
|
+
# allowed number of tags for an account, then the entire request fails
|
1052
|
+
# and the account is not created.
|
951
1053
|
#
|
952
1054
|
# </note>
|
953
1055
|
#
|
@@ -970,8 +1072,8 @@ module Aws::Organizations
|
|
970
1072
|
|
971
1073
|
# @!attribute [rw] create_account_status
|
972
1074
|
# Contains the status about a CreateAccount or CreateGovCloudAccount
|
973
|
-
# request to create an
|
974
|
-
# an organization.
|
1075
|
+
# request to create an Amazon Web Services account or an Amazon Web
|
1076
|
+
# Services GovCloud (US) account in an organization.
|
975
1077
|
# @return [Types::CreateAccountStatus]
|
976
1078
|
#
|
977
1079
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountResponse AWS API Documentation
|
@@ -995,17 +1097,17 @@ module Aws::Organizations
|
|
995
1097
|
#
|
996
1098
|
# * `CONSOLIDATED_BILLING`\: All member accounts have their bills
|
997
1099
|
# consolidated to and paid by the management account. For more
|
998
|
-
# information, see [Consolidated billing][1] in the *
|
999
|
-
#
|
1100
|
+
# information, see [Consolidated billing][1] in the *Organizations
|
1101
|
+
# User Guide.*
|
1000
1102
|
#
|
1001
1103
|
# The consolidated billing feature subset isn't available for
|
1002
|
-
# organizations in the
|
1104
|
+
# organizations in the Amazon Web Services GovCloud (US) Region.
|
1003
1105
|
#
|
1004
1106
|
# * `ALL`\: In addition to all the features supported by the
|
1005
1107
|
# consolidated billing feature set, the management account can also
|
1006
1108
|
# apply any policy type to any member account in the organization.
|
1007
|
-
# For more information, see [All features][2] in the *
|
1008
|
-
#
|
1109
|
+
# For more information, see [All features][2] in the *Organizations
|
1110
|
+
# User Guide.*
|
1009
1111
|
#
|
1010
1112
|
#
|
1011
1113
|
#
|
@@ -1077,8 +1179,8 @@ module Aws::Organizations
|
|
1077
1179
|
# A list of tags that you want to attach to the newly created OU. For
|
1078
1180
|
# each tag in the list, you must specify both a tag key and a value.
|
1079
1181
|
# You can set the value to an empty string, but you can't set it to
|
1080
|
-
# `null`. For more information about tagging, see [Tagging
|
1081
|
-
# Organizations resources][1] in the
|
1182
|
+
# `null`. For more information about tagging, see [Tagging
|
1183
|
+
# Organizations resources][1] in the Organizations User Guide.
|
1082
1184
|
#
|
1083
1185
|
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1084
1186
|
# number of tags for an OU, then the entire request fails and the OU
|
@@ -1174,8 +1276,8 @@ module Aws::Organizations
|
|
1174
1276
|
# A list of tags that you want to attach to the newly created policy.
|
1175
1277
|
# For each tag in the list, you must specify both a tag key and a
|
1176
1278
|
# value. You can set the value to an empty string, but you can't set
|
1177
|
-
# it to `null`. For more information about tagging, see [Tagging
|
1178
|
-
# Organizations resources][1] in the
|
1279
|
+
# it to `null`. For more information about tagging, see [Tagging
|
1280
|
+
# Organizations resources][1] in the Organizations User Guide.
|
1179
1281
|
#
|
1180
1282
|
# <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
|
1181
1283
|
# number of tags for a policy, then the entire request fails and the
|
@@ -1267,7 +1369,7 @@ module Aws::Organizations
|
|
1267
1369
|
#
|
1268
1370
|
# @!attribute [rw] email
|
1269
1371
|
# The email address that is associated with the delegated
|
1270
|
-
# administrator's
|
1372
|
+
# administrator's Amazon Web Services account.
|
1271
1373
|
# @return [String]
|
1272
1374
|
#
|
1273
1375
|
# @!attribute [rw] name
|
@@ -1308,13 +1410,13 @@ module Aws::Organizations
|
|
1308
1410
|
include Aws::Structure
|
1309
1411
|
end
|
1310
1412
|
|
1311
|
-
# Contains information about the
|
1312
|
-
# delegated administrator.
|
1413
|
+
# Contains information about the Amazon Web Services service for which
|
1414
|
+
# the account is a delegated administrator.
|
1313
1415
|
#
|
1314
1416
|
# @!attribute [rw] service_principal
|
1315
|
-
# The name of an
|
1316
|
-
# specified service. This is typically in the form
|
1317
|
-
# ` servicename.amazonaws.com`.
|
1417
|
+
# The name of an Amazon Web Services service that can request an
|
1418
|
+
# operation for the specified service. This is typically in the form
|
1419
|
+
# of a URL, such as: ` servicename.amazonaws.com`.
|
1318
1420
|
# @return [String]
|
1319
1421
|
#
|
1320
1422
|
# @!attribute [rw] delegation_enabled_date
|
@@ -1405,14 +1507,14 @@ module Aws::Organizations
|
|
1405
1507
|
# @return [String]
|
1406
1508
|
#
|
1407
1509
|
# @!attribute [rw] service_principal
|
1408
|
-
# The service principal name of an
|
1409
|
-
# is a delegated administrator.
|
1510
|
+
# The service principal name of an Amazon Web Services service for
|
1511
|
+
# which the account is a delegated administrator.
|
1410
1512
|
#
|
1411
1513
|
# Delegated administrator privileges are revoked for only the
|
1412
|
-
# specified
|
1413
|
-
# service is the only service for which the member
|
1414
|
-
# delegated administrator, the operation also revokes
|
1415
|
-
# read action permissions.
|
1514
|
+
# specified Amazon Web Services service from the member account. If
|
1515
|
+
# the specified service is the only service for which the member
|
1516
|
+
# account is a delegated administrator, the operation also revokes
|
1517
|
+
# Organizations read action permissions.
|
1416
1518
|
# @return [String]
|
1417
1519
|
#
|
1418
1520
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministratorRequest AWS API Documentation
|
@@ -1432,9 +1534,9 @@ module Aws::Organizations
|
|
1432
1534
|
# }
|
1433
1535
|
#
|
1434
1536
|
# @!attribute [rw] account_id
|
1435
|
-
# The unique identifier (ID) of the
|
1436
|
-
# information about. You can get the ID from the ListAccounts
|
1437
|
-
# ListAccountsForParent operations.
|
1537
|
+
# The unique identifier (ID) of the Amazon Web Services account that
|
1538
|
+
# you want information about. You can get the ID from the ListAccounts
|
1539
|
+
# or ListAccountsForParent operations.
|
1438
1540
|
#
|
1439
1541
|
# The [regex pattern][1] for an account ID string requires exactly 12
|
1440
1542
|
# digits.
|
@@ -1779,9 +1881,10 @@ module Aws::Organizations
|
|
1779
1881
|
# }
|
1780
1882
|
#
|
1781
1883
|
# @!attribute [rw] service_principal
|
1782
|
-
# The service principal name of the
|
1783
|
-
# disable integration with your organization. This
|
1784
|
-
# form of a URL, such as `
|
1884
|
+
# The service principal name of the Amazon Web Services service for
|
1885
|
+
# which you want to disable integration with your organization. This
|
1886
|
+
# is typically in the form of a URL, such as `
|
1887
|
+
# service-abbreviation.amazonaws.com`.
|
1785
1888
|
# @return [String]
|
1786
1889
|
#
|
1787
1890
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccessRequest AWS API Documentation
|
@@ -1980,9 +2083,10 @@ module Aws::Organizations
|
|
1980
2083
|
# }
|
1981
2084
|
#
|
1982
2085
|
# @!attribute [rw] service_principal
|
1983
|
-
# The service principal name of the
|
1984
|
-
# enable integration with your organization. This is
|
1985
|
-
# form of a URL, such as `
|
2086
|
+
# The service principal name of the Amazon Web Services service for
|
2087
|
+
# which you want to enable integration with your organization. This is
|
2088
|
+
# typically in the form of a URL, such as `
|
2089
|
+
# service-abbreviation.amazonaws.com`.
|
1986
2090
|
# @return [String]
|
1987
2091
|
#
|
1988
2092
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccessRequest AWS API Documentation
|
@@ -2075,8 +2179,8 @@ module Aws::Organizations
|
|
2075
2179
|
end
|
2076
2180
|
|
2077
2181
|
# A structure that contains details of a service principal that
|
2078
|
-
# represents an
|
2079
|
-
# Organizations.
|
2182
|
+
# represents an Amazon Web Services service that is enabled to integrate
|
2183
|
+
# with Organizations.
|
2080
2184
|
#
|
2081
2185
|
# @!attribute [rw] service_principal
|
2082
2186
|
# The name of the service principal. This is typically in the form of
|
@@ -2085,7 +2189,7 @@ module Aws::Organizations
|
|
2085
2189
|
#
|
2086
2190
|
# @!attribute [rw] date_enabled
|
2087
2191
|
# The date that the service principal was enabled for integration with
|
2088
|
-
#
|
2192
|
+
# Organizations.
|
2089
2193
|
# @return [Time]
|
2090
2194
|
#
|
2091
2195
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnabledServicePrincipal AWS API Documentation
|
@@ -2097,10 +2201,10 @@ module Aws::Organizations
|
|
2097
2201
|
include Aws::Structure
|
2098
2202
|
end
|
2099
2203
|
|
2100
|
-
#
|
2204
|
+
# Organizations couldn't perform the operation because your
|
2101
2205
|
# organization hasn't finished initializing. This can take up to an
|
2102
2206
|
# hour. Try again later. If after one hour you continue to receive this
|
2103
|
-
# error, contact [
|
2207
|
+
# error, contact [Amazon Web Services Support][1].
|
2104
2208
|
#
|
2105
2209
|
#
|
2106
2210
|
#
|
@@ -2124,9 +2228,9 @@ module Aws::Organizations
|
|
2124
2228
|
# accounts exchange information as a series of handshake requests and
|
2125
2229
|
# responses.
|
2126
2230
|
#
|
2127
|
-
# **Note:** Handshakes that are `CANCELED`, `ACCEPTED`,
|
2128
|
-
# show up in lists for only 30 days after entering that state
|
2129
|
-
# they are deleted.
|
2231
|
+
# **Note:** Handshakes that are `CANCELED`, `ACCEPTED`, `DECLINED`, or
|
2232
|
+
# `EXPIRED` show up in lists for only 30 days after entering that state
|
2233
|
+
# After that they are deleted.
|
2130
2234
|
#
|
2131
2235
|
# @!attribute [rw] id
|
2132
2236
|
# The unique identifier (ID) of a handshake. The originating account
|
@@ -2144,8 +2248,8 @@ module Aws::Organizations
|
|
2144
2248
|
# The Amazon Resource Name (ARN) of a handshake.
|
2145
2249
|
#
|
2146
2250
|
# For more information about ARNs in Organizations, see [ARN Formats
|
2147
|
-
# Supported by Organizations][1] in the *
|
2148
|
-
# Reference*.
|
2251
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
2252
|
+
# Authorization Reference*.
|
2149
2253
|
#
|
2150
2254
|
#
|
2151
2255
|
#
|
@@ -2266,7 +2370,8 @@ module Aws::Organizations
|
|
2266
2370
|
#
|
2267
2371
|
# If you get this exception immediately after creating the
|
2268
2372
|
# organization, wait one hour and try again. If after an hour it
|
2269
|
-
# continues to fail with this error, contact [
|
2373
|
+
# continues to fail with this error, contact [Amazon Web Services
|
2374
|
+
# Support][1].
|
2270
2375
|
#
|
2271
2376
|
# * ALREADY\_IN\_AN\_ORGANIZATION: The handshake request is invalid
|
2272
2377
|
# because the invited account is already a member of an organization.
|
@@ -2302,7 +2407,7 @@ module Aws::Organizations
|
|
2302
2407
|
#
|
2303
2408
|
#
|
2304
2409
|
#
|
2305
|
-
# [1]: https://
|
2410
|
+
# [1]: https://docs.aws.amazon.com/support/home#/
|
2306
2411
|
#
|
2307
2412
|
# @!attribute [rw] message
|
2308
2413
|
# @return [String]
|
@@ -2420,7 +2525,7 @@ module Aws::Organizations
|
|
2420
2525
|
# The type of information being passed, specifying how the value is to
|
2421
2526
|
# be interpreted by the other party:
|
2422
2527
|
#
|
2423
|
-
# * `ACCOUNT` - Specifies an
|
2528
|
+
# * `ACCOUNT` - Specifies an Amazon Web Services account ID number.
|
2424
2529
|
#
|
2425
2530
|
# * `ORGANIZATION` - Specifies an organization ID number.
|
2426
2531
|
#
|
@@ -2479,8 +2584,8 @@ module Aws::Organizations
|
|
2479
2584
|
# * DUPLICATE\_TAG\_KEY: Tag keys must be unique among the tags attached
|
2480
2585
|
# to the same entity.
|
2481
2586
|
#
|
2482
|
-
# * IMMUTABLE\_POLICY: You specified a policy that is managed by
|
2483
|
-
# can't be modified.
|
2587
|
+
# * IMMUTABLE\_POLICY: You specified a policy that is managed by Amazon
|
2588
|
+
# Web Services and can't be modified.
|
2484
2589
|
#
|
2485
2590
|
# * INPUT\_REQUIRED: You must include a value for all required
|
2486
2591
|
# parameters.
|
@@ -2521,8 +2626,8 @@ module Aws::Organizations
|
|
2521
2626
|
#
|
2522
2627
|
# * INVALID\_SYSTEM\_TAGS\_PARAMETER: You specified a tag key that is a
|
2523
2628
|
# system tag. You can’t add, edit, or delete system tag keys because
|
2524
|
-
# they're reserved for
|
2525
|
-
# tags per resource limit.
|
2629
|
+
# they're reserved for Amazon Web Services use. System tags don’t
|
2630
|
+
# count against your tags per resource limit.
|
2526
2631
|
#
|
2527
2632
|
# * MAX\_FILTER\_LIMIT\_EXCEEDED: You can specify only one filter
|
2528
2633
|
# parameter for the operation.
|
@@ -2581,20 +2686,21 @@ module Aws::Organizations
|
|
2581
2686
|
# }
|
2582
2687
|
#
|
2583
2688
|
# @!attribute [rw] target
|
2584
|
-
# The identifier (ID) of the
|
2585
|
-
# join your organization. This is a JSON object that
|
2586
|
-
# following elements:
|
2689
|
+
# The identifier (ID) of the Amazon Web Services account that you want
|
2690
|
+
# to invite to join your organization. This is a JSON object that
|
2691
|
+
# contains the following elements:
|
2587
2692
|
#
|
2588
2693
|
# `\{ "Type": "ACCOUNT", "Id": "< account id number >" \}`
|
2589
2694
|
#
|
2590
|
-
# If you use the
|
2591
|
-
#
|
2695
|
+
# If you use the CLI, you can submit this as a single string, similar
|
2696
|
+
# to the following example:
|
2592
2697
|
#
|
2593
2698
|
# `--target Id=123456789012,Type=ACCOUNT`
|
2594
2699
|
#
|
2595
|
-
# If you specify `"Type": "ACCOUNT"`, you must provide the
|
2596
|
-
# ID number as the `Id`. If you specify `"Type":
|
2597
|
-
# specify the email address that is associated with
|
2700
|
+
# If you specify `"Type": "ACCOUNT"`, you must provide the Amazon Web
|
2701
|
+
# Services account ID number as the `Id`. If you specify `"Type":
|
2702
|
+
# "EMAIL"`, you must specify the email address that is associated with
|
2703
|
+
# the account.
|
2598
2704
|
#
|
2599
2705
|
# `--target Id=diego@example.com,Type=EMAIL`
|
2600
2706
|
# @return [Types::HandshakeParty]
|
@@ -2609,8 +2715,8 @@ module Aws::Organizations
|
|
2609
2715
|
# becomes a member of the organization. For each tag in the list, you
|
2610
2716
|
# must specify both a tag key and a value. You can set the value to an
|
2611
2717
|
# empty string, but you can't set it to `null`. For more information
|
2612
|
-
# about tagging, see [Tagging
|
2613
|
-
#
|
2718
|
+
# about tagging, see [Tagging Organizations resources][1] in the
|
2719
|
+
# Organizations User Guide.
|
2614
2720
|
#
|
2615
2721
|
# Any tags in the request are checked for compliance with any
|
2616
2722
|
# applicable tag policies when the request is made. The request is
|
@@ -2697,7 +2803,7 @@ module Aws::Organizations
|
|
2697
2803
|
# A list of the service principals for the services that are enabled
|
2698
2804
|
# to integrate with your organization. Each principal is a structure
|
2699
2805
|
# that includes the name and the date that it was enabled for
|
2700
|
-
# integration with
|
2806
|
+
# integration with Organizations.
|
2701
2807
|
# @return [Array<Types::EnabledServicePrincipal>]
|
2702
2808
|
#
|
2703
2809
|
# @!attribute [rw] next_token
|
@@ -3710,7 +3816,7 @@ module Aws::Organizations
|
|
3710
3816
|
#
|
3711
3817
|
# You can specify any of the following taggable resources.
|
3712
3818
|
#
|
3713
|
-
# *
|
3819
|
+
# * Amazon Web Services account – specify the account ID number.
|
3714
3820
|
#
|
3715
3821
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
3716
3822
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -3838,7 +3944,7 @@ module Aws::Organizations
|
|
3838
3944
|
# The provided policy document doesn't meet the requirements of the
|
3839
3945
|
# specified policy type. For example, the syntax might be incorrect. For
|
3840
3946
|
# details about service control policy syntax, see [Service Control
|
3841
|
-
# Policy Syntax][1] in the *
|
3947
|
+
# Policy Syntax][1] in the *Organizations User Guide.*
|
3842
3948
|
#
|
3843
3949
|
#
|
3844
3950
|
#
|
@@ -3963,8 +4069,8 @@ module Aws::Organizations
|
|
3963
4069
|
# The Amazon Resource Name (ARN) of an organization.
|
3964
4070
|
#
|
3965
4071
|
# For more information about ARNs in Organizations, see [ARN Formats
|
3966
|
-
# Supported by Organizations][1] in the *
|
3967
|
-
# Reference*.
|
4072
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4073
|
+
# Authorization Reference*.
|
3968
4074
|
#
|
3969
4075
|
#
|
3970
4076
|
#
|
@@ -3977,8 +4083,7 @@ module Aws::Organizations
|
|
3977
4083
|
# policies can be applied to accounts in the organization. If set to
|
3978
4084
|
# "CONSOLIDATED\_BILLING", then only consolidated billing
|
3979
4085
|
# functionality is available. For more information, see [Enabling All
|
3980
|
-
# Features in Your Organization][1] in the *
|
3981
|
-
# Guide*.
|
4086
|
+
# Features in Your Organization][1] in the *Organizations User Guide*.
|
3982
4087
|
#
|
3983
4088
|
#
|
3984
4089
|
#
|
@@ -3990,8 +4095,8 @@ module Aws::Organizations
|
|
3990
4095
|
# the management account for the organization.
|
3991
4096
|
#
|
3992
4097
|
# For more information about ARNs in Organizations, see [ARN Formats
|
3993
|
-
# Supported by Organizations][1] in the *
|
3994
|
-
# Reference*.
|
4098
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4099
|
+
# Authorization Reference*.
|
3995
4100
|
#
|
3996
4101
|
#
|
3997
4102
|
#
|
@@ -4011,8 +4116,9 @@ module Aws::Organizations
|
|
4011
4116
|
# @return [String]
|
4012
4117
|
#
|
4013
4118
|
# @!attribute [rw] master_account_email
|
4014
|
-
# The email address that is associated with the
|
4015
|
-
# designated as the management account for the
|
4119
|
+
# The email address that is associated with the Amazon Web Services
|
4120
|
+
# account that is designated as the management account for the
|
4121
|
+
# organization.
|
4016
4122
|
# @return [String]
|
4017
4123
|
#
|
4018
4124
|
# @!attribute [rw] available_policy_types
|
@@ -4053,9 +4159,9 @@ module Aws::Organizations
|
|
4053
4159
|
end
|
4054
4160
|
|
4055
4161
|
# Contains details about an organizational unit (OU). An OU is a
|
4056
|
-
# container of
|
4057
|
-
# that are attached to an OU apply to all
|
4058
|
-
# and in any child OUs.
|
4162
|
+
# container of Amazon Web Services accounts within a root of an
|
4163
|
+
# organization. Policies that are attached to an OU apply to all
|
4164
|
+
# accounts contained in that OU and in any child OUs.
|
4059
4165
|
#
|
4060
4166
|
# @!attribute [rw] id
|
4061
4167
|
# The unique identifier (ID) associated with this OU.
|
@@ -4075,8 +4181,8 @@ module Aws::Organizations
|
|
4075
4181
|
# The Amazon Resource Name (ARN) of this OU.
|
4076
4182
|
#
|
4077
4183
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4078
|
-
# Supported by Organizations][1] in the *
|
4079
|
-
# Reference*.
|
4184
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4185
|
+
# Authorization Reference*.
|
4080
4186
|
#
|
4081
4187
|
#
|
4082
4188
|
#
|
@@ -4276,8 +4382,8 @@ module Aws::Organizations
|
|
4276
4382
|
# The Amazon Resource Name (ARN) of the policy.
|
4277
4383
|
#
|
4278
4384
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4279
|
-
# Supported by Organizations][1] in the *
|
4280
|
-
# Reference*.
|
4385
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4386
|
+
# Authorization Reference*.
|
4281
4387
|
#
|
4282
4388
|
#
|
4283
4389
|
#
|
@@ -4305,8 +4411,8 @@ module Aws::Organizations
|
|
4305
4411
|
#
|
4306
4412
|
# @!attribute [rw] aws_managed
|
4307
4413
|
# A boolean value that indicates whether the specified policy is an
|
4308
|
-
#
|
4309
|
-
# roots, OUs, or accounts, but you cannot edit it.
|
4414
|
+
# Amazon Web Services managed policy. If true, then you can attach the
|
4415
|
+
# policy to roots, OUs, or accounts, but you cannot edit it.
|
4310
4416
|
# @return [Boolean]
|
4311
4417
|
#
|
4312
4418
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PolicySummary AWS API Documentation
|
@@ -4351,8 +4457,8 @@ module Aws::Organizations
|
|
4351
4457
|
# The Amazon Resource Name (ARN) of the policy target.
|
4352
4458
|
#
|
4353
4459
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4354
|
-
# Supported by Organizations][1] in the *
|
4355
|
-
# Reference*.
|
4460
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4461
|
+
# Authorization Reference*.
|
4356
4462
|
#
|
4357
4463
|
#
|
4358
4464
|
#
|
@@ -4401,8 +4507,8 @@ module Aws::Organizations
|
|
4401
4507
|
# You can't use the specified policy type with the feature set
|
4402
4508
|
# currently enabled for this organization. For example, you can enable
|
4403
4509
|
# SCPs only after you enable all features in the organization. For more
|
4404
|
-
# information, see [Managing
|
4405
|
-
# Organizations User Guide.*
|
4510
|
+
# information, see [Managing Organizations Policies][1]in the
|
4511
|
+
# *Organizations User Guide.*
|
4406
4512
|
#
|
4407
4513
|
#
|
4408
4514
|
#
|
@@ -4422,8 +4528,8 @@ module Aws::Organizations
|
|
4422
4528
|
# The specified policy type isn't currently enabled in this root. You
|
4423
4529
|
# can't attach policies of the specified type to entities in a root
|
4424
4530
|
# until you enable that type in the root. For more information, see
|
4425
|
-
# [Enabling All Features in Your Organization][1] in the *
|
4426
|
-
#
|
4531
|
+
# [Enabling All Features in Your Organization][1] in the *Organizations
|
4532
|
+
# User Guide.*
|
4427
4533
|
#
|
4428
4534
|
#
|
4429
4535
|
#
|
@@ -4477,8 +4583,8 @@ module Aws::Organizations
|
|
4477
4583
|
# @return [String]
|
4478
4584
|
#
|
4479
4585
|
# @!attribute [rw] service_principal
|
4480
|
-
# The service principal of the
|
4481
|
-
# the member account a delegated administrator.
|
4586
|
+
# The service principal of the Amazon Web Services service for which
|
4587
|
+
# you want to make the member account a delegated administrator.
|
4482
4588
|
# @return [String]
|
4483
4589
|
#
|
4484
4590
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministratorRequest AWS API Documentation
|
@@ -4519,8 +4625,8 @@ module Aws::Organizations
|
|
4519
4625
|
|
4520
4626
|
# Contains details about a root. A root is a top-level parent node in
|
4521
4627
|
# the hierarchy of an organization that can contain organizational units
|
4522
|
-
# (OUs) and accounts. The root contains every
|
4523
|
-
# organization.
|
4628
|
+
# (OUs) and accounts. The root contains every Amazon Web Services
|
4629
|
+
# account in the organization.
|
4524
4630
|
#
|
4525
4631
|
# @!attribute [rw] id
|
4526
4632
|
# The unique identifier (ID) for the root.
|
@@ -4537,8 +4643,8 @@ module Aws::Organizations
|
|
4537
4643
|
# The Amazon Resource Name (ARN) of the root.
|
4538
4644
|
#
|
4539
4645
|
# For more information about ARNs in Organizations, see [ARN Formats
|
4540
|
-
# Supported by Organizations][1] in the *
|
4541
|
-
# Reference*.
|
4646
|
+
# Supported by Organizations][1] in the *Amazon Web Services Service
|
4647
|
+
# Authorization Reference*.
|
4542
4648
|
#
|
4543
4649
|
#
|
4544
4650
|
#
|
@@ -4592,7 +4698,7 @@ module Aws::Organizations
|
|
4592
4698
|
include Aws::Structure
|
4593
4699
|
end
|
4594
4700
|
|
4595
|
-
#
|
4701
|
+
# Organizations can't complete your request because of an internal
|
4596
4702
|
# service error. Try again later.
|
4597
4703
|
#
|
4598
4704
|
# @!attribute [rw] message
|
@@ -4625,7 +4731,7 @@ module Aws::Organizations
|
|
4625
4731
|
#
|
4626
4732
|
# You can attach tags to any of the following organization resources.
|
4627
4733
|
#
|
4628
|
-
# *
|
4734
|
+
# * Amazon Web Services account
|
4629
4735
|
#
|
4630
4736
|
# * Organizational unit (OU)
|
4631
4737
|
#
|
@@ -4675,14 +4781,10 @@ module Aws::Organizations
|
|
4675
4781
|
#
|
4676
4782
|
# @!attribute [rw] resource_id
|
4677
4783
|
# The ID of the resource to add a tag to.
|
4678
|
-
# @return [String]
|
4679
|
-
#
|
4680
|
-
# @!attribute [rw] tags
|
4681
|
-
# A list of tags to add to the specified resource.
|
4682
4784
|
#
|
4683
4785
|
# You can specify any of the following taggable resources.
|
4684
4786
|
#
|
4685
|
-
# *
|
4787
|
+
# * Amazon Web Services account – specify the account ID number.
|
4686
4788
|
#
|
4687
4789
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4688
4790
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -4692,14 +4794,18 @@ module Aws::Organizations
|
|
4692
4794
|
#
|
4693
4795
|
# * Policy – specify the policy ID that begins with `p-` andlooks
|
4694
4796
|
# similar to: `p-12abcdefg3 `
|
4797
|
+
# @return [String]
|
4798
|
+
#
|
4799
|
+
# @!attribute [rw] tags
|
4800
|
+
# A list of tags to add to the specified resource.
|
4695
4801
|
#
|
4696
4802
|
# For each tag in the list, you must specify both a tag key and a
|
4697
|
-
# value.
|
4698
|
-
#
|
4803
|
+
# value. The value can be an empty string, but you can't set it to
|
4804
|
+
# `null`.
|
4699
4805
|
#
|
4700
|
-
# <note markdown="1"> If any one of the tags is invalid or if you exceed the
|
4701
|
-
# number of tags for
|
4702
|
-
#
|
4806
|
+
# <note markdown="1"> If any one of the tags is invalid or if you exceed the maximum
|
4807
|
+
# allowed number of tags for a resource, then the entire request
|
4808
|
+
# fails.
|
4703
4809
|
#
|
4704
4810
|
# </note>
|
4705
4811
|
# @return [Array<Types::Tag>]
|
@@ -4731,9 +4837,8 @@ module Aws::Organizations
|
|
4731
4837
|
# quota helps protect against denial-of-service attacks. Try again
|
4732
4838
|
# later.
|
4733
4839
|
#
|
4734
|
-
# For information about quotas that affect
|
4735
|
-
#
|
4736
|
-
# Guide.*
|
4840
|
+
# For information about quotas that affect Organizations, see [Quotas
|
4841
|
+
# for Organizations][1]in the *Organizations User Guide.*
|
4737
4842
|
#
|
4738
4843
|
#
|
4739
4844
|
#
|
@@ -4754,7 +4859,8 @@ module Aws::Organizations
|
|
4754
4859
|
include Aws::Structure
|
4755
4860
|
end
|
4756
4861
|
|
4757
|
-
# This action isn't available in the current
|
4862
|
+
# This action isn't available in the current Amazon Web Services
|
4863
|
+
# Region.
|
4758
4864
|
#
|
4759
4865
|
# @!attribute [rw] message
|
4760
4866
|
# @return [String]
|
@@ -4780,7 +4886,7 @@ module Aws::Organizations
|
|
4780
4886
|
#
|
4781
4887
|
# You can specify any of the following taggable resources.
|
4782
4888
|
#
|
4783
|
-
# *
|
4889
|
+
# * Amazon Web Services account – specify the account ID number.
|
4784
4890
|
#
|
4785
4891
|
# * Organizational unit – specify the OU ID that begins with `ou-` and
|
4786
4892
|
# looks similar to: `ou-1a2b-34uvwxyz `
|
@@ -4902,7 +5008,7 @@ module Aws::Organizations
|
|
4902
5008
|
# If provided, the new content for the policy. The text must be
|
4903
5009
|
# correctly formatted JSON that complies with the syntax for the
|
4904
5010
|
# policy's type. For more information, see [Service Control Policy
|
4905
|
-
# Syntax][1] in the *
|
5011
|
+
# Syntax][1] in the *Organizations User Guide.*
|
4906
5012
|
#
|
4907
5013
|
#
|
4908
5014
|
#
|