aws-sdk-organizations 1.78.0 → 1.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-organizations/client.rb +121 -118
- data/lib/aws-sdk-organizations/endpoint_provider.rb +9 -72
- data/lib/aws-sdk-organizations/types.rb +55 -51
- data/lib/aws-sdk-organizations.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3d49e9231de10796902084742731b08596b09e239411925efebe4e2df74a13e4
|
4
|
+
data.tar.gz: 8befe6c7f2a05994fcd28652b8174a2dd893108e5d7392c2da4262d5c8e03a01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2c5d1bcd965e5e51497f8c2d568c82cf74a30ee93c8af98c65f5c4e140e1e095e53a5a3b13d40fb9f37274e70011d0c948051b5bd562752932d0df6de7c8de09
|
7
|
+
data.tar.gz: 5f4b320db3bb7485a81a0f10a8a2675eb612603c9e463d4787a0b115e31db0c801cff37f4922767a09a799cf1890a8c28c72a24a4a20811f38ae6761d4d274b1
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.80.0 (2023-08-28)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Documentation updates for permissions and links.
|
8
|
+
|
9
|
+
1.79.0 (2023-07-11)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
4
14
|
1.78.0 (2023-07-06)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.80.0
|
@@ -216,6 +216,10 @@ module Aws::Organizations
|
|
216
216
|
# @option options [Boolean] :endpoint_discovery (false)
|
217
217
|
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
218
218
|
#
|
219
|
+
# @option options [Boolean] :ignore_configured_endpoint_urls
|
220
|
+
# Setting to true disables use of endpoint URLs provided via environment
|
221
|
+
# variables and the shared configuration file.
|
222
|
+
#
|
219
223
|
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
220
224
|
# The log formatter.
|
221
225
|
#
|
@@ -409,7 +413,7 @@ module Aws::Organizations
|
|
409
413
|
# `iam:CreateServiceLinkedRole` permission so that Organizations can
|
410
414
|
# create the required service-linked role named
|
411
415
|
# `AWSServiceRoleForOrganizations`. For more information, see
|
412
|
-
# [Organizations and
|
416
|
+
# [Organizations and service-linked roles][1] in the *Organizations
|
413
417
|
# User Guide*.
|
414
418
|
#
|
415
419
|
# * **Enable all features final confirmation** handshake: only a
|
@@ -417,16 +421,16 @@ module Aws::Organizations
|
|
417
421
|
#
|
418
422
|
# For more information about invitations, see [Inviting an Amazon Web
|
419
423
|
# Services account to join your organization][2] in the *Organizations
|
420
|
-
# User Guide
|
424
|
+
# User Guide*. For more information about requests to enable all
|
421
425
|
# features in the organization, see [Enabling all features in your
|
422
|
-
# organization][3] in the *Organizations User Guide
|
426
|
+
# organization][3] in the *Organizations User Guide*.
|
423
427
|
#
|
424
428
|
# After you accept a handshake, it continues to appear in the results of
|
425
429
|
# relevant APIs for only 30 days. After that, it's deleted.
|
426
430
|
#
|
427
431
|
#
|
428
432
|
#
|
429
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#
|
433
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integrate_services-using_slrs
|
430
434
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html
|
431
435
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
432
436
|
#
|
@@ -545,7 +549,8 @@ module Aws::Organizations
|
|
545
549
|
# * [TAG\_POLICY][4]
|
546
550
|
#
|
547
551
|
# This operation can be called only from the organization's management
|
548
|
-
# account
|
552
|
+
# account or by a member account that is a delegated administrator for
|
553
|
+
# an Amazon Web Services service.
|
549
554
|
#
|
550
555
|
#
|
551
556
|
#
|
@@ -763,15 +768,14 @@ module Aws::Organizations
|
|
763
768
|
# * Check the CloudTrail log for the `CloseAccountResult` event that
|
764
769
|
# gets published after the account closes successfully. For
|
765
770
|
# information on using CloudTrail with Organizations, see [Logging and
|
766
|
-
# monitoring in Organizations][2] in the *Organizations User Guide
|
771
|
+
# monitoring in Organizations][2] in the *Organizations User Guide*.
|
767
772
|
#
|
768
773
|
# <note markdown="1"> * You can close only 10% of member accounts, between 10 and 200,
|
769
774
|
# within a rolling 30 day period. This quota is not bound by a
|
770
|
-
# calendar month, but starts when you close an account.
|
771
|
-
#
|
772
|
-
#
|
773
|
-
#
|
774
|
-
# in the Amazon Web Services Billing and Cost Management User Guide.
|
775
|
+
# calendar month, but starts when you close an account. After you
|
776
|
+
# reach this limit, you can close additional accounts. For more
|
777
|
+
# information, see [Closing a member account in your organization][3]
|
778
|
+
# in the *Organizations User Guide*.
|
775
779
|
#
|
776
780
|
# * To reinstate a closed account, contact Amazon Web Services Support
|
777
781
|
# within the 90-day grace period while the account is in SUSPENDED
|
@@ -785,16 +789,12 @@ module Aws::Organizations
|
|
785
789
|
#
|
786
790
|
# </note>
|
787
791
|
#
|
788
|
-
# For more information about closing accounts, see [Closing an Amazon
|
789
|
-
# Web Services account][5] in the *Organizations User Guide.*
|
790
|
-
#
|
791
792
|
#
|
792
793
|
#
|
793
794
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
794
795
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
795
|
-
# [3]: https://docs.aws.amazon.com/
|
796
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
796
797
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/Closing-govcloud-account.html
|
797
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
798
798
|
#
|
799
799
|
# @option params [required, String] :account_id
|
800
800
|
# Retrieves the Amazon Web Services account Id for the current
|
@@ -832,13 +832,13 @@ module Aws::Organizations
|
|
832
832
|
#
|
833
833
|
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
834
834
|
# information on using CloudTrail with Organizations, see [Logging and
|
835
|
-
# monitoring in Organizations][1] in the *Organizations User Guide
|
835
|
+
# monitoring in Organizations][1] in the *Organizations User Guide*.
|
836
836
|
#
|
837
837
|
# The user who calls the API to create an account must have the
|
838
838
|
# `organizations:CreateAccount` permission. If you enabled all features
|
839
839
|
# in the organization, Organizations creates the required service-linked
|
840
840
|
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
841
|
-
# [Organizations and
|
841
|
+
# [Organizations and service-linked roles][2] in the *Organizations User
|
842
842
|
# Guide*.
|
843
843
|
#
|
844
844
|
# If the request includes tags, then the requester must have the
|
@@ -854,9 +854,8 @@ module Aws::Organizations
|
|
854
854
|
# This operation can be called only from the organization's management
|
855
855
|
# account.
|
856
856
|
#
|
857
|
-
# For more information about creating accounts, see [Creating
|
858
|
-
#
|
859
|
-
# User Guide.*
|
857
|
+
# For more information about creating accounts, see [Creating a member
|
858
|
+
# account in your organization][3] in the *Organizations User Guide*.
|
860
859
|
#
|
861
860
|
# * When you create an account in an organization using the
|
862
861
|
# Organizations console, API, or CLI commands, the information
|
@@ -864,8 +863,9 @@ module Aws::Organizations
|
|
864
863
|
# a payment method and signing the end user license agreement (EULA)
|
865
864
|
# is *not* automatically collected. If you must remove an account from
|
866
865
|
# your organization later, you can do so only after you provide the
|
867
|
-
# missing information.
|
868
|
-
#
|
866
|
+
# missing information. For more information, see [Considerations
|
867
|
+
# before removing an account from an organization][4] in the
|
868
|
+
# *Organizations User Guide*.
|
869
869
|
#
|
870
870
|
# * If you get an exception that indicates that you exceeded your
|
871
871
|
# account limits for the organization, contact [Amazon Web Services
|
@@ -880,7 +880,7 @@ module Aws::Organizations
|
|
880
880
|
# recommended. You can only close an account from the Billing and Cost
|
881
881
|
# Management console, and you must be signed in as the root user. For
|
882
882
|
# information on the requirements and process for closing an account,
|
883
|
-
# see [Closing
|
883
|
+
# see [Closing a member account in your organization][6] in the
|
884
884
|
# *Organizations User Guide*.
|
885
885
|
#
|
886
886
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
@@ -889,8 +889,8 @@ module Aws::Organizations
|
|
889
889
|
# roles that have appropriate permissions can view billing information
|
890
890
|
# for the account. If you disable it, only the account root user can
|
891
891
|
# access billing information. For information about how to disable this
|
892
|
-
# switch for an account, see [Granting
|
893
|
-
#
|
892
|
+
# switch for an account, see [Granting access to your billing
|
893
|
+
# information and tools][7].
|
894
894
|
#
|
895
895
|
# </note>
|
896
896
|
#
|
@@ -899,10 +899,10 @@ module Aws::Organizations
|
|
899
899
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
900
900
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
901
901
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
902
|
-
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
902
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
903
903
|
# [5]: https://console.aws.amazon.com/support/home#/
|
904
904
|
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
905
|
-
# [7]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/
|
905
|
+
# [7]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#grantaccess
|
906
906
|
#
|
907
907
|
# @option params [required, String] :email
|
908
908
|
# The email address of the owner to assign to the new member account.
|
@@ -952,11 +952,11 @@ module Aws::Organizations
|
|
952
952
|
# For more information about how to use this role to access the member
|
953
953
|
# account, see the following links:
|
954
954
|
#
|
955
|
-
# * [
|
956
|
-
#
|
955
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
956
|
+
# account][1] in the *Organizations User Guide*
|
957
957
|
#
|
958
|
-
# * Steps 2 and 3 in [Tutorial: Delegate
|
959
|
-
# Services accounts
|
958
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
959
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
960
960
|
#
|
961
961
|
# The [regex pattern][3] that is used to validate this parameter. The
|
962
962
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -972,8 +972,8 @@ module Aws::Organizations
|
|
972
972
|
# If set to `ALLOW`, the new account enables IAM users to access account
|
973
973
|
# billing information *if* they have the required permissions. If set to
|
974
974
|
# `DENY`, only the root user of the new account can access account
|
975
|
-
# billing information. For more information, see [
|
976
|
-
# the Billing and Cost Management
|
975
|
+
# billing information. For more information, see [About IAM access to
|
976
|
+
# the Billing and Cost Management console][1] in the *Amazon Web
|
977
977
|
# Services Billing and Cost Management User Guide*.
|
978
978
|
#
|
979
979
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
@@ -1079,8 +1079,8 @@ module Aws::Organizations
|
|
1079
1079
|
#
|
1080
1080
|
# Organizations automatically creates the required service-linked role
|
1081
1081
|
# named `AWSServiceRoleForOrganizations`. For more information, see
|
1082
|
-
# [Organizations and
|
1083
|
-
# Guide
|
1082
|
+
# [Organizations and service-linked roles][2] in the *Organizations User
|
1083
|
+
# Guide*.
|
1084
1084
|
#
|
1085
1085
|
# Amazon Web Services automatically enables CloudTrail for Amazon Web
|
1086
1086
|
# Services GovCloud (US) accounts, but you should also do the following:
|
@@ -1106,7 +1106,7 @@ module Aws::Organizations
|
|
1106
1106
|
# Amazon Web Services GovCloud (US) Region can invite it to that
|
1107
1107
|
# organization. For more information on inviting standalone accounts in
|
1108
1108
|
# the Amazon Web Services GovCloud (US) to join an organization, see
|
1109
|
-
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide
|
1109
|
+
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide*.
|
1110
1110
|
#
|
1111
1111
|
# Calling `CreateGovCloudAccount` is an asynchronous request that Amazon
|
1112
1112
|
# Web Services performs in the background. Because
|
@@ -1120,9 +1120,8 @@ module Aws::Organizations
|
|
1120
1120
|
# provide as a parameter to the DescribeCreateAccountStatus operation.
|
1121
1121
|
#
|
1122
1122
|
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
1123
|
-
# information on using CloudTrail with Organizations, see [
|
1124
|
-
#
|
1125
|
-
# Guide.*
|
1123
|
+
# information on using CloudTrail with Organizations, see [Logging and
|
1124
|
+
# monitoring in Organizations][5] in the *Organizations User Guide*.
|
1126
1125
|
#
|
1127
1126
|
#
|
1128
1127
|
#
|
@@ -1142,11 +1141,10 @@ module Aws::Organizations
|
|
1142
1141
|
# GovCloud (US) account that is associated with the management account
|
1143
1142
|
# of the commercial organization. For more information and to view a
|
1144
1143
|
# diagram that explains how account access works, see [Organizations][4]
|
1145
|
-
# in the *Amazon Web Services GovCloud User Guide
|
1144
|
+
# in the *Amazon Web Services GovCloud User Guide*.
|
1146
1145
|
#
|
1147
|
-
# For more information about creating accounts, see [Creating
|
1148
|
-
#
|
1149
|
-
# User Guide.*
|
1146
|
+
# For more information about creating accounts, see [Creating a member
|
1147
|
+
# account in your organization][6] in the *Organizations User Guide*.
|
1150
1148
|
#
|
1151
1149
|
# * When you create an account in an organization using the
|
1152
1150
|
# Organizations console, API, or CLI commands, the information
|
@@ -1154,9 +1152,9 @@ module Aws::Organizations
|
|
1154
1152
|
# automatically collected. This includes a payment method and signing
|
1155
1153
|
# the end user license agreement (EULA). If you must remove an account
|
1156
1154
|
# from your organization later, you can do so only after you provide
|
1157
|
-
# the missing information.
|
1158
|
-
#
|
1159
|
-
# Guide
|
1155
|
+
# the missing information. For more information, see [Considerations
|
1156
|
+
# before removing an account from an organization][7] in the
|
1157
|
+
# *Organizations User Guide*.
|
1160
1158
|
#
|
1161
1159
|
# * If you get an exception that indicates that you exceeded your
|
1162
1160
|
# account limits for the organization, contact [Amazon Web Services
|
@@ -1171,8 +1169,8 @@ module Aws::Organizations
|
|
1171
1169
|
# isn't recommended. You can only close an account from the Amazon
|
1172
1170
|
# Web Services Billing and Cost Management console, and you must be
|
1173
1171
|
# signed in as the root user. For information on the requirements and
|
1174
|
-
# process for closing an account, see [Closing
|
1175
|
-
#
|
1172
|
+
# process for closing an account, see [Closing a member account in
|
1173
|
+
# your organization][9] in the *Organizations User Guide*.
|
1176
1174
|
#
|
1177
1175
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
1178
1176
|
# whether to create the account with the **IAM User and Role Access to
|
@@ -1180,8 +1178,8 @@ module Aws::Organizations
|
|
1180
1178
|
# roles that have appropriate permissions can view billing information
|
1181
1179
|
# for the account. If you disable it, only the account root user can
|
1182
1180
|
# access billing information. For information about how to disable this
|
1183
|
-
# switch for an account, see [Granting
|
1184
|
-
#
|
1181
|
+
# switch for an account, see [Granting access to your billing
|
1182
|
+
# information and tools][10].
|
1185
1183
|
#
|
1186
1184
|
# </note>
|
1187
1185
|
#
|
@@ -1191,9 +1189,9 @@ module Aws::Organizations
|
|
1191
1189
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
1192
1190
|
# [3]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html
|
1193
1191
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
1194
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1192
|
+
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html
|
1195
1193
|
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
1196
|
-
# [7]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1194
|
+
# [7]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
1197
1195
|
# [8]: https://console.aws.amazon.com/support/home#/
|
1198
1196
|
# [9]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
1199
1197
|
# [10]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
|
@@ -1255,10 +1253,13 @@ module Aws::Organizations
|
|
1255
1253
|
# `OrganizationAccountAccessRole`.
|
1256
1254
|
#
|
1257
1255
|
# For more information about how to use this role to access the member
|
1258
|
-
# account, see
|
1259
|
-
#
|
1260
|
-
#
|
1261
|
-
#
|
1256
|
+
# account, see the following links:
|
1257
|
+
#
|
1258
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
1259
|
+
# account][1] in the *Organizations User Guide*
|
1260
|
+
#
|
1261
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
1262
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
1262
1263
|
#
|
1263
1264
|
# The [regex pattern][3] that is used to validate this parameter. The
|
1264
1265
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -1275,9 +1276,9 @@ module Aws::Organizations
|
|
1275
1276
|
# enables IAM users to access account billing information *if* they have
|
1276
1277
|
# the required permissions. If set to `DENY`, only the root user of the
|
1277
1278
|
# new account can access account billing information. For more
|
1278
|
-
# information, see [
|
1279
|
-
#
|
1280
|
-
# User Guide
|
1279
|
+
# information, see [About IAM access to the Billing and Cost Management
|
1280
|
+
# console][1] in the *Amazon Web Services Billing and Cost Management
|
1281
|
+
# User Guide*.
|
1281
1282
|
#
|
1282
1283
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
1283
1284
|
# and IAM users and roles with the required permissions can access
|
@@ -1361,8 +1362,8 @@ module Aws::Organizations
|
|
1361
1362
|
# control policies automatically enabled in the root. If you instead
|
1362
1363
|
# choose to create the organization supporting only the consolidated
|
1363
1364
|
# billing features by setting the `FeatureSet` parameter to
|
1364
|
-
# `CONSOLIDATED_BILLING
|
1365
|
-
#
|
1365
|
+
# `CONSOLIDATED_BILLING`, no policy types are enabled by default and you
|
1366
|
+
# can't use organization policies.
|
1366
1367
|
#
|
1367
1368
|
#
|
1368
1369
|
#
|
@@ -1375,7 +1376,7 @@ module Aws::Organizations
|
|
1375
1376
|
# * `CONSOLIDATED_BILLING`: All member accounts have their bills
|
1376
1377
|
# consolidated to and paid by the management account. For more
|
1377
1378
|
# information, see [Consolidated billing][1] in the *Organizations
|
1378
|
-
# User Guide
|
1379
|
+
# User Guide*.
|
1379
1380
|
#
|
1380
1381
|
# The consolidated billing feature subset isn't available for
|
1381
1382
|
# organizations in the Amazon Web Services GovCloud (US) Region.
|
@@ -1384,7 +1385,7 @@ module Aws::Organizations
|
|
1384
1385
|
# billing feature set, the management account can also apply any
|
1385
1386
|
# policy type to any member account in the organization. For more
|
1386
1387
|
# information, see [All features][2] in the *Organizations User
|
1387
|
-
# Guide
|
1388
|
+
# Guide*.
|
1388
1389
|
#
|
1389
1390
|
#
|
1390
1391
|
#
|
@@ -1480,8 +1481,8 @@ module Aws::Organizations
|
|
1480
1481
|
# types enabled for that root. For service control policies, the limit
|
1481
1482
|
# is five.
|
1482
1483
|
#
|
1483
|
-
# For more information about OUs, see [Managing
|
1484
|
-
# in the *Organizations User Guide
|
1484
|
+
# For more information about OUs, see [Managing organizational units
|
1485
|
+
# (OUs)][1] in the *Organizations User Guide*.
|
1485
1486
|
#
|
1486
1487
|
# If the request includes tags, then the requester must have the
|
1487
1488
|
# `organizations:TagResource` permission.
|
@@ -1588,13 +1589,14 @@ module Aws::Organizations
|
|
1588
1589
|
# account.
|
1589
1590
|
#
|
1590
1591
|
# For more information about policies and their use, see [Managing
|
1591
|
-
#
|
1592
|
+
# Organizations policies][1].
|
1592
1593
|
#
|
1593
1594
|
# If the request includes tags, then the requester must have the
|
1594
1595
|
# `organizations:TagResource` permission.
|
1595
1596
|
#
|
1596
1597
|
# This operation can be called only from the organization's management
|
1597
|
-
# account
|
1598
|
+
# account or by a member account that is a delegated administrator for
|
1599
|
+
# an Amazon Web Services service.
|
1598
1600
|
#
|
1599
1601
|
#
|
1600
1602
|
#
|
@@ -1901,7 +1903,8 @@ module Aws::Organizations
|
|
1901
1903
|
# organizational units (OUs), roots, and accounts.
|
1902
1904
|
#
|
1903
1905
|
# This operation can be called only from the organization's management
|
1904
|
-
# account
|
1906
|
+
# account or by a member account that is a delegated administrator for
|
1907
|
+
# an Amazon Web Services service.
|
1905
1908
|
#
|
1906
1909
|
# @option params [required, String] :policy_id
|
1907
1910
|
# The unique identifier (ID) of the policy that you want to delete. You
|
@@ -2157,16 +2160,14 @@ module Aws::Organizations
|
|
2157
2160
|
# This operation applies only to policy types *other* than service
|
2158
2161
|
# control policies (SCPs).
|
2159
2162
|
#
|
2160
|
-
# For more information about policy inheritance, see [
|
2161
|
-
#
|
2163
|
+
# For more information about policy inheritance, see [Understanding
|
2164
|
+
# management policy inheritance][1] in the *Organizations User Guide*.
|
2162
2165
|
#
|
2163
|
-
# This operation can be called
|
2164
|
-
# account or by a member account that is a delegated administrator for
|
2165
|
-
# an Amazon Web Services service.
|
2166
|
+
# This operation can be called from any account in the organization.
|
2166
2167
|
#
|
2167
2168
|
#
|
2168
2169
|
#
|
2169
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
2170
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_inheritance_mgmt.html
|
2170
2171
|
#
|
2171
2172
|
# @option params [required, String] :policy_type
|
2172
2173
|
# The type of policy that you want information about. You can specify
|
@@ -2525,7 +2526,7 @@ module Aws::Organizations
|
|
2525
2526
|
|
2526
2527
|
# Retrieves information about a resource policy.
|
2527
2528
|
#
|
2528
|
-
#
|
2529
|
+
# This operation can be called only from the organization's management
|
2529
2530
|
# account or by a member account that is a delegated administrator for
|
2530
2531
|
# an Amazon Web Services service.
|
2531
2532
|
#
|
@@ -2567,7 +2568,8 @@ module Aws::Organizations
|
|
2567
2568
|
# list][2]".
|
2568
2569
|
#
|
2569
2570
|
# This operation can be called only from the organization's management
|
2570
|
-
# account
|
2571
|
+
# account or by a member account that is a delegated administrator for
|
2572
|
+
# an Amazon Web Services service.
|
2571
2573
|
#
|
2572
2574
|
#
|
2573
2575
|
#
|
@@ -2693,8 +2695,8 @@ module Aws::Organizations
|
|
2693
2695
|
#
|
2694
2696
|
# For more information about integrating other services with
|
2695
2697
|
# Organizations, including the list of services that work with
|
2696
|
-
# Organizations, see [
|
2697
|
-
#
|
2698
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
2699
|
+
# services][3] in the *Organizations User Guide*.
|
2698
2700
|
#
|
2699
2701
|
# This operation can be called only from the organization's management
|
2700
2702
|
# account.
|
@@ -2743,7 +2745,8 @@ module Aws::Organizations
|
|
2743
2745
|
# and then use this operation.
|
2744
2746
|
#
|
2745
2747
|
# This operation can be called only from the organization's management
|
2746
|
-
# account
|
2748
|
+
# account or by a member account that is a delegated administrator for
|
2749
|
+
# an Amazon Web Services service.
|
2747
2750
|
#
|
2748
2751
|
# To view the status of available policy types in the organization, use
|
2749
2752
|
# DescribeOrganization.
|
@@ -2850,8 +2853,8 @@ module Aws::Organizations
|
|
2850
2853
|
# service.
|
2851
2854
|
#
|
2852
2855
|
# For more information about enabling services to integrate with
|
2853
|
-
# Organizations, see [
|
2854
|
-
#
|
2856
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
2857
|
+
# services][2] in the *Organizations User Guide*.
|
2855
2858
|
#
|
2856
2859
|
# You can only call this operation from the organization's management
|
2857
2860
|
# account and only if the organization has [enabled all features][3].
|
@@ -2890,8 +2893,8 @@ module Aws::Organizations
|
|
2890
2893
|
# can be called in each account. Until you enable all features, you have
|
2891
2894
|
# access only to consolidated billing, and you can't use any of the
|
2892
2895
|
# advanced account administration features that Organizations supports.
|
2893
|
-
# For more information, see [Enabling
|
2894
|
-
#
|
2896
|
+
# For more information, see [Enabling all features in your
|
2897
|
+
# organization][1] in the *Organizations User Guide*.
|
2895
2898
|
#
|
2896
2899
|
# This operation is required only for organizations that were created
|
2897
2900
|
# explicitly with only the consolidated billing features enabled.
|
@@ -2999,7 +3002,8 @@ module Aws::Organizations
|
|
2999
3002
|
# then use this operation.
|
3000
3003
|
#
|
3001
3004
|
# This operation can be called only from the organization's management
|
3002
|
-
# account
|
3005
|
+
# account or by a member account that is a delegated administrator for
|
3006
|
+
# an Amazon Web Services service.
|
3003
3007
|
#
|
3004
3008
|
# You can enable a policy type in a root only if that policy type is
|
3005
3009
|
# available in the organization. To view the status of available policy
|
@@ -3103,7 +3107,7 @@ module Aws::Organizations
|
|
3103
3107
|
# you can invite only other AISPL accounts to your organization. You
|
3104
3108
|
# can't combine accounts from AISPL and Amazon Web Services or from
|
3105
3109
|
# any other Amazon Web Services seller. For more information, see
|
3106
|
-
# [Consolidated
|
3110
|
+
# [Consolidated billing in India][1].
|
3107
3111
|
#
|
3108
3112
|
# * If you receive an exception that indicates that you exceeded your
|
3109
3113
|
# account limits for the organization or that the operation failed
|
@@ -3119,7 +3123,7 @@ module Aws::Organizations
|
|
3119
3123
|
#
|
3120
3124
|
#
|
3121
3125
|
#
|
3122
|
-
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/
|
3126
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilling-India.html
|
3123
3127
|
# [2]: https://console.aws.amazon.com/support/home#/
|
3124
3128
|
#
|
3125
3129
|
# @option params [required, Types::HandshakeParty] :target
|
@@ -3308,10 +3312,9 @@ module Aws::Organizations
|
|
3308
3312
|
#
|
3309
3313
|
# Amazon Web Services uses the payment method to charge for any
|
3310
3314
|
# billable (not free tier) Amazon Web Services activity that occurs
|
3311
|
-
# while the account isn't attached to an organization.
|
3312
|
-
#
|
3313
|
-
#
|
3314
|
-
# Guide.*
|
3315
|
+
# while the account isn't attached to an organization. For more
|
3316
|
+
# information, see [Considerations before removing an account from an
|
3317
|
+
# organization][1] in the *Organizations User Guide*.
|
3315
3318
|
#
|
3316
3319
|
# * The account that you want to leave must not be a delegated
|
3317
3320
|
# administrator account for any Amazon Web Services service enabled
|
@@ -3320,9 +3323,9 @@ module Aws::Organizations
|
|
3320
3323
|
# account that is remaining in the organization.
|
3321
3324
|
#
|
3322
3325
|
# * You can leave an organization only after you enable IAM user access
|
3323
|
-
# to billing in your account. For more information, see [
|
3324
|
-
#
|
3325
|
-
# Web Services Billing and Cost Management User Guide
|
3326
|
+
# to billing in your account. For more information, see [About IAM
|
3327
|
+
# access to the Billing and Cost Management console][2] in the *Amazon
|
3328
|
+
# Web Services Billing and Cost Management User Guide*.
|
3326
3329
|
#
|
3327
3330
|
# * After the account leaves the organization, all tags that were
|
3328
3331
|
# attached to the account object in the organization are deleted.
|
@@ -3333,9 +3336,13 @@ module Aws::Organizations
|
|
3333
3336
|
# removed from its organization. If you get an error that indicates
|
3334
3337
|
# that a wait period is required, then try again in a few days.
|
3335
3338
|
#
|
3339
|
+
# * If you are using an organization principal to call
|
3340
|
+
# `LeaveOrganization` across multiple accounts, you can only do this
|
3341
|
+
# up to 5 accounts per second in a single organization.
|
3336
3342
|
#
|
3337
3343
|
#
|
3338
|
-
#
|
3344
|
+
#
|
3345
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
3339
3346
|
# [2]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
3340
3347
|
#
|
3341
3348
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -3364,8 +3371,8 @@ module Aws::Organizations
|
|
3364
3371
|
#
|
3365
3372
|
# For more information about integrating other services with
|
3366
3373
|
# Organizations, including the list of services that currently work with
|
3367
|
-
# Organizations, see [
|
3368
|
-
#
|
3374
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
3375
|
+
# services][1] in the *Organizations User Guide*.
|
3369
3376
|
#
|
3370
3377
|
# This operation can be called only from the organization's management
|
3371
3378
|
# account or by a member account that is a delegated administrator for
|
@@ -5221,12 +5228,12 @@ module Aws::Organizations
|
|
5221
5228
|
# @option params [required, String] :content
|
5222
5229
|
# If provided, the new content for the resource policy. The text must be
|
5223
5230
|
# correctly formatted JSON that complies with the syntax for the
|
5224
|
-
# resource policy's type. For more information, see [
|
5225
|
-
#
|
5231
|
+
# resource policy's type. For more information, see [SCP syntax][1] in
|
5232
|
+
# the *Organizations User Guide*.
|
5226
5233
|
#
|
5227
5234
|
#
|
5228
5235
|
#
|
5229
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5236
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
5230
5237
|
#
|
5231
5238
|
# @option params [Array<Types::Tag>] :tags
|
5232
5239
|
# A list of tags that you want to attach to the newly created resource
|
@@ -5339,16 +5346,9 @@ module Aws::Organizations
|
|
5339
5346
|
# standalone account. When you create an account in an organization
|
5340
5347
|
# using the Organizations console, API, or CLI commands, the
|
5341
5348
|
# information required of standalone accounts is *not* automatically
|
5342
|
-
# collected. For
|
5343
|
-
#
|
5344
|
-
#
|
5345
|
-
# Services uses the payment method to charge for any billable (not
|
5346
|
-
# free tier) Amazon Web Services activity that occurs while the
|
5347
|
-
# account isn't attached to an organization. To remove an account
|
5348
|
-
# that doesn't yet have this information, you must sign in as the
|
5349
|
-
# member account and follow the steps at [ To leave an organization
|
5350
|
-
# when all required account information has not yet been provided][1]
|
5351
|
-
# in the *Organizations User Guide.*
|
5349
|
+
# collected. For more information, see [Considerations before removing
|
5350
|
+
# an account from an organization][1] in the *Organizations User
|
5351
|
+
# Guide*.
|
5352
5352
|
#
|
5353
5353
|
# * The account that you want to leave must not be a delegated
|
5354
5354
|
# administrator account for any Amazon Web Services service enabled
|
@@ -5363,7 +5363,7 @@ module Aws::Organizations
|
|
5363
5363
|
#
|
5364
5364
|
#
|
5365
5365
|
#
|
5366
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5366
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
5367
5367
|
#
|
5368
5368
|
# @option params [required, String] :account_id
|
5369
5369
|
# The unique identifier (ID) of the member account that you want to
|
@@ -5416,7 +5416,8 @@ module Aws::Organizations
|
|
5416
5416
|
# * Policy (any type)
|
5417
5417
|
#
|
5418
5418
|
# This operation can be called only from the organization's management
|
5419
|
-
# account
|
5419
|
+
# account or by a member account that is a delegated administrator for
|
5420
|
+
# an Amazon Web Services service.
|
5420
5421
|
#
|
5421
5422
|
# @option params [required, String] :resource_id
|
5422
5423
|
# The ID of the resource to add a tag to.
|
@@ -5481,7 +5482,8 @@ module Aws::Organizations
|
|
5481
5482
|
# * Policy (any type)
|
5482
5483
|
#
|
5483
5484
|
# This operation can be called only from the organization's management
|
5484
|
-
# account
|
5485
|
+
# account or by a member account that is a delegated administrator for
|
5486
|
+
# an Amazon Web Services service.
|
5485
5487
|
#
|
5486
5488
|
# @option params [required, String] :resource_id
|
5487
5489
|
# The ID of the resource to remove a tag from.
|
@@ -5600,7 +5602,8 @@ module Aws::Organizations
|
|
5600
5602
|
# can't change a policy's type.
|
5601
5603
|
#
|
5602
5604
|
# This operation can be called only from the organization's management
|
5603
|
-
# account
|
5605
|
+
# account or by a member account that is a delegated administrator for
|
5606
|
+
# an Amazon Web Services service.
|
5604
5607
|
#
|
5605
5608
|
# @option params [required, String] :policy_id
|
5606
5609
|
# The unique identifier (ID) of the policy that you want to update.
|
@@ -5629,12 +5632,12 @@ module Aws::Organizations
|
|
5629
5632
|
# @option params [String] :content
|
5630
5633
|
# If provided, the new content for the policy. The text must be
|
5631
5634
|
# correctly formatted JSON that complies with the syntax for the
|
5632
|
-
# policy's type. For more information, see [
|
5633
|
-
#
|
5635
|
+
# policy's type. For more information, see [SCP syntax][1] in the
|
5636
|
+
# *Organizations User Guide*.
|
5634
5637
|
#
|
5635
5638
|
#
|
5636
5639
|
#
|
5637
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5640
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
5638
5641
|
#
|
5639
5642
|
# @return [Types::UpdatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5640
5643
|
#
|
@@ -5733,7 +5736,7 @@ module Aws::Organizations
|
|
5733
5736
|
params: params,
|
5734
5737
|
config: config)
|
5735
5738
|
context[:gem_name] = 'aws-sdk-organizations'
|
5736
|
-
context[:gem_version] = '1.
|
5739
|
+
context[:gem_version] = '1.80.0'
|
5737
5740
|
Seahorse::Client::Request.new(handlers, context)
|
5738
5741
|
end
|
5739
5742
|
|
@@ -25,67 +25,19 @@ module Aws::Organizations
|
|
25
25
|
end
|
26
26
|
if Aws::Endpoints::Matchers.set?(region)
|
27
27
|
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
28
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
|
29
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
30
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
31
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.api.aws", headers: {}, properties: {})
|
32
|
-
end
|
33
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
34
|
-
end
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
36
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
37
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
38
|
-
end
|
39
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
40
|
-
end
|
41
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
42
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
43
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.aws", headers: {}, properties: {})
|
44
|
-
end
|
45
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
46
|
-
end
|
28
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
47
29
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
48
30
|
end
|
49
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
end
|
54
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
55
|
-
end
|
56
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
57
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
58
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {})
|
59
|
-
end
|
60
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
61
|
-
end
|
62
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
63
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
64
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
|
65
|
-
end
|
66
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
67
|
-
end
|
31
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
32
|
+
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
33
|
+
end
|
34
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
68
35
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.cn-northwest-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"cn-northwest-1"}]})
|
69
36
|
end
|
70
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
end
|
75
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
76
|
-
end
|
77
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
78
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
79
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
80
|
-
end
|
81
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
82
|
-
end
|
83
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
84
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
85
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.aws", headers: {}, properties: {})
|
86
|
-
end
|
87
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
88
|
-
end
|
37
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
38
|
+
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
39
|
+
end
|
40
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
89
41
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
90
42
|
end
|
91
43
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
@@ -96,12 +48,6 @@ module Aws::Organizations
|
|
96
48
|
end
|
97
49
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
98
50
|
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
99
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
100
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
101
|
-
end
|
102
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
|
103
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
104
|
-
end
|
105
51
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
106
52
|
end
|
107
53
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
@@ -112,15 +58,6 @@ module Aws::Organizations
|
|
112
58
|
end
|
113
59
|
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
114
60
|
end
|
115
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
116
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
117
|
-
end
|
118
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-cn-global")
|
119
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.cn-northwest-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"cn-northwest-1"}]})
|
120
|
-
end
|
121
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
|
122
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
123
|
-
end
|
124
61
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
125
62
|
end
|
126
63
|
end
|
@@ -59,7 +59,7 @@ module Aws::Organizations
|
|
59
59
|
# You don't have permissions to perform the requested operation. The
|
60
60
|
# user or role that is making the request must have at least one IAM
|
61
61
|
# permissions policy attached that grants the required permissions. For
|
62
|
-
# more information, see [Access Management][1] in the *IAM User Guide
|
62
|
+
# more information, see [Access Management][1] in the *IAM User Guide*.
|
63
63
|
#
|
64
64
|
#
|
65
65
|
#
|
@@ -228,8 +228,8 @@ module Aws::Organizations
|
|
228
228
|
|
229
229
|
# You can't invite an existing account to your organization until you
|
230
230
|
# verify that you own the email address associated with the management
|
231
|
-
# account. For more information, see [Email
|
232
|
-
# the *Organizations User Guide
|
231
|
+
# account. For more information, see [Email address verification][1] in
|
232
|
+
# the *Organizations User Guide*.
|
233
233
|
#
|
234
234
|
#
|
235
235
|
#
|
@@ -452,7 +452,7 @@ module Aws::Organizations
|
|
452
452
|
# enough information to exist as a standalone account. This account
|
453
453
|
# requires you to first complete phone verification. Follow the steps
|
454
454
|
# at [Removing a member account from your organization][1] in the
|
455
|
-
# *Organizations User Guide
|
455
|
+
# *Organizations User Guide*.
|
456
456
|
#
|
457
457
|
# * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
|
458
458
|
# the number of accounts that you can create in one day.
|
@@ -480,6 +480,10 @@ module Aws::Organizations
|
|
480
480
|
# hour, if the command continues to fail with this error, contact
|
481
481
|
# [Amazon Web Services Support][2].
|
482
482
|
#
|
483
|
+
# * CANNOT\_REGISTER\_SUSPENDED\_ACCOUNT\_AS\_DELEGATED\_ADMINISTRATOR:
|
484
|
+
# You cannot register a suspended account as a delegated
|
485
|
+
# administrator.
|
486
|
+
#
|
483
487
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
484
488
|
# attempted to register the management account of the organization as
|
485
489
|
# a delegated administrator for an Amazon Web Services service
|
@@ -547,14 +551,13 @@ module Aws::Organizations
|
|
547
551
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
548
552
|
# the management account must have an associated account in the Amazon
|
549
553
|
# Web Services GovCloud (US-West) Region. For more information, see
|
550
|
-
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide
|
554
|
+
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide*.
|
551
555
|
#
|
552
556
|
# * MASTER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To create an
|
553
557
|
# organization with this management account, you first must associate
|
554
558
|
# a valid payment instrument, such as a credit card, with the account.
|
555
|
-
#
|
556
|
-
#
|
557
|
-
# *Organizations User Guide.*
|
559
|
+
# For more information, see [Considerations before removing an account
|
560
|
+
# from an organization][5] in the *Organizations User Guide*.
|
558
561
|
#
|
559
562
|
# * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
|
560
563
|
# attempted to register more delegated administrators than allowed for
|
@@ -569,10 +572,9 @@ module Aws::Organizations
|
|
569
572
|
#
|
570
573
|
# * MEMBER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To complete this
|
571
574
|
# operation with this member account, you first must associate a valid
|
572
|
-
# payment instrument, such as a credit card, with the account.
|
573
|
-
#
|
574
|
-
#
|
575
|
-
# Guide.*
|
575
|
+
# payment instrument, such as a credit card, with the account. For
|
576
|
+
# more information, see [Considerations before removing an account
|
577
|
+
# from an organization][5] in the *Organizations User Guide*.
|
576
578
|
#
|
577
579
|
# * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
|
578
580
|
# detach a policy from an entity that would cause the entity to have
|
@@ -612,10 +614,10 @@ module Aws::Organizations
|
|
612
614
|
#
|
613
615
|
#
|
614
616
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
|
615
|
-
# [2]: https://
|
617
|
+
# [2]: https://console.aws.amazon.com/support/home#/
|
616
618
|
# [3]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html
|
617
619
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
618
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
620
|
+
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
619
621
|
#
|
620
622
|
# @!attribute [rw] message
|
621
623
|
# @return [String]
|
@@ -683,11 +685,11 @@ module Aws::Organizations
|
|
683
685
|
# For more information about how to use this role to access the member
|
684
686
|
# account, see the following links:
|
685
687
|
#
|
686
|
-
# * [
|
687
|
-
#
|
688
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
689
|
+
# account][1] in the *Organizations User Guide*
|
688
690
|
#
|
689
|
-
# * Steps 2 and 3 in [Tutorial: Delegate
|
690
|
-
# Services accounts
|
691
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
692
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
691
693
|
#
|
692
694
|
# The [regex pattern][3] that is used to validate this parameter. The
|
693
695
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -704,8 +706,8 @@ module Aws::Organizations
|
|
704
706
|
# If set to `ALLOW`, the new account enables IAM users to access
|
705
707
|
# account billing information *if* they have the required permissions.
|
706
708
|
# If set to `DENY`, only the root user of the new account can access
|
707
|
-
# account billing information. For more information, see [
|
708
|
-
#
|
709
|
+
# account billing information. For more information, see [About IAM
|
710
|
+
# access to the Billing and Cost Management console][1] in the *Amazon
|
709
711
|
# Web Services Billing and Cost Management User Guide*.
|
710
712
|
#
|
711
713
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
@@ -755,12 +757,12 @@ module Aws::Organizations
|
|
755
757
|
# parameter to DescribeCreateAccountStatus to get status about the
|
756
758
|
# progress of the request at later times. You can also check the
|
757
759
|
# CloudTrail log for the `CreateAccountResult` event. For more
|
758
|
-
# information, see [
|
759
|
-
#
|
760
|
+
# information, see [Logging and monitoring in Organizations][1] in the
|
761
|
+
# *Organizations User Guide*.
|
760
762
|
#
|
761
763
|
#
|
762
764
|
#
|
763
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
765
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html
|
764
766
|
# @return [Types::CreateAccountStatus]
|
765
767
|
#
|
766
768
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountResponse AWS API Documentation
|
@@ -976,10 +978,13 @@ module Aws::Organizations
|
|
976
978
|
# `OrganizationAccountAccessRole`.
|
977
979
|
#
|
978
980
|
# For more information about how to use this role to access the member
|
979
|
-
# account, see
|
980
|
-
#
|
981
|
-
#
|
982
|
-
#
|
981
|
+
# account, see the following links:
|
982
|
+
#
|
983
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
984
|
+
# account][1] in the *Organizations User Guide*
|
985
|
+
#
|
986
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
987
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
983
988
|
#
|
984
989
|
# The [regex pattern][3] that is used to validate this parameter. The
|
985
990
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -997,9 +1002,9 @@ module Aws::Organizations
|
|
997
1002
|
# enables IAM users to access account billing information *if* they
|
998
1003
|
# have the required permissions. If set to `DENY`, only the root user
|
999
1004
|
# of the new account can access account billing information. For more
|
1000
|
-
# information, see [
|
1001
|
-
# Management
|
1002
|
-
# Management User Guide
|
1005
|
+
# information, see [About IAM access to the Billing and Cost
|
1006
|
+
# Management console][1] in the *Amazon Web Services Billing and Cost
|
1007
|
+
# Management User Guide*.
|
1003
1008
|
#
|
1004
1009
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
1005
1010
|
# and IAM users and roles with the required permissions can access
|
@@ -1066,7 +1071,7 @@ module Aws::Organizations
|
|
1066
1071
|
# * `CONSOLIDATED_BILLING`: All member accounts have their bills
|
1067
1072
|
# consolidated to and paid by the management account. For more
|
1068
1073
|
# information, see [Consolidated billing][1] in the *Organizations
|
1069
|
-
# User Guide
|
1074
|
+
# User Guide*.
|
1070
1075
|
#
|
1071
1076
|
# The consolidated billing feature subset isn't available for
|
1072
1077
|
# organizations in the Amazon Web Services GovCloud (US) Region.
|
@@ -1075,7 +1080,7 @@ module Aws::Organizations
|
|
1075
1080
|
# consolidated billing feature set, the management account can also
|
1076
1081
|
# apply any policy type to any member account in the organization.
|
1077
1082
|
# For more information, see [All features][2] in the *Organizations
|
1078
|
-
# User Guide
|
1083
|
+
# User Guide*.
|
1079
1084
|
#
|
1080
1085
|
#
|
1081
1086
|
#
|
@@ -2247,7 +2252,7 @@ module Aws::Organizations
|
|
2247
2252
|
#
|
2248
2253
|
#
|
2249
2254
|
#
|
2250
|
-
# [1]: https://
|
2255
|
+
# [1]: https://console.aws.amazon.com/support/home#/
|
2251
2256
|
#
|
2252
2257
|
# @!attribute [rw] message
|
2253
2258
|
# @return [String]
|
@@ -3602,12 +3607,12 @@ module Aws::Organizations
|
|
3602
3607
|
|
3603
3608
|
# The provided policy document doesn't meet the requirements of the
|
3604
3609
|
# specified policy type. For example, the syntax might be incorrect. For
|
3605
|
-
# details about service control policy syntax, see [
|
3606
|
-
#
|
3610
|
+
# details about service control policy syntax, see [SCP syntax][1] in
|
3611
|
+
# the *Organizations User Guide*.
|
3607
3612
|
#
|
3608
3613
|
#
|
3609
3614
|
#
|
3610
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
3615
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
3611
3616
|
#
|
3612
3617
|
# @!attribute [rw] message
|
3613
3618
|
# @return [String]
|
@@ -3732,8 +3737,8 @@ module Aws::Organizations
|
|
3732
3737
|
# organization. If set to "ALL", then all features are enabled and
|
3733
3738
|
# policies can be applied to accounts in the organization. If set to
|
3734
3739
|
# "CONSOLIDATED\_BILLING", then only consolidated billing
|
3735
|
-
# functionality is available. For more information, see [Enabling
|
3736
|
-
#
|
3740
|
+
# functionality is available. For more information, see [Enabling all
|
3741
|
+
# features in your organization][1] in the *Organizations User Guide*.
|
3737
3742
|
#
|
3738
3743
|
#
|
3739
3744
|
#
|
@@ -3794,8 +3799,7 @@ module Aws::Organizations
|
|
3794
3799
|
end
|
3795
3800
|
|
3796
3801
|
# The organization isn't empty. To delete an organization, you must
|
3797
|
-
# first remove all accounts except the management account
|
3798
|
-
# OUs, and delete all policies.
|
3802
|
+
# first remove all accounts except the management account.
|
3799
3803
|
#
|
3800
3804
|
# @!attribute [rw] message
|
3801
3805
|
# @return [String]
|
@@ -4157,8 +4161,8 @@ module Aws::Organizations
|
|
4157
4161
|
# You can't use the specified policy type with the feature set
|
4158
4162
|
# currently enabled for this organization. For example, you can enable
|
4159
4163
|
# SCPs only after you enable all features in the organization. For more
|
4160
|
-
# information, see [Managing Organizations
|
4161
|
-
# *Organizations User Guide
|
4164
|
+
# information, see [Managing Organizations policies][1]in the
|
4165
|
+
# *Organizations User Guide*.
|
4162
4166
|
#
|
4163
4167
|
#
|
4164
4168
|
#
|
@@ -4178,8 +4182,8 @@ module Aws::Organizations
|
|
4178
4182
|
# The specified policy type isn't currently enabled in this root. You
|
4179
4183
|
# can't attach policies of the specified type to entities in a root
|
4180
4184
|
# until you enable that type in the root. For more information, see
|
4181
|
-
# [Enabling
|
4182
|
-
# User Guide
|
4185
|
+
# [Enabling all features in your organization][1] in the *Organizations
|
4186
|
+
# User Guide*.
|
4183
4187
|
#
|
4184
4188
|
#
|
4185
4189
|
#
|
@@ -4222,12 +4226,12 @@ module Aws::Organizations
|
|
4222
4226
|
# @!attribute [rw] content
|
4223
4227
|
# If provided, the new content for the resource policy. The text must
|
4224
4228
|
# be correctly formatted JSON that complies with the syntax for the
|
4225
|
-
# resource policy's type. For more information, see [
|
4226
|
-
#
|
4229
|
+
# resource policy's type. For more information, see [SCP syntax][1]
|
4230
|
+
# in the *Organizations User Guide*.
|
4227
4231
|
#
|
4228
4232
|
#
|
4229
4233
|
#
|
4230
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4234
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
4231
4235
|
# @return [String]
|
4232
4236
|
#
|
4233
4237
|
# @!attribute [rw] tags
|
@@ -4559,7 +4563,7 @@ module Aws::Organizations
|
|
4559
4563
|
# later.
|
4560
4564
|
#
|
4561
4565
|
# For information about quotas that affect Organizations, see [Quotas
|
4562
|
-
# for Organizations][1]in the *Organizations User Guide
|
4566
|
+
# for Organizations][1] in the *Organizations User Guide*.
|
4563
4567
|
#
|
4564
4568
|
#
|
4565
4569
|
#
|
@@ -4702,12 +4706,12 @@ module Aws::Organizations
|
|
4702
4706
|
# @!attribute [rw] content
|
4703
4707
|
# If provided, the new content for the policy. The text must be
|
4704
4708
|
# correctly formatted JSON that complies with the syntax for the
|
4705
|
-
# policy's type. For more information, see [
|
4706
|
-
#
|
4709
|
+
# policy's type. For more information, see [SCP syntax][1] in the
|
4710
|
+
# *Organizations User Guide*.
|
4707
4711
|
#
|
4708
4712
|
#
|
4709
4713
|
#
|
4710
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4714
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
4711
4715
|
# @return [String]
|
4712
4716
|
#
|
4713
4717
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicyRequest AWS API Documentation
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-organizations
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.80.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|