aws-sdk-organizations 1.71.0 → 1.73.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30eb0b6ecdf6ca6fc36ab0af7f9933b08ac954319beb8d894d67dd47750d25ed
-  data.tar.gz: 2fd8952d5954af2ae2dbdd27907c98853dfc0c4309d1cf96fb80a6942d5548fe
+  metadata.gz: 1a45af0d35a20cc99841327a8059ed1066fe53da7f7298cd08d24c7fd293c7a2
+  data.tar.gz: d83a94073d426846db764e0195f44ed9fbf9669ea39fb09acb72e38c80d12fdb
 SHA512:
-  metadata.gz: a2d2543fc411fc8e4683e74a315f98869d5e6201901fe15bfa09b43f446f6b644ad442150ef7ff18a7b027fadaec748293df21e7145e22292446b2a19169dfa2
-  data.tar.gz: e919d54daeed00689596ddf8d6a786a843eb2cb3843b8ab2157e560edba8c51b2660da1d7f182228fbdd2fffe6ecff7e1718c7d595babeac389fe260ea042555
+  metadata.gz: c045e11601bab4953df087747a59c5f712ab4451c1ed95e6d3f79781425ceda53582e24f38085b8a031061ac037cd1b4a3e2318cb7b833adc6c7b52df62c498e
+  data.tar.gz: 28e9587d250fe63807be448c25e492fda123edf2e5fa51022ebc866c2d9345f55a505b22acd48099bbc49539d78bd4d8ff2f4e5dd00cfe5108576273c4335e9c

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 Unreleased Changes
 ------------------
 
+1.73.0 (2023-01-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+* Issue - Replace runtime endpoint resolution approach with generated ruby code.
+
+1.72.0 (2022-11-28)
+------------------
+
+* Feature - This release introduces delegated administrator for AWS Organizations, a new feature to help you delegate the management of your Organizations policies, enabling you to govern your AWS organization in a decentralized way. You can now allow member accounts to manage Organizations policies.
+
 1.71.0 (2022-10-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.71.0
+1.73.0

data/lib/aws-sdk-organizations/client.rb

@@ -381,8 +381,8 @@ module Aws::Organizations
     # Sends a response to the originator of a handshake agreeing to the
     # action proposed by the handshake request.
     #
-    # This operation can be called only by the following principals when
-    # they also have the relevant IAM permissions:
+    # You can only call this operation by the following principals when they
+    # also have the relevant IAM permissions:
     #
     # * **Invitation to join** or **Approve all features request**
     #   handshakes: only a principal from the member account.
@@ -804,7 +804,7 @@ module Aws::Organizations
     # few minutes before you can successfully access the account. To check
     # the status of the request, do one of the following:
     #
-    # * Use the `Id` member of the `CreateAccountStatus` response element
+    # * Use the `Id` value of the `CreateAccountStatus` response element
     #   from this operation to provide as a parameter to the
     #   DescribeCreateAccountStatus operation.
     #
@@ -918,8 +918,6 @@ module Aws::Organizations
     #   The friendly name of the member account.
     #
     # @option params [String] :role_name
-    #   (Optional)
-    #
     #   The name of an IAM role that Organizations automatically preconfigures
     #   in the new member account. This role trusts the management account,
     #   allowing users in the management account to assume the role, as
@@ -1030,7 +1028,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount AWS API Documentation
     #
@@ -1317,7 +1315,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount AWS API Documentation
     #
@@ -1923,6 +1921,22 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Deletes the resource policy from your organization.
+    #
+    # You can only call this operation from the organization's management
+    # account.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteResourcePolicy AWS API Documentation
+    #
+    # @overload delete_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def delete_resource_policy(params = {}, options = {})
+      req = build_request(:delete_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Removes the specified member Amazon Web Services account as a
     # delegated administrator for the specified Amazon Web Services service.
     #
@@ -2102,7 +2116,7 @@ module Aws::Organizations
     #   resp.create_account_status.completed_timestamp #=> Time
     #   resp.create_account_status.account_id #=> String
     #   resp.create_account_status.gov_cloud_account_id #=> String
-    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_status.failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus AWS API Documentation
     #
@@ -2487,6 +2501,31 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Retrieves information about a resource policy.
+    #
+    # You can only call this operation from the organization's management
+    # account or by a member account that is a delegated administrator for
+    # an AWS service.
+    #
+    # @return [Types::DescribeResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeResourcePolicyResponse#resource_policy #resource_policy} => Types::ResourcePolicy
+    #
+    # @example Response structure
+    #
+    #   resp.resource_policy.resource_policy_summary.id #=> String
+    #   resp.resource_policy.resource_policy_summary.arn #=> String
+    #   resp.resource_policy.content #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeResourcePolicy AWS API Documentation
+    #
+    # @overload describe_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def describe_resource_policy(params = {}, options = {})
+      req = build_request(:describe_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Detaches a policy from a target root, organizational unit (OU), or
     # account.
     #
@@ -2792,7 +2831,7 @@ module Aws::Organizations
     # Organizations, see [Integrating Organizations with Other Amazon Web
     # Services Services][2] in the *Organizations User Guide.*
     #
-    # This operation can be called only from the organization's management
+    # You can only call this operation from the organization's management
     # account and only if the organization has [enabled all features][3].
     #
     #
@@ -3821,7 +3860,7 @@ module Aws::Organizations
     #   resp.create_account_statuses[0].completed_timestamp #=> Time
     #   resp.create_account_statuses[0].account_id #=> String
     #   resp.create_account_statuses[0].gov_cloud_account_id #=> String
-    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT"
+    #   resp.create_account_statuses[0].failure_reason #=> String, one of "ACCOUNT_LIMIT_EXCEEDED", "EMAIL_ALREADY_EXISTS", "INVALID_ADDRESS", "INVALID_EMAIL", "CONCURRENT_ACCOUNT_MODIFICATION", "INTERNAL_FAILURE", "GOVCLOUD_ACCOUNT_ALREADY_EXISTS", "MISSING_BUSINESS_VALIDATION", "FAILED_BUSINESS_VALIDATION", "PENDING_BUSINESS_VALIDATION", "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION", "UNKNOWN_BUSINESS_VALIDATION", "MISSING_PAYMENT_INSTRUMENT", "INVALID_PAYMENT_INSTRUMENT", "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus AWS API Documentation
@@ -5152,6 +5191,70 @@ module Aws::Organizations
       req.send_request(options)
     end
 
+    # Creates or updates a resource policy.
+    #
+    # You can only call this operation from the organization's management
+    # account.
+    #
+    # @option params [required, String] :content
+    #   If provided, the new content for the resource policy. The text must be
+    #   correctly formatted JSON that complies with the syntax for the
+    #   resource policy's type. For more information, see [Service Control
+    #   Policy Syntax][1] in the *Organizations User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   Updates the list of tags that you want to attach to the newly-created
+    #   resource policy. For each tag in the list, you must specify both a tag
+    #   key and a value. You can set the value to an empty string, but you
+    #   can't set it to `null`. For more information about tagging, see
+    #   [Tagging Organizations resources][1] in the Organizations User Guide.
+    #
+    #   <note markdown="1"> Calls with tags apply to the initial creation of the resource policy,
+    #   otherwise an exception is thrown. If any one of the tags is invalid or
+    #   if you exceed the allowed number of tags for the resource policy, then
+    #   the entire request fails and the resource policy is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
+    # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutResourcePolicyResponse#resource_policy #resource_policy} => Types::ResourcePolicy
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_resource_policy({
+    #     content: "ResourcePolicyContent", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resource_policy.resource_policy_summary.id #=> String
+    #   resp.resource_policy.resource_policy_summary.arn #=> String
+    #   resp.resource_policy.content #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/PutResourcePolicy AWS API Documentation
+    #
+    # @overload put_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def put_resource_policy(params = {}, options = {})
+      req = build_request(:put_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Enables the specified member account to administer the Organizations
     # features of the specified Amazon Web Services service. It grants
     # read-only access to Organizations service data. The account still
@@ -5608,7 +5711,7 @@ module Aws::Organizations
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-organizations'
-      context[:gem_version] = '1.71.0'
+      context[:gem_version] = '1.73.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-organizations/client_api.rb

@@ -87,6 +87,7 @@ module Aws::Organizations
     DescribeOrganizationalUnitResponse = Shapes::StructureShape.new(name: 'DescribeOrganizationalUnitResponse')
     DescribePolicyRequest = Shapes::StructureShape.new(name: 'DescribePolicyRequest')
     DescribePolicyResponse = Shapes::StructureShape.new(name: 'DescribePolicyResponse')
+    DescribeResourcePolicyResponse = Shapes::StructureShape.new(name: 'DescribeResourcePolicyResponse')
     DestinationParentNotFoundException = Shapes::StructureShape.new(name: 'DestinationParentNotFoundException')
     DetachPolicyRequest = Shapes::StructureShape.new(name: 'DetachPolicyRequest')
     DisableAWSServiceAccessRequest = Shapes::StructureShape.new(name: 'DisableAWSServiceAccessRequest')
@@ -213,8 +214,16 @@ module Aws::Organizations
     PolicyTypeStatus = Shapes::StringShape.new(name: 'PolicyTypeStatus')
     PolicyTypeSummary = Shapes::StructureShape.new(name: 'PolicyTypeSummary')
     PolicyTypes = Shapes::ListShape.new(name: 'PolicyTypes')
+    PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
+    PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
     RegisterDelegatedAdministratorRequest = Shapes::StructureShape.new(name: 'RegisterDelegatedAdministratorRequest')
     RemoveAccountFromOrganizationRequest = Shapes::StructureShape.new(name: 'RemoveAccountFromOrganizationRequest')
+    ResourcePolicy = Shapes::StructureShape.new(name: 'ResourcePolicy')
+    ResourcePolicyArn = Shapes::StringShape.new(name: 'ResourcePolicyArn')
+    ResourcePolicyContent = Shapes::StringShape.new(name: 'ResourcePolicyContent')
+    ResourcePolicyId = Shapes::StringShape.new(name: 'ResourcePolicyId')
+    ResourcePolicyNotFoundException = Shapes::StructureShape.new(name: 'ResourcePolicyNotFoundException')
+    ResourcePolicySummary = Shapes::StructureShape.new(name: 'ResourcePolicySummary')
     RoleName = Shapes::StringShape.new(name: 'RoleName')
     Root = Shapes::StructureShape.new(name: 'Root')
     RootArn = Shapes::StringShape.new(name: 'RootArn')
@@ -456,6 +465,9 @@ module Aws::Organizations
     DescribePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
     DescribePolicyResponse.struct_class = Types::DescribePolicyResponse
 
+    DescribeResourcePolicyResponse.add_member(:resource_policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "ResourcePolicy"))
+    DescribeResourcePolicyResponse.struct_class = Types::DescribeResourcePolicyResponse
+
     DestinationParentNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
     DestinationParentNotFoundException.struct_class = Types::DestinationParentNotFoundException
 
@@ -811,6 +823,13 @@ module Aws::Organizations
 
     PolicyTypes.member = Shapes::ShapeRef.new(shape: PolicyTypeSummary)
 
+    PutResourcePolicyRequest.add_member(:content, Shapes::ShapeRef.new(shape: ResourcePolicyContent, required: true, location_name: "Content"))
+    PutResourcePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
+    PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
+
+    PutResourcePolicyResponse.add_member(:resource_policy, Shapes::ShapeRef.new(shape: ResourcePolicy, location_name: "ResourcePolicy"))
+    PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse
+
     RegisterDelegatedAdministratorRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
     RegisterDelegatedAdministratorRequest.add_member(:service_principal, Shapes::ShapeRef.new(shape: ServicePrincipal, required: true, location_name: "ServicePrincipal"))
     RegisterDelegatedAdministratorRequest.struct_class = Types::RegisterDelegatedAdministratorRequest
@@ -818,6 +837,17 @@ module Aws::Organizations
     RemoveAccountFromOrganizationRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
     RemoveAccountFromOrganizationRequest.struct_class = Types::RemoveAccountFromOrganizationRequest
 
+    ResourcePolicy.add_member(:resource_policy_summary, Shapes::ShapeRef.new(shape: ResourcePolicySummary, location_name: "ResourcePolicySummary"))
+    ResourcePolicy.add_member(:content, Shapes::ShapeRef.new(shape: ResourcePolicyContent, location_name: "Content"))
+    ResourcePolicy.struct_class = Types::ResourcePolicy
+
+    ResourcePolicyNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
+    ResourcePolicyNotFoundException.struct_class = Types::ResourcePolicyNotFoundException
+
+    ResourcePolicySummary.add_member(:id, Shapes::ShapeRef.new(shape: ResourcePolicyId, location_name: "Id"))
+    ResourcePolicySummary.add_member(:arn, Shapes::ShapeRef.new(shape: ResourcePolicyArn, location_name: "Arn"))
+    ResourcePolicySummary.struct_class = Types::ResourcePolicySummary
+
     Root.add_member(:id, Shapes::ShapeRef.new(shape: RootId, location_name: "Id"))
     Root.add_member(:arn, Shapes::ShapeRef.new(shape: RootArn, location_name: "Arn"))
     Root.add_member(:name, Shapes::ShapeRef.new(shape: RootName, location_name: "Name"))
@@ -1121,6 +1151,22 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
+      api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourcePolicyNotFoundException)
+      end)
+
       api.add_operation(:deregister_delegated_administrator, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeregisterDelegatedAdministrator"
         o.http_method = "POST"
@@ -1241,6 +1287,21 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
       end)
 
+      api.add_operation(:describe_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.output = Shapes::ShapeRef.new(shape: DescribeResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourcePolicyNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+      end)
+
       api.add_operation(:detach_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DetachPolicy"
         o.http_method = "POST"
@@ -1724,6 +1785,22 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)
       end)
 
+      api.add_operation(:put_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedAPIEndpointException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
+        o.errors << Shapes::ShapeRef.new(shape: AWSOrganizationsNotInUseException)
+      end)
+
       api.add_operation(:register_delegated_administrator, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RegisterDelegatedAdministrator"
         o.http_method = "POST"

data/lib/aws-sdk-organizations/endpoint_parameters.rb

@@ -50,6 +50,9 @@ module Aws::Organizations
 
     def initialize(options = {})
       self[:region] = options[:region]
+      if self[:region].nil?
+        raise ArgumentError, "Missing required EndpointParameter: :region"
+      end
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
       if self[:use_dual_stack].nil?