aws-sdk-organizations 1.70.0 → 1.72.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba87ed7289c6599b0767d8ce02ecd53ddff64127f0e7fbcff441265d0342c05d
-  data.tar.gz: 6d24512c2c462703d2115ca371df6218a65b868f2591f615dbd8cc3e580f1881
+  metadata.gz: 162f30bd271059884b85837abd5cf6f63df7fcf70f56ce1b821973b56b02e345
+  data.tar.gz: 0b06f5bb24482b314f0eed58b3439aa54555fcb0c8d10d6cedc6d178ba95d256
 SHA512:
-  metadata.gz: 6c26f41e20c68f82656785ca84db3f3206c2a0102263376cbb74c6ff6b936f636514336bf7f3bcde60cee7b6d93696671c61c0650e2b82e18fc250dbe14a84c1
-  data.tar.gz: e3adb4cf9f194cfa622e5adaa916fee581c97e02e217c3b2e5f85dac9c7e86c6813bad05c62c090eb0f5516b5096f897e7bc5cdeb199bbf6ce9d286d267e85aa
+  metadata.gz: 84937fd2eb312592f7384bc2b8310f9f80e6bdc9b509f63d996b2214fff88674a1f7c4bda133a52e242886f878a91aed868868ed191ac7b65df6a97fcdbf62fe
+  data.tar.gz: 51fae0fcf272d98be315c7b476dd8130f341f505aecc2c5063c55e9ce0a83978f003729da118ff61b60e67a797f0897e0953fad55556b72143c1618a7e32ecfc

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.72.0 (2022-11-28)
+------------------
+
+* Feature - This release introduces delegated administrator for AWS Organizations, a new feature to help you delegate the management of your Organizations policies, enabling you to govern your AWS organization in a decentralized way. You can now allow member accounts to manage Organizations policies.
+
+1.71.0 (2022-10-25)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.70.0 (2022-05-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.70.0
+1.72.0

data/lib/aws-sdk-organizations/client.rb

@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:organizations)
@@ -79,8 +79,9 @@ module Aws::Organizations
     add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
+    add_plugin(Aws::Organizations::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -297,6 +298,19 @@ module Aws::Organizations
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -310,6 +324,9 @@ module Aws::Organizations
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::Organizations::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::Organizations::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -364,8 +381,8 @@ module Aws::Organizations
     # Sends a response to the originator of a handshake agreeing to the
     # action proposed by the handshake request.
     #
-    # This operation can be called only by the following principals when
-    # they also have the relevant IAM permissions:
+    # You can only call this operation by the following principals when they
+    # also have the relevant IAM permissions:
     #
     # * **Invitation to join** or **Approve all features request**
     #   handshakes: only a principal from the member account.
@@ -787,7 +804,7 @@ module Aws::Organizations
     # few minutes before you can successfully access the account. To check
     # the status of the request, do one of the following:
     #
-    # * Use the `Id` member of the `CreateAccountStatus` response element
+    # * Use the `Id` value of the `CreateAccountStatus` response element
     #   from this operation to provide as a parameter to the
     #   DescribeCreateAccountStatus operation.
     #
@@ -901,8 +918,6 @@ module Aws::Organizations
     #   The friendly name of the member account.
     #
     # @option params [String] :role_name
-    #   (Optional)
-    #
     #   The name of an IAM role that Organizations automatically preconfigures
     #   in the new member account. This role trusts the management account,
     #   allowing users in the management account to assume the role, as
@@ -1013,7 +1028,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
     #
@@ -1300,7 +1315,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
     #
@@ -1906,6 +1921,22 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Deletes the resource policy from your organization.
+    #
+    # You can only call this operation from the organization's management
+    # account.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteResourcePolicy AWS API Documentation
+    #
+    # @overload delete_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def delete_resource_policy(params = {}, options = {})
+      req = build_request(:delete_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Removes the specified member Amazon Web Services account as a
     # delegated administrator for the specified Amazon Web Services service.
     #
@@ -2085,7 +2116,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
     #
@@ -2470,6 +2501,31 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Retrieves information about a resource policy.
+    #
+    # You can only call this operation from the organization's management
+    # account or by a member account that is a delegated administrator for
+    # an AWS service.
+    #
+    # @return [Types::DescribeResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeResourcePolicyResponse#resource_policy #resource_policy} => Types::ResourcePolicy
+    #
+    # @example Response structure
+    #
+    #   resp.resource_policy.resource_policy_summary.id #=> String
+    #   resp.resource_policy.resource_policy_summary.arn #=> String
+    #   resp.resource_policy.content #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeResourcePolicy AWS API Documentation
+    #
+    # @overload describe_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def describe_resource_policy(params = {}, options = {})
+      req = build_request(:describe_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Detaches a policy from a target root, organizational unit (OU), or
     # account.
     #
@@ -2775,7 +2831,7 @@ module Aws::Organizations
     # Organizations, see [Integrating Organizations with Other Amazon Web
     # Services Services][2] in the *Organizations User Guide.*
     #
-    # This operation can be called only from the organization's management
+    # You can only call this operation from the organization's management
     # account and only if the organization has [enabled all features][3].
     #
     #
@@ -3804,7 +3860,7 @@ module Aws::Organizations
     #   resp.create_account_statuses[0].completed_timestamp #=> Time
     #   resp.create_account_statuses[0].account_id #=> String
     #   resp.create_account_statuses[0].gov_cloud_account_id #=> String
-    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -5135,6 +5191,70 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Creates or updates a resource policy.
+    #
+    # You can only call this operation from the organization's management
+    # account.
+    #
+    # @option params [required, String] :content
+    #   If provided, the new content for the resource policy. The text must be
+    #   correctly formatted JSON that complies with the syntax for the
+    #   resource policy's type. For more information, see [Service Control
+    #   Policy Syntax][1] in the *Organizations User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Updates the list of tags that you want to attach to the newly-created
+    #   resource policy. For each tag in the list, you must specify both a tag
+    #   key and a value. You can set the value to an empty string, but you
+    #   can't set it to `null`. For more information about tagging, see
+    #   [Tagging Organizations resources][1] in the Organizations User Guide.
+    #
+    #   <note markdown="1"> Calls with tags apply to the initial creation of the resource policy,
+    #   otherwise an exception is thrown. If any one of the tags is invalid or
+    #   if you exceed the allowed number of tags for the resource policy, then
+    #   the entire request fails and the resource policy is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
+    # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutResourcePolicyResponse#resource_policy #resource_policy} => Types::ResourcePolicy
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_resource_policy({
+    #     content: "ResourcePolicyContent", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resource_policy.resource_policy_summary.id #=> String
+    #   resp.resource_policy.resource_policy_summary.arn #=> String
+    #   resp.resource_policy.content #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PutResourcePolicy AWS API Documentation
+    #
+    # @overload put_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def put_resource_policy(params = {}, options = {})
+      req = build_request(:put_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Enables the specified member account to administer the Organizations
     # features of the specified Amazon Web Services service. It grants
     # read-only access to Organizations service data. The account still
@@ -5591,7 +5711,7 @@ module Aws::Organizations
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-organizations'
-      context[:gem_version] = '1.70.0'
+      context[:gem_version] = '1.72.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-organizations/client_api.rb

@@ -87,6 +87,7 @@ module Aws::Organizations
     DescribeOrganizationalUnitResponse = Shapes::StructureShape.new(name: 'DescribeOrganizationalUnitResponse')
     DescribePolicyRequest = Shapes::StructureShape.new(name: 'DescribePolicyRequest')
     DescribePolicyResponse = Shapes::StructureShape.new(name: 'DescribePolicyResponse')
+    DescribeResourcePolicyResponse = Shapes::StructureShape.new(name: 'DescribeResourcePolicyResponse')
     DestinationParentNotFoundException = Shapes::StructureShape.new(name: 'DestinationParentNotFoundException')
     DetachPolicyRequest = Shapes::StructureShape.new(name: 'DetachPolicyRequest')
     DisableAWSServiceAccessRequest = Shapes::StructureShape.new(name: 'DisableAWSServiceAccessRequest')
@@ -213,8 +214,16 @@ module Aws::Organizations
     PolicyTypeStatus = Shapes::StringShape.new(name: 'PolicyTypeStatus')
     PolicyTypeSummary = Shapes::StructureShape.new(name: 'PolicyTypeSummary')
     PolicyTypes = Shapes::ListShape.new(name: 'PolicyTypes')
+    PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
+    PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
     RegisterDelegatedAdministratorRequest = Shapes::StructureShape.new(name: 'RegisterDelegatedAdministratorRequest')
     RemoveAccountFromOrganizationRequest = Shapes::StructureShape.new(name: 'RemoveAccountFromOrganizationRequest')
+    ResourcePolicy = Shapes::StructureShape.new(name: 'ResourcePolicy')
+    ResourcePolicyArn = Shapes::StringShape.new(name: 'ResourcePolicyArn')
+    ResourcePolicyContent = Shapes::StringShape.new(name: 'ResourcePolicyContent')
+    ResourcePolicyId = Shapes::StringShape.new(name: 'ResourcePolicyId')
+    ResourcePolicyNotFoundException = Shapes::StructureShape.new(name: 'ResourcePolicyNotFoundException')
+    ResourcePolicySummary = Shapes::StructureShape.new(name: 'ResourcePolicySummary')
     RoleName = Shapes::StringShape.new(name: 'RoleName')
     Root = Shapes::StructureShape.new(name: 'Root')
     RootArn = Shapes::StringShape.new(name: 'RootArn')
@@ -456,6 +465,9 @@ module Aws::Organizations
     DescribePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
     DescribePolicyResponse.struct_class = Types::DescribePolicyResponse
 
+    DescribeResourcePolicyResponse.add_member(:resource_policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "ResourcePolicy"))
+    DescribeResourcePolicyResponse.struct_class = Types::DescribeResourcePolicyResponse
+
     DestinationParentNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
     DestinationParentNotFoundException.struct_class = Types::DestinationParentNotFoundException
 
@@ -811,6 +823,13 @@ module Aws::Organizations
 
     PolicyTypes.member = Shapes::ShapeRef.new(shape: PolicyTypeSummary)
 
+    PutResourcePolicyRequest.add_member(:content, Shapes::ShapeRef.new(shape: ResourcePolicyContent, required: true, location_name: "Content"))
+    PutResourcePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
+    PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
+
+    PutResourcePolicyResponse.add_member(:resource_policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "ResourcePolicy"))
+    PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse
+
     RegisterDelegatedAdministratorRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
     RegisterDelegatedAdministratorRequest.add_member(:service_principal, Shapes::ShapeRef.new(shape: ServicePrincipal, required: true, location_name: "ServicePrincipal"))
     RegisterDelegatedAdministratorRequest.struct_class = Types::RegisterDelegatedAdministratorRequest
@@ -818,6 +837,17 @@ module Aws::Organizations
     RemoveAccountFromOrganizationRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
     RemoveAccountFromOrganizationRequest.struct_class = Types::RemoveAccountFromOrganizationRequest
 
+    ResourcePolicy.add_member(:resource_policy_summary, Shapes::ShapeRef.new(shape: ResourcePolicySummary, location_name: "ResourcePolicySummary"))
+    ResourcePolicy.add_member(:content, Shapes::ShapeRef.new(shape: ResourcePolicyContent, location_name: "Content"))
+    ResourcePolicy.struct_class = Types::ResourcePolicy
+
+    ResourcePolicyNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
+    ResourcePolicyNotFoundException.struct_class = Types::ResourcePolicyNotFoundException
+
+    ResourcePolicySummary.add_member(:id, Shapes::ShapeRef.new(shape: ResourcePolicyId, location_name: "Id"))
+    ResourcePolicySummary.add_member(:arn, Shapes::ShapeRef.new(shape: ResourcePolicyArn, location_name: "Arn"))
+    ResourcePolicySummary.struct_class = Types::ResourcePolicySummary
+
     Root.add_member(:id, Shapes::ShapeRef.new(shape: RootId, location_name: "Id"))
     Root.add_member(:arn, Shapes::ShapeRef.new(shape: RootArn, location_name: "Arn"))
     Root.add_member(:name, Shapes::ShapeRef.new(shape: RootName, location_name: "Name"))
@@ -1121,6 +1151,22 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
+      api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourcePolicyNotFoundException)
+      end)
+
       api.add_operation(:deregister_delegated_administrator, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeregisterDelegatedAdministrator"
         o.http_method = "POST"
@@ -1241,6 +1287,21 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
+      api.add_operation(:describe_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.output = Shapes::ShapeRef.new(shape: DescribeResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourcePolicyNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+      end)
+
       api.add_operation(:detach_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DetachPolicy"
         o.http_method = "POST"
@@ -1724,6 +1785,22 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
       end)
 
+      api.add_operation(:put_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+      end)
+
       api.add_operation(:register_delegated_administrator, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RegisterDelegatedAdministrator"
         o.http_method = "POST"

data/lib/aws-sdk-organizations/endpoint_parameters.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::Organizations
+  # Endpoint parameters used to influence endpoints per request.
+  #
+  # @!attribute region
+  #   The AWS region used to dispatch the request.
+  #
+  #   @return [String]
+  #
+  # @!attribute use_dual_stack
+  #   When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute use_fips
+  #   When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
+  #
+  #   @return [Boolean]
+  #
+  # @!attribute endpoint
+  #   Override the endpoint used to send this request
+  #
+  #   @return [String]
+  #
+  EndpointParameters = Struct.new(
+    :region,
+    :use_dual_stack,
+    :use_fips,
+    :endpoint,
+  ) do
+    include Aws::Structure
+
+    # @api private
+    class << self
+      PARAM_MAP = {
+        'Region' => :region,
+        'UseDualStack' => :use_dual_stack,
+        'UseFIPS' => :use_fips,
+        'Endpoint' => :endpoint,
+      }.freeze
+    end
+
+    def initialize(options = {})
+      self[:region] = options[:region]
+      if self[:region].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :region"
+      end
+      self[:use_dual_stack] = options[:use_dual_stack]
+      self[:use_dual_stack] = false if self[:use_dual_stack].nil?
+      if self[:use_dual_stack].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
+      end
+      self[:use_fips] = options[:use_fips]
+      self[:use_fips] = false if self[:use_fips].nil?
+      if self[:use_fips].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
+      end
+      self[:endpoint] = options[:endpoint]
+    end
+  end
+end