aws-sdk-organizations 1.79.0 → 1.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-organizations/client.rb +117 -118
- data/lib/aws-sdk-organizations/endpoint_provider.rb +9 -72
- data/lib/aws-sdk-organizations/types.rb +55 -51
- data/lib/aws-sdk-organizations.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3d49e9231de10796902084742731b08596b09e239411925efebe4e2df74a13e4
|
4
|
+
data.tar.gz: 8befe6c7f2a05994fcd28652b8174a2dd893108e5d7392c2da4262d5c8e03a01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2c5d1bcd965e5e51497f8c2d568c82cf74a30ee93c8af98c65f5c4e140e1e095e53a5a3b13d40fb9f37274e70011d0c948051b5bd562752932d0df6de7c8de09
|
7
|
+
data.tar.gz: 5f4b320db3bb7485a81a0f10a8a2675eb612603c9e463d4787a0b115e31db0c801cff37f4922767a09a799cf1890a8c28c72a24a4a20811f38ae6761d4d274b1
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.80.0
|
@@ -413,7 +413,7 @@ module Aws::Organizations
|
|
413
413
|
# `iam:CreateServiceLinkedRole` permission so that Organizations can
|
414
414
|
# create the required service-linked role named
|
415
415
|
# `AWSServiceRoleForOrganizations`. For more information, see
|
416
|
-
# [Organizations and
|
416
|
+
# [Organizations and service-linked roles][1] in the *Organizations
|
417
417
|
# User Guide*.
|
418
418
|
#
|
419
419
|
# * **Enable all features final confirmation** handshake: only a
|
@@ -421,16 +421,16 @@ module Aws::Organizations
|
|
421
421
|
#
|
422
422
|
# For more information about invitations, see [Inviting an Amazon Web
|
423
423
|
# Services account to join your organization][2] in the *Organizations
|
424
|
-
# User Guide
|
424
|
+
# User Guide*. For more information about requests to enable all
|
425
425
|
# features in the organization, see [Enabling all features in your
|
426
|
-
# organization][3] in the *Organizations User Guide
|
426
|
+
# organization][3] in the *Organizations User Guide*.
|
427
427
|
#
|
428
428
|
# After you accept a handshake, it continues to appear in the results of
|
429
429
|
# relevant APIs for only 30 days. After that, it's deleted.
|
430
430
|
#
|
431
431
|
#
|
432
432
|
#
|
433
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#
|
433
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integrate_services-using_slrs
|
434
434
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html
|
435
435
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
436
436
|
#
|
@@ -549,7 +549,8 @@ module Aws::Organizations
|
|
549
549
|
# * [TAG\_POLICY][4]
|
550
550
|
#
|
551
551
|
# This operation can be called only from the organization's management
|
552
|
-
# account
|
552
|
+
# account or by a member account that is a delegated administrator for
|
553
|
+
# an Amazon Web Services service.
|
553
554
|
#
|
554
555
|
#
|
555
556
|
#
|
@@ -767,15 +768,14 @@ module Aws::Organizations
|
|
767
768
|
# * Check the CloudTrail log for the `CloseAccountResult` event that
|
768
769
|
# gets published after the account closes successfully. For
|
769
770
|
# information on using CloudTrail with Organizations, see [Logging and
|
770
|
-
# monitoring in Organizations][2] in the *Organizations User Guide
|
771
|
+
# monitoring in Organizations][2] in the *Organizations User Guide*.
|
771
772
|
#
|
772
773
|
# <note markdown="1"> * You can close only 10% of member accounts, between 10 and 200,
|
773
774
|
# within a rolling 30 day period. This quota is not bound by a
|
774
|
-
# calendar month, but starts when you close an account.
|
775
|
-
#
|
776
|
-
#
|
777
|
-
#
|
778
|
-
# in the Amazon Web Services Billing and Cost Management User Guide.
|
775
|
+
# calendar month, but starts when you close an account. After you
|
776
|
+
# reach this limit, you can close additional accounts. For more
|
777
|
+
# information, see [Closing a member account in your organization][3]
|
778
|
+
# in the *Organizations User Guide*.
|
779
779
|
#
|
780
780
|
# * To reinstate a closed account, contact Amazon Web Services Support
|
781
781
|
# within the 90-day grace period while the account is in SUSPENDED
|
@@ -789,16 +789,12 @@ module Aws::Organizations
|
|
789
789
|
#
|
790
790
|
# </note>
|
791
791
|
#
|
792
|
-
# For more information about closing accounts, see [Closing an Amazon
|
793
|
-
# Web Services account][5] in the *Organizations User Guide.*
|
794
|
-
#
|
795
792
|
#
|
796
793
|
#
|
797
794
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
|
798
795
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
799
|
-
# [3]: https://docs.aws.amazon.com/
|
796
|
+
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
800
797
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/Closing-govcloud-account.html
|
801
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
802
798
|
#
|
803
799
|
# @option params [required, String] :account_id
|
804
800
|
# Retrieves the Amazon Web Services account Id for the current
|
@@ -836,13 +832,13 @@ module Aws::Organizations
|
|
836
832
|
#
|
837
833
|
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
838
834
|
# information on using CloudTrail with Organizations, see [Logging and
|
839
|
-
# monitoring in Organizations][1] in the *Organizations User Guide
|
835
|
+
# monitoring in Organizations][1] in the *Organizations User Guide*.
|
840
836
|
#
|
841
837
|
# The user who calls the API to create an account must have the
|
842
838
|
# `organizations:CreateAccount` permission. If you enabled all features
|
843
839
|
# in the organization, Organizations creates the required service-linked
|
844
840
|
# role named `AWSServiceRoleForOrganizations`. For more information, see
|
845
|
-
# [Organizations and
|
841
|
+
# [Organizations and service-linked roles][2] in the *Organizations User
|
846
842
|
# Guide*.
|
847
843
|
#
|
848
844
|
# If the request includes tags, then the requester must have the
|
@@ -858,9 +854,8 @@ module Aws::Organizations
|
|
858
854
|
# This operation can be called only from the organization's management
|
859
855
|
# account.
|
860
856
|
#
|
861
|
-
# For more information about creating accounts, see [Creating
|
862
|
-
#
|
863
|
-
# User Guide.*
|
857
|
+
# For more information about creating accounts, see [Creating a member
|
858
|
+
# account in your organization][3] in the *Organizations User Guide*.
|
864
859
|
#
|
865
860
|
# * When you create an account in an organization using the
|
866
861
|
# Organizations console, API, or CLI commands, the information
|
@@ -868,8 +863,9 @@ module Aws::Organizations
|
|
868
863
|
# a payment method and signing the end user license agreement (EULA)
|
869
864
|
# is *not* automatically collected. If you must remove an account from
|
870
865
|
# your organization later, you can do so only after you provide the
|
871
|
-
# missing information.
|
872
|
-
#
|
866
|
+
# missing information. For more information, see [Considerations
|
867
|
+
# before removing an account from an organization][4] in the
|
868
|
+
# *Organizations User Guide*.
|
873
869
|
#
|
874
870
|
# * If you get an exception that indicates that you exceeded your
|
875
871
|
# account limits for the organization, contact [Amazon Web Services
|
@@ -884,7 +880,7 @@ module Aws::Organizations
|
|
884
880
|
# recommended. You can only close an account from the Billing and Cost
|
885
881
|
# Management console, and you must be signed in as the root user. For
|
886
882
|
# information on the requirements and process for closing an account,
|
887
|
-
# see [Closing
|
883
|
+
# see [Closing a member account in your organization][6] in the
|
888
884
|
# *Organizations User Guide*.
|
889
885
|
#
|
890
886
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
@@ -893,8 +889,8 @@ module Aws::Organizations
|
|
893
889
|
# roles that have appropriate permissions can view billing information
|
894
890
|
# for the account. If you disable it, only the account root user can
|
895
891
|
# access billing information. For information about how to disable this
|
896
|
-
# switch for an account, see [Granting
|
897
|
-
#
|
892
|
+
# switch for an account, see [Granting access to your billing
|
893
|
+
# information and tools][7].
|
898
894
|
#
|
899
895
|
# </note>
|
900
896
|
#
|
@@ -903,10 +899,10 @@ module Aws::Organizations
|
|
903
899
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration
|
904
900
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
905
901
|
# [3]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
906
|
-
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
902
|
+
# [4]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
907
903
|
# [5]: https://console.aws.amazon.com/support/home#/
|
908
904
|
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
909
|
-
# [7]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/
|
905
|
+
# [7]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#grantaccess
|
910
906
|
#
|
911
907
|
# @option params [required, String] :email
|
912
908
|
# The email address of the owner to assign to the new member account.
|
@@ -956,11 +952,11 @@ module Aws::Organizations
|
|
956
952
|
# For more information about how to use this role to access the member
|
957
953
|
# account, see the following links:
|
958
954
|
#
|
959
|
-
# * [
|
960
|
-
#
|
955
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
956
|
+
# account][1] in the *Organizations User Guide*
|
961
957
|
#
|
962
|
-
# * Steps 2 and 3 in [Tutorial: Delegate
|
963
|
-
# Services accounts
|
958
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
959
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
964
960
|
#
|
965
961
|
# The [regex pattern][3] that is used to validate this parameter. The
|
966
962
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -976,8 +972,8 @@ module Aws::Organizations
|
|
976
972
|
# If set to `ALLOW`, the new account enables IAM users to access account
|
977
973
|
# billing information *if* they have the required permissions. If set to
|
978
974
|
# `DENY`, only the root user of the new account can access account
|
979
|
-
# billing information. For more information, see [
|
980
|
-
# the Billing and Cost Management
|
975
|
+
# billing information. For more information, see [About IAM access to
|
976
|
+
# the Billing and Cost Management console][1] in the *Amazon Web
|
981
977
|
# Services Billing and Cost Management User Guide*.
|
982
978
|
#
|
983
979
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
@@ -1083,8 +1079,8 @@ module Aws::Organizations
|
|
1083
1079
|
#
|
1084
1080
|
# Organizations automatically creates the required service-linked role
|
1085
1081
|
# named `AWSServiceRoleForOrganizations`. For more information, see
|
1086
|
-
# [Organizations and
|
1087
|
-
# Guide
|
1082
|
+
# [Organizations and service-linked roles][2] in the *Organizations User
|
1083
|
+
# Guide*.
|
1088
1084
|
#
|
1089
1085
|
# Amazon Web Services automatically enables CloudTrail for Amazon Web
|
1090
1086
|
# Services GovCloud (US) accounts, but you should also do the following:
|
@@ -1110,7 +1106,7 @@ module Aws::Organizations
|
|
1110
1106
|
# Amazon Web Services GovCloud (US) Region can invite it to that
|
1111
1107
|
# organization. For more information on inviting standalone accounts in
|
1112
1108
|
# the Amazon Web Services GovCloud (US) to join an organization, see
|
1113
|
-
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide
|
1109
|
+
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide*.
|
1114
1110
|
#
|
1115
1111
|
# Calling `CreateGovCloudAccount` is an asynchronous request that Amazon
|
1116
1112
|
# Web Services performs in the background. Because
|
@@ -1124,9 +1120,8 @@ module Aws::Organizations
|
|
1124
1120
|
# provide as a parameter to the DescribeCreateAccountStatus operation.
|
1125
1121
|
#
|
1126
1122
|
# * Check the CloudTrail log for the `CreateAccountResult` event. For
|
1127
|
-
# information on using CloudTrail with Organizations, see [
|
1128
|
-
#
|
1129
|
-
# Guide.*
|
1123
|
+
# information on using CloudTrail with Organizations, see [Logging and
|
1124
|
+
# monitoring in Organizations][5] in the *Organizations User Guide*.
|
1130
1125
|
#
|
1131
1126
|
#
|
1132
1127
|
#
|
@@ -1146,11 +1141,10 @@ module Aws::Organizations
|
|
1146
1141
|
# GovCloud (US) account that is associated with the management account
|
1147
1142
|
# of the commercial organization. For more information and to view a
|
1148
1143
|
# diagram that explains how account access works, see [Organizations][4]
|
1149
|
-
# in the *Amazon Web Services GovCloud User Guide
|
1144
|
+
# in the *Amazon Web Services GovCloud User Guide*.
|
1150
1145
|
#
|
1151
|
-
# For more information about creating accounts, see [Creating
|
1152
|
-
#
|
1153
|
-
# User Guide.*
|
1146
|
+
# For more information about creating accounts, see [Creating a member
|
1147
|
+
# account in your organization][6] in the *Organizations User Guide*.
|
1154
1148
|
#
|
1155
1149
|
# * When you create an account in an organization using the
|
1156
1150
|
# Organizations console, API, or CLI commands, the information
|
@@ -1158,9 +1152,9 @@ module Aws::Organizations
|
|
1158
1152
|
# automatically collected. This includes a payment method and signing
|
1159
1153
|
# the end user license agreement (EULA). If you must remove an account
|
1160
1154
|
# from your organization later, you can do so only after you provide
|
1161
|
-
# the missing information.
|
1162
|
-
#
|
1163
|
-
# Guide
|
1155
|
+
# the missing information. For more information, see [Considerations
|
1156
|
+
# before removing an account from an organization][7] in the
|
1157
|
+
# *Organizations User Guide*.
|
1164
1158
|
#
|
1165
1159
|
# * If you get an exception that indicates that you exceeded your
|
1166
1160
|
# account limits for the organization, contact [Amazon Web Services
|
@@ -1175,8 +1169,8 @@ module Aws::Organizations
|
|
1175
1169
|
# isn't recommended. You can only close an account from the Amazon
|
1176
1170
|
# Web Services Billing and Cost Management console, and you must be
|
1177
1171
|
# signed in as the root user. For information on the requirements and
|
1178
|
-
# process for closing an account, see [Closing
|
1179
|
-
#
|
1172
|
+
# process for closing an account, see [Closing a member account in
|
1173
|
+
# your organization][9] in the *Organizations User Guide*.
|
1180
1174
|
#
|
1181
1175
|
# <note markdown="1"> When you create a member account with this operation, you can choose
|
1182
1176
|
# whether to create the account with the **IAM User and Role Access to
|
@@ -1184,8 +1178,8 @@ module Aws::Organizations
|
|
1184
1178
|
# roles that have appropriate permissions can view billing information
|
1185
1179
|
# for the account. If you disable it, only the account root user can
|
1186
1180
|
# access billing information. For information about how to disable this
|
1187
|
-
# switch for an account, see [Granting
|
1188
|
-
#
|
1181
|
+
# switch for an account, see [Granting access to your billing
|
1182
|
+
# information and tools][10].
|
1189
1183
|
#
|
1190
1184
|
# </note>
|
1191
1185
|
#
|
@@ -1195,9 +1189,9 @@ module Aws::Organizations
|
|
1195
1189
|
# [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs
|
1196
1190
|
# [3]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html
|
1197
1191
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
1198
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1192
|
+
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html
|
1199
1193
|
# [6]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html
|
1200
|
-
# [7]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
1194
|
+
# [7]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
1201
1195
|
# [8]: https://console.aws.amazon.com/support/home#/
|
1202
1196
|
# [9]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
|
1203
1197
|
# [10]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html
|
@@ -1259,10 +1253,13 @@ module Aws::Organizations
|
|
1259
1253
|
# `OrganizationAccountAccessRole`.
|
1260
1254
|
#
|
1261
1255
|
# For more information about how to use this role to access the member
|
1262
|
-
# account, see
|
1263
|
-
#
|
1264
|
-
#
|
1265
|
-
#
|
1256
|
+
# account, see the following links:
|
1257
|
+
#
|
1258
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
1259
|
+
# account][1] in the *Organizations User Guide*
|
1260
|
+
#
|
1261
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
1262
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
1266
1263
|
#
|
1267
1264
|
# The [regex pattern][3] that is used to validate this parameter. The
|
1268
1265
|
# pattern can include uppercase letters, lowercase letters, digits with
|
@@ -1279,9 +1276,9 @@ module Aws::Organizations
|
|
1279
1276
|
# enables IAM users to access account billing information *if* they have
|
1280
1277
|
# the required permissions. If set to `DENY`, only the root user of the
|
1281
1278
|
# new account can access account billing information. For more
|
1282
|
-
# information, see [
|
1283
|
-
#
|
1284
|
-
# User Guide
|
1279
|
+
# information, see [About IAM access to the Billing and Cost Management
|
1280
|
+
# console][1] in the *Amazon Web Services Billing and Cost Management
|
1281
|
+
# User Guide*.
|
1285
1282
|
#
|
1286
1283
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
1287
1284
|
# and IAM users and roles with the required permissions can access
|
@@ -1365,8 +1362,8 @@ module Aws::Organizations
|
|
1365
1362
|
# control policies automatically enabled in the root. If you instead
|
1366
1363
|
# choose to create the organization supporting only the consolidated
|
1367
1364
|
# billing features by setting the `FeatureSet` parameter to
|
1368
|
-
# `CONSOLIDATED_BILLING
|
1369
|
-
#
|
1365
|
+
# `CONSOLIDATED_BILLING`, no policy types are enabled by default and you
|
1366
|
+
# can't use organization policies.
|
1370
1367
|
#
|
1371
1368
|
#
|
1372
1369
|
#
|
@@ -1379,7 +1376,7 @@ module Aws::Organizations
|
|
1379
1376
|
# * `CONSOLIDATED_BILLING`: All member accounts have their bills
|
1380
1377
|
# consolidated to and paid by the management account. For more
|
1381
1378
|
# information, see [Consolidated billing][1] in the *Organizations
|
1382
|
-
# User Guide
|
1379
|
+
# User Guide*.
|
1383
1380
|
#
|
1384
1381
|
# The consolidated billing feature subset isn't available for
|
1385
1382
|
# organizations in the Amazon Web Services GovCloud (US) Region.
|
@@ -1388,7 +1385,7 @@ module Aws::Organizations
|
|
1388
1385
|
# billing feature set, the management account can also apply any
|
1389
1386
|
# policy type to any member account in the organization. For more
|
1390
1387
|
# information, see [All features][2] in the *Organizations User
|
1391
|
-
# Guide
|
1388
|
+
# Guide*.
|
1392
1389
|
#
|
1393
1390
|
#
|
1394
1391
|
#
|
@@ -1484,8 +1481,8 @@ module Aws::Organizations
|
|
1484
1481
|
# types enabled for that root. For service control policies, the limit
|
1485
1482
|
# is five.
|
1486
1483
|
#
|
1487
|
-
# For more information about OUs, see [Managing
|
1488
|
-
# in the *Organizations User Guide
|
1484
|
+
# For more information about OUs, see [Managing organizational units
|
1485
|
+
# (OUs)][1] in the *Organizations User Guide*.
|
1489
1486
|
#
|
1490
1487
|
# If the request includes tags, then the requester must have the
|
1491
1488
|
# `organizations:TagResource` permission.
|
@@ -1592,13 +1589,14 @@ module Aws::Organizations
|
|
1592
1589
|
# account.
|
1593
1590
|
#
|
1594
1591
|
# For more information about policies and their use, see [Managing
|
1595
|
-
#
|
1592
|
+
# Organizations policies][1].
|
1596
1593
|
#
|
1597
1594
|
# If the request includes tags, then the requester must have the
|
1598
1595
|
# `organizations:TagResource` permission.
|
1599
1596
|
#
|
1600
1597
|
# This operation can be called only from the organization's management
|
1601
|
-
# account
|
1598
|
+
# account or by a member account that is a delegated administrator for
|
1599
|
+
# an Amazon Web Services service.
|
1602
1600
|
#
|
1603
1601
|
#
|
1604
1602
|
#
|
@@ -1905,7 +1903,8 @@ module Aws::Organizations
|
|
1905
1903
|
# organizational units (OUs), roots, and accounts.
|
1906
1904
|
#
|
1907
1905
|
# This operation can be called only from the organization's management
|
1908
|
-
# account
|
1906
|
+
# account or by a member account that is a delegated administrator for
|
1907
|
+
# an Amazon Web Services service.
|
1909
1908
|
#
|
1910
1909
|
# @option params [required, String] :policy_id
|
1911
1910
|
# The unique identifier (ID) of the policy that you want to delete. You
|
@@ -2161,16 +2160,14 @@ module Aws::Organizations
|
|
2161
2160
|
# This operation applies only to policy types *other* than service
|
2162
2161
|
# control policies (SCPs).
|
2163
2162
|
#
|
2164
|
-
# For more information about policy inheritance, see [
|
2165
|
-
#
|
2163
|
+
# For more information about policy inheritance, see [Understanding
|
2164
|
+
# management policy inheritance][1] in the *Organizations User Guide*.
|
2166
2165
|
#
|
2167
|
-
# This operation can be called
|
2168
|
-
# account or by a member account that is a delegated administrator for
|
2169
|
-
# an Amazon Web Services service.
|
2166
|
+
# This operation can be called from any account in the organization.
|
2170
2167
|
#
|
2171
2168
|
#
|
2172
2169
|
#
|
2173
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
2170
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_inheritance_mgmt.html
|
2174
2171
|
#
|
2175
2172
|
# @option params [required, String] :policy_type
|
2176
2173
|
# The type of policy that you want information about. You can specify
|
@@ -2529,7 +2526,7 @@ module Aws::Organizations
|
|
2529
2526
|
|
2530
2527
|
# Retrieves information about a resource policy.
|
2531
2528
|
#
|
2532
|
-
#
|
2529
|
+
# This operation can be called only from the organization's management
|
2533
2530
|
# account or by a member account that is a delegated administrator for
|
2534
2531
|
# an Amazon Web Services service.
|
2535
2532
|
#
|
@@ -2571,7 +2568,8 @@ module Aws::Organizations
|
|
2571
2568
|
# list][2]".
|
2572
2569
|
#
|
2573
2570
|
# This operation can be called only from the organization's management
|
2574
|
-
# account
|
2571
|
+
# account or by a member account that is a delegated administrator for
|
2572
|
+
# an Amazon Web Services service.
|
2575
2573
|
#
|
2576
2574
|
#
|
2577
2575
|
#
|
@@ -2697,8 +2695,8 @@ module Aws::Organizations
|
|
2697
2695
|
#
|
2698
2696
|
# For more information about integrating other services with
|
2699
2697
|
# Organizations, including the list of services that work with
|
2700
|
-
# Organizations, see [
|
2701
|
-
#
|
2698
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
2699
|
+
# services][3] in the *Organizations User Guide*.
|
2702
2700
|
#
|
2703
2701
|
# This operation can be called only from the organization's management
|
2704
2702
|
# account.
|
@@ -2747,7 +2745,8 @@ module Aws::Organizations
|
|
2747
2745
|
# and then use this operation.
|
2748
2746
|
#
|
2749
2747
|
# This operation can be called only from the organization's management
|
2750
|
-
# account
|
2748
|
+
# account or by a member account that is a delegated administrator for
|
2749
|
+
# an Amazon Web Services service.
|
2751
2750
|
#
|
2752
2751
|
# To view the status of available policy types in the organization, use
|
2753
2752
|
# DescribeOrganization.
|
@@ -2854,8 +2853,8 @@ module Aws::Organizations
|
|
2854
2853
|
# service.
|
2855
2854
|
#
|
2856
2855
|
# For more information about enabling services to integrate with
|
2857
|
-
# Organizations, see [
|
2858
|
-
#
|
2856
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
2857
|
+
# services][2] in the *Organizations User Guide*.
|
2859
2858
|
#
|
2860
2859
|
# You can only call this operation from the organization's management
|
2861
2860
|
# account and only if the organization has [enabled all features][3].
|
@@ -2894,8 +2893,8 @@ module Aws::Organizations
|
|
2894
2893
|
# can be called in each account. Until you enable all features, you have
|
2895
2894
|
# access only to consolidated billing, and you can't use any of the
|
2896
2895
|
# advanced account administration features that Organizations supports.
|
2897
|
-
# For more information, see [Enabling
|
2898
|
-
#
|
2896
|
+
# For more information, see [Enabling all features in your
|
2897
|
+
# organization][1] in the *Organizations User Guide*.
|
2899
2898
|
#
|
2900
2899
|
# This operation is required only for organizations that were created
|
2901
2900
|
# explicitly with only the consolidated billing features enabled.
|
@@ -3003,7 +3002,8 @@ module Aws::Organizations
|
|
3003
3002
|
# then use this operation.
|
3004
3003
|
#
|
3005
3004
|
# This operation can be called only from the organization's management
|
3006
|
-
# account
|
3005
|
+
# account or by a member account that is a delegated administrator for
|
3006
|
+
# an Amazon Web Services service.
|
3007
3007
|
#
|
3008
3008
|
# You can enable a policy type in a root only if that policy type is
|
3009
3009
|
# available in the organization. To view the status of available policy
|
@@ -3107,7 +3107,7 @@ module Aws::Organizations
|
|
3107
3107
|
# you can invite only other AISPL accounts to your organization. You
|
3108
3108
|
# can't combine accounts from AISPL and Amazon Web Services or from
|
3109
3109
|
# any other Amazon Web Services seller. For more information, see
|
3110
|
-
# [Consolidated
|
3110
|
+
# [Consolidated billing in India][1].
|
3111
3111
|
#
|
3112
3112
|
# * If you receive an exception that indicates that you exceeded your
|
3113
3113
|
# account limits for the organization or that the operation failed
|
@@ -3123,7 +3123,7 @@ module Aws::Organizations
|
|
3123
3123
|
#
|
3124
3124
|
#
|
3125
3125
|
#
|
3126
|
-
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/
|
3126
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilling-India.html
|
3127
3127
|
# [2]: https://console.aws.amazon.com/support/home#/
|
3128
3128
|
#
|
3129
3129
|
# @option params [required, Types::HandshakeParty] :target
|
@@ -3312,10 +3312,9 @@ module Aws::Organizations
|
|
3312
3312
|
#
|
3313
3313
|
# Amazon Web Services uses the payment method to charge for any
|
3314
3314
|
# billable (not free tier) Amazon Web Services activity that occurs
|
3315
|
-
# while the account isn't attached to an organization.
|
3316
|
-
#
|
3317
|
-
#
|
3318
|
-
# Guide.*
|
3315
|
+
# while the account isn't attached to an organization. For more
|
3316
|
+
# information, see [Considerations before removing an account from an
|
3317
|
+
# organization][1] in the *Organizations User Guide*.
|
3319
3318
|
#
|
3320
3319
|
# * The account that you want to leave must not be a delegated
|
3321
3320
|
# administrator account for any Amazon Web Services service enabled
|
@@ -3324,9 +3323,9 @@ module Aws::Organizations
|
|
3324
3323
|
# account that is remaining in the organization.
|
3325
3324
|
#
|
3326
3325
|
# * You can leave an organization only after you enable IAM user access
|
3327
|
-
# to billing in your account. For more information, see [
|
3328
|
-
#
|
3329
|
-
# Web Services Billing and Cost Management User Guide
|
3326
|
+
# to billing in your account. For more information, see [About IAM
|
3327
|
+
# access to the Billing and Cost Management console][2] in the *Amazon
|
3328
|
+
# Web Services Billing and Cost Management User Guide*.
|
3330
3329
|
#
|
3331
3330
|
# * After the account leaves the organization, all tags that were
|
3332
3331
|
# attached to the account object in the organization are deleted.
|
@@ -3337,9 +3336,13 @@ module Aws::Organizations
|
|
3337
3336
|
# removed from its organization. If you get an error that indicates
|
3338
3337
|
# that a wait period is required, then try again in a few days.
|
3339
3338
|
#
|
3339
|
+
# * If you are using an organization principal to call
|
3340
|
+
# `LeaveOrganization` across multiple accounts, you can only do this
|
3341
|
+
# up to 5 accounts per second in a single organization.
|
3340
3342
|
#
|
3341
3343
|
#
|
3342
|
-
#
|
3344
|
+
#
|
3345
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
3343
3346
|
# [2]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
|
3344
3347
|
#
|
3345
3348
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -3368,8 +3371,8 @@ module Aws::Organizations
|
|
3368
3371
|
#
|
3369
3372
|
# For more information about integrating other services with
|
3370
3373
|
# Organizations, including the list of services that currently work with
|
3371
|
-
# Organizations, see [
|
3372
|
-
#
|
3374
|
+
# Organizations, see [Using Organizations with other Amazon Web Services
|
3375
|
+
# services][1] in the *Organizations User Guide*.
|
3373
3376
|
#
|
3374
3377
|
# This operation can be called only from the organization's management
|
3375
3378
|
# account or by a member account that is a delegated administrator for
|
@@ -5225,12 +5228,12 @@ module Aws::Organizations
|
|
5225
5228
|
# @option params [required, String] :content
|
5226
5229
|
# If provided, the new content for the resource policy. The text must be
|
5227
5230
|
# correctly formatted JSON that complies with the syntax for the
|
5228
|
-
# resource policy's type. For more information, see [
|
5229
|
-
#
|
5231
|
+
# resource policy's type. For more information, see [SCP syntax][1] in
|
5232
|
+
# the *Organizations User Guide*.
|
5230
5233
|
#
|
5231
5234
|
#
|
5232
5235
|
#
|
5233
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5236
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
5234
5237
|
#
|
5235
5238
|
# @option params [Array<Types::Tag>] :tags
|
5236
5239
|
# A list of tags that you want to attach to the newly created resource
|
@@ -5343,16 +5346,9 @@ module Aws::Organizations
|
|
5343
5346
|
# standalone account. When you create an account in an organization
|
5344
5347
|
# using the Organizations console, API, or CLI commands, the
|
5345
5348
|
# information required of standalone accounts is *not* automatically
|
5346
|
-
# collected. For
|
5347
|
-
#
|
5348
|
-
#
|
5349
|
-
# Services uses the payment method to charge for any billable (not
|
5350
|
-
# free tier) Amazon Web Services activity that occurs while the
|
5351
|
-
# account isn't attached to an organization. To remove an account
|
5352
|
-
# that doesn't yet have this information, you must sign in as the
|
5353
|
-
# member account and follow the steps at [ To leave an organization
|
5354
|
-
# when all required account information has not yet been provided][1]
|
5355
|
-
# in the *Organizations User Guide.*
|
5349
|
+
# collected. For more information, see [Considerations before removing
|
5350
|
+
# an account from an organization][1] in the *Organizations User
|
5351
|
+
# Guide*.
|
5356
5352
|
#
|
5357
5353
|
# * The account that you want to leave must not be a delegated
|
5358
5354
|
# administrator account for any Amazon Web Services service enabled
|
@@ -5367,7 +5363,7 @@ module Aws::Organizations
|
|
5367
5363
|
#
|
5368
5364
|
#
|
5369
5365
|
#
|
5370
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5366
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
5371
5367
|
#
|
5372
5368
|
# @option params [required, String] :account_id
|
5373
5369
|
# The unique identifier (ID) of the member account that you want to
|
@@ -5420,7 +5416,8 @@ module Aws::Organizations
|
|
5420
5416
|
# * Policy (any type)
|
5421
5417
|
#
|
5422
5418
|
# This operation can be called only from the organization's management
|
5423
|
-
# account
|
5419
|
+
# account or by a member account that is a delegated administrator for
|
5420
|
+
# an Amazon Web Services service.
|
5424
5421
|
#
|
5425
5422
|
# @option params [required, String] :resource_id
|
5426
5423
|
# The ID of the resource to add a tag to.
|
@@ -5485,7 +5482,8 @@ module Aws::Organizations
|
|
5485
5482
|
# * Policy (any type)
|
5486
5483
|
#
|
5487
5484
|
# This operation can be called only from the organization's management
|
5488
|
-
# account
|
5485
|
+
# account or by a member account that is a delegated administrator for
|
5486
|
+
# an Amazon Web Services service.
|
5489
5487
|
#
|
5490
5488
|
# @option params [required, String] :resource_id
|
5491
5489
|
# The ID of the resource to remove a tag from.
|
@@ -5604,7 +5602,8 @@ module Aws::Organizations
|
|
5604
5602
|
# can't change a policy's type.
|
5605
5603
|
#
|
5606
5604
|
# This operation can be called only from the organization's management
|
5607
|
-
# account
|
5605
|
+
# account or by a member account that is a delegated administrator for
|
5606
|
+
# an Amazon Web Services service.
|
5608
5607
|
#
|
5609
5608
|
# @option params [required, String] :policy_id
|
5610
5609
|
# The unique identifier (ID) of the policy that you want to update.
|
@@ -5633,12 +5632,12 @@ module Aws::Organizations
|
|
5633
5632
|
# @option params [String] :content
|
5634
5633
|
# If provided, the new content for the policy. The text must be
|
5635
5634
|
# correctly formatted JSON that complies with the syntax for the
|
5636
|
-
# policy's type. For more information, see [
|
5637
|
-
#
|
5635
|
+
# policy's type. For more information, see [SCP syntax][1] in the
|
5636
|
+
# *Organizations User Guide*.
|
5638
5637
|
#
|
5639
5638
|
#
|
5640
5639
|
#
|
5641
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
5640
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
5642
5641
|
#
|
5643
5642
|
# @return [Types::UpdatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5644
5643
|
#
|
@@ -5737,7 +5736,7 @@ module Aws::Organizations
|
|
5737
5736
|
params: params,
|
5738
5737
|
config: config)
|
5739
5738
|
context[:gem_name] = 'aws-sdk-organizations'
|
5740
|
-
context[:gem_version] = '1.
|
5739
|
+
context[:gem_version] = '1.80.0'
|
5741
5740
|
Seahorse::Client::Request.new(handlers, context)
|
5742
5741
|
end
|
5743
5742
|
|
@@ -25,67 +25,19 @@ module Aws::Organizations
|
|
25
25
|
end
|
26
26
|
if Aws::Endpoints::Matchers.set?(region)
|
27
27
|
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
28
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws")
|
29
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
30
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
31
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.api.aws", headers: {}, properties: {})
|
32
|
-
end
|
33
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
34
|
-
end
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
36
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
37
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
38
|
-
end
|
39
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
40
|
-
end
|
41
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
42
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
43
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.aws", headers: {}, properties: {})
|
44
|
-
end
|
45
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
46
|
-
end
|
28
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
47
29
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
48
30
|
end
|
49
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
end
|
54
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
55
|
-
end
|
56
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
57
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
58
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.amazonaws.com.cn", headers: {}, properties: {})
|
59
|
-
end
|
60
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
61
|
-
end
|
62
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
63
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
64
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.amazonwebservices.com.cn", headers: {}, properties: {})
|
65
|
-
end
|
66
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
67
|
-
end
|
31
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
32
|
+
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
33
|
+
end
|
34
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-cn") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
68
35
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.cn-northwest-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"cn-northwest-1"}]})
|
69
36
|
end
|
70
|
-
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
end
|
75
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
76
|
-
end
|
77
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
78
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
79
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
80
|
-
end
|
81
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
82
|
-
end
|
83
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
84
|
-
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
85
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.api.aws", headers: {}, properties: {})
|
86
|
-
end
|
87
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
88
|
-
end
|
37
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
38
|
+
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
39
|
+
end
|
40
|
+
if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov") && Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
89
41
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
90
42
|
end
|
91
43
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
@@ -96,12 +48,6 @@ module Aws::Organizations
|
|
96
48
|
end
|
97
49
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
98
50
|
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
99
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
100
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
101
|
-
end
|
102
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
|
103
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
104
|
-
end
|
105
51
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
106
52
|
end
|
107
53
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
@@ -112,15 +58,6 @@ module Aws::Organizations
|
|
112
58
|
end
|
113
59
|
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
114
60
|
end
|
115
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
116
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-east-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-east-1"}]})
|
117
|
-
end
|
118
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-cn-global")
|
119
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.cn-northwest-1.amazonaws.com.cn", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"cn-northwest-1"}]})
|
120
|
-
end
|
121
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-us-gov-global")
|
122
|
-
return Aws::Endpoints::Endpoint.new(url: "https://organizations.us-gov-west-1.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"organizations", "signingRegion"=>"us-gov-west-1"}]})
|
123
|
-
end
|
124
61
|
return Aws::Endpoints::Endpoint.new(url: "https://organizations.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
125
62
|
end
|
126
63
|
end
|
@@ -59,7 +59,7 @@ module Aws::Organizations
|
|
59
59
|
# You don't have permissions to perform the requested operation. The
|
60
60
|
# user or role that is making the request must have at least one IAM
|
61
61
|
# permissions policy attached that grants the required permissions. For
|
62
|
-
# more information, see [Access Management][1] in the *IAM User Guide
|
62
|
+
# more information, see [Access Management][1] in the *IAM User Guide*.
|
63
63
|
#
|
64
64
|
#
|
65
65
|
#
|
@@ -228,8 +228,8 @@ module Aws::Organizations
|
|
228
228
|
|
229
229
|
# You can't invite an existing account to your organization until you
|
230
230
|
# verify that you own the email address associated with the management
|
231
|
-
# account. For more information, see [Email
|
232
|
-
# the *Organizations User Guide
|
231
|
+
# account. For more information, see [Email address verification][1] in
|
232
|
+
# the *Organizations User Guide*.
|
233
233
|
#
|
234
234
|
#
|
235
235
|
#
|
@@ -452,7 +452,7 @@ module Aws::Organizations
|
|
452
452
|
# enough information to exist as a standalone account. This account
|
453
453
|
# requires you to first complete phone verification. Follow the steps
|
454
454
|
# at [Removing a member account from your organization][1] in the
|
455
|
-
# *Organizations User Guide
|
455
|
+
# *Organizations User Guide*.
|
456
456
|
#
|
457
457
|
# * ACCOUNT\_CREATION\_RATE\_LIMIT\_EXCEEDED: You attempted to exceed
|
458
458
|
# the number of accounts that you can create in one day.
|
@@ -480,6 +480,10 @@ module Aws::Organizations
|
|
480
480
|
# hour, if the command continues to fail with this error, contact
|
481
481
|
# [Amazon Web Services Support][2].
|
482
482
|
#
|
483
|
+
# * CANNOT\_REGISTER\_SUSPENDED\_ACCOUNT\_AS\_DELEGATED\_ADMINISTRATOR:
|
484
|
+
# You cannot register a suspended account as a delegated
|
485
|
+
# administrator.
|
486
|
+
#
|
483
487
|
# * CANNOT\_REGISTER\_MASTER\_AS\_DELEGATED\_ADMINISTRATOR: You
|
484
488
|
# attempted to register the management account of the organization as
|
485
489
|
# a delegated administrator for an Amazon Web Services service
|
@@ -547,14 +551,13 @@ module Aws::Organizations
|
|
547
551
|
# * MASTER\_ACCOUNT\_NOT\_GOVCLOUD\_ENABLED: To complete this operation,
|
548
552
|
# the management account must have an associated account in the Amazon
|
549
553
|
# Web Services GovCloud (US-West) Region. For more information, see
|
550
|
-
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide
|
554
|
+
# [Organizations][4] in the *Amazon Web Services GovCloud User Guide*.
|
551
555
|
#
|
552
556
|
# * MASTER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To create an
|
553
557
|
# organization with this management account, you first must associate
|
554
558
|
# a valid payment instrument, such as a credit card, with the account.
|
555
|
-
#
|
556
|
-
#
|
557
|
-
# *Organizations User Guide.*
|
559
|
+
# For more information, see [Considerations before removing an account
|
560
|
+
# from an organization][5] in the *Organizations User Guide*.
|
558
561
|
#
|
559
562
|
# * MAX\_DELEGATED\_ADMINISTRATORS\_FOR\_SERVICE\_LIMIT\_EXCEEDED: You
|
560
563
|
# attempted to register more delegated administrators than allowed for
|
@@ -569,10 +572,9 @@ module Aws::Organizations
|
|
569
572
|
#
|
570
573
|
# * MEMBER\_ACCOUNT\_PAYMENT\_INSTRUMENT\_REQUIRED: To complete this
|
571
574
|
# operation with this member account, you first must associate a valid
|
572
|
-
# payment instrument, such as a credit card, with the account.
|
573
|
-
#
|
574
|
-
#
|
575
|
-
# Guide.*
|
575
|
+
# payment instrument, such as a credit card, with the account. For
|
576
|
+
# more information, see [Considerations before removing an account
|
577
|
+
# from an organization][5] in the *Organizations User Guide*.
|
576
578
|
#
|
577
579
|
# * MIN\_POLICY\_TYPE\_ATTACHMENT\_LIMIT\_EXCEEDED: You attempted to
|
578
580
|
# detach a policy from an entity that would cause the entity to have
|
@@ -612,10 +614,10 @@ module Aws::Organizations
|
|
612
614
|
#
|
613
615
|
#
|
614
616
|
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master
|
615
|
-
# [2]: https://
|
617
|
+
# [2]: https://console.aws.amazon.com/support/home#/
|
616
618
|
# [3]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-general.html
|
617
619
|
# [4]: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
|
618
|
-
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
620
|
+
# [5]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_account-before-remove.html
|
619
621
|
#
|
620
622
|
# @!attribute [rw] message
|
621
623
|
# @return [String]
|
@@ -683,11 +685,11 @@ module Aws::Organizations
|
|
683
685
|
# For more information about how to use this role to access the member
|
684
686
|
# account, see the following links:
|
685
687
|
#
|
686
|
-
# * [
|
687
|
-
#
|
688
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
689
|
+
# account][1] in the *Organizations User Guide*
|
688
690
|
#
|
689
|
-
# * Steps 2 and 3 in [Tutorial: Delegate
|
690
|
-
# Services accounts
|
691
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
692
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
691
693
|
#
|
692
694
|
# The [regex pattern][3] that is used to validate this parameter. The
|
693
695
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -704,8 +706,8 @@ module Aws::Organizations
|
|
704
706
|
# If set to `ALLOW`, the new account enables IAM users to access
|
705
707
|
# account billing information *if* they have the required permissions.
|
706
708
|
# If set to `DENY`, only the root user of the new account can access
|
707
|
-
# account billing information. For more information, see [
|
708
|
-
#
|
709
|
+
# account billing information. For more information, see [About IAM
|
710
|
+
# access to the Billing and Cost Management console][1] in the *Amazon
|
709
711
|
# Web Services Billing and Cost Management User Guide*.
|
710
712
|
#
|
711
713
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
@@ -755,12 +757,12 @@ module Aws::Organizations
|
|
755
757
|
# parameter to DescribeCreateAccountStatus to get status about the
|
756
758
|
# progress of the request at later times. You can also check the
|
757
759
|
# CloudTrail log for the `CreateAccountResult` event. For more
|
758
|
-
# information, see [
|
759
|
-
#
|
760
|
+
# information, see [Logging and monitoring in Organizations][1] in the
|
761
|
+
# *Organizations User Guide*.
|
760
762
|
#
|
761
763
|
#
|
762
764
|
#
|
763
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
765
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html
|
764
766
|
# @return [Types::CreateAccountStatus]
|
765
767
|
#
|
766
768
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountResponse AWS API Documentation
|
@@ -976,10 +978,13 @@ module Aws::Organizations
|
|
976
978
|
# `OrganizationAccountAccessRole`.
|
977
979
|
#
|
978
980
|
# For more information about how to use this role to access the member
|
979
|
-
# account, see
|
980
|
-
#
|
981
|
-
#
|
982
|
-
#
|
981
|
+
# account, see the following links:
|
982
|
+
#
|
983
|
+
# * [Creating the OrganizationAccountAccessRole in an invited member
|
984
|
+
# account][1] in the *Organizations User Guide*
|
985
|
+
#
|
986
|
+
# * Steps 2 and 3 in [IAM Tutorial: Delegate access across Amazon Web
|
987
|
+
# Services accounts using IAM roles][2] in the *IAM User Guide*
|
983
988
|
#
|
984
989
|
# The [regex pattern][3] that is used to validate this parameter. The
|
985
990
|
# pattern can include uppercase letters, lowercase letters, digits
|
@@ -997,9 +1002,9 @@ module Aws::Organizations
|
|
997
1002
|
# enables IAM users to access account billing information *if* they
|
998
1003
|
# have the required permissions. If set to `DENY`, only the root user
|
999
1004
|
# of the new account can access account billing information. For more
|
1000
|
-
# information, see [
|
1001
|
-
# Management
|
1002
|
-
# Management User Guide
|
1005
|
+
# information, see [About IAM access to the Billing and Cost
|
1006
|
+
# Management console][1] in the *Amazon Web Services Billing and Cost
|
1007
|
+
# Management User Guide*.
|
1003
1008
|
#
|
1004
1009
|
# If you don't specify this parameter, the value defaults to `ALLOW`,
|
1005
1010
|
# and IAM users and roles with the required permissions can access
|
@@ -1066,7 +1071,7 @@ module Aws::Organizations
|
|
1066
1071
|
# * `CONSOLIDATED_BILLING`: All member accounts have their bills
|
1067
1072
|
# consolidated to and paid by the management account. For more
|
1068
1073
|
# information, see [Consolidated billing][1] in the *Organizations
|
1069
|
-
# User Guide
|
1074
|
+
# User Guide*.
|
1070
1075
|
#
|
1071
1076
|
# The consolidated billing feature subset isn't available for
|
1072
1077
|
# organizations in the Amazon Web Services GovCloud (US) Region.
|
@@ -1075,7 +1080,7 @@ module Aws::Organizations
|
|
1075
1080
|
# consolidated billing feature set, the management account can also
|
1076
1081
|
# apply any policy type to any member account in the organization.
|
1077
1082
|
# For more information, see [All features][2] in the *Organizations
|
1078
|
-
# User Guide
|
1083
|
+
# User Guide*.
|
1079
1084
|
#
|
1080
1085
|
#
|
1081
1086
|
#
|
@@ -2247,7 +2252,7 @@ module Aws::Organizations
|
|
2247
2252
|
#
|
2248
2253
|
#
|
2249
2254
|
#
|
2250
|
-
# [1]: https://
|
2255
|
+
# [1]: https://console.aws.amazon.com/support/home#/
|
2251
2256
|
#
|
2252
2257
|
# @!attribute [rw] message
|
2253
2258
|
# @return [String]
|
@@ -3602,12 +3607,12 @@ module Aws::Organizations
|
|
3602
3607
|
|
3603
3608
|
# The provided policy document doesn't meet the requirements of the
|
3604
3609
|
# specified policy type. For example, the syntax might be incorrect. For
|
3605
|
-
# details about service control policy syntax, see [
|
3606
|
-
#
|
3610
|
+
# details about service control policy syntax, see [SCP syntax][1] in
|
3611
|
+
# the *Organizations User Guide*.
|
3607
3612
|
#
|
3608
3613
|
#
|
3609
3614
|
#
|
3610
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
3615
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
3611
3616
|
#
|
3612
3617
|
# @!attribute [rw] message
|
3613
3618
|
# @return [String]
|
@@ -3732,8 +3737,8 @@ module Aws::Organizations
|
|
3732
3737
|
# organization. If set to "ALL", then all features are enabled and
|
3733
3738
|
# policies can be applied to accounts in the organization. If set to
|
3734
3739
|
# "CONSOLIDATED\_BILLING", then only consolidated billing
|
3735
|
-
# functionality is available. For more information, see [Enabling
|
3736
|
-
#
|
3740
|
+
# functionality is available. For more information, see [Enabling all
|
3741
|
+
# features in your organization][1] in the *Organizations User Guide*.
|
3737
3742
|
#
|
3738
3743
|
#
|
3739
3744
|
#
|
@@ -3794,8 +3799,7 @@ module Aws::Organizations
|
|
3794
3799
|
end
|
3795
3800
|
|
3796
3801
|
# The organization isn't empty. To delete an organization, you must
|
3797
|
-
# first remove all accounts except the management account
|
3798
|
-
# OUs, and delete all policies.
|
3802
|
+
# first remove all accounts except the management account.
|
3799
3803
|
#
|
3800
3804
|
# @!attribute [rw] message
|
3801
3805
|
# @return [String]
|
@@ -4157,8 +4161,8 @@ module Aws::Organizations
|
|
4157
4161
|
# You can't use the specified policy type with the feature set
|
4158
4162
|
# currently enabled for this organization. For example, you can enable
|
4159
4163
|
# SCPs only after you enable all features in the organization. For more
|
4160
|
-
# information, see [Managing Organizations
|
4161
|
-
# *Organizations User Guide
|
4164
|
+
# information, see [Managing Organizations policies][1]in the
|
4165
|
+
# *Organizations User Guide*.
|
4162
4166
|
#
|
4163
4167
|
#
|
4164
4168
|
#
|
@@ -4178,8 +4182,8 @@ module Aws::Organizations
|
|
4178
4182
|
# The specified policy type isn't currently enabled in this root. You
|
4179
4183
|
# can't attach policies of the specified type to entities in a root
|
4180
4184
|
# until you enable that type in the root. For more information, see
|
4181
|
-
# [Enabling
|
4182
|
-
# User Guide
|
4185
|
+
# [Enabling all features in your organization][1] in the *Organizations
|
4186
|
+
# User Guide*.
|
4183
4187
|
#
|
4184
4188
|
#
|
4185
4189
|
#
|
@@ -4222,12 +4226,12 @@ module Aws::Organizations
|
|
4222
4226
|
# @!attribute [rw] content
|
4223
4227
|
# If provided, the new content for the resource policy. The text must
|
4224
4228
|
# be correctly formatted JSON that complies with the syntax for the
|
4225
|
-
# resource policy's type. For more information, see [
|
4226
|
-
#
|
4229
|
+
# resource policy's type. For more information, see [SCP syntax][1]
|
4230
|
+
# in the *Organizations User Guide*.
|
4227
4231
|
#
|
4228
4232
|
#
|
4229
4233
|
#
|
4230
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4234
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
4231
4235
|
# @return [String]
|
4232
4236
|
#
|
4233
4237
|
# @!attribute [rw] tags
|
@@ -4559,7 +4563,7 @@ module Aws::Organizations
|
|
4559
4563
|
# later.
|
4560
4564
|
#
|
4561
4565
|
# For information about quotas that affect Organizations, see [Quotas
|
4562
|
-
# for Organizations][1]in the *Organizations User Guide
|
4566
|
+
# for Organizations][1] in the *Organizations User Guide*.
|
4563
4567
|
#
|
4564
4568
|
#
|
4565
4569
|
#
|
@@ -4702,12 +4706,12 @@ module Aws::Organizations
|
|
4702
4706
|
# @!attribute [rw] content
|
4703
4707
|
# If provided, the new content for the policy. The text must be
|
4704
4708
|
# correctly formatted JSON that complies with the syntax for the
|
4705
|
-
# policy's type. For more information, see [
|
4706
|
-
#
|
4709
|
+
# policy's type. For more information, see [SCP syntax][1] in the
|
4710
|
+
# *Organizations User Guide*.
|
4707
4711
|
#
|
4708
4712
|
#
|
4709
4713
|
#
|
4710
|
-
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/
|
4714
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_syntax.html
|
4711
4715
|
# @return [String]
|
4712
4716
|
#
|
4713
4717
|
# @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicyRequest AWS API Documentation
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-organizations
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.80.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|