aws-sdk-organizations 1.50.0 → 1.51.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '048979f001ba9072b4255b7e645ca0d6eea122a8841fbc4716168bf1dde21968'
-  data.tar.gz: 1ddafdfc2821fcaee5be2f5f3674fdb7ca3c932b9452bd098dbe3ce35c342fb0
+  metadata.gz: 7b6f5921109742aaa83544abde06a32cae7102b883e54767fe4e5567affe73a6
+  data.tar.gz: 0fdaeb797a8f94bca291bedaa02f83098032626aa70e1e304010bbc9926d7b25
 SHA512:
-  metadata.gz: 699911dc1da0dfa00f5f957c50cf0ecef4d75c9fbb255c210e88d6e7aa42ef8f20f9c87960644d785945eb4e165f6b826929b8ddae96bd1ba73db31459209992
-  data.tar.gz: cdc50b93fab7de17883e80282b932341eae8f1deaa08f0710613f27382dc4e1f70a91cb345bcf2fb60903d9ade9e27ccadbad54323cdbd11fd36dde68e2cdc61
+  metadata.gz: 40a50363452745e1f6a6ef0aef7f5688754608588f65766d59e5786d40dc54a718ee5d67b404f852459dc5a4a47491dcbee044c82b90ce7f589ec17a87e51fcd
+  data.tar.gz: 5bc9c7b9b676bee453d617114739d234a0203ba6ff31298dcb34cb7254f336d96feeb91aaa85ea0cbd5dbb7a829fd2a0401500158f969150dd28bb4a3c24c2cc

data/lib/aws-sdk-organizations.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-organizations/customizations'
 # @!group service
 module Aws::Organizations
 
-  GEM_VERSION = '1.50.0'
+  GEM_VERSION = '1.51.0'
 
 end

data/lib/aws-sdk-organizations/client.rb

@@ -703,8 +703,6 @@ module Aws::Organizations
     #   [Monitoring the Activity in Your Organization][1] in the *AWS
     #   Organizations User Guide.*
     #
-    #
-    #
     # The user who calls the API to create an account must have the
     # `organizations:CreateAccount` permission. If you enabled all features
     # in the organization, AWS Organizations creates the required
@@ -712,6 +710,9 @@ module Aws::Organizations
     # information, see [AWS Organizations and Service-Linked Roles][2] in
     # the *AWS Organizations User Guide*.
     #
+    # If the request includes tags, then the requester must have the
+    # `organizations:TagResource` permission.
+    #
     # AWS Organizations preconfigures the new member account with a role
     # (named `OrganizationAccountAccessRole` by default) that grants users
     # in the master account administrator permissions in the new member
@@ -827,6 +828,23 @@ module Aws::Organizations
     #
     #   [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created account.
+    #   For each tag in the list, you must specify both a tag key and a value.
+    #   You can set the value to an empty string, but you can't set it to
+    #   `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for an account, then the entire request fails and the account
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
     # @return [Types::CreateAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
@@ -859,6 +877,12 @@ module Aws::Organizations
     #     account_name: "AccountName", # required
     #     role_name: "RoleName",
     #     iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -893,11 +917,12 @@ module Aws::Organizations
     # * You call this action from the master account of your organization in
     #   the commercial Region.
     #
-    # * You have the `organizations:CreateGovCloudAccount` permission. AWS
-    #   Organizations creates the required service-linked role named
-    #   `AWSServiceRoleForOrganizations`. For more information, see [AWS
-    #   Organizations and Service-Linked Roles][2] in the *AWS Organizations
-    #   User Guide.*
+    # * You have the `organizations:CreateGovCloudAccount` permission.
+    #
+    # AWS Organizations automatically creates the required service-linked
+    # role named `AWSServiceRoleForOrganizations`. For more information, see
+    # [AWS Organizations and Service-Linked Roles][2] in the *AWS
+    # Organizations User Guide.*
     #
     # AWS automatically enables AWS CloudTrail for AWS GovCloud (US)
     # accounts, but you should also do the following:
@@ -909,6 +934,13 @@ module Aws::Organizations
     #   For more information, see [Verifying AWS CloudTrail Is Enabled][3]
     #   in the *AWS GovCloud User Guide*.
     #
+    # If the request includes tags, then the requester must have the
+    # `organizations:TagResource` permission. The tags are attached to the
+    # commercial account associated with the GovCloud account, rather than
+    # the GovCloud account itself. To add tags to the GovCloud account, call
+    # the TagResource operation in the GovCloud Region after the new
+    # GovCloud account exists.
+    #
     # You call this action from the master account of your organization in
     # the commercial Region to create a standalone AWS account in the AWS
     # GovCloud (US) Region. After the account is created, the master account
@@ -945,10 +977,10 @@ module Aws::Organizations
     # allows the master account in the organization in the commercial Region
     # to assume it. An AWS GovCloud (US) account is then created and
     # associated with the commercial account that you just created. A role
-    # is created in the new AWS GovCloud (US) account that can be assumed by
-    # the AWS GovCloud (US) account that is associated with the master
-    # account of the commercial organization. For more information and to
-    # view a diagram that explains how account access works, see [AWS
+    # is also created in the new AWS GovCloud (US) account that can be
+    # assumed by the AWS GovCloud (US) account that is associated with the
+    # master account of the commercial organization. For more information
+    # and to view a diagram that explains how account access works, see [AWS
     # Organizations][4] in the *AWS GovCloud User Guide.*
     #
     # For more information about creating accounts, see [Creating an AWS
@@ -1062,6 +1094,28 @@ module Aws::Organizations
     #
     #   [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created account.
+    #   These tags are attached to the commercial account associated with the
+    #   GovCloud account, and not to the GovCloud account itself. To add tags
+    #   to the actual GovCloud account, call the TagResource operation in the
+    #   GovCloud region after the new GovCloud account exists.
+    #
+    #   For each tag in the list, you must specify both a tag key and a value.
+    #   You can set the value to an empty string, but you can't set it to
+    #   `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for an account, then the entire request fails and the account
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
     # @return [Types::CreateGovCloudAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateGovCloudAccountResponse#create_account_status #create_account_status} => Types::CreateAccountStatus
@@ -1073,6 +1127,12 @@ module Aws::Organizations
     #     account_name: "AccountName", # required
     #     role_name: "RoleName",
     #     iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -1113,7 +1173,7 @@ module Aws::Organizations
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account
     #
     # @option params [String] :feature_set
     #   Specifies the feature set supported by the new organization. Each
@@ -1230,6 +1290,9 @@ module Aws::Organizations
     # For more information about OUs, see [Managing Organizational Units][1]
     # in the *AWS Organizations User Guide.*
     #
+    # If the request includes tags, then the requester must have the
+    # `organizations:TagResource` permission.
+    #
     # This operation can be called only from the organization's master
     # account.
     #
@@ -1259,6 +1322,23 @@ module Aws::Organizations
     # @option params [required, String] :name
     #   The friendly name to assign to the new OU.
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created OU. For
+    #   each tag in the list, you must specify both a tag key and a value. You
+    #   can set the value to an empty string, but you can't set it to `null`.
+    #   For more information about tagging, see [Tagging AWS Organizations
+    #   resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for an OU, then the entire request fails and the OU is not
+    #   created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
     # @return [Types::CreateOrganizationalUnitResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateOrganizationalUnitResponse#organizational_unit #organizational_unit} => Types::OrganizationalUnit
@@ -1287,6 +1367,12 @@ module Aws::Organizations
     #   resp = client.create_organizational_unit({
     #     parent_id: "ParentId", # required
     #     name: "OrganizationalUnitName", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -1310,6 +1396,9 @@ module Aws::Organizations
     # For more information about policies and their use, see [Managing
     # Organization Policies][1].
     #
+    # If the request includes tags, then the requester must have the
+    # `organizations:TagResource` permission.
+    #
     # This operation can be called only from the organization's master
     # account.
     #
@@ -1354,6 +1443,23 @@ module Aws::Organizations
     #   [3]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
     #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created policy.
+    #   For each tag in the list, you must specify both a tag key and a value.
+    #   You can set the value to an empty string, but you can't set it to
+    #   `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for a policy, then the entire request fails and the policy is
+    #   not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
     # @return [Types::CreatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreatePolicyResponse#policy #policy} => Types::Policy
@@ -1393,6 +1499,12 @@ module Aws::Organizations
     #     description: "PolicyDescription", # required
     #     name: "PolicyName", # required
     #     type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -2726,6 +2838,9 @@ module Aws::Organizations
     #   then try again. If the error persists after an hour, contact [AWS
     #   Support][2].
     #
+    # If the request includes tags, then the requester must have the
+    # `organizations:TagResource` permission.
+    #
     # This operation can be called only from the organization's master
     # account.
     #
@@ -2756,6 +2871,33 @@ module Aws::Organizations
     #   Additional information that you want to include in the generated email
     #   to the recipient account owner.
     #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the account when it becomes
+    #   a member of the organization. For each tag in the list, you must
+    #   specify both a tag key and a value. You can set the value to an empty
+    #   string, but you can't set it to `null`. For more information about
+    #   tagging, see [Tagging AWS Organizations resources][1] in the AWS
+    #   Organizations User Guide.
+    #
+    #   Any tags in the request are checked for compliance with any applicable
+    #   tag policies when the request is made. The request is rejected if the
+    #   tags in the request don't match the requirements of the policy at
+    #   that time. Tag policy compliance is <i> <b>not</b> </i> checked again
+    #   when the invitation is accepted and the tags are actually attached to
+    #   the account. That means that if the tag policy changes between the
+    #   invitation and the acceptance, then that tags could potentially be
+    #   non-compliant.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for an account, then the entire request fails and invitations
+    #   are not sent.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #
     # @return [Types::InviteAccountToOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::InviteAccountToOrganizationResponse#handshake #handshake} => Types::Handshake
@@ -2828,6 +2970,12 @@ module Aws::Organizations
     #       type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
     #     },
     #     notes: "HandshakeNotes",
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -2895,6 +3043,10 @@ module Aws::Organizations
     #   Access to the Billing and Cost Management Console][2] in the *AWS
     #   Billing and Cost Management User Guide.*
     #
+    # * After the account leaves the organization, all tags that were
+    #   attached to the account object in the organization are deleted. AWS
+    #   accounts outside of an organization do not support tags.
+    #
     #
     #
     # [1]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info
@@ -4509,16 +4661,37 @@ module Aws::Organizations
       req.send_request(options)
     end
 
-    # Lists tags for the specified resource.
+    # Lists tags that are attached to the specified resource.
+    #
+    # You can attach tags to the following resources in AWS Organizations.
+    #
+    # * AWS account
+    #
+    # * Organization root
+    #
+    # * Organizational unit (OU)
     #
-    # Currently, you can list tags on an account in AWS Organizations.
+    # * Policy (any type)
     #
     # This operation can be called only from the organization's master
     # account or by a member account that is a delegated administrator for
     # an AWS service.
     #
     # @option params [required, String] :resource_id
-    #   The ID of the resource that you want to retrieve tags for.
+    #   The ID of the resource with the tags to list.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
     #
     # @option params [String] :next_token
     #   The parameter for receiving additional results if you receive a
@@ -4810,20 +4983,25 @@ module Aws::Organizations
     # account. Member accounts can remove themselves with LeaveOrganization
     # instead.
     #
-    # You can remove an account from your organization only if the account
-    # is configured with the information required to operate as a standalone
-    # account. When you create an account in an organization using the AWS
-    # Organizations console, API, or CLI commands, the information required
-    # of standalone accounts is *not* automatically collected. For an
-    # account that you want to make standalone, you must choose a support
-    # plan, provide and verify the required contact information, and provide
-    # a current payment method. AWS uses the payment method to charge for
-    # any billable (not free tier) AWS activity that occurs while the
-    # account isn't attached to an organization. To remove an account that
-    # doesn't yet have this information, you must sign in as the member
-    # account and follow the steps at [ To leave an organization when all
-    # required account information has not yet been provided][1] in the *AWS
-    # Organizations User Guide.*
+    # * You can remove an account from your organization only if the account
+    #   is configured with the information required to operate as a
+    #   standalone account. When you create an account in an organization
+    #   using the AWS Organizations console, API, or CLI commands, the
+    #   information required of standalone accounts is *not* automatically
+    #   collected. For an account that you want to make standalone, you must
+    #   choose a support plan, provide and verify the required contact
+    #   information, and provide a current payment method. AWS uses the
+    #   payment method to charge for any billable (not free tier) AWS
+    #   activity that occurs while the account isn't attached to an
+    #   organization. To remove an account that doesn't yet have this
+    #   information, you must sign in as the member account and follow the
+    #   steps at [ To leave an organization when all required account
+    #   information has not yet been provided][1] in the *AWS Organizations
+    #   User Guide.*
+    #
+    # * After the account leaves the organization, all tags that were
+    #   attached to the account object in the organization are deleted. AWS
+    #   accounts outside of an organization do not support tags.
     #
     #
     #
@@ -4868,7 +5046,16 @@ module Aws::Organizations
 
     # Adds one or more tags to the specified resource.
     #
-    # Currently, you can tag and untag accounts in AWS Organizations.
+    # Currently, you can attach tags to the following resources in AWS
+    # Organizations.
+    #
+    # * AWS account
+    #
+    # * Organization root
+    #
+    # * Organizational unit (OU)
+    #
+    # * Policy (any type)
     #
     # This operation can be called only from the organization's master
     # account.
@@ -4877,9 +5064,30 @@ module Aws::Organizations
     #   The ID of the resource to add a tag to.
     #
     # @option params [required, Array<Types::Tag>] :tags
-    #   The tag to add to the specified resource. You must specify both a tag
-    #   key and value. You can set the value of a tag to an empty string, but
-    #   you can't set it to null.
+    #   A list of tags to add to the specified resource.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
+    #
+    #   For each tag in the list, you must specify both a tag key and a value.
+    #   You can set the value to an empty string, but you can't set it to
+    #   `null`.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags for an account user, then the entire request fails and the
+    #   account is not created.
+    #
+    #    </note>
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -4904,18 +5112,39 @@ module Aws::Organizations
       req.send_request(options)
     end
 
-    # Removes a tag from the specified resource.
+    # Removes any tags with the specified keys from the specified resource.
+    #
+    # You can attach tags to the following resources in AWS Organizations.
+    #
+    # * AWS account
+    #
+    # * Organization root
     #
-    # Currently, you can tag and untag accounts in AWS Organizations.
+    # * Organizational unit (OU)
+    #
+    # * Policy (any type)
     #
     # This operation can be called only from the organization's master
     # account.
     #
     # @option params [required, String] :resource_id
-    #   The ID of the resource to remove the tag from.
+    #   The ID of the resource to remove a tag from.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
     #
     # @option params [required, Array<String>] :tag_keys
-    #   The tag to remove from the specified resource.
+    #   The list of keys for tags to remove from the specified resource.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -5148,7 +5377,7 @@ module Aws::Organizations
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-organizations'
-      context[:gem_version] = '1.50.0'
+      context[:gem_version] = '1.51.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-organizations/client_api.rb

@@ -312,6 +312,7 @@ module Aws::Organizations
     CreateAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
     CreateAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
     CreateAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
+    CreateAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateAccountRequest.struct_class = Types::CreateAccountRequest
 
     CreateAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
@@ -338,6 +339,7 @@ module Aws::Organizations
     CreateGovCloudAccountRequest.add_member(:account_name, Shapes::ShapeRef.new(shape: AccountName, required: true, location_name: "AccountName"))
     CreateGovCloudAccountRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: RoleName, location_name: "RoleName"))
     CreateGovCloudAccountRequest.add_member(:iam_user_access_to_billing, Shapes::ShapeRef.new(shape: IAMUserAccessToBilling, location_name: "IamUserAccessToBilling"))
+    CreateGovCloudAccountRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateGovCloudAccountRequest.struct_class = Types::CreateGovCloudAccountRequest
 
     CreateGovCloudAccountResponse.add_member(:create_account_status, Shapes::ShapeRef.new(shape: CreateAccountStatus, location_name: "CreateAccountStatus"))
@@ -351,6 +353,7 @@ module Aws::Organizations
 
     CreateOrganizationalUnitRequest.add_member(:parent_id, Shapes::ShapeRef.new(shape: ParentId, required: true, location_name: "ParentId"))
     CreateOrganizationalUnitRequest.add_member(:name, Shapes::ShapeRef.new(shape: OrganizationalUnitName, required: true, location_name: "Name"))
+    CreateOrganizationalUnitRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateOrganizationalUnitRequest.struct_class = Types::CreateOrganizationalUnitRequest
 
     CreateOrganizationalUnitResponse.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: OrganizationalUnit, location_name: "OrganizationalUnit"))
@@ -360,6 +363,7 @@ module Aws::Organizations
     CreatePolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: PolicyDescription, required: true, location_name: "Description"))
     CreatePolicyRequest.add_member(:name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "Name"))
     CreatePolicyRequest.add_member(:type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "Type"))
+    CreatePolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreatePolicyRequest.struct_class = Types::CreatePolicyRequest
 
     CreatePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: Policy, location_name: "Policy"))
@@ -552,6 +556,7 @@ module Aws::Organizations
 
     InviteAccountToOrganizationRequest.add_member(:target, Shapes::ShapeRef.new(shape: HandshakeParty, required: true, location_name: "Target"))
     InviteAccountToOrganizationRequest.add_member(:notes, Shapes::ShapeRef.new(shape: HandshakeNotes, location_name: "Notes"))
+    InviteAccountToOrganizationRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     InviteAccountToOrganizationRequest.struct_class = Types::InviteAccountToOrganizationRequest
 
     InviteAccountToOrganizationResponse.add_member(:handshake, Shapes::ShapeRef.new(shape: Handshake, location_name: "Handshake"))
@@ -1322,6 +1327,7 @@ module Aws::Organizations
         o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: HandshakeConstraintViolationException)
         o.errors << Shapes::ShapeRef.new(shape: DuplicateHandshakeException)
+        o.errors << Shapes::ShapeRef.new(shape: ConstraintViolationException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: FinalizingOrganizationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceException)

data/lib/aws-sdk-organizations/types.rb

@@ -597,6 +597,12 @@ module Aws::Organizations
     #         account_name: "AccountName", # required
     #         role_name: "RoleName",
     #         iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] email
@@ -660,13 +666,32 @@ module Aws::Organizations
     #   [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created account.
+    #   For each tag in the list, you must specify both a tag key and a
+    #   value. You can set the value to an empty string, but you can't set
+    #   it to `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for an account, then the entire request fails and the
+    #   account is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccountRequest AWS API Documentation
     #
     class CreateAccountRequest < Struct.new(
       :email,
       :account_name,
       :role_name,
-      :iam_user_access_to_billing)
+      :iam_user_access_to_billing,
+      :tags)
       SENSITIVE = [:email, :account_name]
       include Aws::Structure
     end
@@ -819,6 +844,12 @@ module Aws::Organizations
     #         account_name: "AccountName", # required
     #         role_name: "RoleName",
     #         iam_user_access_to_billing: "ALLOW", # accepts ALLOW, DENY
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] email
@@ -885,13 +916,37 @@ module Aws::Organizations
     #   [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created account.
+    #   These tags are attached to the commercial account associated with
+    #   the GovCloud account, and not to the GovCloud account itself. To add
+    #   tags to the actual GovCloud account, call the TagResource operation
+    #   in the GovCloud region after the new GovCloud account exists.
+    #
+    #   For each tag in the list, you must specify both a tag key and a
+    #   value. You can set the value to an empty string, but you can't set
+    #   it to `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for an account, then the entire request fails and the
+    #   account is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccountRequest AWS API Documentation
     #
     class CreateGovCloudAccountRequest < Struct.new(
       :email,
       :account_name,
       :role_name,
-      :iam_user_access_to_billing)
+      :iam_user_access_to_billing,
+      :tags)
       SENSITIVE = [:email, :account_name]
       include Aws::Structure
     end
@@ -968,6 +1023,12 @@ module Aws::Organizations
     #       {
     #         parent_id: "ParentId", # required
     #         name: "OrganizationalUnitName", # required
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] parent_id
@@ -995,11 +1056,30 @@ module Aws::Organizations
     #   The friendly name to assign to the new OU.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created OU. For
+    #   each tag in the list, you must specify both a tag key and a value.
+    #   You can set the value to an empty string, but you can't set it to
+    #   `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for an OU, then the entire request fails and the OU
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnitRequest AWS API Documentation
     #
     class CreateOrganizationalUnitRequest < Struct.new(
       :parent_id,
-      :name)
+      :name,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1024,6 +1104,12 @@ module Aws::Organizations
     #         description: "PolicyDescription", # required
     #         name: "PolicyName", # required
     #         type: "SERVICE_CONTROL_POLICY", # required, accepts SERVICE_CONTROL_POLICY, TAG_POLICY, BACKUP_POLICY, AISERVICES_OPT_OUT_POLICY
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] content
@@ -1067,13 +1153,32 @@ module Aws::Organizations
     #   [4]: http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created policy.
+    #   For each tag in the list, you must specify both a tag key and a
+    #   value. You can set the value to an empty string, but you can't set
+    #   it to `null`. For more information about tagging, see [Tagging AWS
+    #   Organizations resources][1] in the AWS Organizations User Guide.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for a policy, then the entire request fails and the
+    #   policy is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicyRequest AWS API Documentation
     #
     class CreatePolicyRequest < Struct.new(
       :content,
       :description,
       :name,
-      :type)
+      :type,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2348,6 +2453,9 @@ module Aws::Organizations
     #
     #  </note>
     #
+    # * DUPLICATE\_TAG\_KEY: Tag keys must be unique among the tags attached
+    #   to the same entity.
+    #
     # * IMMUTABLE\_POLICY: You specified a policy that is managed by AWS and
     #   can't be modified.
     #
@@ -2356,6 +2464,9 @@ module Aws::Organizations
     #
     # * INVALID\_ENUM: You specified an invalid value.
     #
+    # * INVALID\_ENUM\_POLICY\_TYPE: You specified an invalid policy type
+    #   string.
+    #
     # * INVALID\_FULL\_NAME\_TARGET: You specified a full name that contains
     #   invalid characters.
     #
@@ -2405,6 +2516,12 @@ module Aws::Organizations
     # * MOVING\_ACCOUNT\_BETWEEN\_DIFFERENT\_ROOTS: You can move an account
     #   only between entities in the same root.
     #
+    # * TARGET\_NOT\_SUPPORTED: You can't perform the specified operation
+    #   on that target entity.
+    #
+    # * UNRECOGNIZED\_SERVICE\_PRINCIPAL: You specified a service principal
+    #   that isn't recognized.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2429,6 +2546,12 @@ module Aws::Organizations
     #           type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, EMAIL
     #         },
     #         notes: "HandshakeNotes",
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] target
@@ -2455,11 +2578,40 @@ module Aws::Organizations
     #   email to the recipient account owner.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the account when it
+    #   becomes a member of the organization. For each tag in the list, you
+    #   must specify both a tag key and a value. You can set the value to an
+    #   empty string, but you can't set it to `null`. For more information
+    #   about tagging, see [Tagging AWS Organizations resources][1] in the
+    #   AWS Organizations User Guide.
+    #
+    #   Any tags in the request are checked for compliance with any
+    #   applicable tag policies when the request is made. The request is
+    #   rejected if the tags in the request don't match the requirements of
+    #   the policy at that time. Tag policy compliance is <i> <b>not</b>
+    #   </i> checked again when the invitation is accepted and the tags are
+    #   actually attached to the account. That means that if the tag policy
+    #   changes between the invitation and the acceptance, then that tags
+    #   could potentially be non-compliant.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for an account, then the entire request fails and
+    #   invitations are not sent.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganizationRequest AWS API Documentation
     #
     class InviteAccountToOrganizationRequest < Struct.new(
       :target,
-      :notes)
+      :notes,
+      :tags)
       SENSITIVE = [:notes]
       include Aws::Structure
     end
@@ -3528,7 +3680,20 @@ module Aws::Organizations
     #       }
     #
     # @!attribute [rw] resource_id
-    #   The ID of the resource that you want to retrieve tags for.
+    #   The ID of the resource with the tags to list.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -4428,8 +4593,18 @@ module Aws::Organizations
       include Aws::Structure
     end
 
-    # A custom key-value pair associated with a resource such as an account
-    # within your organization.
+    # A custom key-value pair associated with a resource within your
+    # organization.
+    #
+    # You can attach tags to any of the following organization resources.
+    #
+    # * AWS account
+    #
+    # * Organizational unit (OU)
+    #
+    # * Organization root
+    #
+    # * Policy
     #
     # @note When making an API call, you may pass Tag
     #   data as a hash:
@@ -4476,9 +4651,30 @@ module Aws::Organizations
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The tag to add to the specified resource. You must specify both a
-    #   tag key and value. You can set the value of a tag to an empty
-    #   string, but you can't set it to null.
+    #   A list of tags to add to the specified resource.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
+    #
+    #   For each tag in the list, you must specify both a tag key and a
+    #   value. You can set the value to an empty string, but you can't set
+    #   it to `null`.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags for an account user, then the entire request fails
+    #   and the account is not created.
+    #
+    #    </note>
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResourceRequest AWS API Documentation
@@ -4490,8 +4686,8 @@ module Aws::Organizations
       include Aws::Structure
     end
 
-    # We can't find a root, OU, or account with the `TargetId` that you
-    # specified.
+    # We can't find a root, OU, account, or policy with the `TargetId` that
+    # you specified.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -4553,11 +4749,24 @@ module Aws::Organizations
     #       }
     #
     # @!attribute [rw] resource_id
-    #   The ID of the resource to remove the tag from.
+    #   The ID of the resource to remove a tag from.
+    #
+    #   You can specify any of the following taggable resources.
+    #
+    #   * AWS account – specify the account ID number.
+    #
+    #   * Organizational unit – specify the OU ID that begins with `ou-` and
+    #     looks similar to: `ou-1a2b-34uvwxyz `
+    #
+    #   * Root – specify the root ID that begins with `r-` and looks similar
+    #     to: `r-1a2b `
+    #
+    #   * Policy – specify the policy ID that begins with `p-` andlooks
+    #     similar to: `p-12abcdefg3 `
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
-    #   The tag to remove from the specified resource.
+    #   The list of keys for tags to remove from the specified resource.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResourceRequest AWS API Documentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-organizations
 version: !ruby/object:Gem::Version
-  version: 1.50.0
+  version: 1.51.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-25 00:00:00.000000000 Z
+date: 2020-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core