1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
2
3package organizations
4
5import (
6	"fmt"
7	"time"
8
9	"github.com/aws/aws-sdk-go/aws"
10	"github.com/aws/aws-sdk-go/aws/awsutil"
11	"github.com/aws/aws-sdk-go/aws/request"
12	"github.com/aws/aws-sdk-go/private/protocol"
13	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
14)
15
16const opAcceptHandshake = "AcceptHandshake"
17
18// AcceptHandshakeRequest generates a "aws/request.Request" representing the
19// client's request for the AcceptHandshake operation. The "output" return
20// value will be populated with the request's response once the request completes
21// successfully.
22//
23// Use "Send" method on the returned Request to send the API call to the service.
24// the "output" return value is not valid until after Send returns without error.
25//
26// See AcceptHandshake for more information on using the AcceptHandshake
27// API call, and error handling.
28//
29// This method is useful when you want to inject custom logic or configuration
30// into the SDK's request lifecycle. Such as custom headers, or retry logic.
31//
32//
33//    // Example sending a request using the AcceptHandshakeRequest method.
34//    req, resp := client.AcceptHandshakeRequest(params)
35//
36//    err := req.Send()
37//    if err == nil { // resp is now filled
38//        fmt.Println(resp)
39//    }
40//
41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
43	op := &request.Operation{
44		Name:       opAcceptHandshake,
45		HTTPMethod: "POST",
46		HTTPPath:   "/",
47	}
48
49	if input == nil {
50		input = &AcceptHandshakeInput{}
51	}
52
53	output = &AcceptHandshakeOutput{}
54	req = c.newRequest(op, input, output)
55	return
56}
57
58// AcceptHandshake API operation for AWS Organizations.
59//
60// Sends a response to the originator of a handshake agreeing to the action
61// proposed by the handshake request.
62//
63// This operation can be called only by the following principals when they also
64// have the relevant IAM permissions:
65//
66//    * Invitation to join or Approve all features request handshakes: only
67//    a principal from the member account. The user who calls the API for an
68//    invitation to join must have the organizations:AcceptHandshake permission.
69//    If you enabled all features in the organization, the user must also have
70//    the iam:CreateServiceLinkedRole permission so that AWS Organizations can
71//    create the required service-linked role named AWSServiceRoleForOrganizations.
72//    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles)
73//    in the AWS Organizations User Guide.
74//
75//    * Enable all features final confirmation handshake: only a principal from
76//    the management account. For more information about invitations, see Inviting
77//    an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
78//    in the AWS Organizations User Guide. For more information about requests
79//    to enable all features in the organization, see Enabling All Features
80//    in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
81//    in the AWS Organizations User Guide.
82//
83// After you accept a handshake, it continues to appear in the results of relevant
84// APIs for only 30 days. After that, it's deleted.
85//
86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
87// with awserr.Error's Code and Message methods to get detailed information about
88// the error.
89//
90// See the AWS API reference guide for AWS Organizations's
91// API operation AcceptHandshake for usage and error information.
92//
93// Returned Error Types:
94//   * AccessDeniedException
95//   You don't have permissions to perform the requested operation. The user or
96//   role that is making the request must have at least one IAM permissions policy
97//   attached that grants the required permissions. For more information, see
98//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
99//   in the IAM User Guide.
100//
101//   * AWSOrganizationsNotInUseException
102//   Your account isn't a member of an organization. To make this request, you
103//   must use the credentials of an account that belongs to an organization.
104//
105//   * HandshakeConstraintViolationException
106//   The requested operation would violate the constraint identified in the reason
107//   code.
108//
109//   Some of the reasons in the following list might not be applicable to this
110//   specific API or operation:
111//
112//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
113//      the number of accounts in an organization. Note that deleted and closed
114//      accounts still count toward your limit. If you get this exception immediately
115//      after creating the organization, wait one hour and try again. If after
116//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
117//
118//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
119//      the invited account is already a member of an organization.
120//
121//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
122//      handshakes that you can send in one day.
123//
124//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
125//      to join an organization while it's in the process of enabling all features.
126//      You can resume inviting accounts after you finalize the process when all
127//      accounts have agreed to the change.
128//
129//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
130//      because the organization has already enabled all features.
131//
132//      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
133//      request is invalid because the organization has already started the process
134//      to enable all features.
135//
136//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
137//      the account is from a different marketplace than the accounts in the organization.
138//      For example, accounts with India addresses must be associated with the
139//      AISPL marketplace. All accounts in an organization must be from the same
140//      marketplace.
141//
142//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
143//      change the membership of an account too quickly after its previous change.
144//
145//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
146//      account that doesn't have a payment instrument, such as a credit card,
147//      associated with it.
148//
149//   * HandshakeNotFoundException
150//   We can't find a handshake with the HandshakeId that you specified.
151//
152//   * InvalidHandshakeTransitionException
153//   You can't perform the operation on the handshake in its current state. For
154//   example, you can't cancel a handshake that was already accepted or accept
155//   a handshake that was already declined.
156//
157//   * HandshakeAlreadyInStateException
158//   The specified handshake is already in the requested state. For example, you
159//   can't accept a handshake that was already accepted.
160//
161//   * InvalidInputException
162//   The requested operation failed because you provided invalid values for one
163//   or more of the request parameters. This exception includes a reason that
164//   contains additional information about the violated limit:
165//
166//   Some of the reasons in the following list might not be applicable to this
167//   specific API or operation.
168//
169//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
170//      the same entity.
171//
172//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
173//      can't be modified.
174//
175//      * INPUT_REQUIRED: You must include a value for all required parameters.
176//
177//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
178//      for the invited account owner.
179//
180//      * INVALID_ENUM: You specified an invalid value.
181//
182//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
183//
184//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
185//      characters.
186//
187//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
188//      at least one invalid value.
189//
190//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
191//      from the response to a previous call of the operation.
192//
193//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
194//      organization, or email) as a party.
195//
196//      * INVALID_PATTERN: You provided a value that doesn't match the required
197//      pattern.
198//
199//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
200//      match the required pattern.
201//
202//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
203//      name can't begin with the reserved prefix AWSServiceRoleFor.
204//
205//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
206//      Name (ARN) for the organization.
207//
208//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
209//
210//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
211//      tag. You can’t add, edit, or delete system tag keys because they're
212//      reserved for AWS use. System tags don’t count against your tags per
213//      resource limit.
214//
215//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
216//      for the operation.
217//
218//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
219//      than allowed.
220//
221//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
222//      value than allowed.
223//
224//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
225//      than allowed.
226//
227//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
228//      value than allowed.
229//
230//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
231//      between entities in the same root.
232//
233//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
234//      target entity.
235//
236//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
237//      isn't recognized.
238//
239//   * ConcurrentModificationException
240//   The target of the operation is currently being modified by a different request.
241//   Try again later.
242//
243//   * ServiceException
244//   AWS Organizations can't complete your request because of an internal service
245//   error. Try again later.
246//
247//   * TooManyRequestsException
248//   You have sent too many requests in too short a period of time. The quota
249//   helps protect against denial-of-service attacks. Try again later.
250//
251//   For information about quotas that affect AWS Organizations, see Quotas for
252//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
253//   the AWS Organizations User Guide.
254//
255//   * AccessDeniedForDependencyException
256//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
257//   for organizations.amazonaws.com permission so that AWS Organizations can
258//   create the required service-linked role. You don't have that permission.
259//
260// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
261func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
262	req, out := c.AcceptHandshakeRequest(input)
263	return out, req.Send()
264}
265
266// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
267// the ability to pass a context and additional request options.
268//
269// See AcceptHandshake for details on how to use this API operation.
270//
271// The context must be non-nil and will be used for request cancellation. If
272// the context is nil a panic will occur. In the future the SDK may create
273// sub-contexts for http.Requests. See https://golang.org/pkg/context/
274// for more information on using Contexts.
275func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
276	req, out := c.AcceptHandshakeRequest(input)
277	req.SetContext(ctx)
278	req.ApplyOptions(opts...)
279	return out, req.Send()
280}
281
282const opAttachPolicy = "AttachPolicy"
283
284// AttachPolicyRequest generates a "aws/request.Request" representing the
285// client's request for the AttachPolicy operation. The "output" return
286// value will be populated with the request's response once the request completes
287// successfully.
288//
289// Use "Send" method on the returned Request to send the API call to the service.
290// the "output" return value is not valid until after Send returns without error.
291//
292// See AttachPolicy for more information on using the AttachPolicy
293// API call, and error handling.
294//
295// This method is useful when you want to inject custom logic or configuration
296// into the SDK's request lifecycle. Such as custom headers, or retry logic.
297//
298//
299//    // Example sending a request using the AttachPolicyRequest method.
300//    req, resp := client.AttachPolicyRequest(params)
301//
302//    err := req.Send()
303//    if err == nil { // resp is now filled
304//        fmt.Println(resp)
305//    }
306//
307// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
308func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
309	op := &request.Operation{
310		Name:       opAttachPolicy,
311		HTTPMethod: "POST",
312		HTTPPath:   "/",
313	}
314
315	if input == nil {
316		input = &AttachPolicyInput{}
317	}
318
319	output = &AttachPolicyOutput{}
320	req = c.newRequest(op, input, output)
321	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
322	return
323}
324
325// AttachPolicy API operation for AWS Organizations.
326//
327// Attaches a policy to a root, an organizational unit (OU), or an individual
328// account. How the policy affects accounts depends on the type of policy. Refer
329// to the AWS Organizations User Guide for information about each policy type:
330//
331//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
332//
333//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
334//
335//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
336//
337//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
338//
339// This operation can be called only from the organization's management account.
340//
341// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
342// with awserr.Error's Code and Message methods to get detailed information about
343// the error.
344//
345// See the AWS API reference guide for AWS Organizations's
346// API operation AttachPolicy for usage and error information.
347//
348// Returned Error Types:
349//   * AccessDeniedException
350//   You don't have permissions to perform the requested operation. The user or
351//   role that is making the request must have at least one IAM permissions policy
352//   attached that grants the required permissions. For more information, see
353//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
354//   in the IAM User Guide.
355//
356//   * AWSOrganizationsNotInUseException
357//   Your account isn't a member of an organization. To make this request, you
358//   must use the credentials of an account that belongs to an organization.
359//
360//   * ConcurrentModificationException
361//   The target of the operation is currently being modified by a different request.
362//   Try again later.
363//
364//   * ConstraintViolationException
365//   Performing this operation violates a minimum or maximum value limit. For
366//   example, attempting to remove the last service control policy (SCP) from
367//   an OU or root, inviting or creating too many accounts to the organization,
368//   or attaching too many policies to an account, OU, or root. This exception
369//   includes a reason that contains additional information about the violated
370//   limit:
371//
372//   Some of the reasons in the following list might not be applicable to this
373//   specific API or operation.
374//
375//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
376//      account from the organization. You can't remove the management account.
377//      Instead, after you remove all member accounts, delete the organization
378//      itself.
379//
380//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
381//      from the organization that doesn't yet have enough information to exist
382//      as a standalone account. This account requires you to first agree to the
383//      AWS Customer Agreement. Follow the steps at Removing a member account
384//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
385//      the AWS Organizations User Guide.
386//
387//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
388//      an account from the organization that doesn't yet have enough information
389//      to exist as a standalone account. This account requires you to first complete
390//      phone verification. Follow the steps at Removing a member account from
391//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
392//      in the AWS Organizations User Guide.
393//
394//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
395//      of accounts that you can create in one day.
396//
397//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
398//      the number of accounts in an organization. If you need more accounts,
399//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
400//      request an increase in your limit. Or the number of invitations that you
401//      tried to send would cause you to exceed the limit of accounts in your
402//      organization. Send fewer invitations or contact AWS Support to request
403//      an increase in the number of accounts. Deleted and closed accounts still
404//      count toward your limit. If you get this exception when running a command
405//      immediately after creating the organization, wait one hour and try again.
406//      After an hour, if the command continues to fail with this error, contact
407//      AWS Support (https://console.aws.amazon.com/support/home#/).
408//
409//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
410//      register the management account of the organization as a delegated administrator
411//      for an AWS service integrated with Organizations. You can designate only
412//      a member account as a delegated administrator.
413//
414//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
415//      an account that is registered as a delegated administrator for a service
416//      integrated with your organization. To complete this operation, you must
417//      first deregister this account as a delegated administrator.
418//
419//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
420//      organization in the specified region, you must enable all features mode.
421//
422//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
423//      an AWS account as a delegated administrator for an AWS service that already
424//      has a delegated administrator. To complete this operation, you must first
425//      deregister any existing delegated administrators for this service.
426//
427//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
428//      valid for a limited period of time. You must resubmit the request and
429//      generate a new verfication code.
430//
431//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
432//      handshakes that you can send in one day.
433//
434//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
435//      in this organization, you first must migrate the organization's management
436//      account to the marketplace that corresponds to the management account's
437//      address. For example, accounts with India addresses must be associated
438//      with the AISPL marketplace. All accounts in an organization must be associated
439//      with the same marketplace.
440//
441//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
442//      in China. To create an organization, the master must have a valid business
443//      license. For more information, contact customer support.
444//
445//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
446//      must first provide a valid contact address and phone number for the management
447//      account. Then try the operation again.
448//
449//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
450//      management account must have an associated account in the AWS GovCloud
451//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
452//      in the AWS GovCloud User Guide.
453//
454//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
455//      with this management account, you first must associate a valid payment
456//      instrument, such as a credit card, with the account. Follow the steps
457//      at To leave an organization when all required account information has
458//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
459//      in the AWS Organizations User Guide.
460//
461//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
462//      to register more delegated administrators than allowed for the service
463//      principal.
464//
465//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
466//      number of policies of a certain type that can be attached to an entity
467//      at one time.
468//
469//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
470//      on this resource.
471//
472//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
473//      with this member account, you first must associate a valid payment instrument,
474//      such as a credit card, with the account. Follow the steps at To leave
475//      an organization when all required account information has not yet been
476//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
477//      in the AWS Organizations User Guide.
478//
479//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
480//      policy from an entity that would cause the entity to have fewer than the
481//      minimum number of policies of a certain type required.
482//
483//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
484//      that requires the organization to be configured to support all features.
485//      An organization that supports only consolidated billing features can't
486//      perform this operation.
487//
488//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
489//      too many levels deep.
490//
491//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
492//      that you can have in an organization.
493//
494//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
495//      is larger than the maximum size.
496//
497//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
498//      policies that you can have in an organization.
499//
500//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
501//      tags that are not compliant with the tag policy requirements for this
502//      account.
503//
504//   * DuplicatePolicyAttachmentException
505//   The selected policy is already attached to the specified target.
506//
507//   * InvalidInputException
508//   The requested operation failed because you provided invalid values for one
509//   or more of the request parameters. This exception includes a reason that
510//   contains additional information about the violated limit:
511//
512//   Some of the reasons in the following list might not be applicable to this
513//   specific API or operation.
514//
515//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
516//      the same entity.
517//
518//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
519//      can't be modified.
520//
521//      * INPUT_REQUIRED: You must include a value for all required parameters.
522//
523//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
524//      for the invited account owner.
525//
526//      * INVALID_ENUM: You specified an invalid value.
527//
528//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
529//
530//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
531//      characters.
532//
533//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
534//      at least one invalid value.
535//
536//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
537//      from the response to a previous call of the operation.
538//
539//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
540//      organization, or email) as a party.
541//
542//      * INVALID_PATTERN: You provided a value that doesn't match the required
543//      pattern.
544//
545//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
546//      match the required pattern.
547//
548//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
549//      name can't begin with the reserved prefix AWSServiceRoleFor.
550//
551//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
552//      Name (ARN) for the organization.
553//
554//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
555//
556//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
557//      tag. You can’t add, edit, or delete system tag keys because they're
558//      reserved for AWS use. System tags don’t count against your tags per
559//      resource limit.
560//
561//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
562//      for the operation.
563//
564//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
565//      than allowed.
566//
567//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
568//      value than allowed.
569//
570//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
571//      than allowed.
572//
573//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
574//      value than allowed.
575//
576//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
577//      between entities in the same root.
578//
579//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
580//      target entity.
581//
582//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
583//      isn't recognized.
584//
585//   * PolicyNotFoundException
586//   We can't find a policy with the PolicyId that you specified.
587//
588//   * PolicyTypeNotEnabledException
589//   The specified policy type isn't currently enabled in this root. You can't
590//   attach policies of the specified type to entities in a root until you enable
591//   that type in the root. For more information, see Enabling All Features in
592//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
593//   in the AWS Organizations User Guide.
594//
595//   * ServiceException
596//   AWS Organizations can't complete your request because of an internal service
597//   error. Try again later.
598//
599//   * TargetNotFoundException
600//   We can't find a root, OU, account, or policy with the TargetId that you specified.
601//
602//   * TooManyRequestsException
603//   You have sent too many requests in too short a period of time. The quota
604//   helps protect against denial-of-service attacks. Try again later.
605//
606//   For information about quotas that affect AWS Organizations, see Quotas for
607//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
608//   the AWS Organizations User Guide.
609//
610//   * UnsupportedAPIEndpointException
611//   This action isn't available in the current AWS Region.
612//
613//   * PolicyChangesInProgressException
614//   Changes to the effective policy are in progress, and its contents can't be
615//   returned. Try the operation again later.
616//
617// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
618func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
619	req, out := c.AttachPolicyRequest(input)
620	return out, req.Send()
621}
622
623// AttachPolicyWithContext is the same as AttachPolicy with the addition of
624// the ability to pass a context and additional request options.
625//
626// See AttachPolicy for details on how to use this API operation.
627//
628// The context must be non-nil and will be used for request cancellation. If
629// the context is nil a panic will occur. In the future the SDK may create
630// sub-contexts for http.Requests. See https://golang.org/pkg/context/
631// for more information on using Contexts.
632func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
633	req, out := c.AttachPolicyRequest(input)
634	req.SetContext(ctx)
635	req.ApplyOptions(opts...)
636	return out, req.Send()
637}
638
639const opCancelHandshake = "CancelHandshake"
640
641// CancelHandshakeRequest generates a "aws/request.Request" representing the
642// client's request for the CancelHandshake operation. The "output" return
643// value will be populated with the request's response once the request completes
644// successfully.
645//
646// Use "Send" method on the returned Request to send the API call to the service.
647// the "output" return value is not valid until after Send returns without error.
648//
649// See CancelHandshake for more information on using the CancelHandshake
650// API call, and error handling.
651//
652// This method is useful when you want to inject custom logic or configuration
653// into the SDK's request lifecycle. Such as custom headers, or retry logic.
654//
655//
656//    // Example sending a request using the CancelHandshakeRequest method.
657//    req, resp := client.CancelHandshakeRequest(params)
658//
659//    err := req.Send()
660//    if err == nil { // resp is now filled
661//        fmt.Println(resp)
662//    }
663//
664// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
665func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
666	op := &request.Operation{
667		Name:       opCancelHandshake,
668		HTTPMethod: "POST",
669		HTTPPath:   "/",
670	}
671
672	if input == nil {
673		input = &CancelHandshakeInput{}
674	}
675
676	output = &CancelHandshakeOutput{}
677	req = c.newRequest(op, input, output)
678	return
679}
680
681// CancelHandshake API operation for AWS Organizations.
682//
683// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
684//
685// This operation can be called only from the account that originated the handshake.
686// The recipient of the handshake can't cancel it, but can use DeclineHandshake
687// instead. After a handshake is canceled, the recipient can no longer respond
688// to that handshake.
689//
690// After you cancel a handshake, it continues to appear in the results of relevant
691// APIs for only 30 days. After that, it's deleted.
692//
693// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
694// with awserr.Error's Code and Message methods to get detailed information about
695// the error.
696//
697// See the AWS API reference guide for AWS Organizations's
698// API operation CancelHandshake for usage and error information.
699//
700// Returned Error Types:
701//   * AccessDeniedException
702//   You don't have permissions to perform the requested operation. The user or
703//   role that is making the request must have at least one IAM permissions policy
704//   attached that grants the required permissions. For more information, see
705//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
706//   in the IAM User Guide.
707//
708//   * ConcurrentModificationException
709//   The target of the operation is currently being modified by a different request.
710//   Try again later.
711//
712//   * HandshakeNotFoundException
713//   We can't find a handshake with the HandshakeId that you specified.
714//
715//   * InvalidHandshakeTransitionException
716//   You can't perform the operation on the handshake in its current state. For
717//   example, you can't cancel a handshake that was already accepted or accept
718//   a handshake that was already declined.
719//
720//   * HandshakeAlreadyInStateException
721//   The specified handshake is already in the requested state. For example, you
722//   can't accept a handshake that was already accepted.
723//
724//   * InvalidInputException
725//   The requested operation failed because you provided invalid values for one
726//   or more of the request parameters. This exception includes a reason that
727//   contains additional information about the violated limit:
728//
729//   Some of the reasons in the following list might not be applicable to this
730//   specific API or operation.
731//
732//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
733//      the same entity.
734//
735//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
736//      can't be modified.
737//
738//      * INPUT_REQUIRED: You must include a value for all required parameters.
739//
740//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
741//      for the invited account owner.
742//
743//      * INVALID_ENUM: You specified an invalid value.
744//
745//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
746//
747//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
748//      characters.
749//
750//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
751//      at least one invalid value.
752//
753//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
754//      from the response to a previous call of the operation.
755//
756//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
757//      organization, or email) as a party.
758//
759//      * INVALID_PATTERN: You provided a value that doesn't match the required
760//      pattern.
761//
762//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
763//      match the required pattern.
764//
765//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
766//      name can't begin with the reserved prefix AWSServiceRoleFor.
767//
768//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
769//      Name (ARN) for the organization.
770//
771//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
772//
773//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
774//      tag. You can’t add, edit, or delete system tag keys because they're
775//      reserved for AWS use. System tags don’t count against your tags per
776//      resource limit.
777//
778//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
779//      for the operation.
780//
781//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
782//      than allowed.
783//
784//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
785//      value than allowed.
786//
787//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
788//      than allowed.
789//
790//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
791//      value than allowed.
792//
793//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
794//      between entities in the same root.
795//
796//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
797//      target entity.
798//
799//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
800//      isn't recognized.
801//
802//   * ServiceException
803//   AWS Organizations can't complete your request because of an internal service
804//   error. Try again later.
805//
806//   * TooManyRequestsException
807//   You have sent too many requests in too short a period of time. The quota
808//   helps protect against denial-of-service attacks. Try again later.
809//
810//   For information about quotas that affect AWS Organizations, see Quotas for
811//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
812//   the AWS Organizations User Guide.
813//
814// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
815func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
816	req, out := c.CancelHandshakeRequest(input)
817	return out, req.Send()
818}
819
820// CancelHandshakeWithContext is the same as CancelHandshake with the addition of
821// the ability to pass a context and additional request options.
822//
823// See CancelHandshake for details on how to use this API operation.
824//
825// The context must be non-nil and will be used for request cancellation. If
826// the context is nil a panic will occur. In the future the SDK may create
827// sub-contexts for http.Requests. See https://golang.org/pkg/context/
828// for more information on using Contexts.
829func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
830	req, out := c.CancelHandshakeRequest(input)
831	req.SetContext(ctx)
832	req.ApplyOptions(opts...)
833	return out, req.Send()
834}
835
836const opCreateAccount = "CreateAccount"
837
838// CreateAccountRequest generates a "aws/request.Request" representing the
839// client's request for the CreateAccount operation. The "output" return
840// value will be populated with the request's response once the request completes
841// successfully.
842//
843// Use "Send" method on the returned Request to send the API call to the service.
844// the "output" return value is not valid until after Send returns without error.
845//
846// See CreateAccount for more information on using the CreateAccount
847// API call, and error handling.
848//
849// This method is useful when you want to inject custom logic or configuration
850// into the SDK's request lifecycle. Such as custom headers, or retry logic.
851//
852//
853//    // Example sending a request using the CreateAccountRequest method.
854//    req, resp := client.CreateAccountRequest(params)
855//
856//    err := req.Send()
857//    if err == nil { // resp is now filled
858//        fmt.Println(resp)
859//    }
860//
861// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
862func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
863	op := &request.Operation{
864		Name:       opCreateAccount,
865		HTTPMethod: "POST",
866		HTTPPath:   "/",
867	}
868
869	if input == nil {
870		input = &CreateAccountInput{}
871	}
872
873	output = &CreateAccountOutput{}
874	req = c.newRequest(op, input, output)
875	return
876}
877
878// CreateAccount API operation for AWS Organizations.
879//
880// Creates an AWS account that is automatically a member of the organization
881// whose credentials made the request. This is an asynchronous request that
882// AWS performs in the background. Because CreateAccount operates asynchronously,
883// it can return a successful completion message even though account initialization
884// might still be in progress. You might need to wait a few minutes before you
885// can successfully access the account. To check the status of the request,
886// do one of the following:
887//
888//    * Use the Id member of the CreateAccountStatus response element from this
889//    operation to provide as a parameter to the DescribeCreateAccountStatus
890//    operation.
891//
892//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
893//    information on using AWS CloudTrail with AWS Organizations, see Logging
894//    and monitoring in AWS Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration)
895//    in the AWS Organizations User Guide.
896//
897// The user who calls the API to create an account must have the organizations:CreateAccount
898// permission. If you enabled all features in the organization, AWS Organizations
899// creates the required service-linked role named AWSServiceRoleForOrganizations.
900// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
901// in the AWS Organizations User Guide.
902//
903// If the request includes tags, then the requester must have the organizations:TagResource
904// permission.
905//
906// AWS Organizations preconfigures the new member account with a role (named
907// OrganizationAccountAccessRole by default) that grants users in the management
908// account administrator permissions in the new member account. Principals in
909// the management account can assume the role. AWS Organizations clones the
910// company name and address information for the new account from the organization's
911// management account.
912//
913// This operation can be called only from the organization's management account.
914//
915// For more information about creating accounts, see Creating an AWS Account
916// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
917// in the AWS Organizations User Guide.
918//
919//    * When you create an account in an organization using the AWS Organizations
920//    console, API, or CLI commands, the information required for the account
921//    to operate as a standalone account, such as a payment method and signing
922//    the end user license agreement (EULA) is not automatically collected.
923//    If you must remove an account from your organization later, you can do
924//    so only after you provide the missing information. Follow the steps at
925//    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
926//    in the AWS Organizations User Guide.
927//
928//    * If you get an exception that indicates that you exceeded your account
929//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
930//
931//    * If you get an exception that indicates that the operation failed because
932//    your organization is still initializing, wait one hour and then try again.
933//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
934//
935//    * Using CreateAccount to create multiple temporary accounts isn't recommended.
936//    You can only close an account from the Billing and Cost Management Console,
937//    and you must be signed in as the root user. For information on the requirements
938//    and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
939//    in the AWS Organizations User Guide.
940//
941// When you create a member account with this operation, you can choose whether
942// to create the account with the IAM User and Role Access to Billing Information
943// switch enabled. If you enable it, IAM users and roles that have appropriate
944// permissions can view billing information for the account. If you disable
945// it, only the account root user can access billing information. For information
946// about how to disable this switch for an account, see Granting Access to Your
947// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
948//
949// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
950// with awserr.Error's Code and Message methods to get detailed information about
951// the error.
952//
953// See the AWS API reference guide for AWS Organizations's
954// API operation CreateAccount for usage and error information.
955//
956// Returned Error Types:
957//   * AccessDeniedException
958//   You don't have permissions to perform the requested operation. The user or
959//   role that is making the request must have at least one IAM permissions policy
960//   attached that grants the required permissions. For more information, see
961//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
962//   in the IAM User Guide.
963//
964//   * AWSOrganizationsNotInUseException
965//   Your account isn't a member of an organization. To make this request, you
966//   must use the credentials of an account that belongs to an organization.
967//
968//   * ConcurrentModificationException
969//   The target of the operation is currently being modified by a different request.
970//   Try again later.
971//
972//   * ConstraintViolationException
973//   Performing this operation violates a minimum or maximum value limit. For
974//   example, attempting to remove the last service control policy (SCP) from
975//   an OU or root, inviting or creating too many accounts to the organization,
976//   or attaching too many policies to an account, OU, or root. This exception
977//   includes a reason that contains additional information about the violated
978//   limit:
979//
980//   Some of the reasons in the following list might not be applicable to this
981//   specific API or operation.
982//
983//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
984//      account from the organization. You can't remove the management account.
985//      Instead, after you remove all member accounts, delete the organization
986//      itself.
987//
988//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
989//      from the organization that doesn't yet have enough information to exist
990//      as a standalone account. This account requires you to first agree to the
991//      AWS Customer Agreement. Follow the steps at Removing a member account
992//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
993//      the AWS Organizations User Guide.
994//
995//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
996//      an account from the organization that doesn't yet have enough information
997//      to exist as a standalone account. This account requires you to first complete
998//      phone verification. Follow the steps at Removing a member account from
999//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
1000//      in the AWS Organizations User Guide.
1001//
1002//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1003//      of accounts that you can create in one day.
1004//
1005//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1006//      the number of accounts in an organization. If you need more accounts,
1007//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1008//      request an increase in your limit. Or the number of invitations that you
1009//      tried to send would cause you to exceed the limit of accounts in your
1010//      organization. Send fewer invitations or contact AWS Support to request
1011//      an increase in the number of accounts. Deleted and closed accounts still
1012//      count toward your limit. If you get this exception when running a command
1013//      immediately after creating the organization, wait one hour and try again.
1014//      After an hour, if the command continues to fail with this error, contact
1015//      AWS Support (https://console.aws.amazon.com/support/home#/).
1016//
1017//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
1018//      register the management account of the organization as a delegated administrator
1019//      for an AWS service integrated with Organizations. You can designate only
1020//      a member account as a delegated administrator.
1021//
1022//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
1023//      an account that is registered as a delegated administrator for a service
1024//      integrated with your organization. To complete this operation, you must
1025//      first deregister this account as a delegated administrator.
1026//
1027//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
1028//      organization in the specified region, you must enable all features mode.
1029//
1030//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
1031//      an AWS account as a delegated administrator for an AWS service that already
1032//      has a delegated administrator. To complete this operation, you must first
1033//      deregister any existing delegated administrators for this service.
1034//
1035//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
1036//      valid for a limited period of time. You must resubmit the request and
1037//      generate a new verfication code.
1038//
1039//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1040//      handshakes that you can send in one day.
1041//
1042//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1043//      in this organization, you first must migrate the organization's management
1044//      account to the marketplace that corresponds to the management account's
1045//      address. For example, accounts with India addresses must be associated
1046//      with the AISPL marketplace. All accounts in an organization must be associated
1047//      with the same marketplace.
1048//
1049//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
1050//      in China. To create an organization, the master must have a valid business
1051//      license. For more information, contact customer support.
1052//
1053//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1054//      must first provide a valid contact address and phone number for the management
1055//      account. Then try the operation again.
1056//
1057//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1058//      management account must have an associated account in the AWS GovCloud
1059//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1060//      in the AWS GovCloud User Guide.
1061//
1062//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1063//      with this management account, you first must associate a valid payment
1064//      instrument, such as a credit card, with the account. Follow the steps
1065//      at To leave an organization when all required account information has
1066//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1067//      in the AWS Organizations User Guide.
1068//
1069//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1070//      to register more delegated administrators than allowed for the service
1071//      principal.
1072//
1073//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1074//      number of policies of a certain type that can be attached to an entity
1075//      at one time.
1076//
1077//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1078//      on this resource.
1079//
1080//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1081//      with this member account, you first must associate a valid payment instrument,
1082//      such as a credit card, with the account. Follow the steps at To leave
1083//      an organization when all required account information has not yet been
1084//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1085//      in the AWS Organizations User Guide.
1086//
1087//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1088//      policy from an entity that would cause the entity to have fewer than the
1089//      minimum number of policies of a certain type required.
1090//
1091//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1092//      that requires the organization to be configured to support all features.
1093//      An organization that supports only consolidated billing features can't
1094//      perform this operation.
1095//
1096//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1097//      too many levels deep.
1098//
1099//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1100//      that you can have in an organization.
1101//
1102//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1103//      is larger than the maximum size.
1104//
1105//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1106//      policies that you can have in an organization.
1107//
1108//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1109//      tags that are not compliant with the tag policy requirements for this
1110//      account.
1111//
1112//   * InvalidInputException
1113//   The requested operation failed because you provided invalid values for one
1114//   or more of the request parameters. This exception includes a reason that
1115//   contains additional information about the violated limit:
1116//
1117//   Some of the reasons in the following list might not be applicable to this
1118//   specific API or operation.
1119//
1120//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
1121//      the same entity.
1122//
1123//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1124//      can't be modified.
1125//
1126//      * INPUT_REQUIRED: You must include a value for all required parameters.
1127//
1128//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
1129//      for the invited account owner.
1130//
1131//      * INVALID_ENUM: You specified an invalid value.
1132//
1133//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
1134//
1135//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1136//      characters.
1137//
1138//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1139//      at least one invalid value.
1140//
1141//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1142//      from the response to a previous call of the operation.
1143//
1144//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1145//      organization, or email) as a party.
1146//
1147//      * INVALID_PATTERN: You provided a value that doesn't match the required
1148//      pattern.
1149//
1150//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1151//      match the required pattern.
1152//
1153//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1154//      name can't begin with the reserved prefix AWSServiceRoleFor.
1155//
1156//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1157//      Name (ARN) for the organization.
1158//
1159//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1160//
1161//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1162//      tag. You can’t add, edit, or delete system tag keys because they're
1163//      reserved for AWS use. System tags don’t count against your tags per
1164//      resource limit.
1165//
1166//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1167//      for the operation.
1168//
1169//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1170//      than allowed.
1171//
1172//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1173//      value than allowed.
1174//
1175//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1176//      than allowed.
1177//
1178//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1179//      value than allowed.
1180//
1181//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1182//      between entities in the same root.
1183//
1184//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
1185//      target entity.
1186//
1187//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
1188//      isn't recognized.
1189//
1190//   * FinalizingOrganizationException
1191//   AWS Organizations couldn't perform the operation because your organization
1192//   hasn't finished initializing. This can take up to an hour. Try again later.
1193//   If after one hour you continue to receive this error, contact AWS Support
1194//   (https://console.aws.amazon.com/support/home#/).
1195//
1196//   * ServiceException
1197//   AWS Organizations can't complete your request because of an internal service
1198//   error. Try again later.
1199//
1200//   * TooManyRequestsException
1201//   You have sent too many requests in too short a period of time. The quota
1202//   helps protect against denial-of-service attacks. Try again later.
1203//
1204//   For information about quotas that affect AWS Organizations, see Quotas for
1205//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1206//   the AWS Organizations User Guide.
1207//
1208//   * UnsupportedAPIEndpointException
1209//   This action isn't available in the current AWS Region.
1210//
1211// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
1212func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
1213	req, out := c.CreateAccountRequest(input)
1214	return out, req.Send()
1215}
1216
1217// CreateAccountWithContext is the same as CreateAccount with the addition of
1218// the ability to pass a context and additional request options.
1219//
1220// See CreateAccount for details on how to use this API operation.
1221//
1222// The context must be non-nil and will be used for request cancellation. If
1223// the context is nil a panic will occur. In the future the SDK may create
1224// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1225// for more information on using Contexts.
1226func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
1227	req, out := c.CreateAccountRequest(input)
1228	req.SetContext(ctx)
1229	req.ApplyOptions(opts...)
1230	return out, req.Send()
1231}
1232
1233const opCreateGovCloudAccount = "CreateGovCloudAccount"
1234
1235// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the
1236// client's request for the CreateGovCloudAccount operation. The "output" return
1237// value will be populated with the request's response once the request completes
1238// successfully.
1239//
1240// Use "Send" method on the returned Request to send the API call to the service.
1241// the "output" return value is not valid until after Send returns without error.
1242//
1243// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount
1244// API call, and error handling.
1245//
1246// This method is useful when you want to inject custom logic or configuration
1247// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1248//
1249//
1250//    // Example sending a request using the CreateGovCloudAccountRequest method.
1251//    req, resp := client.CreateGovCloudAccountRequest(params)
1252//
1253//    err := req.Send()
1254//    if err == nil { // resp is now filled
1255//        fmt.Println(resp)
1256//    }
1257//
1258// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1259func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) {
1260	op := &request.Operation{
1261		Name:       opCreateGovCloudAccount,
1262		HTTPMethod: "POST",
1263		HTTPPath:   "/",
1264	}
1265
1266	if input == nil {
1267		input = &CreateGovCloudAccountInput{}
1268	}
1269
1270	output = &CreateGovCloudAccountOutput{}
1271	req = c.newRequest(op, input, output)
1272	return
1273}
1274
1275// CreateGovCloudAccount API operation for AWS Organizations.
1276//
1277// This action is available if all of the following are true:
1278//
1279//    * You're authorized to create accounts in the AWS GovCloud (US) Region.
1280//    For more information on the AWS GovCloud (US) Region, see the AWS GovCloud
1281//    User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
1282//
1283//    * You already have an account in the AWS GovCloud (US) Region that is
1284//    paired with a management account of an organization in the commercial
1285//    Region.
1286//
1287//    * You call this action from the management account of your organization
1288//    in the commercial Region.
1289//
1290//    * You have the organizations:CreateGovCloudAccount permission.
1291//
1292// AWS Organizations automatically creates the required service-linked role
1293// named AWSServiceRoleForOrganizations. For more information, see AWS Organizations
1294// and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
1295// in the AWS Organizations User Guide.
1296//
1297// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts,
1298// but you should also do the following:
1299//
1300//    * Verify that AWS CloudTrail is enabled to store logs.
1301//
1302//    * Create an S3 bucket for AWS CloudTrail log storage. For more information,
1303//    see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html)
1304//    in the AWS GovCloud User Guide.
1305//
1306// If the request includes tags, then the requester must have the organizations:TagResource
1307// permission. The tags are attached to the commercial account associated with
1308// the GovCloud account, rather than the GovCloud account itself. To add tags
1309// to the GovCloud account, call the TagResource operation in the GovCloud Region
1310// after the new GovCloud account exists.
1311//
1312// You call this action from the management account of your organization in
1313// the commercial Region to create a standalone AWS account in the AWS GovCloud
1314// (US) Region. After the account is created, the management account of an organization
1315// in the AWS GovCloud (US) Region can invite it to that organization. For more
1316// information on inviting standalone accounts in the AWS GovCloud (US) to join
1317// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1318// in the AWS GovCloud User Guide.
1319//
1320// Calling CreateGovCloudAccount is an asynchronous request that AWS performs
1321// in the background. Because CreateGovCloudAccount operates asynchronously,
1322// it can return a successful completion message even though account initialization
1323// might still be in progress. You might need to wait a few minutes before you
1324// can successfully access the account. To check the status of the request,
1325// do one of the following:
1326//
1327//    * Use the OperationId response element from this operation to provide
1328//    as a parameter to the DescribeCreateAccountStatus operation.
1329//
1330//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
1331//    information on using AWS CloudTrail with Organizations, see Monitoring
1332//    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
1333//    in the AWS Organizations User Guide.
1334//
1335// When you call the CreateGovCloudAccount action, you create two accounts:
1336// a standalone account in the AWS GovCloud (US) Region and an associated account
1337// in the commercial Region for billing and support purposes. The account in
1338// the commercial Region is automatically a member of the organization whose
1339// credentials made the request. Both accounts are associated with the same
1340// email address.
1341//
1342// A role is created in the new account in the commercial Region that allows
1343// the management account in the organization in the commercial Region to assume
1344// it. An AWS GovCloud (US) account is then created and associated with the
1345// commercial account that you just created. A role is also created in the new
1346// AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account
1347// that is associated with the management account of the commercial organization.
1348// For more information and to view a diagram that explains how account access
1349// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1350// in the AWS GovCloud User Guide.
1351//
1352// For more information about creating accounts, see Creating an AWS Account
1353// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
1354// in the AWS Organizations User Guide.
1355//
1356//    * When you create an account in an organization using the AWS Organizations
1357//    console, API, or CLI commands, the information required for the account
1358//    to operate as a standalone account is not automatically collected. This
1359//    includes a payment method and signing the end user license agreement (EULA).
1360//    If you must remove an account from your organization later, you can do
1361//    so only after you provide the missing information. Follow the steps at
1362//    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1363//    in the AWS Organizations User Guide.
1364//
1365//    * If you get an exception that indicates that you exceeded your account
1366//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1367//
1368//    * If you get an exception that indicates that the operation failed because
1369//    your organization is still initializing, wait one hour and then try again.
1370//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1371//
1372//    * Using CreateGovCloudAccount to create multiple temporary accounts isn't
1373//    recommended. You can only close an account from the AWS Billing and Cost
1374//    Management console, and you must be signed in as the root user. For information
1375//    on the requirements and process for closing an account, see Closing an
1376//    AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
1377//    in the AWS Organizations User Guide.
1378//
1379// When you create a member account with this operation, you can choose whether
1380// to create the account with the IAM User and Role Access to Billing Information
1381// switch enabled. If you enable it, IAM users and roles that have appropriate
1382// permissions can view billing information for the account. If you disable
1383// it, only the account root user can access billing information. For information
1384// about how to disable this switch for an account, see Granting Access to Your
1385// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
1386//
1387// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1388// with awserr.Error's Code and Message methods to get detailed information about
1389// the error.
1390//
1391// See the AWS API reference guide for AWS Organizations's
1392// API operation CreateGovCloudAccount for usage and error information.
1393//
1394// Returned Error Types:
1395//   * AccessDeniedException
1396//   You don't have permissions to perform the requested operation. The user or
1397//   role that is making the request must have at least one IAM permissions policy
1398//   attached that grants the required permissions. For more information, see
1399//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1400//   in the IAM User Guide.
1401//
1402//   * AWSOrganizationsNotInUseException
1403//   Your account isn't a member of an organization. To make this request, you
1404//   must use the credentials of an account that belongs to an organization.
1405//
1406//   * ConcurrentModificationException
1407//   The target of the operation is currently being modified by a different request.
1408//   Try again later.
1409//
1410//   * ConstraintViolationException
1411//   Performing this operation violates a minimum or maximum value limit. For
1412//   example, attempting to remove the last service control policy (SCP) from
1413//   an OU or root, inviting or creating too many accounts to the organization,
1414//   or attaching too many policies to an account, OU, or root. This exception
1415//   includes a reason that contains additional information about the violated
1416//   limit:
1417//
1418//   Some of the reasons in the following list might not be applicable to this
1419//   specific API or operation.
1420//
1421//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
1422//      account from the organization. You can't remove the management account.
1423//      Instead, after you remove all member accounts, delete the organization
1424//      itself.
1425//
1426//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1427//      from the organization that doesn't yet have enough information to exist
1428//      as a standalone account. This account requires you to first agree to the
1429//      AWS Customer Agreement. Follow the steps at Removing a member account
1430//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
1431//      the AWS Organizations User Guide.
1432//
1433//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1434//      an account from the organization that doesn't yet have enough information
1435//      to exist as a standalone account. This account requires you to first complete
1436//      phone verification. Follow the steps at Removing a member account from
1437//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
1438//      in the AWS Organizations User Guide.
1439//
1440//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1441//      of accounts that you can create in one day.
1442//
1443//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1444//      the number of accounts in an organization. If you need more accounts,
1445//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1446//      request an increase in your limit. Or the number of invitations that you
1447//      tried to send would cause you to exceed the limit of accounts in your
1448//      organization. Send fewer invitations or contact AWS Support to request
1449//      an increase in the number of accounts. Deleted and closed accounts still
1450//      count toward your limit. If you get this exception when running a command
1451//      immediately after creating the organization, wait one hour and try again.
1452//      After an hour, if the command continues to fail with this error, contact
1453//      AWS Support (https://console.aws.amazon.com/support/home#/).
1454//
1455//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
1456//      register the management account of the organization as a delegated administrator
1457//      for an AWS service integrated with Organizations. You can designate only
1458//      a member account as a delegated administrator.
1459//
1460//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
1461//      an account that is registered as a delegated administrator for a service
1462//      integrated with your organization. To complete this operation, you must
1463//      first deregister this account as a delegated administrator.
1464//
1465//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
1466//      organization in the specified region, you must enable all features mode.
1467//
1468//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
1469//      an AWS account as a delegated administrator for an AWS service that already
1470//      has a delegated administrator. To complete this operation, you must first
1471//      deregister any existing delegated administrators for this service.
1472//
1473//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
1474//      valid for a limited period of time. You must resubmit the request and
1475//      generate a new verfication code.
1476//
1477//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1478//      handshakes that you can send in one day.
1479//
1480//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1481//      in this organization, you first must migrate the organization's management
1482//      account to the marketplace that corresponds to the management account's
1483//      address. For example, accounts with India addresses must be associated
1484//      with the AISPL marketplace. All accounts in an organization must be associated
1485//      with the same marketplace.
1486//
1487//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
1488//      in China. To create an organization, the master must have a valid business
1489//      license. For more information, contact customer support.
1490//
1491//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1492//      must first provide a valid contact address and phone number for the management
1493//      account. Then try the operation again.
1494//
1495//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1496//      management account must have an associated account in the AWS GovCloud
1497//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1498//      in the AWS GovCloud User Guide.
1499//
1500//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1501//      with this management account, you first must associate a valid payment
1502//      instrument, such as a credit card, with the account. Follow the steps
1503//      at To leave an organization when all required account information has
1504//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1505//      in the AWS Organizations User Guide.
1506//
1507//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1508//      to register more delegated administrators than allowed for the service
1509//      principal.
1510//
1511//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1512//      number of policies of a certain type that can be attached to an entity
1513//      at one time.
1514//
1515//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1516//      on this resource.
1517//
1518//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1519//      with this member account, you first must associate a valid payment instrument,
1520//      such as a credit card, with the account. Follow the steps at To leave
1521//      an organization when all required account information has not yet been
1522//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1523//      in the AWS Organizations User Guide.
1524//
1525//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1526//      policy from an entity that would cause the entity to have fewer than the
1527//      minimum number of policies of a certain type required.
1528//
1529//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1530//      that requires the organization to be configured to support all features.
1531//      An organization that supports only consolidated billing features can't
1532//      perform this operation.
1533//
1534//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1535//      too many levels deep.
1536//
1537//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1538//      that you can have in an organization.
1539//
1540//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1541//      is larger than the maximum size.
1542//
1543//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1544//      policies that you can have in an organization.
1545//
1546//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1547//      tags that are not compliant with the tag policy requirements for this
1548//      account.
1549//
1550//   * InvalidInputException
1551//   The requested operation failed because you provided invalid values for one
1552//   or more of the request parameters. This exception includes a reason that
1553//   contains additional information about the violated limit:
1554//
1555//   Some of the reasons in the following list might not be applicable to this
1556//   specific API or operation.
1557//
1558//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
1559//      the same entity.
1560//
1561//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1562//      can't be modified.
1563//
1564//      * INPUT_REQUIRED: You must include a value for all required parameters.
1565//
1566//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
1567//      for the invited account owner.
1568//
1569//      * INVALID_ENUM: You specified an invalid value.
1570//
1571//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
1572//
1573//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1574//      characters.
1575//
1576//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1577//      at least one invalid value.
1578//
1579//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1580//      from the response to a previous call of the operation.
1581//
1582//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1583//      organization, or email) as a party.
1584//
1585//      * INVALID_PATTERN: You provided a value that doesn't match the required
1586//      pattern.
1587//
1588//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1589//      match the required pattern.
1590//
1591//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1592//      name can't begin with the reserved prefix AWSServiceRoleFor.
1593//
1594//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1595//      Name (ARN) for the organization.
1596//
1597//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1598//
1599//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1600//      tag. You can’t add, edit, or delete system tag keys because they're
1601//      reserved for AWS use. System tags don’t count against your tags per
1602//      resource limit.
1603//
1604//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1605//      for the operation.
1606//
1607//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1608//      than allowed.
1609//
1610//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1611//      value than allowed.
1612//
1613//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1614//      than allowed.
1615//
1616//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1617//      value than allowed.
1618//
1619//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1620//      between entities in the same root.
1621//
1622//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
1623//      target entity.
1624//
1625//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
1626//      isn't recognized.
1627//
1628//   * FinalizingOrganizationException
1629//   AWS Organizations couldn't perform the operation because your organization
1630//   hasn't finished initializing. This can take up to an hour. Try again later.
1631//   If after one hour you continue to receive this error, contact AWS Support
1632//   (https://console.aws.amazon.com/support/home#/).
1633//
1634//   * ServiceException
1635//   AWS Organizations can't complete your request because of an internal service
1636//   error. Try again later.
1637//
1638//   * TooManyRequestsException
1639//   You have sent too many requests in too short a period of time. The quota
1640//   helps protect against denial-of-service attacks. Try again later.
1641//
1642//   For information about quotas that affect AWS Organizations, see Quotas for
1643//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1644//   the AWS Organizations User Guide.
1645//
1646//   * UnsupportedAPIEndpointException
1647//   This action isn't available in the current AWS Region.
1648//
1649// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1650func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) {
1651	req, out := c.CreateGovCloudAccountRequest(input)
1652	return out, req.Send()
1653}
1654
1655// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of
1656// the ability to pass a context and additional request options.
1657//
1658// See CreateGovCloudAccount for details on how to use this API operation.
1659//
1660// The context must be non-nil and will be used for request cancellation. If
1661// the context is nil a panic will occur. In the future the SDK may create
1662// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1663// for more information on using Contexts.
1664func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) {
1665	req, out := c.CreateGovCloudAccountRequest(input)
1666	req.SetContext(ctx)
1667	req.ApplyOptions(opts...)
1668	return out, req.Send()
1669}
1670
1671const opCreateOrganization = "CreateOrganization"
1672
1673// CreateOrganizationRequest generates a "aws/request.Request" representing the
1674// client's request for the CreateOrganization operation. The "output" return
1675// value will be populated with the request's response once the request completes
1676// successfully.
1677//
1678// Use "Send" method on the returned Request to send the API call to the service.
1679// the "output" return value is not valid until after Send returns without error.
1680//
1681// See CreateOrganization for more information on using the CreateOrganization
1682// API call, and error handling.
1683//
1684// This method is useful when you want to inject custom logic or configuration
1685// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1686//
1687//
1688//    // Example sending a request using the CreateOrganizationRequest method.
1689//    req, resp := client.CreateOrganizationRequest(params)
1690//
1691//    err := req.Send()
1692//    if err == nil { // resp is now filled
1693//        fmt.Println(resp)
1694//    }
1695//
1696// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1697func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
1698	op := &request.Operation{
1699		Name:       opCreateOrganization,
1700		HTTPMethod: "POST",
1701		HTTPPath:   "/",
1702	}
1703
1704	if input == nil {
1705		input = &CreateOrganizationInput{}
1706	}
1707
1708	output = &CreateOrganizationOutput{}
1709	req = c.newRequest(op, input, output)
1710	return
1711}
1712
1713// CreateOrganization API operation for AWS Organizations.
1714//
1715// Creates an AWS organization. The account whose user is calling the CreateOrganization
1716// operation automatically becomes the management account (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account)
1717// of the new organization.
1718//
1719// This operation must be called using credentials from the account that is
1720// to become the new organization's management account. The principal must also
1721// have the relevant IAM permissions.
1722//
1723// By default (or if you set the FeatureSet parameter to ALL), the new organization
1724// is created with all features enabled and service control policies automatically
1725// enabled in the root. If you instead choose to create the organization supporting
1726// only the consolidated billing features by setting the FeatureSet parameter
1727// to CONSOLIDATED_BILLING", no policy types are enabled by default, and you
1728// can't use organization policies
1729//
1730// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1731// with awserr.Error's Code and Message methods to get detailed information about
1732// the error.
1733//
1734// See the AWS API reference guide for AWS Organizations's
1735// API operation CreateOrganization for usage and error information.
1736//
1737// Returned Error Types:
1738//   * AccessDeniedException
1739//   You don't have permissions to perform the requested operation. The user or
1740//   role that is making the request must have at least one IAM permissions policy
1741//   attached that grants the required permissions. For more information, see
1742//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1743//   in the IAM User Guide.
1744//
1745//   * AlreadyInOrganizationException
1746//   This account is already a member of an organization. An account can belong
1747//   to only one organization at a time.
1748//
1749//   * ConcurrentModificationException
1750//   The target of the operation is currently being modified by a different request.
1751//   Try again later.
1752//
1753//   * ConstraintViolationException
1754//   Performing this operation violates a minimum or maximum value limit. For
1755//   example, attempting to remove the last service control policy (SCP) from
1756//   an OU or root, inviting or creating too many accounts to the organization,
1757//   or attaching too many policies to an account, OU, or root. This exception
1758//   includes a reason that contains additional information about the violated
1759//   limit:
1760//
1761//   Some of the reasons in the following list might not be applicable to this
1762//   specific API or operation.
1763//
1764//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
1765//      account from the organization. You can't remove the management account.
1766//      Instead, after you remove all member accounts, delete the organization
1767//      itself.
1768//
1769//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1770//      from the organization that doesn't yet have enough information to exist
1771//      as a standalone account. This account requires you to first agree to the
1772//      AWS Customer Agreement. Follow the steps at Removing a member account
1773//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
1774//      the AWS Organizations User Guide.
1775//
1776//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1777//      an account from the organization that doesn't yet have enough information
1778//      to exist as a standalone account. This account requires you to first complete
1779//      phone verification. Follow the steps at Removing a member account from
1780//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
1781//      in the AWS Organizations User Guide.
1782//
1783//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1784//      of accounts that you can create in one day.
1785//
1786//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1787//      the number of accounts in an organization. If you need more accounts,
1788//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1789//      request an increase in your limit. Or the number of invitations that you
1790//      tried to send would cause you to exceed the limit of accounts in your
1791//      organization. Send fewer invitations or contact AWS Support to request
1792//      an increase in the number of accounts. Deleted and closed accounts still
1793//      count toward your limit. If you get this exception when running a command
1794//      immediately after creating the organization, wait one hour and try again.
1795//      After an hour, if the command continues to fail with this error, contact
1796//      AWS Support (https://console.aws.amazon.com/support/home#/).
1797//
1798//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
1799//      register the management account of the organization as a delegated administrator
1800//      for an AWS service integrated with Organizations. You can designate only
1801//      a member account as a delegated administrator.
1802//
1803//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
1804//      an account that is registered as a delegated administrator for a service
1805//      integrated with your organization. To complete this operation, you must
1806//      first deregister this account as a delegated administrator.
1807//
1808//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
1809//      organization in the specified region, you must enable all features mode.
1810//
1811//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
1812//      an AWS account as a delegated administrator for an AWS service that already
1813//      has a delegated administrator. To complete this operation, you must first
1814//      deregister any existing delegated administrators for this service.
1815//
1816//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
1817//      valid for a limited period of time. You must resubmit the request and
1818//      generate a new verfication code.
1819//
1820//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1821//      handshakes that you can send in one day.
1822//
1823//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1824//      in this organization, you first must migrate the organization's management
1825//      account to the marketplace that corresponds to the management account's
1826//      address. For example, accounts with India addresses must be associated
1827//      with the AISPL marketplace. All accounts in an organization must be associated
1828//      with the same marketplace.
1829//
1830//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
1831//      in China. To create an organization, the master must have a valid business
1832//      license. For more information, contact customer support.
1833//
1834//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1835//      must first provide a valid contact address and phone number for the management
1836//      account. Then try the operation again.
1837//
1838//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1839//      management account must have an associated account in the AWS GovCloud
1840//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1841//      in the AWS GovCloud User Guide.
1842//
1843//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1844//      with this management account, you first must associate a valid payment
1845//      instrument, such as a credit card, with the account. Follow the steps
1846//      at To leave an organization when all required account information has
1847//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1848//      in the AWS Organizations User Guide.
1849//
1850//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
1851//      to register more delegated administrators than allowed for the service
1852//      principal.
1853//
1854//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1855//      number of policies of a certain type that can be attached to an entity
1856//      at one time.
1857//
1858//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1859//      on this resource.
1860//
1861//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1862//      with this member account, you first must associate a valid payment instrument,
1863//      such as a credit card, with the account. Follow the steps at To leave
1864//      an organization when all required account information has not yet been
1865//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1866//      in the AWS Organizations User Guide.
1867//
1868//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1869//      policy from an entity that would cause the entity to have fewer than the
1870//      minimum number of policies of a certain type required.
1871//
1872//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1873//      that requires the organization to be configured to support all features.
1874//      An organization that supports only consolidated billing features can't
1875//      perform this operation.
1876//
1877//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1878//      too many levels deep.
1879//
1880//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1881//      that you can have in an organization.
1882//
1883//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
1884//      is larger than the maximum size.
1885//
1886//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
1887//      policies that you can have in an organization.
1888//
1889//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
1890//      tags that are not compliant with the tag policy requirements for this
1891//      account.
1892//
1893//   * InvalidInputException
1894//   The requested operation failed because you provided invalid values for one
1895//   or more of the request parameters. This exception includes a reason that
1896//   contains additional information about the violated limit:
1897//
1898//   Some of the reasons in the following list might not be applicable to this
1899//   specific API or operation.
1900//
1901//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
1902//      the same entity.
1903//
1904//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1905//      can't be modified.
1906//
1907//      * INPUT_REQUIRED: You must include a value for all required parameters.
1908//
1909//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
1910//      for the invited account owner.
1911//
1912//      * INVALID_ENUM: You specified an invalid value.
1913//
1914//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
1915//
1916//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1917//      characters.
1918//
1919//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1920//      at least one invalid value.
1921//
1922//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1923//      from the response to a previous call of the operation.
1924//
1925//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1926//      organization, or email) as a party.
1927//
1928//      * INVALID_PATTERN: You provided a value that doesn't match the required
1929//      pattern.
1930//
1931//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1932//      match the required pattern.
1933//
1934//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1935//      name can't begin with the reserved prefix AWSServiceRoleFor.
1936//
1937//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1938//      Name (ARN) for the organization.
1939//
1940//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1941//
1942//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1943//      tag. You can’t add, edit, or delete system tag keys because they're
1944//      reserved for AWS use. System tags don’t count against your tags per
1945//      resource limit.
1946//
1947//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1948//      for the operation.
1949//
1950//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1951//      than allowed.
1952//
1953//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1954//      value than allowed.
1955//
1956//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1957//      than allowed.
1958//
1959//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1960//      value than allowed.
1961//
1962//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1963//      between entities in the same root.
1964//
1965//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
1966//      target entity.
1967//
1968//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
1969//      isn't recognized.
1970//
1971//   * ServiceException
1972//   AWS Organizations can't complete your request because of an internal service
1973//   error. Try again later.
1974//
1975//   * TooManyRequestsException
1976//   You have sent too many requests in too short a period of time. The quota
1977//   helps protect against denial-of-service attacks. Try again later.
1978//
1979//   For information about quotas that affect AWS Organizations, see Quotas for
1980//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
1981//   the AWS Organizations User Guide.
1982//
1983//   * AccessDeniedForDependencyException
1984//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
1985//   for organizations.amazonaws.com permission so that AWS Organizations can
1986//   create the required service-linked role. You don't have that permission.
1987//
1988// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1989func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
1990	req, out := c.CreateOrganizationRequest(input)
1991	return out, req.Send()
1992}
1993
1994// CreateOrganizationWithContext is the same as CreateOrganization with the addition of
1995// the ability to pass a context and additional request options.
1996//
1997// See CreateOrganization for details on how to use this API operation.
1998//
1999// The context must be non-nil and will be used for request cancellation. If
2000// the context is nil a panic will occur. In the future the SDK may create
2001// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2002// for more information on using Contexts.
2003func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
2004	req, out := c.CreateOrganizationRequest(input)
2005	req.SetContext(ctx)
2006	req.ApplyOptions(opts...)
2007	return out, req.Send()
2008}
2009
2010const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
2011
2012// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
2013// client's request for the CreateOrganizationalUnit operation. The "output" return
2014// value will be populated with the request's response once the request completes
2015// successfully.
2016//
2017// Use "Send" method on the returned Request to send the API call to the service.
2018// the "output" return value is not valid until after Send returns without error.
2019//
2020// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
2021// API call, and error handling.
2022//
2023// This method is useful when you want to inject custom logic or configuration
2024// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2025//
2026//
2027//    // Example sending a request using the CreateOrganizationalUnitRequest method.
2028//    req, resp := client.CreateOrganizationalUnitRequest(params)
2029//
2030//    err := req.Send()
2031//    if err == nil { // resp is now filled
2032//        fmt.Println(resp)
2033//    }
2034//
2035// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
2036func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
2037	op := &request.Operation{
2038		Name:       opCreateOrganizationalUnit,
2039		HTTPMethod: "POST",
2040		HTTPPath:   "/",
2041	}
2042
2043	if input == nil {
2044		input = &CreateOrganizationalUnitInput{}
2045	}
2046
2047	output = &CreateOrganizationalUnitOutput{}
2048	req = c.newRequest(op, input, output)
2049	return
2050}
2051
2052// CreateOrganizationalUnit API operation for AWS Organizations.
2053//
2054// Creates an organizational unit (OU) within a root or parent OU. An OU is
2055// a container for accounts that enables you to organize your accounts to apply
2056// policies according to your business requirements. The number of levels deep
2057// that you can nest OUs is dependent upon the policy types enabled for that
2058// root. For service control policies, the limit is five.
2059//
2060// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
2061// in the AWS Organizations User Guide.
2062//
2063// If the request includes tags, then the requester must have the organizations:TagResource
2064// permission.
2065//
2066// This operation can be called only from the organization's management account.
2067//
2068// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2069// with awserr.Error's Code and Message methods to get detailed information about
2070// the error.
2071//
2072// See the AWS API reference guide for AWS Organizations's
2073// API operation CreateOrganizationalUnit for usage and error information.
2074//
2075// Returned Error Types:
2076//   * AccessDeniedException
2077//   You don't have permissions to perform the requested operation. The user or
2078//   role that is making the request must have at least one IAM permissions policy
2079//   attached that grants the required permissions. For more information, see
2080//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2081//   in the IAM User Guide.
2082//
2083//   * AWSOrganizationsNotInUseException
2084//   Your account isn't a member of an organization. To make this request, you
2085//   must use the credentials of an account that belongs to an organization.
2086//
2087//   * ConcurrentModificationException
2088//   The target of the operation is currently being modified by a different request.
2089//   Try again later.
2090//
2091//   * ConstraintViolationException
2092//   Performing this operation violates a minimum or maximum value limit. For
2093//   example, attempting to remove the last service control policy (SCP) from
2094//   an OU or root, inviting or creating too many accounts to the organization,
2095//   or attaching too many policies to an account, OU, or root. This exception
2096//   includes a reason that contains additional information about the violated
2097//   limit:
2098//
2099//   Some of the reasons in the following list might not be applicable to this
2100//   specific API or operation.
2101//
2102//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
2103//      account from the organization. You can't remove the management account.
2104//      Instead, after you remove all member accounts, delete the organization
2105//      itself.
2106//
2107//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
2108//      from the organization that doesn't yet have enough information to exist
2109//      as a standalone account. This account requires you to first agree to the
2110//      AWS Customer Agreement. Follow the steps at Removing a member account
2111//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
2112//      the AWS Organizations User Guide.
2113//
2114//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
2115//      an account from the organization that doesn't yet have enough information
2116//      to exist as a standalone account. This account requires you to first complete
2117//      phone verification. Follow the steps at Removing a member account from
2118//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
2119//      in the AWS Organizations User Guide.
2120//
2121//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
2122//      of accounts that you can create in one day.
2123//
2124//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
2125//      the number of accounts in an organization. If you need more accounts,
2126//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
2127//      request an increase in your limit. Or the number of invitations that you
2128//      tried to send would cause you to exceed the limit of accounts in your
2129//      organization. Send fewer invitations or contact AWS Support to request
2130//      an increase in the number of accounts. Deleted and closed accounts still
2131//      count toward your limit. If you get this exception when running a command
2132//      immediately after creating the organization, wait one hour and try again.
2133//      After an hour, if the command continues to fail with this error, contact
2134//      AWS Support (https://console.aws.amazon.com/support/home#/).
2135//
2136//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
2137//      register the management account of the organization as a delegated administrator
2138//      for an AWS service integrated with Organizations. You can designate only
2139//      a member account as a delegated administrator.
2140//
2141//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
2142//      an account that is registered as a delegated administrator for a service
2143//      integrated with your organization. To complete this operation, you must
2144//      first deregister this account as a delegated administrator.
2145//
2146//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
2147//      organization in the specified region, you must enable all features mode.
2148//
2149//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
2150//      an AWS account as a delegated administrator for an AWS service that already
2151//      has a delegated administrator. To complete this operation, you must first
2152//      deregister any existing delegated administrators for this service.
2153//
2154//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
2155//      valid for a limited period of time. You must resubmit the request and
2156//      generate a new verfication code.
2157//
2158//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
2159//      handshakes that you can send in one day.
2160//
2161//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
2162//      in this organization, you first must migrate the organization's management
2163//      account to the marketplace that corresponds to the management account's
2164//      address. For example, accounts with India addresses must be associated
2165//      with the AISPL marketplace. All accounts in an organization must be associated
2166//      with the same marketplace.
2167//
2168//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
2169//      in China. To create an organization, the master must have a valid business
2170//      license. For more information, contact customer support.
2171//
2172//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
2173//      must first provide a valid contact address and phone number for the management
2174//      account. Then try the operation again.
2175//
2176//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
2177//      management account must have an associated account in the AWS GovCloud
2178//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
2179//      in the AWS GovCloud User Guide.
2180//
2181//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
2182//      with this management account, you first must associate a valid payment
2183//      instrument, such as a credit card, with the account. Follow the steps
2184//      at To leave an organization when all required account information has
2185//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2186//      in the AWS Organizations User Guide.
2187//
2188//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
2189//      to register more delegated administrators than allowed for the service
2190//      principal.
2191//
2192//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
2193//      number of policies of a certain type that can be attached to an entity
2194//      at one time.
2195//
2196//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
2197//      on this resource.
2198//
2199//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
2200//      with this member account, you first must associate a valid payment instrument,
2201//      such as a credit card, with the account. Follow the steps at To leave
2202//      an organization when all required account information has not yet been
2203//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2204//      in the AWS Organizations User Guide.
2205//
2206//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
2207//      policy from an entity that would cause the entity to have fewer than the
2208//      minimum number of policies of a certain type required.
2209//
2210//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
2211//      that requires the organization to be configured to support all features.
2212//      An organization that supports only consolidated billing features can't
2213//      perform this operation.
2214//
2215//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
2216//      too many levels deep.
2217//
2218//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
2219//      that you can have in an organization.
2220//
2221//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
2222//      is larger than the maximum size.
2223//
2224//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
2225//      policies that you can have in an organization.
2226//
2227//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
2228//      tags that are not compliant with the tag policy requirements for this
2229//      account.
2230//
2231//   * DuplicateOrganizationalUnitException
2232//   An OU with the same name already exists.
2233//
2234//   * InvalidInputException
2235//   The requested operation failed because you provided invalid values for one
2236//   or more of the request parameters. This exception includes a reason that
2237//   contains additional information about the violated limit:
2238//
2239//   Some of the reasons in the following list might not be applicable to this
2240//   specific API or operation.
2241//
2242//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
2243//      the same entity.
2244//
2245//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2246//      can't be modified.
2247//
2248//      * INPUT_REQUIRED: You must include a value for all required parameters.
2249//
2250//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
2251//      for the invited account owner.
2252//
2253//      * INVALID_ENUM: You specified an invalid value.
2254//
2255//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
2256//
2257//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2258//      characters.
2259//
2260//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2261//      at least one invalid value.
2262//
2263//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2264//      from the response to a previous call of the operation.
2265//
2266//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2267//      organization, or email) as a party.
2268//
2269//      * INVALID_PATTERN: You provided a value that doesn't match the required
2270//      pattern.
2271//
2272//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2273//      match the required pattern.
2274//
2275//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2276//      name can't begin with the reserved prefix AWSServiceRoleFor.
2277//
2278//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2279//      Name (ARN) for the organization.
2280//
2281//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2282//
2283//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2284//      tag. You can’t add, edit, or delete system tag keys because they're
2285//      reserved for AWS use. System tags don’t count against your tags per
2286//      resource limit.
2287//
2288//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2289//      for the operation.
2290//
2291//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2292//      than allowed.
2293//
2294//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2295//      value than allowed.
2296//
2297//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2298//      than allowed.
2299//
2300//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2301//      value than allowed.
2302//
2303//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2304//      between entities in the same root.
2305//
2306//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
2307//      target entity.
2308//
2309//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
2310//      isn't recognized.
2311//
2312//   * ParentNotFoundException
2313//   We can't find a root or OU with the ParentId that you specified.
2314//
2315//   * ServiceException
2316//   AWS Organizations can't complete your request because of an internal service
2317//   error. Try again later.
2318//
2319//   * TooManyRequestsException
2320//   You have sent too many requests in too short a period of time. The quota
2321//   helps protect against denial-of-service attacks. Try again later.
2322//
2323//   For information about quotas that affect AWS Organizations, see Quotas for
2324//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2325//   the AWS Organizations User Guide.
2326//
2327// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
2328func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
2329	req, out := c.CreateOrganizationalUnitRequest(input)
2330	return out, req.Send()
2331}
2332
2333// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
2334// the ability to pass a context and additional request options.
2335//
2336// See CreateOrganizationalUnit for details on how to use this API operation.
2337//
2338// The context must be non-nil and will be used for request cancellation. If
2339// the context is nil a panic will occur. In the future the SDK may create
2340// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2341// for more information on using Contexts.
2342func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
2343	req, out := c.CreateOrganizationalUnitRequest(input)
2344	req.SetContext(ctx)
2345	req.ApplyOptions(opts...)
2346	return out, req.Send()
2347}
2348
2349const opCreatePolicy = "CreatePolicy"
2350
2351// CreatePolicyRequest generates a "aws/request.Request" representing the
2352// client's request for the CreatePolicy operation. The "output" return
2353// value will be populated with the request's response once the request completes
2354// successfully.
2355//
2356// Use "Send" method on the returned Request to send the API call to the service.
2357// the "output" return value is not valid until after Send returns without error.
2358//
2359// See CreatePolicy for more information on using the CreatePolicy
2360// API call, and error handling.
2361//
2362// This method is useful when you want to inject custom logic or configuration
2363// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2364//
2365//
2366//    // Example sending a request using the CreatePolicyRequest method.
2367//    req, resp := client.CreatePolicyRequest(params)
2368//
2369//    err := req.Send()
2370//    if err == nil { // resp is now filled
2371//        fmt.Println(resp)
2372//    }
2373//
2374// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2375func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
2376	op := &request.Operation{
2377		Name:       opCreatePolicy,
2378		HTTPMethod: "POST",
2379		HTTPPath:   "/",
2380	}
2381
2382	if input == nil {
2383		input = &CreatePolicyInput{}
2384	}
2385
2386	output = &CreatePolicyOutput{}
2387	req = c.newRequest(op, input, output)
2388	return
2389}
2390
2391// CreatePolicy API operation for AWS Organizations.
2392//
2393// Creates a policy of a specified type that you can attach to a root, an organizational
2394// unit (OU), or an individual AWS account.
2395//
2396// For more information about policies and their use, see Managing Organization
2397// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
2398//
2399// If the request includes tags, then the requester must have the organizations:TagResource
2400// permission.
2401//
2402// This operation can be called only from the organization's management account.
2403//
2404// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2405// with awserr.Error's Code and Message methods to get detailed information about
2406// the error.
2407//
2408// See the AWS API reference guide for AWS Organizations's
2409// API operation CreatePolicy for usage and error information.
2410//
2411// Returned Error Types:
2412//   * AccessDeniedException
2413//   You don't have permissions to perform the requested operation. The user or
2414//   role that is making the request must have at least one IAM permissions policy
2415//   attached that grants the required permissions. For more information, see
2416//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2417//   in the IAM User Guide.
2418//
2419//   * AWSOrganizationsNotInUseException
2420//   Your account isn't a member of an organization. To make this request, you
2421//   must use the credentials of an account that belongs to an organization.
2422//
2423//   * ConcurrentModificationException
2424//   The target of the operation is currently being modified by a different request.
2425//   Try again later.
2426//
2427//   * ConstraintViolationException
2428//   Performing this operation violates a minimum or maximum value limit. For
2429//   example, attempting to remove the last service control policy (SCP) from
2430//   an OU or root, inviting or creating too many accounts to the organization,
2431//   or attaching too many policies to an account, OU, or root. This exception
2432//   includes a reason that contains additional information about the violated
2433//   limit:
2434//
2435//   Some of the reasons in the following list might not be applicable to this
2436//   specific API or operation.
2437//
2438//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
2439//      account from the organization. You can't remove the management account.
2440//      Instead, after you remove all member accounts, delete the organization
2441//      itself.
2442//
2443//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
2444//      from the organization that doesn't yet have enough information to exist
2445//      as a standalone account. This account requires you to first agree to the
2446//      AWS Customer Agreement. Follow the steps at Removing a member account
2447//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
2448//      the AWS Organizations User Guide.
2449//
2450//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
2451//      an account from the organization that doesn't yet have enough information
2452//      to exist as a standalone account. This account requires you to first complete
2453//      phone verification. Follow the steps at Removing a member account from
2454//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
2455//      in the AWS Organizations User Guide.
2456//
2457//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
2458//      of accounts that you can create in one day.
2459//
2460//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
2461//      the number of accounts in an organization. If you need more accounts,
2462//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
2463//      request an increase in your limit. Or the number of invitations that you
2464//      tried to send would cause you to exceed the limit of accounts in your
2465//      organization. Send fewer invitations or contact AWS Support to request
2466//      an increase in the number of accounts. Deleted and closed accounts still
2467//      count toward your limit. If you get this exception when running a command
2468//      immediately after creating the organization, wait one hour and try again.
2469//      After an hour, if the command continues to fail with this error, contact
2470//      AWS Support (https://console.aws.amazon.com/support/home#/).
2471//
2472//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
2473//      register the management account of the organization as a delegated administrator
2474//      for an AWS service integrated with Organizations. You can designate only
2475//      a member account as a delegated administrator.
2476//
2477//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
2478//      an account that is registered as a delegated administrator for a service
2479//      integrated with your organization. To complete this operation, you must
2480//      first deregister this account as a delegated administrator.
2481//
2482//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
2483//      organization in the specified region, you must enable all features mode.
2484//
2485//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
2486//      an AWS account as a delegated administrator for an AWS service that already
2487//      has a delegated administrator. To complete this operation, you must first
2488//      deregister any existing delegated administrators for this service.
2489//
2490//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
2491//      valid for a limited period of time. You must resubmit the request and
2492//      generate a new verfication code.
2493//
2494//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
2495//      handshakes that you can send in one day.
2496//
2497//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
2498//      in this organization, you first must migrate the organization's management
2499//      account to the marketplace that corresponds to the management account's
2500//      address. For example, accounts with India addresses must be associated
2501//      with the AISPL marketplace. All accounts in an organization must be associated
2502//      with the same marketplace.
2503//
2504//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
2505//      in China. To create an organization, the master must have a valid business
2506//      license. For more information, contact customer support.
2507//
2508//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
2509//      must first provide a valid contact address and phone number for the management
2510//      account. Then try the operation again.
2511//
2512//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
2513//      management account must have an associated account in the AWS GovCloud
2514//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
2515//      in the AWS GovCloud User Guide.
2516//
2517//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
2518//      with this management account, you first must associate a valid payment
2519//      instrument, such as a credit card, with the account. Follow the steps
2520//      at To leave an organization when all required account information has
2521//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2522//      in the AWS Organizations User Guide.
2523//
2524//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
2525//      to register more delegated administrators than allowed for the service
2526//      principal.
2527//
2528//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
2529//      number of policies of a certain type that can be attached to an entity
2530//      at one time.
2531//
2532//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
2533//      on this resource.
2534//
2535//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
2536//      with this member account, you first must associate a valid payment instrument,
2537//      such as a credit card, with the account. Follow the steps at To leave
2538//      an organization when all required account information has not yet been
2539//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2540//      in the AWS Organizations User Guide.
2541//
2542//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
2543//      policy from an entity that would cause the entity to have fewer than the
2544//      minimum number of policies of a certain type required.
2545//
2546//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
2547//      that requires the organization to be configured to support all features.
2548//      An organization that supports only consolidated billing features can't
2549//      perform this operation.
2550//
2551//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
2552//      too many levels deep.
2553//
2554//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
2555//      that you can have in an organization.
2556//
2557//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
2558//      is larger than the maximum size.
2559//
2560//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
2561//      policies that you can have in an organization.
2562//
2563//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
2564//      tags that are not compliant with the tag policy requirements for this
2565//      account.
2566//
2567//   * DuplicatePolicyException
2568//   A policy with the same name already exists.
2569//
2570//   * InvalidInputException
2571//   The requested operation failed because you provided invalid values for one
2572//   or more of the request parameters. This exception includes a reason that
2573//   contains additional information about the violated limit:
2574//
2575//   Some of the reasons in the following list might not be applicable to this
2576//   specific API or operation.
2577//
2578//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
2579//      the same entity.
2580//
2581//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2582//      can't be modified.
2583//
2584//      * INPUT_REQUIRED: You must include a value for all required parameters.
2585//
2586//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
2587//      for the invited account owner.
2588//
2589//      * INVALID_ENUM: You specified an invalid value.
2590//
2591//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
2592//
2593//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2594//      characters.
2595//
2596//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2597//      at least one invalid value.
2598//
2599//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2600//      from the response to a previous call of the operation.
2601//
2602//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2603//      organization, or email) as a party.
2604//
2605//      * INVALID_PATTERN: You provided a value that doesn't match the required
2606//      pattern.
2607//
2608//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2609//      match the required pattern.
2610//
2611//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2612//      name can't begin with the reserved prefix AWSServiceRoleFor.
2613//
2614//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2615//      Name (ARN) for the organization.
2616//
2617//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2618//
2619//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2620//      tag. You can’t add, edit, or delete system tag keys because they're
2621//      reserved for AWS use. System tags don’t count against your tags per
2622//      resource limit.
2623//
2624//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2625//      for the operation.
2626//
2627//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2628//      than allowed.
2629//
2630//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2631//      value than allowed.
2632//
2633//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2634//      than allowed.
2635//
2636//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2637//      value than allowed.
2638//
2639//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2640//      between entities in the same root.
2641//
2642//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
2643//      target entity.
2644//
2645//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
2646//      isn't recognized.
2647//
2648//   * MalformedPolicyDocumentException
2649//   The provided policy document doesn't meet the requirements of the specified
2650//   policy type. For example, the syntax might be incorrect. For details about
2651//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
2652//   in the AWS Organizations User Guide.
2653//
2654//   * PolicyTypeNotAvailableForOrganizationException
2655//   You can't use the specified policy type with the feature set currently enabled
2656//   for this organization. For example, you can enable SCPs only after you enable
2657//   all features in the organization. For more information, see Managing AWS
2658//   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
2659//   the AWS Organizations User Guide.
2660//
2661//   * ServiceException
2662//   AWS Organizations can't complete your request because of an internal service
2663//   error. Try again later.
2664//
2665//   * TooManyRequestsException
2666//   You have sent too many requests in too short a period of time. The quota
2667//   helps protect against denial-of-service attacks. Try again later.
2668//
2669//   For information about quotas that affect AWS Organizations, see Quotas for
2670//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2671//   the AWS Organizations User Guide.
2672//
2673//   * UnsupportedAPIEndpointException
2674//   This action isn't available in the current AWS Region.
2675//
2676// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2677func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
2678	req, out := c.CreatePolicyRequest(input)
2679	return out, req.Send()
2680}
2681
2682// CreatePolicyWithContext is the same as CreatePolicy with the addition of
2683// the ability to pass a context and additional request options.
2684//
2685// See CreatePolicy for details on how to use this API operation.
2686//
2687// The context must be non-nil and will be used for request cancellation. If
2688// the context is nil a panic will occur. In the future the SDK may create
2689// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2690// for more information on using Contexts.
2691func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
2692	req, out := c.CreatePolicyRequest(input)
2693	req.SetContext(ctx)
2694	req.ApplyOptions(opts...)
2695	return out, req.Send()
2696}
2697
2698const opDeclineHandshake = "DeclineHandshake"
2699
2700// DeclineHandshakeRequest generates a "aws/request.Request" representing the
2701// client's request for the DeclineHandshake operation. The "output" return
2702// value will be populated with the request's response once the request completes
2703// successfully.
2704//
2705// Use "Send" method on the returned Request to send the API call to the service.
2706// the "output" return value is not valid until after Send returns without error.
2707//
2708// See DeclineHandshake for more information on using the DeclineHandshake
2709// API call, and error handling.
2710//
2711// This method is useful when you want to inject custom logic or configuration
2712// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2713//
2714//
2715//    // Example sending a request using the DeclineHandshakeRequest method.
2716//    req, resp := client.DeclineHandshakeRequest(params)
2717//
2718//    err := req.Send()
2719//    if err == nil { // resp is now filled
2720//        fmt.Println(resp)
2721//    }
2722//
2723// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2724func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
2725	op := &request.Operation{
2726		Name:       opDeclineHandshake,
2727		HTTPMethod: "POST",
2728		HTTPPath:   "/",
2729	}
2730
2731	if input == nil {
2732		input = &DeclineHandshakeInput{}
2733	}
2734
2735	output = &DeclineHandshakeOutput{}
2736	req = c.newRequest(op, input, output)
2737	return
2738}
2739
2740// DeclineHandshake API operation for AWS Organizations.
2741//
2742// Declines a handshake request. This sets the handshake state to DECLINED and
2743// effectively deactivates the request.
2744//
2745// This operation can be called only from the account that received the handshake.
2746// The originator of the handshake can use CancelHandshake instead. The originator
2747// can't reactivate a declined request, but can reinitiate the process with
2748// a new handshake request.
2749//
2750// After you decline a handshake, it continues to appear in the results of relevant
2751// APIs for only 30 days. After that, it's deleted.
2752//
2753// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2754// with awserr.Error's Code and Message methods to get detailed information about
2755// the error.
2756//
2757// See the AWS API reference guide for AWS Organizations's
2758// API operation DeclineHandshake for usage and error information.
2759//
2760// Returned Error Types:
2761//   * AccessDeniedException
2762//   You don't have permissions to perform the requested operation. The user or
2763//   role that is making the request must have at least one IAM permissions policy
2764//   attached that grants the required permissions. For more information, see
2765//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2766//   in the IAM User Guide.
2767//
2768//   * ConcurrentModificationException
2769//   The target of the operation is currently being modified by a different request.
2770//   Try again later.
2771//
2772//   * HandshakeNotFoundException
2773//   We can't find a handshake with the HandshakeId that you specified.
2774//
2775//   * InvalidHandshakeTransitionException
2776//   You can't perform the operation on the handshake in its current state. For
2777//   example, you can't cancel a handshake that was already accepted or accept
2778//   a handshake that was already declined.
2779//
2780//   * HandshakeAlreadyInStateException
2781//   The specified handshake is already in the requested state. For example, you
2782//   can't accept a handshake that was already accepted.
2783//
2784//   * InvalidInputException
2785//   The requested operation failed because you provided invalid values for one
2786//   or more of the request parameters. This exception includes a reason that
2787//   contains additional information about the violated limit:
2788//
2789//   Some of the reasons in the following list might not be applicable to this
2790//   specific API or operation.
2791//
2792//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
2793//      the same entity.
2794//
2795//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2796//      can't be modified.
2797//
2798//      * INPUT_REQUIRED: You must include a value for all required parameters.
2799//
2800//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
2801//      for the invited account owner.
2802//
2803//      * INVALID_ENUM: You specified an invalid value.
2804//
2805//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
2806//
2807//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2808//      characters.
2809//
2810//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2811//      at least one invalid value.
2812//
2813//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2814//      from the response to a previous call of the operation.
2815//
2816//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2817//      organization, or email) as a party.
2818//
2819//      * INVALID_PATTERN: You provided a value that doesn't match the required
2820//      pattern.
2821//
2822//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2823//      match the required pattern.
2824//
2825//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2826//      name can't begin with the reserved prefix AWSServiceRoleFor.
2827//
2828//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2829//      Name (ARN) for the organization.
2830//
2831//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2832//
2833//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2834//      tag. You can’t add, edit, or delete system tag keys because they're
2835//      reserved for AWS use. System tags don’t count against your tags per
2836//      resource limit.
2837//
2838//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2839//      for the operation.
2840//
2841//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2842//      than allowed.
2843//
2844//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2845//      value than allowed.
2846//
2847//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2848//      than allowed.
2849//
2850//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2851//      value than allowed.
2852//
2853//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2854//      between entities in the same root.
2855//
2856//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
2857//      target entity.
2858//
2859//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
2860//      isn't recognized.
2861//
2862//   * ServiceException
2863//   AWS Organizations can't complete your request because of an internal service
2864//   error. Try again later.
2865//
2866//   * TooManyRequestsException
2867//   You have sent too many requests in too short a period of time. The quota
2868//   helps protect against denial-of-service attacks. Try again later.
2869//
2870//   For information about quotas that affect AWS Organizations, see Quotas for
2871//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
2872//   the AWS Organizations User Guide.
2873//
2874// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2875func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
2876	req, out := c.DeclineHandshakeRequest(input)
2877	return out, req.Send()
2878}
2879
2880// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
2881// the ability to pass a context and additional request options.
2882//
2883// See DeclineHandshake for details on how to use this API operation.
2884//
2885// The context must be non-nil and will be used for request cancellation. If
2886// the context is nil a panic will occur. In the future the SDK may create
2887// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2888// for more information on using Contexts.
2889func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
2890	req, out := c.DeclineHandshakeRequest(input)
2891	req.SetContext(ctx)
2892	req.ApplyOptions(opts...)
2893	return out, req.Send()
2894}
2895
2896const opDeleteOrganization = "DeleteOrganization"
2897
2898// DeleteOrganizationRequest generates a "aws/request.Request" representing the
2899// client's request for the DeleteOrganization operation. The "output" return
2900// value will be populated with the request's response once the request completes
2901// successfully.
2902//
2903// Use "Send" method on the returned Request to send the API call to the service.
2904// the "output" return value is not valid until after Send returns without error.
2905//
2906// See DeleteOrganization for more information on using the DeleteOrganization
2907// API call, and error handling.
2908//
2909// This method is useful when you want to inject custom logic or configuration
2910// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2911//
2912//
2913//    // Example sending a request using the DeleteOrganizationRequest method.
2914//    req, resp := client.DeleteOrganizationRequest(params)
2915//
2916//    err := req.Send()
2917//    if err == nil { // resp is now filled
2918//        fmt.Println(resp)
2919//    }
2920//
2921// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
2922func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
2923	op := &request.Operation{
2924		Name:       opDeleteOrganization,
2925		HTTPMethod: "POST",
2926		HTTPPath:   "/",
2927	}
2928
2929	if input == nil {
2930		input = &DeleteOrganizationInput{}
2931	}
2932
2933	output = &DeleteOrganizationOutput{}
2934	req = c.newRequest(op, input, output)
2935	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2936	return
2937}
2938
2939// DeleteOrganization API operation for AWS Organizations.
2940//
2941// Deletes the organization. You can delete an organization only by using credentials
2942// from the management account. The organization must be empty of member accounts.
2943//
2944// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2945// with awserr.Error's Code and Message methods to get detailed information about
2946// the error.
2947//
2948// See the AWS API reference guide for AWS Organizations's
2949// API operation DeleteOrganization for usage and error information.
2950//
2951// Returned Error Types:
2952//   * AccessDeniedException
2953//   You don't have permissions to perform the requested operation. The user or
2954//   role that is making the request must have at least one IAM permissions policy
2955//   attached that grants the required permissions. For more information, see
2956//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2957//   in the IAM User Guide.
2958//
2959//   * AWSOrganizationsNotInUseException
2960//   Your account isn't a member of an organization. To make this request, you
2961//   must use the credentials of an account that belongs to an organization.
2962//
2963//   * ConcurrentModificationException
2964//   The target of the operation is currently being modified by a different request.
2965//   Try again later.
2966//
2967//   * InvalidInputException
2968//   The requested operation failed because you provided invalid values for one
2969//   or more of the request parameters. This exception includes a reason that
2970//   contains additional information about the violated limit:
2971//
2972//   Some of the reasons in the following list might not be applicable to this
2973//   specific API or operation.
2974//
2975//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
2976//      the same entity.
2977//
2978//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2979//      can't be modified.
2980//
2981//      * INPUT_REQUIRED: You must include a value for all required parameters.
2982//
2983//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
2984//      for the invited account owner.
2985//
2986//      * INVALID_ENUM: You specified an invalid value.
2987//
2988//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
2989//
2990//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2991//      characters.
2992//
2993//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2994//      at least one invalid value.
2995//
2996//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2997//      from the response to a previous call of the operation.
2998//
2999//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3000//      organization, or email) as a party.
3001//
3002//      * INVALID_PATTERN: You provided a value that doesn't match the required
3003//      pattern.
3004//
3005//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3006//      match the required pattern.
3007//
3008//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3009//      name can't begin with the reserved prefix AWSServiceRoleFor.
3010//
3011//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3012//      Name (ARN) for the organization.
3013//
3014//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3015//
3016//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3017//      tag. You can’t add, edit, or delete system tag keys because they're
3018//      reserved for AWS use. System tags don’t count against your tags per
3019//      resource limit.
3020//
3021//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3022//      for the operation.
3023//
3024//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3025//      than allowed.
3026//
3027//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3028//      value than allowed.
3029//
3030//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3031//      than allowed.
3032//
3033//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3034//      value than allowed.
3035//
3036//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3037//      between entities in the same root.
3038//
3039//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
3040//      target entity.
3041//
3042//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
3043//      isn't recognized.
3044//
3045//   * OrganizationNotEmptyException
3046//   The organization isn't empty. To delete an organization, you must first remove
3047//   all accounts except the management account, delete all OUs, and delete all
3048//   policies.
3049//
3050//   * ServiceException
3051//   AWS Organizations can't complete your request because of an internal service
3052//   error. Try again later.
3053//
3054//   * TooManyRequestsException
3055//   You have sent too many requests in too short a period of time. The quota
3056//   helps protect against denial-of-service attacks. Try again later.
3057//
3058//   For information about quotas that affect AWS Organizations, see Quotas for
3059//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3060//   the AWS Organizations User Guide.
3061//
3062// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
3063func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
3064	req, out := c.DeleteOrganizationRequest(input)
3065	return out, req.Send()
3066}
3067
3068// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
3069// the ability to pass a context and additional request options.
3070//
3071// See DeleteOrganization for details on how to use this API operation.
3072//
3073// The context must be non-nil and will be used for request cancellation. If
3074// the context is nil a panic will occur. In the future the SDK may create
3075// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3076// for more information on using Contexts.
3077func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
3078	req, out := c.DeleteOrganizationRequest(input)
3079	req.SetContext(ctx)
3080	req.ApplyOptions(opts...)
3081	return out, req.Send()
3082}
3083
3084const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
3085
3086// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
3087// client's request for the DeleteOrganizationalUnit operation. The "output" return
3088// value will be populated with the request's response once the request completes
3089// successfully.
3090//
3091// Use "Send" method on the returned Request to send the API call to the service.
3092// the "output" return value is not valid until after Send returns without error.
3093//
3094// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
3095// API call, and error handling.
3096//
3097// This method is useful when you want to inject custom logic or configuration
3098// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3099//
3100//
3101//    // Example sending a request using the DeleteOrganizationalUnitRequest method.
3102//    req, resp := client.DeleteOrganizationalUnitRequest(params)
3103//
3104//    err := req.Send()
3105//    if err == nil { // resp is now filled
3106//        fmt.Println(resp)
3107//    }
3108//
3109// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
3110func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
3111	op := &request.Operation{
3112		Name:       opDeleteOrganizationalUnit,
3113		HTTPMethod: "POST",
3114		HTTPPath:   "/",
3115	}
3116
3117	if input == nil {
3118		input = &DeleteOrganizationalUnitInput{}
3119	}
3120
3121	output = &DeleteOrganizationalUnitOutput{}
3122	req = c.newRequest(op, input, output)
3123	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
3124	return
3125}
3126
3127// DeleteOrganizationalUnit API operation for AWS Organizations.
3128//
3129// Deletes an organizational unit (OU) from a root or another OU. You must first
3130// remove all accounts and child OUs from the OU that you want to delete.
3131//
3132// This operation can be called only from the organization's management account.
3133//
3134// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3135// with awserr.Error's Code and Message methods to get detailed information about
3136// the error.
3137//
3138// See the AWS API reference guide for AWS Organizations's
3139// API operation DeleteOrganizationalUnit for usage and error information.
3140//
3141// Returned Error Types:
3142//   * AccessDeniedException
3143//   You don't have permissions to perform the requested operation. The user or
3144//   role that is making the request must have at least one IAM permissions policy
3145//   attached that grants the required permissions. For more information, see
3146//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3147//   in the IAM User Guide.
3148//
3149//   * AWSOrganizationsNotInUseException
3150//   Your account isn't a member of an organization. To make this request, you
3151//   must use the credentials of an account that belongs to an organization.
3152//
3153//   * ConcurrentModificationException
3154//   The target of the operation is currently being modified by a different request.
3155//   Try again later.
3156//
3157//   * InvalidInputException
3158//   The requested operation failed because you provided invalid values for one
3159//   or more of the request parameters. This exception includes a reason that
3160//   contains additional information about the violated limit:
3161//
3162//   Some of the reasons in the following list might not be applicable to this
3163//   specific API or operation.
3164//
3165//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
3166//      the same entity.
3167//
3168//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3169//      can't be modified.
3170//
3171//      * INPUT_REQUIRED: You must include a value for all required parameters.
3172//
3173//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
3174//      for the invited account owner.
3175//
3176//      * INVALID_ENUM: You specified an invalid value.
3177//
3178//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
3179//
3180//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3181//      characters.
3182//
3183//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3184//      at least one invalid value.
3185//
3186//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3187//      from the response to a previous call of the operation.
3188//
3189//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3190//      organization, or email) as a party.
3191//
3192//      * INVALID_PATTERN: You provided a value that doesn't match the required
3193//      pattern.
3194//
3195//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3196//      match the required pattern.
3197//
3198//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3199//      name can't begin with the reserved prefix AWSServiceRoleFor.
3200//
3201//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3202//      Name (ARN) for the organization.
3203//
3204//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3205//
3206//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3207//      tag. You can’t add, edit, or delete system tag keys because they're
3208//      reserved for AWS use. System tags don’t count against your tags per
3209//      resource limit.
3210//
3211//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3212//      for the operation.
3213//
3214//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3215//      than allowed.
3216//
3217//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3218//      value than allowed.
3219//
3220//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3221//      than allowed.
3222//
3223//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3224//      value than allowed.
3225//
3226//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3227//      between entities in the same root.
3228//
3229//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
3230//      target entity.
3231//
3232//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
3233//      isn't recognized.
3234//
3235//   * OrganizationalUnitNotEmptyException
3236//   The specified OU is not empty. Move all accounts to another root or to other
3237//   OUs, remove all child OUs, and try the operation again.
3238//
3239//   * OrganizationalUnitNotFoundException
3240//   We can't find an OU with the OrganizationalUnitId that you specified.
3241//
3242//   * ServiceException
3243//   AWS Organizations can't complete your request because of an internal service
3244//   error. Try again later.
3245//
3246//   * TooManyRequestsException
3247//   You have sent too many requests in too short a period of time. The quota
3248//   helps protect against denial-of-service attacks. Try again later.
3249//
3250//   For information about quotas that affect AWS Organizations, see Quotas for
3251//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3252//   the AWS Organizations User Guide.
3253//
3254// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
3255func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
3256	req, out := c.DeleteOrganizationalUnitRequest(input)
3257	return out, req.Send()
3258}
3259
3260// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
3261// the ability to pass a context and additional request options.
3262//
3263// See DeleteOrganizationalUnit for details on how to use this API operation.
3264//
3265// The context must be non-nil and will be used for request cancellation. If
3266// the context is nil a panic will occur. In the future the SDK may create
3267// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3268// for more information on using Contexts.
3269func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
3270	req, out := c.DeleteOrganizationalUnitRequest(input)
3271	req.SetContext(ctx)
3272	req.ApplyOptions(opts...)
3273	return out, req.Send()
3274}
3275
3276const opDeletePolicy = "DeletePolicy"
3277
3278// DeletePolicyRequest generates a "aws/request.Request" representing the
3279// client's request for the DeletePolicy operation. The "output" return
3280// value will be populated with the request's response once the request completes
3281// successfully.
3282//
3283// Use "Send" method on the returned Request to send the API call to the service.
3284// the "output" return value is not valid until after Send returns without error.
3285//
3286// See DeletePolicy for more information on using the DeletePolicy
3287// API call, and error handling.
3288//
3289// This method is useful when you want to inject custom logic or configuration
3290// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3291//
3292//
3293//    // Example sending a request using the DeletePolicyRequest method.
3294//    req, resp := client.DeletePolicyRequest(params)
3295//
3296//    err := req.Send()
3297//    if err == nil { // resp is now filled
3298//        fmt.Println(resp)
3299//    }
3300//
3301// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
3302func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
3303	op := &request.Operation{
3304		Name:       opDeletePolicy,
3305		HTTPMethod: "POST",
3306		HTTPPath:   "/",
3307	}
3308
3309	if input == nil {
3310		input = &DeletePolicyInput{}
3311	}
3312
3313	output = &DeletePolicyOutput{}
3314	req = c.newRequest(op, input, output)
3315	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
3316	return
3317}
3318
3319// DeletePolicy API operation for AWS Organizations.
3320//
3321// Deletes the specified policy from your organization. Before you perform this
3322// operation, you must first detach the policy from all organizational units
3323// (OUs), roots, and accounts.
3324//
3325// This operation can be called only from the organization's management account.
3326//
3327// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3328// with awserr.Error's Code and Message methods to get detailed information about
3329// the error.
3330//
3331// See the AWS API reference guide for AWS Organizations's
3332// API operation DeletePolicy for usage and error information.
3333//
3334// Returned Error Types:
3335//   * AccessDeniedException
3336//   You don't have permissions to perform the requested operation. The user or
3337//   role that is making the request must have at least one IAM permissions policy
3338//   attached that grants the required permissions. For more information, see
3339//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3340//   in the IAM User Guide.
3341//
3342//   * AWSOrganizationsNotInUseException
3343//   Your account isn't a member of an organization. To make this request, you
3344//   must use the credentials of an account that belongs to an organization.
3345//
3346//   * ConcurrentModificationException
3347//   The target of the operation is currently being modified by a different request.
3348//   Try again later.
3349//
3350//   * InvalidInputException
3351//   The requested operation failed because you provided invalid values for one
3352//   or more of the request parameters. This exception includes a reason that
3353//   contains additional information about the violated limit:
3354//
3355//   Some of the reasons in the following list might not be applicable to this
3356//   specific API or operation.
3357//
3358//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
3359//      the same entity.
3360//
3361//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3362//      can't be modified.
3363//
3364//      * INPUT_REQUIRED: You must include a value for all required parameters.
3365//
3366//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
3367//      for the invited account owner.
3368//
3369//      * INVALID_ENUM: You specified an invalid value.
3370//
3371//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
3372//
3373//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3374//      characters.
3375//
3376//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3377//      at least one invalid value.
3378//
3379//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3380//      from the response to a previous call of the operation.
3381//
3382//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3383//      organization, or email) as a party.
3384//
3385//      * INVALID_PATTERN: You provided a value that doesn't match the required
3386//      pattern.
3387//
3388//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3389//      match the required pattern.
3390//
3391//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3392//      name can't begin with the reserved prefix AWSServiceRoleFor.
3393//
3394//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3395//      Name (ARN) for the organization.
3396//
3397//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3398//
3399//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3400//      tag. You can’t add, edit, or delete system tag keys because they're
3401//      reserved for AWS use. System tags don’t count against your tags per
3402//      resource limit.
3403//
3404//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3405//      for the operation.
3406//
3407//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3408//      than allowed.
3409//
3410//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3411//      value than allowed.
3412//
3413//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3414//      than allowed.
3415//
3416//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3417//      value than allowed.
3418//
3419//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3420//      between entities in the same root.
3421//
3422//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
3423//      target entity.
3424//
3425//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
3426//      isn't recognized.
3427//
3428//   * PolicyInUseException
3429//   The policy is attached to one or more entities. You must detach it from all
3430//   roots, OUs, and accounts before performing this operation.
3431//
3432//   * PolicyNotFoundException
3433//   We can't find a policy with the PolicyId that you specified.
3434//
3435//   * ServiceException
3436//   AWS Organizations can't complete your request because of an internal service
3437//   error. Try again later.
3438//
3439//   * TooManyRequestsException
3440//   You have sent too many requests in too short a period of time. The quota
3441//   helps protect against denial-of-service attacks. Try again later.
3442//
3443//   For information about quotas that affect AWS Organizations, see Quotas for
3444//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3445//   the AWS Organizations User Guide.
3446//
3447//   * UnsupportedAPIEndpointException
3448//   This action isn't available in the current AWS Region.
3449//
3450// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
3451func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
3452	req, out := c.DeletePolicyRequest(input)
3453	return out, req.Send()
3454}
3455
3456// DeletePolicyWithContext is the same as DeletePolicy with the addition of
3457// the ability to pass a context and additional request options.
3458//
3459// See DeletePolicy for details on how to use this API operation.
3460//
3461// The context must be non-nil and will be used for request cancellation. If
3462// the context is nil a panic will occur. In the future the SDK may create
3463// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3464// for more information on using Contexts.
3465func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
3466	req, out := c.DeletePolicyRequest(input)
3467	req.SetContext(ctx)
3468	req.ApplyOptions(opts...)
3469	return out, req.Send()
3470}
3471
3472const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator"
3473
3474// DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
3475// client's request for the DeregisterDelegatedAdministrator operation. The "output" return
3476// value will be populated with the request's response once the request completes
3477// successfully.
3478//
3479// Use "Send" method on the returned Request to send the API call to the service.
3480// the "output" return value is not valid until after Send returns without error.
3481//
3482// See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator
3483// API call, and error handling.
3484//
3485// This method is useful when you want to inject custom logic or configuration
3486// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3487//
3488//
3489//    // Example sending a request using the DeregisterDelegatedAdministratorRequest method.
3490//    req, resp := client.DeregisterDelegatedAdministratorRequest(params)
3491//
3492//    err := req.Send()
3493//    if err == nil { // resp is now filled
3494//        fmt.Println(resp)
3495//    }
3496//
3497// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
3498func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) {
3499	op := &request.Operation{
3500		Name:       opDeregisterDelegatedAdministrator,
3501		HTTPMethod: "POST",
3502		HTTPPath:   "/",
3503	}
3504
3505	if input == nil {
3506		input = &DeregisterDelegatedAdministratorInput{}
3507	}
3508
3509	output = &DeregisterDelegatedAdministratorOutput{}
3510	req = c.newRequest(op, input, output)
3511	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
3512	return
3513}
3514
3515// DeregisterDelegatedAdministrator API operation for AWS Organizations.
3516//
3517// Removes the specified member AWS account as a delegated administrator for
3518// the specified AWS service.
3519//
3520// Deregistering a delegated administrator can have unintended impacts on the
3521// functionality of the enabled AWS service. See the documentation for the enabled
3522// service before you deregister a delegated administrator so that you understand
3523// any potential impacts.
3524//
3525// You can run this action only for AWS services that support this feature.
3526// For a current list of services that support it, see the column Supports Delegated
3527// Administrator in the table at AWS Services that you can use with AWS Organizations
3528// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
3529// in the AWS Organizations User Guide.
3530//
3531// This operation can be called only from the organization's management account.
3532//
3533// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3534// with awserr.Error's Code and Message methods to get detailed information about
3535// the error.
3536//
3537// See the AWS API reference guide for AWS Organizations's
3538// API operation DeregisterDelegatedAdministrator for usage and error information.
3539//
3540// Returned Error Types:
3541//   * AccessDeniedException
3542//   You don't have permissions to perform the requested operation. The user or
3543//   role that is making the request must have at least one IAM permissions policy
3544//   attached that grants the required permissions. For more information, see
3545//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3546//   in the IAM User Guide.
3547//
3548//   * AccountNotFoundException
3549//   We can't find an AWS account with the AccountId that you specified, or the
3550//   account whose credentials you used to make this request isn't a member of
3551//   an organization.
3552//
3553//   * AccountNotRegisteredException
3554//   The specified account is not a delegated administrator for this AWS service.
3555//
3556//   * AWSOrganizationsNotInUseException
3557//   Your account isn't a member of an organization. To make this request, you
3558//   must use the credentials of an account that belongs to an organization.
3559//
3560//   * ConcurrentModificationException
3561//   The target of the operation is currently being modified by a different request.
3562//   Try again later.
3563//
3564//   * ConstraintViolationException
3565//   Performing this operation violates a minimum or maximum value limit. For
3566//   example, attempting to remove the last service control policy (SCP) from
3567//   an OU or root, inviting or creating too many accounts to the organization,
3568//   or attaching too many policies to an account, OU, or root. This exception
3569//   includes a reason that contains additional information about the violated
3570//   limit:
3571//
3572//   Some of the reasons in the following list might not be applicable to this
3573//   specific API or operation.
3574//
3575//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
3576//      account from the organization. You can't remove the management account.
3577//      Instead, after you remove all member accounts, delete the organization
3578//      itself.
3579//
3580//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
3581//      from the organization that doesn't yet have enough information to exist
3582//      as a standalone account. This account requires you to first agree to the
3583//      AWS Customer Agreement. Follow the steps at Removing a member account
3584//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
3585//      the AWS Organizations User Guide.
3586//
3587//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
3588//      an account from the organization that doesn't yet have enough information
3589//      to exist as a standalone account. This account requires you to first complete
3590//      phone verification. Follow the steps at Removing a member account from
3591//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
3592//      in the AWS Organizations User Guide.
3593//
3594//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
3595//      of accounts that you can create in one day.
3596//
3597//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
3598//      the number of accounts in an organization. If you need more accounts,
3599//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
3600//      request an increase in your limit. Or the number of invitations that you
3601//      tried to send would cause you to exceed the limit of accounts in your
3602//      organization. Send fewer invitations or contact AWS Support to request
3603//      an increase in the number of accounts. Deleted and closed accounts still
3604//      count toward your limit. If you get this exception when running a command
3605//      immediately after creating the organization, wait one hour and try again.
3606//      After an hour, if the command continues to fail with this error, contact
3607//      AWS Support (https://console.aws.amazon.com/support/home#/).
3608//
3609//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
3610//      register the management account of the organization as a delegated administrator
3611//      for an AWS service integrated with Organizations. You can designate only
3612//      a member account as a delegated administrator.
3613//
3614//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
3615//      an account that is registered as a delegated administrator for a service
3616//      integrated with your organization. To complete this operation, you must
3617//      first deregister this account as a delegated administrator.
3618//
3619//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
3620//      organization in the specified region, you must enable all features mode.
3621//
3622//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
3623//      an AWS account as a delegated administrator for an AWS service that already
3624//      has a delegated administrator. To complete this operation, you must first
3625//      deregister any existing delegated administrators for this service.
3626//
3627//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
3628//      valid for a limited period of time. You must resubmit the request and
3629//      generate a new verfication code.
3630//
3631//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
3632//      handshakes that you can send in one day.
3633//
3634//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
3635//      in this organization, you first must migrate the organization's management
3636//      account to the marketplace that corresponds to the management account's
3637//      address. For example, accounts with India addresses must be associated
3638//      with the AISPL marketplace. All accounts in an organization must be associated
3639//      with the same marketplace.
3640//
3641//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
3642//      in China. To create an organization, the master must have a valid business
3643//      license. For more information, contact customer support.
3644//
3645//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
3646//      must first provide a valid contact address and phone number for the management
3647//      account. Then try the operation again.
3648//
3649//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
3650//      management account must have an associated account in the AWS GovCloud
3651//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
3652//      in the AWS GovCloud User Guide.
3653//
3654//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
3655//      with this management account, you first must associate a valid payment
3656//      instrument, such as a credit card, with the account. Follow the steps
3657//      at To leave an organization when all required account information has
3658//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3659//      in the AWS Organizations User Guide.
3660//
3661//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
3662//      to register more delegated administrators than allowed for the service
3663//      principal.
3664//
3665//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
3666//      number of policies of a certain type that can be attached to an entity
3667//      at one time.
3668//
3669//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
3670//      on this resource.
3671//
3672//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
3673//      with this member account, you first must associate a valid payment instrument,
3674//      such as a credit card, with the account. Follow the steps at To leave
3675//      an organization when all required account information has not yet been
3676//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3677//      in the AWS Organizations User Guide.
3678//
3679//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
3680//      policy from an entity that would cause the entity to have fewer than the
3681//      minimum number of policies of a certain type required.
3682//
3683//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
3684//      that requires the organization to be configured to support all features.
3685//      An organization that supports only consolidated billing features can't
3686//      perform this operation.
3687//
3688//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
3689//      too many levels deep.
3690//
3691//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
3692//      that you can have in an organization.
3693//
3694//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
3695//      is larger than the maximum size.
3696//
3697//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
3698//      policies that you can have in an organization.
3699//
3700//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
3701//      tags that are not compliant with the tag policy requirements for this
3702//      account.
3703//
3704//   * InvalidInputException
3705//   The requested operation failed because you provided invalid values for one
3706//   or more of the request parameters. This exception includes a reason that
3707//   contains additional information about the violated limit:
3708//
3709//   Some of the reasons in the following list might not be applicable to this
3710//   specific API or operation.
3711//
3712//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
3713//      the same entity.
3714//
3715//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3716//      can't be modified.
3717//
3718//      * INPUT_REQUIRED: You must include a value for all required parameters.
3719//
3720//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
3721//      for the invited account owner.
3722//
3723//      * INVALID_ENUM: You specified an invalid value.
3724//
3725//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
3726//
3727//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3728//      characters.
3729//
3730//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3731//      at least one invalid value.
3732//
3733//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3734//      from the response to a previous call of the operation.
3735//
3736//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3737//      organization, or email) as a party.
3738//
3739//      * INVALID_PATTERN: You provided a value that doesn't match the required
3740//      pattern.
3741//
3742//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3743//      match the required pattern.
3744//
3745//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3746//      name can't begin with the reserved prefix AWSServiceRoleFor.
3747//
3748//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3749//      Name (ARN) for the organization.
3750//
3751//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3752//
3753//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3754//      tag. You can’t add, edit, or delete system tag keys because they're
3755//      reserved for AWS use. System tags don’t count against your tags per
3756//      resource limit.
3757//
3758//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3759//      for the operation.
3760//
3761//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3762//      than allowed.
3763//
3764//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3765//      value than allowed.
3766//
3767//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3768//      than allowed.
3769//
3770//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3771//      value than allowed.
3772//
3773//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3774//      between entities in the same root.
3775//
3776//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
3777//      target entity.
3778//
3779//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
3780//      isn't recognized.
3781//
3782//   * TooManyRequestsException
3783//   You have sent too many requests in too short a period of time. The quota
3784//   helps protect against denial-of-service attacks. Try again later.
3785//
3786//   For information about quotas that affect AWS Organizations, see Quotas for
3787//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3788//   the AWS Organizations User Guide.
3789//
3790//   * ServiceException
3791//   AWS Organizations can't complete your request because of an internal service
3792//   error. Try again later.
3793//
3794//   * UnsupportedAPIEndpointException
3795//   This action isn't available in the current AWS Region.
3796//
3797// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
3798func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) {
3799	req, out := c.DeregisterDelegatedAdministratorRequest(input)
3800	return out, req.Send()
3801}
3802
3803// DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of
3804// the ability to pass a context and additional request options.
3805//
3806// See DeregisterDelegatedAdministrator for details on how to use this API operation.
3807//
3808// The context must be non-nil and will be used for request cancellation. If
3809// the context is nil a panic will occur. In the future the SDK may create
3810// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3811// for more information on using Contexts.
3812func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) {
3813	req, out := c.DeregisterDelegatedAdministratorRequest(input)
3814	req.SetContext(ctx)
3815	req.ApplyOptions(opts...)
3816	return out, req.Send()
3817}
3818
3819const opDescribeAccount = "DescribeAccount"
3820
3821// DescribeAccountRequest generates a "aws/request.Request" representing the
3822// client's request for the DescribeAccount operation. The "output" return
3823// value will be populated with the request's response once the request completes
3824// successfully.
3825//
3826// Use "Send" method on the returned Request to send the API call to the service.
3827// the "output" return value is not valid until after Send returns without error.
3828//
3829// See DescribeAccount for more information on using the DescribeAccount
3830// API call, and error handling.
3831//
3832// This method is useful when you want to inject custom logic or configuration
3833// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3834//
3835//
3836//    // Example sending a request using the DescribeAccountRequest method.
3837//    req, resp := client.DescribeAccountRequest(params)
3838//
3839//    err := req.Send()
3840//    if err == nil { // resp is now filled
3841//        fmt.Println(resp)
3842//    }
3843//
3844// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3845func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
3846	op := &request.Operation{
3847		Name:       opDescribeAccount,
3848		HTTPMethod: "POST",
3849		HTTPPath:   "/",
3850	}
3851
3852	if input == nil {
3853		input = &DescribeAccountInput{}
3854	}
3855
3856	output = &DescribeAccountOutput{}
3857	req = c.newRequest(op, input, output)
3858	return
3859}
3860
3861// DescribeAccount API operation for AWS Organizations.
3862//
3863// Retrieves AWS Organizations-related information about the specified account.
3864//
3865// This operation can be called only from the organization's management account
3866// or by a member account that is a delegated administrator for an AWS service.
3867//
3868// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3869// with awserr.Error's Code and Message methods to get detailed information about
3870// the error.
3871//
3872// See the AWS API reference guide for AWS Organizations's
3873// API operation DescribeAccount for usage and error information.
3874//
3875// Returned Error Types:
3876//   * AccessDeniedException
3877//   You don't have permissions to perform the requested operation. The user or
3878//   role that is making the request must have at least one IAM permissions policy
3879//   attached that grants the required permissions. For more information, see
3880//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3881//   in the IAM User Guide.
3882//
3883//   * AccountNotFoundException
3884//   We can't find an AWS account with the AccountId that you specified, or the
3885//   account whose credentials you used to make this request isn't a member of
3886//   an organization.
3887//
3888//   * AWSOrganizationsNotInUseException
3889//   Your account isn't a member of an organization. To make this request, you
3890//   must use the credentials of an account that belongs to an organization.
3891//
3892//   * InvalidInputException
3893//   The requested operation failed because you provided invalid values for one
3894//   or more of the request parameters. This exception includes a reason that
3895//   contains additional information about the violated limit:
3896//
3897//   Some of the reasons in the following list might not be applicable to this
3898//   specific API or operation.
3899//
3900//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
3901//      the same entity.
3902//
3903//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3904//      can't be modified.
3905//
3906//      * INPUT_REQUIRED: You must include a value for all required parameters.
3907//
3908//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
3909//      for the invited account owner.
3910//
3911//      * INVALID_ENUM: You specified an invalid value.
3912//
3913//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
3914//
3915//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3916//      characters.
3917//
3918//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3919//      at least one invalid value.
3920//
3921//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3922//      from the response to a previous call of the operation.
3923//
3924//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3925//      organization, or email) as a party.
3926//
3927//      * INVALID_PATTERN: You provided a value that doesn't match the required
3928//      pattern.
3929//
3930//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3931//      match the required pattern.
3932//
3933//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3934//      name can't begin with the reserved prefix AWSServiceRoleFor.
3935//
3936//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3937//      Name (ARN) for the organization.
3938//
3939//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3940//
3941//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3942//      tag. You can’t add, edit, or delete system tag keys because they're
3943//      reserved for AWS use. System tags don’t count against your tags per
3944//      resource limit.
3945//
3946//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3947//      for the operation.
3948//
3949//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3950//      than allowed.
3951//
3952//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3953//      value than allowed.
3954//
3955//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3956//      than allowed.
3957//
3958//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3959//      value than allowed.
3960//
3961//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3962//      between entities in the same root.
3963//
3964//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
3965//      target entity.
3966//
3967//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
3968//      isn't recognized.
3969//
3970//   * ServiceException
3971//   AWS Organizations can't complete your request because of an internal service
3972//   error. Try again later.
3973//
3974//   * TooManyRequestsException
3975//   You have sent too many requests in too short a period of time. The quota
3976//   helps protect against denial-of-service attacks. Try again later.
3977//
3978//   For information about quotas that affect AWS Organizations, see Quotas for
3979//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
3980//   the AWS Organizations User Guide.
3981//
3982// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3983func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
3984	req, out := c.DescribeAccountRequest(input)
3985	return out, req.Send()
3986}
3987
3988// DescribeAccountWithContext is the same as DescribeAccount with the addition of
3989// the ability to pass a context and additional request options.
3990//
3991// See DescribeAccount for details on how to use this API operation.
3992//
3993// The context must be non-nil and will be used for request cancellation. If
3994// the context is nil a panic will occur. In the future the SDK may create
3995// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3996// for more information on using Contexts.
3997func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
3998	req, out := c.DescribeAccountRequest(input)
3999	req.SetContext(ctx)
4000	req.ApplyOptions(opts...)
4001	return out, req.Send()
4002}
4003
4004const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
4005
4006// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
4007// client's request for the DescribeCreateAccountStatus operation. The "output" return
4008// value will be populated with the request's response once the request completes
4009// successfully.
4010//
4011// Use "Send" method on the returned Request to send the API call to the service.
4012// the "output" return value is not valid until after Send returns without error.
4013//
4014// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
4015// API call, and error handling.
4016//
4017// This method is useful when you want to inject custom logic or configuration
4018// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4019//
4020//
4021//    // Example sending a request using the DescribeCreateAccountStatusRequest method.
4022//    req, resp := client.DescribeCreateAccountStatusRequest(params)
4023//
4024//    err := req.Send()
4025//    if err == nil { // resp is now filled
4026//        fmt.Println(resp)
4027//    }
4028//
4029// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
4030func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
4031	op := &request.Operation{
4032		Name:       opDescribeCreateAccountStatus,
4033		HTTPMethod: "POST",
4034		HTTPPath:   "/",
4035	}
4036
4037	if input == nil {
4038		input = &DescribeCreateAccountStatusInput{}
4039	}
4040
4041	output = &DescribeCreateAccountStatusOutput{}
4042	req = c.newRequest(op, input, output)
4043	return
4044}
4045
4046// DescribeCreateAccountStatus API operation for AWS Organizations.
4047//
4048// Retrieves the current status of an asynchronous request to create an account.
4049//
4050// This operation can be called only from the organization's management account
4051// or by a member account that is a delegated administrator for an AWS service.
4052//
4053// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4054// with awserr.Error's Code and Message methods to get detailed information about
4055// the error.
4056//
4057// See the AWS API reference guide for AWS Organizations's
4058// API operation DescribeCreateAccountStatus for usage and error information.
4059//
4060// Returned Error Types:
4061//   * AccessDeniedException
4062//   You don't have permissions to perform the requested operation. The user or
4063//   role that is making the request must have at least one IAM permissions policy
4064//   attached that grants the required permissions. For more information, see
4065//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4066//   in the IAM User Guide.
4067//
4068//   * AWSOrganizationsNotInUseException
4069//   Your account isn't a member of an organization. To make this request, you
4070//   must use the credentials of an account that belongs to an organization.
4071//
4072//   * CreateAccountStatusNotFoundException
4073//   We can't find an create account request with the CreateAccountRequestId that
4074//   you specified.
4075//
4076//   * InvalidInputException
4077//   The requested operation failed because you provided invalid values for one
4078//   or more of the request parameters. This exception includes a reason that
4079//   contains additional information about the violated limit:
4080//
4081//   Some of the reasons in the following list might not be applicable to this
4082//   specific API or operation.
4083//
4084//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
4085//      the same entity.
4086//
4087//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4088//      can't be modified.
4089//
4090//      * INPUT_REQUIRED: You must include a value for all required parameters.
4091//
4092//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
4093//      for the invited account owner.
4094//
4095//      * INVALID_ENUM: You specified an invalid value.
4096//
4097//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
4098//
4099//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4100//      characters.
4101//
4102//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4103//      at least one invalid value.
4104//
4105//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4106//      from the response to a previous call of the operation.
4107//
4108//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4109//      organization, or email) as a party.
4110//
4111//      * INVALID_PATTERN: You provided a value that doesn't match the required
4112//      pattern.
4113//
4114//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4115//      match the required pattern.
4116//
4117//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4118//      name can't begin with the reserved prefix AWSServiceRoleFor.
4119//
4120//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4121//      Name (ARN) for the organization.
4122//
4123//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4124//
4125//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4126//      tag. You can’t add, edit, or delete system tag keys because they're
4127//      reserved for AWS use. System tags don’t count against your tags per
4128//      resource limit.
4129//
4130//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4131//      for the operation.
4132//
4133//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4134//      than allowed.
4135//
4136//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4137//      value than allowed.
4138//
4139//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4140//      than allowed.
4141//
4142//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4143//      value than allowed.
4144//
4145//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4146//      between entities in the same root.
4147//
4148//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
4149//      target entity.
4150//
4151//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
4152//      isn't recognized.
4153//
4154//   * ServiceException
4155//   AWS Organizations can't complete your request because of an internal service
4156//   error. Try again later.
4157//
4158//   * TooManyRequestsException
4159//   You have sent too many requests in too short a period of time. The quota
4160//   helps protect against denial-of-service attacks. Try again later.
4161//
4162//   For information about quotas that affect AWS Organizations, see Quotas for
4163//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4164//   the AWS Organizations User Guide.
4165//
4166//   * UnsupportedAPIEndpointException
4167//   This action isn't available in the current AWS Region.
4168//
4169// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
4170func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
4171	req, out := c.DescribeCreateAccountStatusRequest(input)
4172	return out, req.Send()
4173}
4174
4175// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
4176// the ability to pass a context and additional request options.
4177//
4178// See DescribeCreateAccountStatus for details on how to use this API operation.
4179//
4180// The context must be non-nil and will be used for request cancellation. If
4181// the context is nil a panic will occur. In the future the SDK may create
4182// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4183// for more information on using Contexts.
4184func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
4185	req, out := c.DescribeCreateAccountStatusRequest(input)
4186	req.SetContext(ctx)
4187	req.ApplyOptions(opts...)
4188	return out, req.Send()
4189}
4190
4191const opDescribeEffectivePolicy = "DescribeEffectivePolicy"
4192
4193// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the
4194// client's request for the DescribeEffectivePolicy operation. The "output" return
4195// value will be populated with the request's response once the request completes
4196// successfully.
4197//
4198// Use "Send" method on the returned Request to send the API call to the service.
4199// the "output" return value is not valid until after Send returns without error.
4200//
4201// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy
4202// API call, and error handling.
4203//
4204// This method is useful when you want to inject custom logic or configuration
4205// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4206//
4207//
4208//    // Example sending a request using the DescribeEffectivePolicyRequest method.
4209//    req, resp := client.DescribeEffectivePolicyRequest(params)
4210//
4211//    err := req.Send()
4212//    if err == nil { // resp is now filled
4213//        fmt.Println(resp)
4214//    }
4215//
4216// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
4217func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) {
4218	op := &request.Operation{
4219		Name:       opDescribeEffectivePolicy,
4220		HTTPMethod: "POST",
4221		HTTPPath:   "/",
4222	}
4223
4224	if input == nil {
4225		input = &DescribeEffectivePolicyInput{}
4226	}
4227
4228	output = &DescribeEffectivePolicyOutput{}
4229	req = c.newRequest(op, input, output)
4230	return
4231}
4232
4233// DescribeEffectivePolicy API operation for AWS Organizations.
4234//
4235// Returns the contents of the effective policy for specified policy type and
4236// account. The effective policy is the aggregation of any policies of the specified
4237// type that the account inherits, plus any policy of that type that is directly
4238// attached to the account.
4239//
4240// This operation applies only to policy types other than service control policies
4241// (SCPs).
4242//
4243// For more information about policy inheritance, see How Policy Inheritance
4244// Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html)
4245// in the AWS Organizations User Guide.
4246//
4247// This operation can be called only from the organization's management account
4248// or by a member account that is a delegated administrator for an AWS service.
4249//
4250// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4251// with awserr.Error's Code and Message methods to get detailed information about
4252// the error.
4253//
4254// See the AWS API reference guide for AWS Organizations's
4255// API operation DescribeEffectivePolicy for usage and error information.
4256//
4257// Returned Error Types:
4258//   * AccessDeniedException
4259//   You don't have permissions to perform the requested operation. The user or
4260//   role that is making the request must have at least one IAM permissions policy
4261//   attached that grants the required permissions. For more information, see
4262//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4263//   in the IAM User Guide.
4264//
4265//   * AWSOrganizationsNotInUseException
4266//   Your account isn't a member of an organization. To make this request, you
4267//   must use the credentials of an account that belongs to an organization.
4268//
4269//   * ConstraintViolationException
4270//   Performing this operation violates a minimum or maximum value limit. For
4271//   example, attempting to remove the last service control policy (SCP) from
4272//   an OU or root, inviting or creating too many accounts to the organization,
4273//   or attaching too many policies to an account, OU, or root. This exception
4274//   includes a reason that contains additional information about the violated
4275//   limit:
4276//
4277//   Some of the reasons in the following list might not be applicable to this
4278//   specific API or operation.
4279//
4280//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
4281//      account from the organization. You can't remove the management account.
4282//      Instead, after you remove all member accounts, delete the organization
4283//      itself.
4284//
4285//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
4286//      from the organization that doesn't yet have enough information to exist
4287//      as a standalone account. This account requires you to first agree to the
4288//      AWS Customer Agreement. Follow the steps at Removing a member account
4289//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
4290//      the AWS Organizations User Guide.
4291//
4292//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
4293//      an account from the organization that doesn't yet have enough information
4294//      to exist as a standalone account. This account requires you to first complete
4295//      phone verification. Follow the steps at Removing a member account from
4296//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
4297//      in the AWS Organizations User Guide.
4298//
4299//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
4300//      of accounts that you can create in one day.
4301//
4302//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
4303//      the number of accounts in an organization. If you need more accounts,
4304//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
4305//      request an increase in your limit. Or the number of invitations that you
4306//      tried to send would cause you to exceed the limit of accounts in your
4307//      organization. Send fewer invitations or contact AWS Support to request
4308//      an increase in the number of accounts. Deleted and closed accounts still
4309//      count toward your limit. If you get this exception when running a command
4310//      immediately after creating the organization, wait one hour and try again.
4311//      After an hour, if the command continues to fail with this error, contact
4312//      AWS Support (https://console.aws.amazon.com/support/home#/).
4313//
4314//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
4315//      register the management account of the organization as a delegated administrator
4316//      for an AWS service integrated with Organizations. You can designate only
4317//      a member account as a delegated administrator.
4318//
4319//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
4320//      an account that is registered as a delegated administrator for a service
4321//      integrated with your organization. To complete this operation, you must
4322//      first deregister this account as a delegated administrator.
4323//
4324//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
4325//      organization in the specified region, you must enable all features mode.
4326//
4327//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
4328//      an AWS account as a delegated administrator for an AWS service that already
4329//      has a delegated administrator. To complete this operation, you must first
4330//      deregister any existing delegated administrators for this service.
4331//
4332//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
4333//      valid for a limited period of time. You must resubmit the request and
4334//      generate a new verfication code.
4335//
4336//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
4337//      handshakes that you can send in one day.
4338//
4339//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
4340//      in this organization, you first must migrate the organization's management
4341//      account to the marketplace that corresponds to the management account's
4342//      address. For example, accounts with India addresses must be associated
4343//      with the AISPL marketplace. All accounts in an organization must be associated
4344//      with the same marketplace.
4345//
4346//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
4347//      in China. To create an organization, the master must have a valid business
4348//      license. For more information, contact customer support.
4349//
4350//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
4351//      must first provide a valid contact address and phone number for the management
4352//      account. Then try the operation again.
4353//
4354//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
4355//      management account must have an associated account in the AWS GovCloud
4356//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
4357//      in the AWS GovCloud User Guide.
4358//
4359//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
4360//      with this management account, you first must associate a valid payment
4361//      instrument, such as a credit card, with the account. Follow the steps
4362//      at To leave an organization when all required account information has
4363//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4364//      in the AWS Organizations User Guide.
4365//
4366//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
4367//      to register more delegated administrators than allowed for the service
4368//      principal.
4369//
4370//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
4371//      number of policies of a certain type that can be attached to an entity
4372//      at one time.
4373//
4374//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
4375//      on this resource.
4376//
4377//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
4378//      with this member account, you first must associate a valid payment instrument,
4379//      such as a credit card, with the account. Follow the steps at To leave
4380//      an organization when all required account information has not yet been
4381//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4382//      in the AWS Organizations User Guide.
4383//
4384//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
4385//      policy from an entity that would cause the entity to have fewer than the
4386//      minimum number of policies of a certain type required.
4387//
4388//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
4389//      that requires the organization to be configured to support all features.
4390//      An organization that supports only consolidated billing features can't
4391//      perform this operation.
4392//
4393//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
4394//      too many levels deep.
4395//
4396//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
4397//      that you can have in an organization.
4398//
4399//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
4400//      is larger than the maximum size.
4401//
4402//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
4403//      policies that you can have in an organization.
4404//
4405//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
4406//      tags that are not compliant with the tag policy requirements for this
4407//      account.
4408//
4409//   * ServiceException
4410//   AWS Organizations can't complete your request because of an internal service
4411//   error. Try again later.
4412//
4413//   * TooManyRequestsException
4414//   You have sent too many requests in too short a period of time. The quota
4415//   helps protect against denial-of-service attacks. Try again later.
4416//
4417//   For information about quotas that affect AWS Organizations, see Quotas for
4418//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4419//   the AWS Organizations User Guide.
4420//
4421//   * TargetNotFoundException
4422//   We can't find a root, OU, account, or policy with the TargetId that you specified.
4423//
4424//   * EffectivePolicyNotFoundException
4425//   If you ran this action on the management account, this policy type is not
4426//   enabled. If you ran the action on a member account, the account doesn't have
4427//   an effective policy of this type. Contact the administrator of your organization
4428//   about attaching a policy of this type to the account.
4429//
4430//   * InvalidInputException
4431//   The requested operation failed because you provided invalid values for one
4432//   or more of the request parameters. This exception includes a reason that
4433//   contains additional information about the violated limit:
4434//
4435//   Some of the reasons in the following list might not be applicable to this
4436//   specific API or operation.
4437//
4438//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
4439//      the same entity.
4440//
4441//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4442//      can't be modified.
4443//
4444//      * INPUT_REQUIRED: You must include a value for all required parameters.
4445//
4446//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
4447//      for the invited account owner.
4448//
4449//      * INVALID_ENUM: You specified an invalid value.
4450//
4451//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
4452//
4453//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4454//      characters.
4455//
4456//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4457//      at least one invalid value.
4458//
4459//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4460//      from the response to a previous call of the operation.
4461//
4462//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4463//      organization, or email) as a party.
4464//
4465//      * INVALID_PATTERN: You provided a value that doesn't match the required
4466//      pattern.
4467//
4468//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4469//      match the required pattern.
4470//
4471//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4472//      name can't begin with the reserved prefix AWSServiceRoleFor.
4473//
4474//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4475//      Name (ARN) for the organization.
4476//
4477//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4478//
4479//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4480//      tag. You can’t add, edit, or delete system tag keys because they're
4481//      reserved for AWS use. System tags don’t count against your tags per
4482//      resource limit.
4483//
4484//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4485//      for the operation.
4486//
4487//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4488//      than allowed.
4489//
4490//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4491//      value than allowed.
4492//
4493//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4494//      than allowed.
4495//
4496//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4497//      value than allowed.
4498//
4499//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4500//      between entities in the same root.
4501//
4502//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
4503//      target entity.
4504//
4505//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
4506//      isn't recognized.
4507//
4508//   * UnsupportedAPIEndpointException
4509//   This action isn't available in the current AWS Region.
4510//
4511// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
4512func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) {
4513	req, out := c.DescribeEffectivePolicyRequest(input)
4514	return out, req.Send()
4515}
4516
4517// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of
4518// the ability to pass a context and additional request options.
4519//
4520// See DescribeEffectivePolicy for details on how to use this API operation.
4521//
4522// The context must be non-nil and will be used for request cancellation. If
4523// the context is nil a panic will occur. In the future the SDK may create
4524// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4525// for more information on using Contexts.
4526func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) {
4527	req, out := c.DescribeEffectivePolicyRequest(input)
4528	req.SetContext(ctx)
4529	req.ApplyOptions(opts...)
4530	return out, req.Send()
4531}
4532
4533const opDescribeHandshake = "DescribeHandshake"
4534
4535// DescribeHandshakeRequest generates a "aws/request.Request" representing the
4536// client's request for the DescribeHandshake operation. The "output" return
4537// value will be populated with the request's response once the request completes
4538// successfully.
4539//
4540// Use "Send" method on the returned Request to send the API call to the service.
4541// the "output" return value is not valid until after Send returns without error.
4542//
4543// See DescribeHandshake for more information on using the DescribeHandshake
4544// API call, and error handling.
4545//
4546// This method is useful when you want to inject custom logic or configuration
4547// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4548//
4549//
4550//    // Example sending a request using the DescribeHandshakeRequest method.
4551//    req, resp := client.DescribeHandshakeRequest(params)
4552//
4553//    err := req.Send()
4554//    if err == nil { // resp is now filled
4555//        fmt.Println(resp)
4556//    }
4557//
4558// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
4559func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
4560	op := &request.Operation{
4561		Name:       opDescribeHandshake,
4562		HTTPMethod: "POST",
4563		HTTPPath:   "/",
4564	}
4565
4566	if input == nil {
4567		input = &DescribeHandshakeInput{}
4568	}
4569
4570	output = &DescribeHandshakeOutput{}
4571	req = c.newRequest(op, input, output)
4572	return
4573}
4574
4575// DescribeHandshake API operation for AWS Organizations.
4576//
4577// Retrieves information about a previously requested handshake. The handshake
4578// ID comes from the response to the original InviteAccountToOrganization operation
4579// that generated the handshake.
4580//
4581// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
4582// 30 days after they change to that state. They're then deleted and no longer
4583// accessible.
4584//
4585// This operation can be called from any account in the organization.
4586//
4587// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4588// with awserr.Error's Code and Message methods to get detailed information about
4589// the error.
4590//
4591// See the AWS API reference guide for AWS Organizations's
4592// API operation DescribeHandshake for usage and error information.
4593//
4594// Returned Error Types:
4595//   * AccessDeniedException
4596//   You don't have permissions to perform the requested operation. The user or
4597//   role that is making the request must have at least one IAM permissions policy
4598//   attached that grants the required permissions. For more information, see
4599//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4600//   in the IAM User Guide.
4601//
4602//   * ConcurrentModificationException
4603//   The target of the operation is currently being modified by a different request.
4604//   Try again later.
4605//
4606//   * HandshakeNotFoundException
4607//   We can't find a handshake with the HandshakeId that you specified.
4608//
4609//   * InvalidInputException
4610//   The requested operation failed because you provided invalid values for one
4611//   or more of the request parameters. This exception includes a reason that
4612//   contains additional information about the violated limit:
4613//
4614//   Some of the reasons in the following list might not be applicable to this
4615//   specific API or operation.
4616//
4617//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
4618//      the same entity.
4619//
4620//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4621//      can't be modified.
4622//
4623//      * INPUT_REQUIRED: You must include a value for all required parameters.
4624//
4625//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
4626//      for the invited account owner.
4627//
4628//      * INVALID_ENUM: You specified an invalid value.
4629//
4630//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
4631//
4632//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4633//      characters.
4634//
4635//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4636//      at least one invalid value.
4637//
4638//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4639//      from the response to a previous call of the operation.
4640//
4641//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4642//      organization, or email) as a party.
4643//
4644//      * INVALID_PATTERN: You provided a value that doesn't match the required
4645//      pattern.
4646//
4647//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4648//      match the required pattern.
4649//
4650//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4651//      name can't begin with the reserved prefix AWSServiceRoleFor.
4652//
4653//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4654//      Name (ARN) for the organization.
4655//
4656//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4657//
4658//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4659//      tag. You can’t add, edit, or delete system tag keys because they're
4660//      reserved for AWS use. System tags don’t count against your tags per
4661//      resource limit.
4662//
4663//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4664//      for the operation.
4665//
4666//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4667//      than allowed.
4668//
4669//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4670//      value than allowed.
4671//
4672//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4673//      than allowed.
4674//
4675//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4676//      value than allowed.
4677//
4678//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4679//      between entities in the same root.
4680//
4681//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
4682//      target entity.
4683//
4684//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
4685//      isn't recognized.
4686//
4687//   * ServiceException
4688//   AWS Organizations can't complete your request because of an internal service
4689//   error. Try again later.
4690//
4691//   * TooManyRequestsException
4692//   You have sent too many requests in too short a period of time. The quota
4693//   helps protect against denial-of-service attacks. Try again later.
4694//
4695//   For information about quotas that affect AWS Organizations, see Quotas for
4696//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4697//   the AWS Organizations User Guide.
4698//
4699// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
4700func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
4701	req, out := c.DescribeHandshakeRequest(input)
4702	return out, req.Send()
4703}
4704
4705// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
4706// the ability to pass a context and additional request options.
4707//
4708// See DescribeHandshake for details on how to use this API operation.
4709//
4710// The context must be non-nil and will be used for request cancellation. If
4711// the context is nil a panic will occur. In the future the SDK may create
4712// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4713// for more information on using Contexts.
4714func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
4715	req, out := c.DescribeHandshakeRequest(input)
4716	req.SetContext(ctx)
4717	req.ApplyOptions(opts...)
4718	return out, req.Send()
4719}
4720
4721const opDescribeOrganization = "DescribeOrganization"
4722
4723// DescribeOrganizationRequest generates a "aws/request.Request" representing the
4724// client's request for the DescribeOrganization operation. The "output" return
4725// value will be populated with the request's response once the request completes
4726// successfully.
4727//
4728// Use "Send" method on the returned Request to send the API call to the service.
4729// the "output" return value is not valid until after Send returns without error.
4730//
4731// See DescribeOrganization for more information on using the DescribeOrganization
4732// API call, and error handling.
4733//
4734// This method is useful when you want to inject custom logic or configuration
4735// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4736//
4737//
4738//    // Example sending a request using the DescribeOrganizationRequest method.
4739//    req, resp := client.DescribeOrganizationRequest(params)
4740//
4741//    err := req.Send()
4742//    if err == nil { // resp is now filled
4743//        fmt.Println(resp)
4744//    }
4745//
4746// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
4747func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
4748	op := &request.Operation{
4749		Name:       opDescribeOrganization,
4750		HTTPMethod: "POST",
4751		HTTPPath:   "/",
4752	}
4753
4754	if input == nil {
4755		input = &DescribeOrganizationInput{}
4756	}
4757
4758	output = &DescribeOrganizationOutput{}
4759	req = c.newRequest(op, input, output)
4760	return
4761}
4762
4763// DescribeOrganization API operation for AWS Organizations.
4764//
4765// Retrieves information about the organization that the user's account belongs
4766// to.
4767//
4768// This operation can be called from any account in the organization.
4769//
4770// Even if a policy type is shown as available in the organization, you can
4771// disable it separately at the root level with DisablePolicyType. Use ListRoots
4772// to see the status of policy types for a specified root.
4773//
4774// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4775// with awserr.Error's Code and Message methods to get detailed information about
4776// the error.
4777//
4778// See the AWS API reference guide for AWS Organizations's
4779// API operation DescribeOrganization for usage and error information.
4780//
4781// Returned Error Types:
4782//   * AccessDeniedException
4783//   You don't have permissions to perform the requested operation. The user or
4784//   role that is making the request must have at least one IAM permissions policy
4785//   attached that grants the required permissions. For more information, see
4786//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4787//   in the IAM User Guide.
4788//
4789//   * AWSOrganizationsNotInUseException
4790//   Your account isn't a member of an organization. To make this request, you
4791//   must use the credentials of an account that belongs to an organization.
4792//
4793//   * ConcurrentModificationException
4794//   The target of the operation is currently being modified by a different request.
4795//   Try again later.
4796//
4797//   * ServiceException
4798//   AWS Organizations can't complete your request because of an internal service
4799//   error. Try again later.
4800//
4801//   * TooManyRequestsException
4802//   You have sent too many requests in too short a period of time. The quota
4803//   helps protect against denial-of-service attacks. Try again later.
4804//
4805//   For information about quotas that affect AWS Organizations, see Quotas for
4806//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4807//   the AWS Organizations User Guide.
4808//
4809// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
4810func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
4811	req, out := c.DescribeOrganizationRequest(input)
4812	return out, req.Send()
4813}
4814
4815// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
4816// the ability to pass a context and additional request options.
4817//
4818// See DescribeOrganization for details on how to use this API operation.
4819//
4820// The context must be non-nil and will be used for request cancellation. If
4821// the context is nil a panic will occur. In the future the SDK may create
4822// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4823// for more information on using Contexts.
4824func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
4825	req, out := c.DescribeOrganizationRequest(input)
4826	req.SetContext(ctx)
4827	req.ApplyOptions(opts...)
4828	return out, req.Send()
4829}
4830
4831const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
4832
4833// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
4834// client's request for the DescribeOrganizationalUnit operation. The "output" return
4835// value will be populated with the request's response once the request completes
4836// successfully.
4837//
4838// Use "Send" method on the returned Request to send the API call to the service.
4839// the "output" return value is not valid until after Send returns without error.
4840//
4841// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
4842// API call, and error handling.
4843//
4844// This method is useful when you want to inject custom logic or configuration
4845// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4846//
4847//
4848//    // Example sending a request using the DescribeOrganizationalUnitRequest method.
4849//    req, resp := client.DescribeOrganizationalUnitRequest(params)
4850//
4851//    err := req.Send()
4852//    if err == nil { // resp is now filled
4853//        fmt.Println(resp)
4854//    }
4855//
4856// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
4857func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
4858	op := &request.Operation{
4859		Name:       opDescribeOrganizationalUnit,
4860		HTTPMethod: "POST",
4861		HTTPPath:   "/",
4862	}
4863
4864	if input == nil {
4865		input = &DescribeOrganizationalUnitInput{}
4866	}
4867
4868	output = &DescribeOrganizationalUnitOutput{}
4869	req = c.newRequest(op, input, output)
4870	return
4871}
4872
4873// DescribeOrganizationalUnit API operation for AWS Organizations.
4874//
4875// Retrieves information about an organizational unit (OU).
4876//
4877// This operation can be called only from the organization's management account
4878// or by a member account that is a delegated administrator for an AWS service.
4879//
4880// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4881// with awserr.Error's Code and Message methods to get detailed information about
4882// the error.
4883//
4884// See the AWS API reference guide for AWS Organizations's
4885// API operation DescribeOrganizationalUnit for usage and error information.
4886//
4887// Returned Error Types:
4888//   * AccessDeniedException
4889//   You don't have permissions to perform the requested operation. The user or
4890//   role that is making the request must have at least one IAM permissions policy
4891//   attached that grants the required permissions. For more information, see
4892//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4893//   in the IAM User Guide.
4894//
4895//   * AWSOrganizationsNotInUseException
4896//   Your account isn't a member of an organization. To make this request, you
4897//   must use the credentials of an account that belongs to an organization.
4898//
4899//   * InvalidInputException
4900//   The requested operation failed because you provided invalid values for one
4901//   or more of the request parameters. This exception includes a reason that
4902//   contains additional information about the violated limit:
4903//
4904//   Some of the reasons in the following list might not be applicable to this
4905//   specific API or operation.
4906//
4907//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
4908//      the same entity.
4909//
4910//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4911//      can't be modified.
4912//
4913//      * INPUT_REQUIRED: You must include a value for all required parameters.
4914//
4915//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
4916//      for the invited account owner.
4917//
4918//      * INVALID_ENUM: You specified an invalid value.
4919//
4920//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
4921//
4922//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4923//      characters.
4924//
4925//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4926//      at least one invalid value.
4927//
4928//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4929//      from the response to a previous call of the operation.
4930//
4931//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4932//      organization, or email) as a party.
4933//
4934//      * INVALID_PATTERN: You provided a value that doesn't match the required
4935//      pattern.
4936//
4937//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4938//      match the required pattern.
4939//
4940//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4941//      name can't begin with the reserved prefix AWSServiceRoleFor.
4942//
4943//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4944//      Name (ARN) for the organization.
4945//
4946//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4947//
4948//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4949//      tag. You can’t add, edit, or delete system tag keys because they're
4950//      reserved for AWS use. System tags don’t count against your tags per
4951//      resource limit.
4952//
4953//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4954//      for the operation.
4955//
4956//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4957//      than allowed.
4958//
4959//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4960//      value than allowed.
4961//
4962//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4963//      than allowed.
4964//
4965//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4966//      value than allowed.
4967//
4968//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4969//      between entities in the same root.
4970//
4971//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
4972//      target entity.
4973//
4974//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
4975//      isn't recognized.
4976//
4977//   * OrganizationalUnitNotFoundException
4978//   We can't find an OU with the OrganizationalUnitId that you specified.
4979//
4980//   * ServiceException
4981//   AWS Organizations can't complete your request because of an internal service
4982//   error. Try again later.
4983//
4984//   * TooManyRequestsException
4985//   You have sent too many requests in too short a period of time. The quota
4986//   helps protect against denial-of-service attacks. Try again later.
4987//
4988//   For information about quotas that affect AWS Organizations, see Quotas for
4989//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
4990//   the AWS Organizations User Guide.
4991//
4992// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
4993func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
4994	req, out := c.DescribeOrganizationalUnitRequest(input)
4995	return out, req.Send()
4996}
4997
4998// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
4999// the ability to pass a context and additional request options.
5000//
5001// See DescribeOrganizationalUnit for details on how to use this API operation.
5002//
5003// The context must be non-nil and will be used for request cancellation. If
5004// the context is nil a panic will occur. In the future the SDK may create
5005// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5006// for more information on using Contexts.
5007func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
5008	req, out := c.DescribeOrganizationalUnitRequest(input)
5009	req.SetContext(ctx)
5010	req.ApplyOptions(opts...)
5011	return out, req.Send()
5012}
5013
5014const opDescribePolicy = "DescribePolicy"
5015
5016// DescribePolicyRequest generates a "aws/request.Request" representing the
5017// client's request for the DescribePolicy operation. The "output" return
5018// value will be populated with the request's response once the request completes
5019// successfully.
5020//
5021// Use "Send" method on the returned Request to send the API call to the service.
5022// the "output" return value is not valid until after Send returns without error.
5023//
5024// See DescribePolicy for more information on using the DescribePolicy
5025// API call, and error handling.
5026//
5027// This method is useful when you want to inject custom logic or configuration
5028// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5029//
5030//
5031//    // Example sending a request using the DescribePolicyRequest method.
5032//    req, resp := client.DescribePolicyRequest(params)
5033//
5034//    err := req.Send()
5035//    if err == nil { // resp is now filled
5036//        fmt.Println(resp)
5037//    }
5038//
5039// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
5040func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
5041	op := &request.Operation{
5042		Name:       opDescribePolicy,
5043		HTTPMethod: "POST",
5044		HTTPPath:   "/",
5045	}
5046
5047	if input == nil {
5048		input = &DescribePolicyInput{}
5049	}
5050
5051	output = &DescribePolicyOutput{}
5052	req = c.newRequest(op, input, output)
5053	return
5054}
5055
5056// DescribePolicy API operation for AWS Organizations.
5057//
5058// Retrieves information about a policy.
5059//
5060// This operation can be called only from the organization's management account
5061// or by a member account that is a delegated administrator for an AWS service.
5062//
5063// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5064// with awserr.Error's Code and Message methods to get detailed information about
5065// the error.
5066//
5067// See the AWS API reference guide for AWS Organizations's
5068// API operation DescribePolicy for usage and error information.
5069//
5070// Returned Error Types:
5071//   * AccessDeniedException
5072//   You don't have permissions to perform the requested operation. The user or
5073//   role that is making the request must have at least one IAM permissions policy
5074//   attached that grants the required permissions. For more information, see
5075//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5076//   in the IAM User Guide.
5077//
5078//   * AWSOrganizationsNotInUseException
5079//   Your account isn't a member of an organization. To make this request, you
5080//   must use the credentials of an account that belongs to an organization.
5081//
5082//   * InvalidInputException
5083//   The requested operation failed because you provided invalid values for one
5084//   or more of the request parameters. This exception includes a reason that
5085//   contains additional information about the violated limit:
5086//
5087//   Some of the reasons in the following list might not be applicable to this
5088//   specific API or operation.
5089//
5090//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
5091//      the same entity.
5092//
5093//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5094//      can't be modified.
5095//
5096//      * INPUT_REQUIRED: You must include a value for all required parameters.
5097//
5098//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
5099//      for the invited account owner.
5100//
5101//      * INVALID_ENUM: You specified an invalid value.
5102//
5103//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
5104//
5105//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5106//      characters.
5107//
5108//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5109//      at least one invalid value.
5110//
5111//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5112//      from the response to a previous call of the operation.
5113//
5114//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5115//      organization, or email) as a party.
5116//
5117//      * INVALID_PATTERN: You provided a value that doesn't match the required
5118//      pattern.
5119//
5120//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5121//      match the required pattern.
5122//
5123//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5124//      name can't begin with the reserved prefix AWSServiceRoleFor.
5125//
5126//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5127//      Name (ARN) for the organization.
5128//
5129//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5130//
5131//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5132//      tag. You can’t add, edit, or delete system tag keys because they're
5133//      reserved for AWS use. System tags don’t count against your tags per
5134//      resource limit.
5135//
5136//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5137//      for the operation.
5138//
5139//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5140//      than allowed.
5141//
5142//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5143//      value than allowed.
5144//
5145//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5146//      than allowed.
5147//
5148//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5149//      value than allowed.
5150//
5151//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5152//      between entities in the same root.
5153//
5154//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
5155//      target entity.
5156//
5157//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
5158//      isn't recognized.
5159//
5160//   * PolicyNotFoundException
5161//   We can't find a policy with the PolicyId that you specified.
5162//
5163//   * ServiceException
5164//   AWS Organizations can't complete your request because of an internal service
5165//   error. Try again later.
5166//
5167//   * TooManyRequestsException
5168//   You have sent too many requests in too short a period of time. The quota
5169//   helps protect against denial-of-service attacks. Try again later.
5170//
5171//   For information about quotas that affect AWS Organizations, see Quotas for
5172//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5173//   the AWS Organizations User Guide.
5174//
5175//   * UnsupportedAPIEndpointException
5176//   This action isn't available in the current AWS Region.
5177//
5178// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
5179func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) {
5180	req, out := c.DescribePolicyRequest(input)
5181	return out, req.Send()
5182}
5183
5184// DescribePolicyWithContext is the same as DescribePolicy with the addition of
5185// the ability to pass a context and additional request options.
5186//
5187// See DescribePolicy for details on how to use this API operation.
5188//
5189// The context must be non-nil and will be used for request cancellation. If
5190// the context is nil a panic will occur. In the future the SDK may create
5191// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5192// for more information on using Contexts.
5193func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) {
5194	req, out := c.DescribePolicyRequest(input)
5195	req.SetContext(ctx)
5196	req.ApplyOptions(opts...)
5197	return out, req.Send()
5198}
5199
5200const opDetachPolicy = "DetachPolicy"
5201
5202// DetachPolicyRequest generates a "aws/request.Request" representing the
5203// client's request for the DetachPolicy operation. The "output" return
5204// value will be populated with the request's response once the request completes
5205// successfully.
5206//
5207// Use "Send" method on the returned Request to send the API call to the service.
5208// the "output" return value is not valid until after Send returns without error.
5209//
5210// See DetachPolicy for more information on using the DetachPolicy
5211// API call, and error handling.
5212//
5213// This method is useful when you want to inject custom logic or configuration
5214// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5215//
5216//
5217//    // Example sending a request using the DetachPolicyRequest method.
5218//    req, resp := client.DetachPolicyRequest(params)
5219//
5220//    err := req.Send()
5221//    if err == nil { // resp is now filled
5222//        fmt.Println(resp)
5223//    }
5224//
5225// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
5226func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) {
5227	op := &request.Operation{
5228		Name:       opDetachPolicy,
5229		HTTPMethod: "POST",
5230		HTTPPath:   "/",
5231	}
5232
5233	if input == nil {
5234		input = &DetachPolicyInput{}
5235	}
5236
5237	output = &DetachPolicyOutput{}
5238	req = c.newRequest(op, input, output)
5239	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
5240	return
5241}
5242
5243// DetachPolicy API operation for AWS Organizations.
5244//
5245// Detaches a policy from a target root, organizational unit (OU), or account.
5246//
5247// If the policy being detached is a service control policy (SCP), the changes
5248// to permissions for AWS Identity and Access Management (IAM) users and roles
5249// in affected accounts are immediate.
5250//
5251// Every root, OU, and account must have at least one SCP attached. If you want
5252// to replace the default FullAWSAccess policy with an SCP that limits the permissions
5253// that can be delegated, you must attach the replacement SCP before you can
5254// remove the default SCP. This is the authorization strategy of an "allow list
5255// (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)".
5256// If you instead attach a second SCP and leave the FullAWSAccess SCP still
5257// attached, and specify "Effect": "Deny" in the second SCP to override the
5258// "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP),
5259// you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)".
5260//
5261// This operation can be called only from the organization's management account.
5262//
5263// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5264// with awserr.Error's Code and Message methods to get detailed information about
5265// the error.
5266//
5267// See the AWS API reference guide for AWS Organizations's
5268// API operation DetachPolicy for usage and error information.
5269//
5270// Returned Error Types:
5271//   * AccessDeniedException
5272//   You don't have permissions to perform the requested operation. The user or
5273//   role that is making the request must have at least one IAM permissions policy
5274//   attached that grants the required permissions. For more information, see
5275//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5276//   in the IAM User Guide.
5277//
5278//   * AWSOrganizationsNotInUseException
5279//   Your account isn't a member of an organization. To make this request, you
5280//   must use the credentials of an account that belongs to an organization.
5281//
5282//   * ConcurrentModificationException
5283//   The target of the operation is currently being modified by a different request.
5284//   Try again later.
5285//
5286//   * ConstraintViolationException
5287//   Performing this operation violates a minimum or maximum value limit. For
5288//   example, attempting to remove the last service control policy (SCP) from
5289//   an OU or root, inviting or creating too many accounts to the organization,
5290//   or attaching too many policies to an account, OU, or root. This exception
5291//   includes a reason that contains additional information about the violated
5292//   limit:
5293//
5294//   Some of the reasons in the following list might not be applicable to this
5295//   specific API or operation.
5296//
5297//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
5298//      account from the organization. You can't remove the management account.
5299//      Instead, after you remove all member accounts, delete the organization
5300//      itself.
5301//
5302//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5303//      from the organization that doesn't yet have enough information to exist
5304//      as a standalone account. This account requires you to first agree to the
5305//      AWS Customer Agreement. Follow the steps at Removing a member account
5306//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
5307//      the AWS Organizations User Guide.
5308//
5309//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5310//      an account from the organization that doesn't yet have enough information
5311//      to exist as a standalone account. This account requires you to first complete
5312//      phone verification. Follow the steps at Removing a member account from
5313//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
5314//      in the AWS Organizations User Guide.
5315//
5316//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5317//      of accounts that you can create in one day.
5318//
5319//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5320//      the number of accounts in an organization. If you need more accounts,
5321//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5322//      request an increase in your limit. Or the number of invitations that you
5323//      tried to send would cause you to exceed the limit of accounts in your
5324//      organization. Send fewer invitations or contact AWS Support to request
5325//      an increase in the number of accounts. Deleted and closed accounts still
5326//      count toward your limit. If you get this exception when running a command
5327//      immediately after creating the organization, wait one hour and try again.
5328//      After an hour, if the command continues to fail with this error, contact
5329//      AWS Support (https://console.aws.amazon.com/support/home#/).
5330//
5331//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
5332//      register the management account of the organization as a delegated administrator
5333//      for an AWS service integrated with Organizations. You can designate only
5334//      a member account as a delegated administrator.
5335//
5336//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
5337//      an account that is registered as a delegated administrator for a service
5338//      integrated with your organization. To complete this operation, you must
5339//      first deregister this account as a delegated administrator.
5340//
5341//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
5342//      organization in the specified region, you must enable all features mode.
5343//
5344//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
5345//      an AWS account as a delegated administrator for an AWS service that already
5346//      has a delegated administrator. To complete this operation, you must first
5347//      deregister any existing delegated administrators for this service.
5348//
5349//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
5350//      valid for a limited period of time. You must resubmit the request and
5351//      generate a new verfication code.
5352//
5353//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5354//      handshakes that you can send in one day.
5355//
5356//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5357//      in this organization, you first must migrate the organization's management
5358//      account to the marketplace that corresponds to the management account's
5359//      address. For example, accounts with India addresses must be associated
5360//      with the AISPL marketplace. All accounts in an organization must be associated
5361//      with the same marketplace.
5362//
5363//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
5364//      in China. To create an organization, the master must have a valid business
5365//      license. For more information, contact customer support.
5366//
5367//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5368//      must first provide a valid contact address and phone number for the management
5369//      account. Then try the operation again.
5370//
5371//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5372//      management account must have an associated account in the AWS GovCloud
5373//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5374//      in the AWS GovCloud User Guide.
5375//
5376//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5377//      with this management account, you first must associate a valid payment
5378//      instrument, such as a credit card, with the account. Follow the steps
5379//      at To leave an organization when all required account information has
5380//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5381//      in the AWS Organizations User Guide.
5382//
5383//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
5384//      to register more delegated administrators than allowed for the service
5385//      principal.
5386//
5387//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5388//      number of policies of a certain type that can be attached to an entity
5389//      at one time.
5390//
5391//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5392//      on this resource.
5393//
5394//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5395//      with this member account, you first must associate a valid payment instrument,
5396//      such as a credit card, with the account. Follow the steps at To leave
5397//      an organization when all required account information has not yet been
5398//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5399//      in the AWS Organizations User Guide.
5400//
5401//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5402//      policy from an entity that would cause the entity to have fewer than the
5403//      minimum number of policies of a certain type required.
5404//
5405//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5406//      that requires the organization to be configured to support all features.
5407//      An organization that supports only consolidated billing features can't
5408//      perform this operation.
5409//
5410//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5411//      too many levels deep.
5412//
5413//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5414//      that you can have in an organization.
5415//
5416//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
5417//      is larger than the maximum size.
5418//
5419//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
5420//      policies that you can have in an organization.
5421//
5422//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
5423//      tags that are not compliant with the tag policy requirements for this
5424//      account.
5425//
5426//   * InvalidInputException
5427//   The requested operation failed because you provided invalid values for one
5428//   or more of the request parameters. This exception includes a reason that
5429//   contains additional information about the violated limit:
5430//
5431//   Some of the reasons in the following list might not be applicable to this
5432//   specific API or operation.
5433//
5434//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
5435//      the same entity.
5436//
5437//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5438//      can't be modified.
5439//
5440//      * INPUT_REQUIRED: You must include a value for all required parameters.
5441//
5442//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
5443//      for the invited account owner.
5444//
5445//      * INVALID_ENUM: You specified an invalid value.
5446//
5447//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
5448//
5449//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5450//      characters.
5451//
5452//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5453//      at least one invalid value.
5454//
5455//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5456//      from the response to a previous call of the operation.
5457//
5458//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5459//      organization, or email) as a party.
5460//
5461//      * INVALID_PATTERN: You provided a value that doesn't match the required
5462//      pattern.
5463//
5464//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5465//      match the required pattern.
5466//
5467//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5468//      name can't begin with the reserved prefix AWSServiceRoleFor.
5469//
5470//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5471//      Name (ARN) for the organization.
5472//
5473//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5474//
5475//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5476//      tag. You can’t add, edit, or delete system tag keys because they're
5477//      reserved for AWS use. System tags don’t count against your tags per
5478//      resource limit.
5479//
5480//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5481//      for the operation.
5482//
5483//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5484//      than allowed.
5485//
5486//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5487//      value than allowed.
5488//
5489//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5490//      than allowed.
5491//
5492//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5493//      value than allowed.
5494//
5495//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5496//      between entities in the same root.
5497//
5498//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
5499//      target entity.
5500//
5501//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
5502//      isn't recognized.
5503//
5504//   * PolicyNotAttachedException
5505//   The policy isn't attached to the specified target in the specified root.
5506//
5507//   * PolicyNotFoundException
5508//   We can't find a policy with the PolicyId that you specified.
5509//
5510//   * ServiceException
5511//   AWS Organizations can't complete your request because of an internal service
5512//   error. Try again later.
5513//
5514//   * TargetNotFoundException
5515//   We can't find a root, OU, account, or policy with the TargetId that you specified.
5516//
5517//   * TooManyRequestsException
5518//   You have sent too many requests in too short a period of time. The quota
5519//   helps protect against denial-of-service attacks. Try again later.
5520//
5521//   For information about quotas that affect AWS Organizations, see Quotas for
5522//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5523//   the AWS Organizations User Guide.
5524//
5525//   * UnsupportedAPIEndpointException
5526//   This action isn't available in the current AWS Region.
5527//
5528//   * PolicyChangesInProgressException
5529//   Changes to the effective policy are in progress, and its contents can't be
5530//   returned. Try the operation again later.
5531//
5532// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
5533func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) {
5534	req, out := c.DetachPolicyRequest(input)
5535	return out, req.Send()
5536}
5537
5538// DetachPolicyWithContext is the same as DetachPolicy with the addition of
5539// the ability to pass a context and additional request options.
5540//
5541// See DetachPolicy for details on how to use this API operation.
5542//
5543// The context must be non-nil and will be used for request cancellation. If
5544// the context is nil a panic will occur. In the future the SDK may create
5545// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5546// for more information on using Contexts.
5547func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) {
5548	req, out := c.DetachPolicyRequest(input)
5549	req.SetContext(ctx)
5550	req.ApplyOptions(opts...)
5551	return out, req.Send()
5552}
5553
5554const opDisableAWSServiceAccess = "DisableAWSServiceAccess"
5555
5556// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the
5557// client's request for the DisableAWSServiceAccess operation. The "output" return
5558// value will be populated with the request's response once the request completes
5559// successfully.
5560//
5561// Use "Send" method on the returned Request to send the API call to the service.
5562// the "output" return value is not valid until after Send returns without error.
5563//
5564// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess
5565// API call, and error handling.
5566//
5567// This method is useful when you want to inject custom logic or configuration
5568// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5569//
5570//
5571//    // Example sending a request using the DisableAWSServiceAccessRequest method.
5572//    req, resp := client.DisableAWSServiceAccessRequest(params)
5573//
5574//    err := req.Send()
5575//    if err == nil { // resp is now filled
5576//        fmt.Println(resp)
5577//    }
5578//
5579// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
5580func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) {
5581	op := &request.Operation{
5582		Name:       opDisableAWSServiceAccess,
5583		HTTPMethod: "POST",
5584		HTTPPath:   "/",
5585	}
5586
5587	if input == nil {
5588		input = &DisableAWSServiceAccessInput{}
5589	}
5590
5591	output = &DisableAWSServiceAccessOutput{}
5592	req = c.newRequest(op, input, output)
5593	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
5594	return
5595}
5596
5597// DisableAWSServiceAccess API operation for AWS Organizations.
5598//
5599// Disables the integration of an AWS service (the service that is specified
5600// by ServicePrincipal) with AWS Organizations. When you disable integration,
5601// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
5602// in new accounts in your organization. This means the service can't perform
5603// operations on your behalf on any new accounts in your organization. The service
5604// can still perform operations in older accounts until the service completes
5605// its clean-up from AWS Organizations.
5606//
5607// We strongly recommend that you don't use this command to disable integration
5608// between AWS Organizations and the specified AWS service. Instead, use the
5609// console or commands that are provided by the specified service. This lets
5610// the trusted service perform any required initialization when enabling trusted
5611// access, such as creating any required resources and any required clean up
5612// of resources when disabling trusted access.
5613//
5614// For information about how to disable trusted service access to your organization
5615// using the trusted service, see the Learn more link under the Supports Trusted
5616// Access column at AWS services that you can use with AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
5617// on this page.
5618//
5619// If you disable access by using this command, it causes the following actions
5620// to occur:
5621//
5622//    * The service can no longer create a service-linked role in the accounts
5623//    in your organization. This means that the service can't perform operations
5624//    on your behalf on any new accounts in your organization. The service can
5625//    still perform operations in older accounts until the service completes
5626//    its clean-up from AWS Organizations.
5627//
5628//    * The service can no longer perform tasks in the member accounts in the
5629//    organization, unless those operations are explicitly permitted by the
5630//    IAM policies that are attached to your roles. This includes any data aggregation
5631//    from the member accounts to the management account, or to a delegated
5632//    administrator account, where relevant.
5633//
5634//    * Some services detect this and clean up any remaining data or resources
5635//    related to the integration, while other services stop accessing the organization
5636//    but leave any historical data and configuration in place to support a
5637//    possible re-enabling of the integration.
5638//
5639// Using the other service's console or commands to disable the integration
5640// ensures that the other service is aware that it can clean up any resources
5641// that are required only for the integration. How the service cleans up its
5642// resources in the organization's accounts depends on that service. For more
5643// information, see the documentation for the other AWS service.
5644//
5645// After you perform the DisableAWSServiceAccess operation, the specified service
5646// can no longer perform operations in your organization's accounts
5647//
5648// For more information about integrating other services with AWS Organizations,
5649// including the list of services that work with Organizations, see Integrating
5650// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
5651// in the AWS Organizations User Guide.
5652//
5653// This operation can be called only from the organization's management account.
5654//
5655// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5656// with awserr.Error's Code and Message methods to get detailed information about
5657// the error.
5658//
5659// See the AWS API reference guide for AWS Organizations's
5660// API operation DisableAWSServiceAccess for usage and error information.
5661//
5662// Returned Error Types:
5663//   * AccessDeniedException
5664//   You don't have permissions to perform the requested operation. The user or
5665//   role that is making the request must have at least one IAM permissions policy
5666//   attached that grants the required permissions. For more information, see
5667//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5668//   in the IAM User Guide.
5669//
5670//   * AWSOrganizationsNotInUseException
5671//   Your account isn't a member of an organization. To make this request, you
5672//   must use the credentials of an account that belongs to an organization.
5673//
5674//   * ConcurrentModificationException
5675//   The target of the operation is currently being modified by a different request.
5676//   Try again later.
5677//
5678//   * ConstraintViolationException
5679//   Performing this operation violates a minimum or maximum value limit. For
5680//   example, attempting to remove the last service control policy (SCP) from
5681//   an OU or root, inviting or creating too many accounts to the organization,
5682//   or attaching too many policies to an account, OU, or root. This exception
5683//   includes a reason that contains additional information about the violated
5684//   limit:
5685//
5686//   Some of the reasons in the following list might not be applicable to this
5687//   specific API or operation.
5688//
5689//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
5690//      account from the organization. You can't remove the management account.
5691//      Instead, after you remove all member accounts, delete the organization
5692//      itself.
5693//
5694//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5695//      from the organization that doesn't yet have enough information to exist
5696//      as a standalone account. This account requires you to first agree to the
5697//      AWS Customer Agreement. Follow the steps at Removing a member account
5698//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
5699//      the AWS Organizations User Guide.
5700//
5701//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5702//      an account from the organization that doesn't yet have enough information
5703//      to exist as a standalone account. This account requires you to first complete
5704//      phone verification. Follow the steps at Removing a member account from
5705//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
5706//      in the AWS Organizations User Guide.
5707//
5708//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5709//      of accounts that you can create in one day.
5710//
5711//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5712//      the number of accounts in an organization. If you need more accounts,
5713//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5714//      request an increase in your limit. Or the number of invitations that you
5715//      tried to send would cause you to exceed the limit of accounts in your
5716//      organization. Send fewer invitations or contact AWS Support to request
5717//      an increase in the number of accounts. Deleted and closed accounts still
5718//      count toward your limit. If you get this exception when running a command
5719//      immediately after creating the organization, wait one hour and try again.
5720//      After an hour, if the command continues to fail with this error, contact
5721//      AWS Support (https://console.aws.amazon.com/support/home#/).
5722//
5723//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
5724//      register the management account of the organization as a delegated administrator
5725//      for an AWS service integrated with Organizations. You can designate only
5726//      a member account as a delegated administrator.
5727//
5728//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
5729//      an account that is registered as a delegated administrator for a service
5730//      integrated with your organization. To complete this operation, you must
5731//      first deregister this account as a delegated administrator.
5732//
5733//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
5734//      organization in the specified region, you must enable all features mode.
5735//
5736//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
5737//      an AWS account as a delegated administrator for an AWS service that already
5738//      has a delegated administrator. To complete this operation, you must first
5739//      deregister any existing delegated administrators for this service.
5740//
5741//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
5742//      valid for a limited period of time. You must resubmit the request and
5743//      generate a new verfication code.
5744//
5745//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5746//      handshakes that you can send in one day.
5747//
5748//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5749//      in this organization, you first must migrate the organization's management
5750//      account to the marketplace that corresponds to the management account's
5751//      address. For example, accounts with India addresses must be associated
5752//      with the AISPL marketplace. All accounts in an organization must be associated
5753//      with the same marketplace.
5754//
5755//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
5756//      in China. To create an organization, the master must have a valid business
5757//      license. For more information, contact customer support.
5758//
5759//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5760//      must first provide a valid contact address and phone number for the management
5761//      account. Then try the operation again.
5762//
5763//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5764//      management account must have an associated account in the AWS GovCloud
5765//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5766//      in the AWS GovCloud User Guide.
5767//
5768//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5769//      with this management account, you first must associate a valid payment
5770//      instrument, such as a credit card, with the account. Follow the steps
5771//      at To leave an organization when all required account information has
5772//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5773//      in the AWS Organizations User Guide.
5774//
5775//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
5776//      to register more delegated administrators than allowed for the service
5777//      principal.
5778//
5779//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5780//      number of policies of a certain type that can be attached to an entity
5781//      at one time.
5782//
5783//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5784//      on this resource.
5785//
5786//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5787//      with this member account, you first must associate a valid payment instrument,
5788//      such as a credit card, with the account. Follow the steps at To leave
5789//      an organization when all required account information has not yet been
5790//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5791//      in the AWS Organizations User Guide.
5792//
5793//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5794//      policy from an entity that would cause the entity to have fewer than the
5795//      minimum number of policies of a certain type required.
5796//
5797//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5798//      that requires the organization to be configured to support all features.
5799//      An organization that supports only consolidated billing features can't
5800//      perform this operation.
5801//
5802//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5803//      too many levels deep.
5804//
5805//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5806//      that you can have in an organization.
5807//
5808//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
5809//      is larger than the maximum size.
5810//
5811//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
5812//      policies that you can have in an organization.
5813//
5814//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
5815//      tags that are not compliant with the tag policy requirements for this
5816//      account.
5817//
5818//   * InvalidInputException
5819//   The requested operation failed because you provided invalid values for one
5820//   or more of the request parameters. This exception includes a reason that
5821//   contains additional information about the violated limit:
5822//
5823//   Some of the reasons in the following list might not be applicable to this
5824//   specific API or operation.
5825//
5826//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
5827//      the same entity.
5828//
5829//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5830//      can't be modified.
5831//
5832//      * INPUT_REQUIRED: You must include a value for all required parameters.
5833//
5834//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
5835//      for the invited account owner.
5836//
5837//      * INVALID_ENUM: You specified an invalid value.
5838//
5839//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
5840//
5841//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5842//      characters.
5843//
5844//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5845//      at least one invalid value.
5846//
5847//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5848//      from the response to a previous call of the operation.
5849//
5850//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5851//      organization, or email) as a party.
5852//
5853//      * INVALID_PATTERN: You provided a value that doesn't match the required
5854//      pattern.
5855//
5856//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5857//      match the required pattern.
5858//
5859//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5860//      name can't begin with the reserved prefix AWSServiceRoleFor.
5861//
5862//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5863//      Name (ARN) for the organization.
5864//
5865//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5866//
5867//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5868//      tag. You can’t add, edit, or delete system tag keys because they're
5869//      reserved for AWS use. System tags don’t count against your tags per
5870//      resource limit.
5871//
5872//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5873//      for the operation.
5874//
5875//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5876//      than allowed.
5877//
5878//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5879//      value than allowed.
5880//
5881//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5882//      than allowed.
5883//
5884//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5885//      value than allowed.
5886//
5887//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5888//      between entities in the same root.
5889//
5890//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
5891//      target entity.
5892//
5893//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
5894//      isn't recognized.
5895//
5896//   * ServiceException
5897//   AWS Organizations can't complete your request because of an internal service
5898//   error. Try again later.
5899//
5900//   * TooManyRequestsException
5901//   You have sent too many requests in too short a period of time. The quota
5902//   helps protect against denial-of-service attacks. Try again later.
5903//
5904//   For information about quotas that affect AWS Organizations, see Quotas for
5905//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
5906//   the AWS Organizations User Guide.
5907//
5908//   * UnsupportedAPIEndpointException
5909//   This action isn't available in the current AWS Region.
5910//
5911// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
5912func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) {
5913	req, out := c.DisableAWSServiceAccessRequest(input)
5914	return out, req.Send()
5915}
5916
5917// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of
5918// the ability to pass a context and additional request options.
5919//
5920// See DisableAWSServiceAccess for details on how to use this API operation.
5921//
5922// The context must be non-nil and will be used for request cancellation. If
5923// the context is nil a panic will occur. In the future the SDK may create
5924// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5925// for more information on using Contexts.
5926func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) {
5927	req, out := c.DisableAWSServiceAccessRequest(input)
5928	req.SetContext(ctx)
5929	req.ApplyOptions(opts...)
5930	return out, req.Send()
5931}
5932
5933const opDisablePolicyType = "DisablePolicyType"
5934
5935// DisablePolicyTypeRequest generates a "aws/request.Request" representing the
5936// client's request for the DisablePolicyType operation. The "output" return
5937// value will be populated with the request's response once the request completes
5938// successfully.
5939//
5940// Use "Send" method on the returned Request to send the API call to the service.
5941// the "output" return value is not valid until after Send returns without error.
5942//
5943// See DisablePolicyType for more information on using the DisablePolicyType
5944// API call, and error handling.
5945//
5946// This method is useful when you want to inject custom logic or configuration
5947// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5948//
5949//
5950//    // Example sending a request using the DisablePolicyTypeRequest method.
5951//    req, resp := client.DisablePolicyTypeRequest(params)
5952//
5953//    err := req.Send()
5954//    if err == nil { // resp is now filled
5955//        fmt.Println(resp)
5956//    }
5957//
5958// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
5959func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) {
5960	op := &request.Operation{
5961		Name:       opDisablePolicyType,
5962		HTTPMethod: "POST",
5963		HTTPPath:   "/",
5964	}
5965
5966	if input == nil {
5967		input = &DisablePolicyTypeInput{}
5968	}
5969
5970	output = &DisablePolicyTypeOutput{}
5971	req = c.newRequest(op, input, output)
5972	return
5973}
5974
5975// DisablePolicyType API operation for AWS Organizations.
5976//
5977// Disables an organizational policy type in a root. A policy of a certain type
5978// can be attached to entities in a root only if that type is enabled in the
5979// root. After you perform this operation, you no longer can attach policies
5980// of the specified type to that root or to any organizational unit (OU) or
5981// account in that root. You can undo this by using the EnablePolicyType operation.
5982//
5983// This is an asynchronous request that AWS performs in the background. If you
5984// disable a policy type for a root, it still appears enabled for the organization
5985// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
5986// are enabled for the organization. AWS recommends that you first use ListRoots
5987// to see the status of policy types for a specified root, and then use this
5988// operation.
5989//
5990// This operation can be called only from the organization's management account.
5991//
5992// To view the status of available policy types in the organization, use DescribeOrganization.
5993//
5994// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5995// with awserr.Error's Code and Message methods to get detailed information about
5996// the error.
5997//
5998// See the AWS API reference guide for AWS Organizations's
5999// API operation DisablePolicyType for usage and error information.
6000//
6001// Returned Error Types:
6002//   * AccessDeniedException
6003//   You don't have permissions to perform the requested operation. The user or
6004//   role that is making the request must have at least one IAM permissions policy
6005//   attached that grants the required permissions. For more information, see
6006//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6007//   in the IAM User Guide.
6008//
6009//   * AWSOrganizationsNotInUseException
6010//   Your account isn't a member of an organization. To make this request, you
6011//   must use the credentials of an account that belongs to an organization.
6012//
6013//   * ConcurrentModificationException
6014//   The target of the operation is currently being modified by a different request.
6015//   Try again later.
6016//
6017//   * ConstraintViolationException
6018//   Performing this operation violates a minimum or maximum value limit. For
6019//   example, attempting to remove the last service control policy (SCP) from
6020//   an OU or root, inviting or creating too many accounts to the organization,
6021//   or attaching too many policies to an account, OU, or root. This exception
6022//   includes a reason that contains additional information about the violated
6023//   limit:
6024//
6025//   Some of the reasons in the following list might not be applicable to this
6026//   specific API or operation.
6027//
6028//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
6029//      account from the organization. You can't remove the management account.
6030//      Instead, after you remove all member accounts, delete the organization
6031//      itself.
6032//
6033//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6034//      from the organization that doesn't yet have enough information to exist
6035//      as a standalone account. This account requires you to first agree to the
6036//      AWS Customer Agreement. Follow the steps at Removing a member account
6037//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
6038//      the AWS Organizations User Guide.
6039//
6040//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6041//      an account from the organization that doesn't yet have enough information
6042//      to exist as a standalone account. This account requires you to first complete
6043//      phone verification. Follow the steps at Removing a member account from
6044//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
6045//      in the AWS Organizations User Guide.
6046//
6047//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6048//      of accounts that you can create in one day.
6049//
6050//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6051//      the number of accounts in an organization. If you need more accounts,
6052//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6053//      request an increase in your limit. Or the number of invitations that you
6054//      tried to send would cause you to exceed the limit of accounts in your
6055//      organization. Send fewer invitations or contact AWS Support to request
6056//      an increase in the number of accounts. Deleted and closed accounts still
6057//      count toward your limit. If you get this exception when running a command
6058//      immediately after creating the organization, wait one hour and try again.
6059//      After an hour, if the command continues to fail with this error, contact
6060//      AWS Support (https://console.aws.amazon.com/support/home#/).
6061//
6062//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
6063//      register the management account of the organization as a delegated administrator
6064//      for an AWS service integrated with Organizations. You can designate only
6065//      a member account as a delegated administrator.
6066//
6067//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
6068//      an account that is registered as a delegated administrator for a service
6069//      integrated with your organization. To complete this operation, you must
6070//      first deregister this account as a delegated administrator.
6071//
6072//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
6073//      organization in the specified region, you must enable all features mode.
6074//
6075//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
6076//      an AWS account as a delegated administrator for an AWS service that already
6077//      has a delegated administrator. To complete this operation, you must first
6078//      deregister any existing delegated administrators for this service.
6079//
6080//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
6081//      valid for a limited period of time. You must resubmit the request and
6082//      generate a new verfication code.
6083//
6084//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6085//      handshakes that you can send in one day.
6086//
6087//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6088//      in this organization, you first must migrate the organization's management
6089//      account to the marketplace that corresponds to the management account's
6090//      address. For example, accounts with India addresses must be associated
6091//      with the AISPL marketplace. All accounts in an organization must be associated
6092//      with the same marketplace.
6093//
6094//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
6095//      in China. To create an organization, the master must have a valid business
6096//      license. For more information, contact customer support.
6097//
6098//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6099//      must first provide a valid contact address and phone number for the management
6100//      account. Then try the operation again.
6101//
6102//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6103//      management account must have an associated account in the AWS GovCloud
6104//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6105//      in the AWS GovCloud User Guide.
6106//
6107//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6108//      with this management account, you first must associate a valid payment
6109//      instrument, such as a credit card, with the account. Follow the steps
6110//      at To leave an organization when all required account information has
6111//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6112//      in the AWS Organizations User Guide.
6113//
6114//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
6115//      to register more delegated administrators than allowed for the service
6116//      principal.
6117//
6118//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6119//      number of policies of a certain type that can be attached to an entity
6120//      at one time.
6121//
6122//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6123//      on this resource.
6124//
6125//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6126//      with this member account, you first must associate a valid payment instrument,
6127//      such as a credit card, with the account. Follow the steps at To leave
6128//      an organization when all required account information has not yet been
6129//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6130//      in the AWS Organizations User Guide.
6131//
6132//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6133//      policy from an entity that would cause the entity to have fewer than the
6134//      minimum number of policies of a certain type required.
6135//
6136//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6137//      that requires the organization to be configured to support all features.
6138//      An organization that supports only consolidated billing features can't
6139//      perform this operation.
6140//
6141//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6142//      too many levels deep.
6143//
6144//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6145//      that you can have in an organization.
6146//
6147//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
6148//      is larger than the maximum size.
6149//
6150//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
6151//      policies that you can have in an organization.
6152//
6153//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
6154//      tags that are not compliant with the tag policy requirements for this
6155//      account.
6156//
6157//   * InvalidInputException
6158//   The requested operation failed because you provided invalid values for one
6159//   or more of the request parameters. This exception includes a reason that
6160//   contains additional information about the violated limit:
6161//
6162//   Some of the reasons in the following list might not be applicable to this
6163//   specific API or operation.
6164//
6165//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
6166//      the same entity.
6167//
6168//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6169//      can't be modified.
6170//
6171//      * INPUT_REQUIRED: You must include a value for all required parameters.
6172//
6173//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
6174//      for the invited account owner.
6175//
6176//      * INVALID_ENUM: You specified an invalid value.
6177//
6178//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
6179//
6180//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6181//      characters.
6182//
6183//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6184//      at least one invalid value.
6185//
6186//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6187//      from the response to a previous call of the operation.
6188//
6189//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6190//      organization, or email) as a party.
6191//
6192//      * INVALID_PATTERN: You provided a value that doesn't match the required
6193//      pattern.
6194//
6195//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6196//      match the required pattern.
6197//
6198//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6199//      name can't begin with the reserved prefix AWSServiceRoleFor.
6200//
6201//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6202//      Name (ARN) for the organization.
6203//
6204//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6205//
6206//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6207//      tag. You can’t add, edit, or delete system tag keys because they're
6208//      reserved for AWS use. System tags don’t count against your tags per
6209//      resource limit.
6210//
6211//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6212//      for the operation.
6213//
6214//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6215//      than allowed.
6216//
6217//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6218//      value than allowed.
6219//
6220//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6221//      than allowed.
6222//
6223//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6224//      value than allowed.
6225//
6226//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6227//      between entities in the same root.
6228//
6229//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
6230//      target entity.
6231//
6232//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
6233//      isn't recognized.
6234//
6235//   * PolicyTypeNotEnabledException
6236//   The specified policy type isn't currently enabled in this root. You can't
6237//   attach policies of the specified type to entities in a root until you enable
6238//   that type in the root. For more information, see Enabling All Features in
6239//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
6240//   in the AWS Organizations User Guide.
6241//
6242//   * RootNotFoundException
6243//   We can't find a root with the RootId that you specified.
6244//
6245//   * ServiceException
6246//   AWS Organizations can't complete your request because of an internal service
6247//   error. Try again later.
6248//
6249//   * TooManyRequestsException
6250//   You have sent too many requests in too short a period of time. The quota
6251//   helps protect against denial-of-service attacks. Try again later.
6252//
6253//   For information about quotas that affect AWS Organizations, see Quotas for
6254//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6255//   the AWS Organizations User Guide.
6256//
6257//   * UnsupportedAPIEndpointException
6258//   This action isn't available in the current AWS Region.
6259//
6260//   * PolicyChangesInProgressException
6261//   Changes to the effective policy are in progress, and its contents can't be
6262//   returned. Try the operation again later.
6263//
6264// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
6265func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) {
6266	req, out := c.DisablePolicyTypeRequest(input)
6267	return out, req.Send()
6268}
6269
6270// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of
6271// the ability to pass a context and additional request options.
6272//
6273// See DisablePolicyType for details on how to use this API operation.
6274//
6275// The context must be non-nil and will be used for request cancellation. If
6276// the context is nil a panic will occur. In the future the SDK may create
6277// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6278// for more information on using Contexts.
6279func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) {
6280	req, out := c.DisablePolicyTypeRequest(input)
6281	req.SetContext(ctx)
6282	req.ApplyOptions(opts...)
6283	return out, req.Send()
6284}
6285
6286const opEnableAWSServiceAccess = "EnableAWSServiceAccess"
6287
6288// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the
6289// client's request for the EnableAWSServiceAccess operation. The "output" return
6290// value will be populated with the request's response once the request completes
6291// successfully.
6292//
6293// Use "Send" method on the returned Request to send the API call to the service.
6294// the "output" return value is not valid until after Send returns without error.
6295//
6296// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess
6297// API call, and error handling.
6298//
6299// This method is useful when you want to inject custom logic or configuration
6300// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6301//
6302//
6303//    // Example sending a request using the EnableAWSServiceAccessRequest method.
6304//    req, resp := client.EnableAWSServiceAccessRequest(params)
6305//
6306//    err := req.Send()
6307//    if err == nil { // resp is now filled
6308//        fmt.Println(resp)
6309//    }
6310//
6311// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
6312func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) {
6313	op := &request.Operation{
6314		Name:       opEnableAWSServiceAccess,
6315		HTTPMethod: "POST",
6316		HTTPPath:   "/",
6317	}
6318
6319	if input == nil {
6320		input = &EnableAWSServiceAccessInput{}
6321	}
6322
6323	output = &EnableAWSServiceAccessOutput{}
6324	req = c.newRequest(op, input, output)
6325	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
6326	return
6327}
6328
6329// EnableAWSServiceAccess API operation for AWS Organizations.
6330//
6331// Enables the integration of an AWS service (the service that is specified
6332// by ServicePrincipal) with AWS Organizations. When you enable integration,
6333// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
6334// in all the accounts in your organization. This allows the service to perform
6335// operations on your behalf in your organization and its accounts.
6336//
6337// We recommend that you enable integration between AWS Organizations and the
6338// specified AWS service by using the console or commands that are provided
6339// by the specified service. Doing so ensures that the service is aware that
6340// it can create the resources that are required for the integration. How the
6341// service creates those resources in the organization's accounts depends on
6342// that service. For more information, see the documentation for the other AWS
6343// service.
6344//
6345// For more information about enabling services to integrate with AWS Organizations,
6346// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
6347// in the AWS Organizations User Guide.
6348//
6349// This operation can be called only from the organization's management account
6350// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
6351//
6352// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6353// with awserr.Error's Code and Message methods to get detailed information about
6354// the error.
6355//
6356// See the AWS API reference guide for AWS Organizations's
6357// API operation EnableAWSServiceAccess for usage and error information.
6358//
6359// Returned Error Types:
6360//   * AccessDeniedException
6361//   You don't have permissions to perform the requested operation. The user or
6362//   role that is making the request must have at least one IAM permissions policy
6363//   attached that grants the required permissions. For more information, see
6364//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6365//   in the IAM User Guide.
6366//
6367//   * AWSOrganizationsNotInUseException
6368//   Your account isn't a member of an organization. To make this request, you
6369//   must use the credentials of an account that belongs to an organization.
6370//
6371//   * ConcurrentModificationException
6372//   The target of the operation is currently being modified by a different request.
6373//   Try again later.
6374//
6375//   * ConstraintViolationException
6376//   Performing this operation violates a minimum or maximum value limit. For
6377//   example, attempting to remove the last service control policy (SCP) from
6378//   an OU or root, inviting or creating too many accounts to the organization,
6379//   or attaching too many policies to an account, OU, or root. This exception
6380//   includes a reason that contains additional information about the violated
6381//   limit:
6382//
6383//   Some of the reasons in the following list might not be applicable to this
6384//   specific API or operation.
6385//
6386//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
6387//      account from the organization. You can't remove the management account.
6388//      Instead, after you remove all member accounts, delete the organization
6389//      itself.
6390//
6391//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6392//      from the organization that doesn't yet have enough information to exist
6393//      as a standalone account. This account requires you to first agree to the
6394//      AWS Customer Agreement. Follow the steps at Removing a member account
6395//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
6396//      the AWS Organizations User Guide.
6397//
6398//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6399//      an account from the organization that doesn't yet have enough information
6400//      to exist as a standalone account. This account requires you to first complete
6401//      phone verification. Follow the steps at Removing a member account from
6402//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
6403//      in the AWS Organizations User Guide.
6404//
6405//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6406//      of accounts that you can create in one day.
6407//
6408//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6409//      the number of accounts in an organization. If you need more accounts,
6410//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6411//      request an increase in your limit. Or the number of invitations that you
6412//      tried to send would cause you to exceed the limit of accounts in your
6413//      organization. Send fewer invitations or contact AWS Support to request
6414//      an increase in the number of accounts. Deleted and closed accounts still
6415//      count toward your limit. If you get this exception when running a command
6416//      immediately after creating the organization, wait one hour and try again.
6417//      After an hour, if the command continues to fail with this error, contact
6418//      AWS Support (https://console.aws.amazon.com/support/home#/).
6419//
6420//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
6421//      register the management account of the organization as a delegated administrator
6422//      for an AWS service integrated with Organizations. You can designate only
6423//      a member account as a delegated administrator.
6424//
6425//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
6426//      an account that is registered as a delegated administrator for a service
6427//      integrated with your organization. To complete this operation, you must
6428//      first deregister this account as a delegated administrator.
6429//
6430//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
6431//      organization in the specified region, you must enable all features mode.
6432//
6433//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
6434//      an AWS account as a delegated administrator for an AWS service that already
6435//      has a delegated administrator. To complete this operation, you must first
6436//      deregister any existing delegated administrators for this service.
6437//
6438//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
6439//      valid for a limited period of time. You must resubmit the request and
6440//      generate a new verfication code.
6441//
6442//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6443//      handshakes that you can send in one day.
6444//
6445//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6446//      in this organization, you first must migrate the organization's management
6447//      account to the marketplace that corresponds to the management account's
6448//      address. For example, accounts with India addresses must be associated
6449//      with the AISPL marketplace. All accounts in an organization must be associated
6450//      with the same marketplace.
6451//
6452//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
6453//      in China. To create an organization, the master must have a valid business
6454//      license. For more information, contact customer support.
6455//
6456//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6457//      must first provide a valid contact address and phone number for the management
6458//      account. Then try the operation again.
6459//
6460//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6461//      management account must have an associated account in the AWS GovCloud
6462//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6463//      in the AWS GovCloud User Guide.
6464//
6465//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6466//      with this management account, you first must associate a valid payment
6467//      instrument, such as a credit card, with the account. Follow the steps
6468//      at To leave an organization when all required account information has
6469//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6470//      in the AWS Organizations User Guide.
6471//
6472//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
6473//      to register more delegated administrators than allowed for the service
6474//      principal.
6475//
6476//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6477//      number of policies of a certain type that can be attached to an entity
6478//      at one time.
6479//
6480//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6481//      on this resource.
6482//
6483//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6484//      with this member account, you first must associate a valid payment instrument,
6485//      such as a credit card, with the account. Follow the steps at To leave
6486//      an organization when all required account information has not yet been
6487//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6488//      in the AWS Organizations User Guide.
6489//
6490//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6491//      policy from an entity that would cause the entity to have fewer than the
6492//      minimum number of policies of a certain type required.
6493//
6494//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6495//      that requires the organization to be configured to support all features.
6496//      An organization that supports only consolidated billing features can't
6497//      perform this operation.
6498//
6499//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6500//      too many levels deep.
6501//
6502//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6503//      that you can have in an organization.
6504//
6505//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
6506//      is larger than the maximum size.
6507//
6508//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
6509//      policies that you can have in an organization.
6510//
6511//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
6512//      tags that are not compliant with the tag policy requirements for this
6513//      account.
6514//
6515//   * InvalidInputException
6516//   The requested operation failed because you provided invalid values for one
6517//   or more of the request parameters. This exception includes a reason that
6518//   contains additional information about the violated limit:
6519//
6520//   Some of the reasons in the following list might not be applicable to this
6521//   specific API or operation.
6522//
6523//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
6524//      the same entity.
6525//
6526//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6527//      can't be modified.
6528//
6529//      * INPUT_REQUIRED: You must include a value for all required parameters.
6530//
6531//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
6532//      for the invited account owner.
6533//
6534//      * INVALID_ENUM: You specified an invalid value.
6535//
6536//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
6537//
6538//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6539//      characters.
6540//
6541//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6542//      at least one invalid value.
6543//
6544//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6545//      from the response to a previous call of the operation.
6546//
6547//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6548//      organization, or email) as a party.
6549//
6550//      * INVALID_PATTERN: You provided a value that doesn't match the required
6551//      pattern.
6552//
6553//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6554//      match the required pattern.
6555//
6556//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6557//      name can't begin with the reserved prefix AWSServiceRoleFor.
6558//
6559//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6560//      Name (ARN) for the organization.
6561//
6562//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6563//
6564//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6565//      tag. You can’t add, edit, or delete system tag keys because they're
6566//      reserved for AWS use. System tags don’t count against your tags per
6567//      resource limit.
6568//
6569//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6570//      for the operation.
6571//
6572//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6573//      than allowed.
6574//
6575//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6576//      value than allowed.
6577//
6578//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6579//      than allowed.
6580//
6581//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6582//      value than allowed.
6583//
6584//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6585//      between entities in the same root.
6586//
6587//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
6588//      target entity.
6589//
6590//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
6591//      isn't recognized.
6592//
6593//   * ServiceException
6594//   AWS Organizations can't complete your request because of an internal service
6595//   error. Try again later.
6596//
6597//   * TooManyRequestsException
6598//   You have sent too many requests in too short a period of time. The quota
6599//   helps protect against denial-of-service attacks. Try again later.
6600//
6601//   For information about quotas that affect AWS Organizations, see Quotas for
6602//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6603//   the AWS Organizations User Guide.
6604//
6605//   * UnsupportedAPIEndpointException
6606//   This action isn't available in the current AWS Region.
6607//
6608// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
6609func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) {
6610	req, out := c.EnableAWSServiceAccessRequest(input)
6611	return out, req.Send()
6612}
6613
6614// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of
6615// the ability to pass a context and additional request options.
6616//
6617// See EnableAWSServiceAccess for details on how to use this API operation.
6618//
6619// The context must be non-nil and will be used for request cancellation. If
6620// the context is nil a panic will occur. In the future the SDK may create
6621// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6622// for more information on using Contexts.
6623func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) {
6624	req, out := c.EnableAWSServiceAccessRequest(input)
6625	req.SetContext(ctx)
6626	req.ApplyOptions(opts...)
6627	return out, req.Send()
6628}
6629
6630const opEnableAllFeatures = "EnableAllFeatures"
6631
6632// EnableAllFeaturesRequest generates a "aws/request.Request" representing the
6633// client's request for the EnableAllFeatures operation. The "output" return
6634// value will be populated with the request's response once the request completes
6635// successfully.
6636//
6637// Use "Send" method on the returned Request to send the API call to the service.
6638// the "output" return value is not valid until after Send returns without error.
6639//
6640// See EnableAllFeatures for more information on using the EnableAllFeatures
6641// API call, and error handling.
6642//
6643// This method is useful when you want to inject custom logic or configuration
6644// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6645//
6646//
6647//    // Example sending a request using the EnableAllFeaturesRequest method.
6648//    req, resp := client.EnableAllFeaturesRequest(params)
6649//
6650//    err := req.Send()
6651//    if err == nil { // resp is now filled
6652//        fmt.Println(resp)
6653//    }
6654//
6655// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
6656func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) {
6657	op := &request.Operation{
6658		Name:       opEnableAllFeatures,
6659		HTTPMethod: "POST",
6660		HTTPPath:   "/",
6661	}
6662
6663	if input == nil {
6664		input = &EnableAllFeaturesInput{}
6665	}
6666
6667	output = &EnableAllFeaturesOutput{}
6668	req = c.newRequest(op, input, output)
6669	return
6670}
6671
6672// EnableAllFeatures API operation for AWS Organizations.
6673//
6674// Enables all features in an organization. This enables the use of organization
6675// policies that can restrict the services and actions that can be called in
6676// each account. Until you enable all features, you have access only to consolidated
6677// billing, and you can't use any of the advanced account administration features
6678// that AWS Organizations supports. For more information, see Enabling All Features
6679// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
6680// in the AWS Organizations User Guide.
6681//
6682// This operation is required only for organizations that were created explicitly
6683// with only the consolidated billing features enabled. Calling this operation
6684// sends a handshake to every invited account in the organization. The feature
6685// set change can be finalized and the additional features enabled only after
6686// all administrators in the invited accounts approve the change by accepting
6687// the handshake.
6688//
6689// After you enable all features, you can separately enable or disable individual
6690// policy types in a root using EnablePolicyType and DisablePolicyType. To see
6691// the status of policy types in a root, use ListRoots.
6692//
6693// After all invited member accounts accept the handshake, you finalize the
6694// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
6695// This completes the change.
6696//
6697// After you enable all features in your organization, the management account
6698// in the organization can apply policies on all member accounts. These policies
6699// can restrict what users and even administrators in those accounts can do.
6700// The management account can apply policies that prevent accounts from leaving
6701// the organization. Ensure that your account administrators are aware of this.
6702//
6703// This operation can be called only from the organization's management account.
6704//
6705// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6706// with awserr.Error's Code and Message methods to get detailed information about
6707// the error.
6708//
6709// See the AWS API reference guide for AWS Organizations's
6710// API operation EnableAllFeatures for usage and error information.
6711//
6712// Returned Error Types:
6713//   * AccessDeniedException
6714//   You don't have permissions to perform the requested operation. The user or
6715//   role that is making the request must have at least one IAM permissions policy
6716//   attached that grants the required permissions. For more information, see
6717//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6718//   in the IAM User Guide.
6719//
6720//   * AWSOrganizationsNotInUseException
6721//   Your account isn't a member of an organization. To make this request, you
6722//   must use the credentials of an account that belongs to an organization.
6723//
6724//   * ConcurrentModificationException
6725//   The target of the operation is currently being modified by a different request.
6726//   Try again later.
6727//
6728//   * HandshakeConstraintViolationException
6729//   The requested operation would violate the constraint identified in the reason
6730//   code.
6731//
6732//   Some of the reasons in the following list might not be applicable to this
6733//   specific API or operation:
6734//
6735//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6736//      the number of accounts in an organization. Note that deleted and closed
6737//      accounts still count toward your limit. If you get this exception immediately
6738//      after creating the organization, wait one hour and try again. If after
6739//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6740//
6741//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
6742//      the invited account is already a member of an organization.
6743//
6744//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6745//      handshakes that you can send in one day.
6746//
6747//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
6748//      to join an organization while it's in the process of enabling all features.
6749//      You can resume inviting accounts after you finalize the process when all
6750//      accounts have agreed to the change.
6751//
6752//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
6753//      because the organization has already enabled all features.
6754//
6755//      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
6756//      request is invalid because the organization has already started the process
6757//      to enable all features.
6758//
6759//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
6760//      the account is from a different marketplace than the accounts in the organization.
6761//      For example, accounts with India addresses must be associated with the
6762//      AISPL marketplace. All accounts in an organization must be from the same
6763//      marketplace.
6764//
6765//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
6766//      change the membership of an account too quickly after its previous change.
6767//
6768//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
6769//      account that doesn't have a payment instrument, such as a credit card,
6770//      associated with it.
6771//
6772//   * InvalidInputException
6773//   The requested operation failed because you provided invalid values for one
6774//   or more of the request parameters. This exception includes a reason that
6775//   contains additional information about the violated limit:
6776//
6777//   Some of the reasons in the following list might not be applicable to this
6778//   specific API or operation.
6779//
6780//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
6781//      the same entity.
6782//
6783//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6784//      can't be modified.
6785//
6786//      * INPUT_REQUIRED: You must include a value for all required parameters.
6787//
6788//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
6789//      for the invited account owner.
6790//
6791//      * INVALID_ENUM: You specified an invalid value.
6792//
6793//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
6794//
6795//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6796//      characters.
6797//
6798//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6799//      at least one invalid value.
6800//
6801//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6802//      from the response to a previous call of the operation.
6803//
6804//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6805//      organization, or email) as a party.
6806//
6807//      * INVALID_PATTERN: You provided a value that doesn't match the required
6808//      pattern.
6809//
6810//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6811//      match the required pattern.
6812//
6813//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6814//      name can't begin with the reserved prefix AWSServiceRoleFor.
6815//
6816//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6817//      Name (ARN) for the organization.
6818//
6819//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6820//
6821//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6822//      tag. You can’t add, edit, or delete system tag keys because they're
6823//      reserved for AWS use. System tags don’t count against your tags per
6824//      resource limit.
6825//
6826//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6827//      for the operation.
6828//
6829//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6830//      than allowed.
6831//
6832//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6833//      value than allowed.
6834//
6835//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6836//      than allowed.
6837//
6838//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6839//      value than allowed.
6840//
6841//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6842//      between entities in the same root.
6843//
6844//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
6845//      target entity.
6846//
6847//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
6848//      isn't recognized.
6849//
6850//   * ServiceException
6851//   AWS Organizations can't complete your request because of an internal service
6852//   error. Try again later.
6853//
6854//   * TooManyRequestsException
6855//   You have sent too many requests in too short a period of time. The quota
6856//   helps protect against denial-of-service attacks. Try again later.
6857//
6858//   For information about quotas that affect AWS Organizations, see Quotas for
6859//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
6860//   the AWS Organizations User Guide.
6861//
6862// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
6863func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) {
6864	req, out := c.EnableAllFeaturesRequest(input)
6865	return out, req.Send()
6866}
6867
6868// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of
6869// the ability to pass a context and additional request options.
6870//
6871// See EnableAllFeatures for details on how to use this API operation.
6872//
6873// The context must be non-nil and will be used for request cancellation. If
6874// the context is nil a panic will occur. In the future the SDK may create
6875// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6876// for more information on using Contexts.
6877func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) {
6878	req, out := c.EnableAllFeaturesRequest(input)
6879	req.SetContext(ctx)
6880	req.ApplyOptions(opts...)
6881	return out, req.Send()
6882}
6883
6884const opEnablePolicyType = "EnablePolicyType"
6885
6886// EnablePolicyTypeRequest generates a "aws/request.Request" representing the
6887// client's request for the EnablePolicyType operation. The "output" return
6888// value will be populated with the request's response once the request completes
6889// successfully.
6890//
6891// Use "Send" method on the returned Request to send the API call to the service.
6892// the "output" return value is not valid until after Send returns without error.
6893//
6894// See EnablePolicyType for more information on using the EnablePolicyType
6895// API call, and error handling.
6896//
6897// This method is useful when you want to inject custom logic or configuration
6898// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6899//
6900//
6901//    // Example sending a request using the EnablePolicyTypeRequest method.
6902//    req, resp := client.EnablePolicyTypeRequest(params)
6903//
6904//    err := req.Send()
6905//    if err == nil { // resp is now filled
6906//        fmt.Println(resp)
6907//    }
6908//
6909// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
6910func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) {
6911	op := &request.Operation{
6912		Name:       opEnablePolicyType,
6913		HTTPMethod: "POST",
6914		HTTPPath:   "/",
6915	}
6916
6917	if input == nil {
6918		input = &EnablePolicyTypeInput{}
6919	}
6920
6921	output = &EnablePolicyTypeOutput{}
6922	req = c.newRequest(op, input, output)
6923	return
6924}
6925
6926// EnablePolicyType API operation for AWS Organizations.
6927//
6928// Enables a policy type in a root. After you enable a policy type in a root,
6929// you can attach policies of that type to the root, any organizational unit
6930// (OU), or account in that root. You can undo this by using the DisablePolicyType
6931// operation.
6932//
6933// This is an asynchronous request that AWS performs in the background. AWS
6934// recommends that you first use ListRoots to see the status of policy types
6935// for a specified root, and then use this operation.
6936//
6937// This operation can be called only from the organization's management account.
6938//
6939// You can enable a policy type in a root only if that policy type is available
6940// in the organization. To view the status of available policy types in the
6941// organization, use DescribeOrganization.
6942//
6943// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6944// with awserr.Error's Code and Message methods to get detailed information about
6945// the error.
6946//
6947// See the AWS API reference guide for AWS Organizations's
6948// API operation EnablePolicyType for usage and error information.
6949//
6950// Returned Error Types:
6951//   * AccessDeniedException
6952//   You don't have permissions to perform the requested operation. The user or
6953//   role that is making the request must have at least one IAM permissions policy
6954//   attached that grants the required permissions. For more information, see
6955//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6956//   in the IAM User Guide.
6957//
6958//   * AWSOrganizationsNotInUseException
6959//   Your account isn't a member of an organization. To make this request, you
6960//   must use the credentials of an account that belongs to an organization.
6961//
6962//   * ConcurrentModificationException
6963//   The target of the operation is currently being modified by a different request.
6964//   Try again later.
6965//
6966//   * ConstraintViolationException
6967//   Performing this operation violates a minimum or maximum value limit. For
6968//   example, attempting to remove the last service control policy (SCP) from
6969//   an OU or root, inviting or creating too many accounts to the organization,
6970//   or attaching too many policies to an account, OU, or root. This exception
6971//   includes a reason that contains additional information about the violated
6972//   limit:
6973//
6974//   Some of the reasons in the following list might not be applicable to this
6975//   specific API or operation.
6976//
6977//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
6978//      account from the organization. You can't remove the management account.
6979//      Instead, after you remove all member accounts, delete the organization
6980//      itself.
6981//
6982//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6983//      from the organization that doesn't yet have enough information to exist
6984//      as a standalone account. This account requires you to first agree to the
6985//      AWS Customer Agreement. Follow the steps at Removing a member account
6986//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
6987//      the AWS Organizations User Guide.
6988//
6989//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6990//      an account from the organization that doesn't yet have enough information
6991//      to exist as a standalone account. This account requires you to first complete
6992//      phone verification. Follow the steps at Removing a member account from
6993//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
6994//      in the AWS Organizations User Guide.
6995//
6996//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6997//      of accounts that you can create in one day.
6998//
6999//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7000//      the number of accounts in an organization. If you need more accounts,
7001//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
7002//      request an increase in your limit. Or the number of invitations that you
7003//      tried to send would cause you to exceed the limit of accounts in your
7004//      organization. Send fewer invitations or contact AWS Support to request
7005//      an increase in the number of accounts. Deleted and closed accounts still
7006//      count toward your limit. If you get this exception when running a command
7007//      immediately after creating the organization, wait one hour and try again.
7008//      After an hour, if the command continues to fail with this error, contact
7009//      AWS Support (https://console.aws.amazon.com/support/home#/).
7010//
7011//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
7012//      register the management account of the organization as a delegated administrator
7013//      for an AWS service integrated with Organizations. You can designate only
7014//      a member account as a delegated administrator.
7015//
7016//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
7017//      an account that is registered as a delegated administrator for a service
7018//      integrated with your organization. To complete this operation, you must
7019//      first deregister this account as a delegated administrator.
7020//
7021//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
7022//      organization in the specified region, you must enable all features mode.
7023//
7024//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
7025//      an AWS account as a delegated administrator for an AWS service that already
7026//      has a delegated administrator. To complete this operation, you must first
7027//      deregister any existing delegated administrators for this service.
7028//
7029//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
7030//      valid for a limited period of time. You must resubmit the request and
7031//      generate a new verfication code.
7032//
7033//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7034//      handshakes that you can send in one day.
7035//
7036//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
7037//      in this organization, you first must migrate the organization's management
7038//      account to the marketplace that corresponds to the management account's
7039//      address. For example, accounts with India addresses must be associated
7040//      with the AISPL marketplace. All accounts in an organization must be associated
7041//      with the same marketplace.
7042//
7043//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
7044//      in China. To create an organization, the master must have a valid business
7045//      license. For more information, contact customer support.
7046//
7047//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
7048//      must first provide a valid contact address and phone number for the management
7049//      account. Then try the operation again.
7050//
7051//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
7052//      management account must have an associated account in the AWS GovCloud
7053//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
7054//      in the AWS GovCloud User Guide.
7055//
7056//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
7057//      with this management account, you first must associate a valid payment
7058//      instrument, such as a credit card, with the account. Follow the steps
7059//      at To leave an organization when all required account information has
7060//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7061//      in the AWS Organizations User Guide.
7062//
7063//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
7064//      to register more delegated administrators than allowed for the service
7065//      principal.
7066//
7067//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
7068//      number of policies of a certain type that can be attached to an entity
7069//      at one time.
7070//
7071//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
7072//      on this resource.
7073//
7074//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
7075//      with this member account, you first must associate a valid payment instrument,
7076//      such as a credit card, with the account. Follow the steps at To leave
7077//      an organization when all required account information has not yet been
7078//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7079//      in the AWS Organizations User Guide.
7080//
7081//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
7082//      policy from an entity that would cause the entity to have fewer than the
7083//      minimum number of policies of a certain type required.
7084//
7085//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
7086//      that requires the organization to be configured to support all features.
7087//      An organization that supports only consolidated billing features can't
7088//      perform this operation.
7089//
7090//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
7091//      too many levels deep.
7092//
7093//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
7094//      that you can have in an organization.
7095//
7096//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
7097//      is larger than the maximum size.
7098//
7099//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
7100//      policies that you can have in an organization.
7101//
7102//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
7103//      tags that are not compliant with the tag policy requirements for this
7104//      account.
7105//
7106//   * InvalidInputException
7107//   The requested operation failed because you provided invalid values for one
7108//   or more of the request parameters. This exception includes a reason that
7109//   contains additional information about the violated limit:
7110//
7111//   Some of the reasons in the following list might not be applicable to this
7112//   specific API or operation.
7113//
7114//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
7115//      the same entity.
7116//
7117//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7118//      can't be modified.
7119//
7120//      * INPUT_REQUIRED: You must include a value for all required parameters.
7121//
7122//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
7123//      for the invited account owner.
7124//
7125//      * INVALID_ENUM: You specified an invalid value.
7126//
7127//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
7128//
7129//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7130//      characters.
7131//
7132//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7133//      at least one invalid value.
7134//
7135//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7136//      from the response to a previous call of the operation.
7137//
7138//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7139//      organization, or email) as a party.
7140//
7141//      * INVALID_PATTERN: You provided a value that doesn't match the required
7142//      pattern.
7143//
7144//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7145//      match the required pattern.
7146//
7147//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7148//      name can't begin with the reserved prefix AWSServiceRoleFor.
7149//
7150//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7151//      Name (ARN) for the organization.
7152//
7153//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7154//
7155//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7156//      tag. You can’t add, edit, or delete system tag keys because they're
7157//      reserved for AWS use. System tags don’t count against your tags per
7158//      resource limit.
7159//
7160//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7161//      for the operation.
7162//
7163//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7164//      than allowed.
7165//
7166//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7167//      value than allowed.
7168//
7169//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7170//      than allowed.
7171//
7172//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7173//      value than allowed.
7174//
7175//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7176//      between entities in the same root.
7177//
7178//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
7179//      target entity.
7180//
7181//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
7182//      isn't recognized.
7183//
7184//   * PolicyTypeAlreadyEnabledException
7185//   The specified policy type is already enabled in the specified root.
7186//
7187//   * RootNotFoundException
7188//   We can't find a root with the RootId that you specified.
7189//
7190//   * ServiceException
7191//   AWS Organizations can't complete your request because of an internal service
7192//   error. Try again later.
7193//
7194//   * TooManyRequestsException
7195//   You have sent too many requests in too short a period of time. The quota
7196//   helps protect against denial-of-service attacks. Try again later.
7197//
7198//   For information about quotas that affect AWS Organizations, see Quotas for
7199//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7200//   the AWS Organizations User Guide.
7201//
7202//   * PolicyTypeNotAvailableForOrganizationException
7203//   You can't use the specified policy type with the feature set currently enabled
7204//   for this organization. For example, you can enable SCPs only after you enable
7205//   all features in the organization. For more information, see Managing AWS
7206//   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
7207//   the AWS Organizations User Guide.
7208//
7209//   * UnsupportedAPIEndpointException
7210//   This action isn't available in the current AWS Region.
7211//
7212//   * PolicyChangesInProgressException
7213//   Changes to the effective policy are in progress, and its contents can't be
7214//   returned. Try the operation again later.
7215//
7216// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
7217func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) {
7218	req, out := c.EnablePolicyTypeRequest(input)
7219	return out, req.Send()
7220}
7221
7222// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of
7223// the ability to pass a context and additional request options.
7224//
7225// See EnablePolicyType for details on how to use this API operation.
7226//
7227// The context must be non-nil and will be used for request cancellation. If
7228// the context is nil a panic will occur. In the future the SDK may create
7229// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7230// for more information on using Contexts.
7231func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) {
7232	req, out := c.EnablePolicyTypeRequest(input)
7233	req.SetContext(ctx)
7234	req.ApplyOptions(opts...)
7235	return out, req.Send()
7236}
7237
7238const opInviteAccountToOrganization = "InviteAccountToOrganization"
7239
7240// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the
7241// client's request for the InviteAccountToOrganization operation. The "output" return
7242// value will be populated with the request's response once the request completes
7243// successfully.
7244//
7245// Use "Send" method on the returned Request to send the API call to the service.
7246// the "output" return value is not valid until after Send returns without error.
7247//
7248// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization
7249// API call, and error handling.
7250//
7251// This method is useful when you want to inject custom logic or configuration
7252// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7253//
7254//
7255//    // Example sending a request using the InviteAccountToOrganizationRequest method.
7256//    req, resp := client.InviteAccountToOrganizationRequest(params)
7257//
7258//    err := req.Send()
7259//    if err == nil { // resp is now filled
7260//        fmt.Println(resp)
7261//    }
7262//
7263// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
7264func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) {
7265	op := &request.Operation{
7266		Name:       opInviteAccountToOrganization,
7267		HTTPMethod: "POST",
7268		HTTPPath:   "/",
7269	}
7270
7271	if input == nil {
7272		input = &InviteAccountToOrganizationInput{}
7273	}
7274
7275	output = &InviteAccountToOrganizationOutput{}
7276	req = c.newRequest(op, input, output)
7277	return
7278}
7279
7280// InviteAccountToOrganization API operation for AWS Organizations.
7281//
7282// Sends an invitation to another account to join your organization as a member
7283// account. AWS Organizations sends email on your behalf to the email address
7284// that is associated with the other account's owner. The invitation is implemented
7285// as a Handshake whose details are in the response.
7286//
7287//    * You can invite AWS accounts only from the same seller as the management
7288//    account. For example, if your organization's management account was created
7289//    by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India,
7290//    you can invite only other AISPL accounts to your organization. You can't
7291//    combine accounts from AISPL and AWS or from any other AWS seller. For
7292//    more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html).
7293//
7294//    * If you receive an exception that indicates that you exceeded your account
7295//    limits for the organization or that the operation failed because your
7296//    organization is still initializing, wait one hour and then try again.
7297//    If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/).
7298//
7299// If the request includes tags, then the requester must have the organizations:TagResource
7300// permission.
7301//
7302// This operation can be called only from the organization's management account.
7303//
7304// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7305// with awserr.Error's Code and Message methods to get detailed information about
7306// the error.
7307//
7308// See the AWS API reference guide for AWS Organizations's
7309// API operation InviteAccountToOrganization for usage and error information.
7310//
7311// Returned Error Types:
7312//   * AccessDeniedException
7313//   You don't have permissions to perform the requested operation. The user or
7314//   role that is making the request must have at least one IAM permissions policy
7315//   attached that grants the required permissions. For more information, see
7316//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7317//   in the IAM User Guide.
7318//
7319//   * AWSOrganizationsNotInUseException
7320//   Your account isn't a member of an organization. To make this request, you
7321//   must use the credentials of an account that belongs to an organization.
7322//
7323//   * AccountOwnerNotVerifiedException
7324//   You can't invite an existing account to your organization until you verify
7325//   that you own the email address associated with the management account. For
7326//   more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
7327//   in the AWS Organizations User Guide.
7328//
7329//   * ConcurrentModificationException
7330//   The target of the operation is currently being modified by a different request.
7331//   Try again later.
7332//
7333//   * HandshakeConstraintViolationException
7334//   The requested operation would violate the constraint identified in the reason
7335//   code.
7336//
7337//   Some of the reasons in the following list might not be applicable to this
7338//   specific API or operation:
7339//
7340//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7341//      the number of accounts in an organization. Note that deleted and closed
7342//      accounts still count toward your limit. If you get this exception immediately
7343//      after creating the organization, wait one hour and try again. If after
7344//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
7345//
7346//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
7347//      the invited account is already a member of an organization.
7348//
7349//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7350//      handshakes that you can send in one day.
7351//
7352//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
7353//      to join an organization while it's in the process of enabling all features.
7354//      You can resume inviting accounts after you finalize the process when all
7355//      accounts have agreed to the change.
7356//
7357//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
7358//      because the organization has already enabled all features.
7359//
7360//      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
7361//      request is invalid because the organization has already started the process
7362//      to enable all features.
7363//
7364//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
7365//      the account is from a different marketplace than the accounts in the organization.
7366//      For example, accounts with India addresses must be associated with the
7367//      AISPL marketplace. All accounts in an organization must be from the same
7368//      marketplace.
7369//
7370//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
7371//      change the membership of an account too quickly after its previous change.
7372//
7373//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
7374//      account that doesn't have a payment instrument, such as a credit card,
7375//      associated with it.
7376//
7377//   * DuplicateHandshakeException
7378//   A handshake with the same action and target already exists. For example,
7379//   if you invited an account to join your organization, the invited account
7380//   might already have a pending invitation from this organization. If you intend
7381//   to resend an invitation to an account, ensure that existing handshakes that
7382//   might be considered duplicates are canceled or declined.
7383//
7384//   * ConstraintViolationException
7385//   Performing this operation violates a minimum or maximum value limit. For
7386//   example, attempting to remove the last service control policy (SCP) from
7387//   an OU or root, inviting or creating too many accounts to the organization,
7388//   or attaching too many policies to an account, OU, or root. This exception
7389//   includes a reason that contains additional information about the violated
7390//   limit:
7391//
7392//   Some of the reasons in the following list might not be applicable to this
7393//   specific API or operation.
7394//
7395//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
7396//      account from the organization. You can't remove the management account.
7397//      Instead, after you remove all member accounts, delete the organization
7398//      itself.
7399//
7400//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
7401//      from the organization that doesn't yet have enough information to exist
7402//      as a standalone account. This account requires you to first agree to the
7403//      AWS Customer Agreement. Follow the steps at Removing a member account
7404//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
7405//      the AWS Organizations User Guide.
7406//
7407//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
7408//      an account from the organization that doesn't yet have enough information
7409//      to exist as a standalone account. This account requires you to first complete
7410//      phone verification. Follow the steps at Removing a member account from
7411//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
7412//      in the AWS Organizations User Guide.
7413//
7414//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
7415//      of accounts that you can create in one day.
7416//
7417//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7418//      the number of accounts in an organization. If you need more accounts,
7419//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
7420//      request an increase in your limit. Or the number of invitations that you
7421//      tried to send would cause you to exceed the limit of accounts in your
7422//      organization. Send fewer invitations or contact AWS Support to request
7423//      an increase in the number of accounts. Deleted and closed accounts still
7424//      count toward your limit. If you get this exception when running a command
7425//      immediately after creating the organization, wait one hour and try again.
7426//      After an hour, if the command continues to fail with this error, contact
7427//      AWS Support (https://console.aws.amazon.com/support/home#/).
7428//
7429//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
7430//      register the management account of the organization as a delegated administrator
7431//      for an AWS service integrated with Organizations. You can designate only
7432//      a member account as a delegated administrator.
7433//
7434//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
7435//      an account that is registered as a delegated administrator for a service
7436//      integrated with your organization. To complete this operation, you must
7437//      first deregister this account as a delegated administrator.
7438//
7439//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
7440//      organization in the specified region, you must enable all features mode.
7441//
7442//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
7443//      an AWS account as a delegated administrator for an AWS service that already
7444//      has a delegated administrator. To complete this operation, you must first
7445//      deregister any existing delegated administrators for this service.
7446//
7447//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
7448//      valid for a limited period of time. You must resubmit the request and
7449//      generate a new verfication code.
7450//
7451//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7452//      handshakes that you can send in one day.
7453//
7454//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
7455//      in this organization, you first must migrate the organization's management
7456//      account to the marketplace that corresponds to the management account's
7457//      address. For example, accounts with India addresses must be associated
7458//      with the AISPL marketplace. All accounts in an organization must be associated
7459//      with the same marketplace.
7460//
7461//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
7462//      in China. To create an organization, the master must have a valid business
7463//      license. For more information, contact customer support.
7464//
7465//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
7466//      must first provide a valid contact address and phone number for the management
7467//      account. Then try the operation again.
7468//
7469//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
7470//      management account must have an associated account in the AWS GovCloud
7471//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
7472//      in the AWS GovCloud User Guide.
7473//
7474//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
7475//      with this management account, you first must associate a valid payment
7476//      instrument, such as a credit card, with the account. Follow the steps
7477//      at To leave an organization when all required account information has
7478//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7479//      in the AWS Organizations User Guide.
7480//
7481//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
7482//      to register more delegated administrators than allowed for the service
7483//      principal.
7484//
7485//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
7486//      number of policies of a certain type that can be attached to an entity
7487//      at one time.
7488//
7489//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
7490//      on this resource.
7491//
7492//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
7493//      with this member account, you first must associate a valid payment instrument,
7494//      such as a credit card, with the account. Follow the steps at To leave
7495//      an organization when all required account information has not yet been
7496//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7497//      in the AWS Organizations User Guide.
7498//
7499//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
7500//      policy from an entity that would cause the entity to have fewer than the
7501//      minimum number of policies of a certain type required.
7502//
7503//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
7504//      that requires the organization to be configured to support all features.
7505//      An organization that supports only consolidated billing features can't
7506//      perform this operation.
7507//
7508//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
7509//      too many levels deep.
7510//
7511//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
7512//      that you can have in an organization.
7513//
7514//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
7515//      is larger than the maximum size.
7516//
7517//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
7518//      policies that you can have in an organization.
7519//
7520//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
7521//      tags that are not compliant with the tag policy requirements for this
7522//      account.
7523//
7524//   * InvalidInputException
7525//   The requested operation failed because you provided invalid values for one
7526//   or more of the request parameters. This exception includes a reason that
7527//   contains additional information about the violated limit:
7528//
7529//   Some of the reasons in the following list might not be applicable to this
7530//   specific API or operation.
7531//
7532//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
7533//      the same entity.
7534//
7535//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7536//      can't be modified.
7537//
7538//      * INPUT_REQUIRED: You must include a value for all required parameters.
7539//
7540//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
7541//      for the invited account owner.
7542//
7543//      * INVALID_ENUM: You specified an invalid value.
7544//
7545//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
7546//
7547//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7548//      characters.
7549//
7550//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7551//      at least one invalid value.
7552//
7553//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7554//      from the response to a previous call of the operation.
7555//
7556//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7557//      organization, or email) as a party.
7558//
7559//      * INVALID_PATTERN: You provided a value that doesn't match the required
7560//      pattern.
7561//
7562//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7563//      match the required pattern.
7564//
7565//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7566//      name can't begin with the reserved prefix AWSServiceRoleFor.
7567//
7568//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7569//      Name (ARN) for the organization.
7570//
7571//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7572//
7573//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7574//      tag. You can’t add, edit, or delete system tag keys because they're
7575//      reserved for AWS use. System tags don’t count against your tags per
7576//      resource limit.
7577//
7578//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7579//      for the operation.
7580//
7581//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7582//      than allowed.
7583//
7584//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7585//      value than allowed.
7586//
7587//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7588//      than allowed.
7589//
7590//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7591//      value than allowed.
7592//
7593//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7594//      between entities in the same root.
7595//
7596//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
7597//      target entity.
7598//
7599//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
7600//      isn't recognized.
7601//
7602//   * FinalizingOrganizationException
7603//   AWS Organizations couldn't perform the operation because your organization
7604//   hasn't finished initializing. This can take up to an hour. Try again later.
7605//   If after one hour you continue to receive this error, contact AWS Support
7606//   (https://console.aws.amazon.com/support/home#/).
7607//
7608//   * ServiceException
7609//   AWS Organizations can't complete your request because of an internal service
7610//   error. Try again later.
7611//
7612//   * TooManyRequestsException
7613//   You have sent too many requests in too short a period of time. The quota
7614//   helps protect against denial-of-service attacks. Try again later.
7615//
7616//   For information about quotas that affect AWS Organizations, see Quotas for
7617//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7618//   the AWS Organizations User Guide.
7619//
7620// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
7621func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) {
7622	req, out := c.InviteAccountToOrganizationRequest(input)
7623	return out, req.Send()
7624}
7625
7626// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of
7627// the ability to pass a context and additional request options.
7628//
7629// See InviteAccountToOrganization for details on how to use this API operation.
7630//
7631// The context must be non-nil and will be used for request cancellation. If
7632// the context is nil a panic will occur. In the future the SDK may create
7633// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7634// for more information on using Contexts.
7635func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) {
7636	req, out := c.InviteAccountToOrganizationRequest(input)
7637	req.SetContext(ctx)
7638	req.ApplyOptions(opts...)
7639	return out, req.Send()
7640}
7641
7642const opLeaveOrganization = "LeaveOrganization"
7643
7644// LeaveOrganizationRequest generates a "aws/request.Request" representing the
7645// client's request for the LeaveOrganization operation. The "output" return
7646// value will be populated with the request's response once the request completes
7647// successfully.
7648//
7649// Use "Send" method on the returned Request to send the API call to the service.
7650// the "output" return value is not valid until after Send returns without error.
7651//
7652// See LeaveOrganization for more information on using the LeaveOrganization
7653// API call, and error handling.
7654//
7655// This method is useful when you want to inject custom logic or configuration
7656// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7657//
7658//
7659//    // Example sending a request using the LeaveOrganizationRequest method.
7660//    req, resp := client.LeaveOrganizationRequest(params)
7661//
7662//    err := req.Send()
7663//    if err == nil { // resp is now filled
7664//        fmt.Println(resp)
7665//    }
7666//
7667// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
7668func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) {
7669	op := &request.Operation{
7670		Name:       opLeaveOrganization,
7671		HTTPMethod: "POST",
7672		HTTPPath:   "/",
7673	}
7674
7675	if input == nil {
7676		input = &LeaveOrganizationInput{}
7677	}
7678
7679	output = &LeaveOrganizationOutput{}
7680	req = c.newRequest(op, input, output)
7681	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
7682	return
7683}
7684
7685// LeaveOrganization API operation for AWS Organizations.
7686//
7687// Removes a member account from its parent organization. This version of the
7688// operation is performed by the account that wants to leave. To remove a member
7689// account as a user in the management account, use RemoveAccountFromOrganization
7690// instead.
7691//
7692// This operation can be called only from a member account in the organization.
7693//
7694//    * The management account in an organization with all features enabled
7695//    can set service control policies (SCPs) that can restrict what administrators
7696//    of member accounts can do. This includes preventing them from successfully
7697//    calling LeaveOrganization and leaving the organization.
7698//
7699//    * You can leave an organization as a member account only if the account
7700//    is configured with the information required to operate as a standalone
7701//    account. When you create an account in an organization using the AWS Organizations
7702//    console, API, or CLI commands, the information required of standalone
7703//    accounts is not automatically collected. For each account that you want
7704//    to make standalone, you must perform the following steps. If any of the
7705//    steps are already completed for this account, that step doesn't appear.
7706//    Choose a support plan Provide and verify the required contact information
7707//    Provide a current payment method AWS uses the payment method to charge
7708//    for any billable (not free tier) AWS activity that occurs while the account
7709//    isn't attached to an organization. Follow the steps at To leave an organization
7710//    when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7711//    in the AWS Organizations User Guide.
7712//
7713//    * The account that you want to leave must not be a delegated administrator
7714//    account for any AWS service enabled for your organization. If the account
7715//    is a delegated administrator, you must first change the delegated administrator
7716//    account to another account that is remaining in the organization.
7717//
7718//    * You can leave an organization only after you enable IAM user access
7719//    to billing in your account. For more information, see Activating Access
7720//    to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
7721//    in the AWS Billing and Cost Management User Guide.
7722//
7723//    * After the account leaves the organization, all tags that were attached
7724//    to the account object in the organization are deleted. AWS accounts outside
7725//    of an organization do not support tags.
7726//
7727//    * A newly created account has a waiting period before it can be removed
7728//    from its organization. If you get an error that indicates that a wait
7729//    period is required, then try again in a few days.
7730//
7731// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7732// with awserr.Error's Code and Message methods to get detailed information about
7733// the error.
7734//
7735// See the AWS API reference guide for AWS Organizations's
7736// API operation LeaveOrganization for usage and error information.
7737//
7738// Returned Error Types:
7739//   * AccessDeniedException
7740//   You don't have permissions to perform the requested operation. The user or
7741//   role that is making the request must have at least one IAM permissions policy
7742//   attached that grants the required permissions. For more information, see
7743//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7744//   in the IAM User Guide.
7745//
7746//   * AccountNotFoundException
7747//   We can't find an AWS account with the AccountId that you specified, or the
7748//   account whose credentials you used to make this request isn't a member of
7749//   an organization.
7750//
7751//   * AWSOrganizationsNotInUseException
7752//   Your account isn't a member of an organization. To make this request, you
7753//   must use the credentials of an account that belongs to an organization.
7754//
7755//   * ConcurrentModificationException
7756//   The target of the operation is currently being modified by a different request.
7757//   Try again later.
7758//
7759//   * ConstraintViolationException
7760//   Performing this operation violates a minimum or maximum value limit. For
7761//   example, attempting to remove the last service control policy (SCP) from
7762//   an OU or root, inviting or creating too many accounts to the organization,
7763//   or attaching too many policies to an account, OU, or root. This exception
7764//   includes a reason that contains additional information about the violated
7765//   limit:
7766//
7767//   Some of the reasons in the following list might not be applicable to this
7768//   specific API or operation.
7769//
7770//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
7771//      account from the organization. You can't remove the management account.
7772//      Instead, after you remove all member accounts, delete the organization
7773//      itself.
7774//
7775//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
7776//      from the organization that doesn't yet have enough information to exist
7777//      as a standalone account. This account requires you to first agree to the
7778//      AWS Customer Agreement. Follow the steps at Removing a member account
7779//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
7780//      the AWS Organizations User Guide.
7781//
7782//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
7783//      an account from the organization that doesn't yet have enough information
7784//      to exist as a standalone account. This account requires you to first complete
7785//      phone verification. Follow the steps at Removing a member account from
7786//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
7787//      in the AWS Organizations User Guide.
7788//
7789//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
7790//      of accounts that you can create in one day.
7791//
7792//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
7793//      the number of accounts in an organization. If you need more accounts,
7794//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
7795//      request an increase in your limit. Or the number of invitations that you
7796//      tried to send would cause you to exceed the limit of accounts in your
7797//      organization. Send fewer invitations or contact AWS Support to request
7798//      an increase in the number of accounts. Deleted and closed accounts still
7799//      count toward your limit. If you get this exception when running a command
7800//      immediately after creating the organization, wait one hour and try again.
7801//      After an hour, if the command continues to fail with this error, contact
7802//      AWS Support (https://console.aws.amazon.com/support/home#/).
7803//
7804//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
7805//      register the management account of the organization as a delegated administrator
7806//      for an AWS service integrated with Organizations. You can designate only
7807//      a member account as a delegated administrator.
7808//
7809//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
7810//      an account that is registered as a delegated administrator for a service
7811//      integrated with your organization. To complete this operation, you must
7812//      first deregister this account as a delegated administrator.
7813//
7814//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
7815//      organization in the specified region, you must enable all features mode.
7816//
7817//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
7818//      an AWS account as a delegated administrator for an AWS service that already
7819//      has a delegated administrator. To complete this operation, you must first
7820//      deregister any existing delegated administrators for this service.
7821//
7822//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
7823//      valid for a limited period of time. You must resubmit the request and
7824//      generate a new verfication code.
7825//
7826//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
7827//      handshakes that you can send in one day.
7828//
7829//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
7830//      in this organization, you first must migrate the organization's management
7831//      account to the marketplace that corresponds to the management account's
7832//      address. For example, accounts with India addresses must be associated
7833//      with the AISPL marketplace. All accounts in an organization must be associated
7834//      with the same marketplace.
7835//
7836//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
7837//      in China. To create an organization, the master must have a valid business
7838//      license. For more information, contact customer support.
7839//
7840//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
7841//      must first provide a valid contact address and phone number for the management
7842//      account. Then try the operation again.
7843//
7844//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
7845//      management account must have an associated account in the AWS GovCloud
7846//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
7847//      in the AWS GovCloud User Guide.
7848//
7849//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
7850//      with this management account, you first must associate a valid payment
7851//      instrument, such as a credit card, with the account. Follow the steps
7852//      at To leave an organization when all required account information has
7853//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7854//      in the AWS Organizations User Guide.
7855//
7856//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
7857//      to register more delegated administrators than allowed for the service
7858//      principal.
7859//
7860//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
7861//      number of policies of a certain type that can be attached to an entity
7862//      at one time.
7863//
7864//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
7865//      on this resource.
7866//
7867//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
7868//      with this member account, you first must associate a valid payment instrument,
7869//      such as a credit card, with the account. Follow the steps at To leave
7870//      an organization when all required account information has not yet been
7871//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
7872//      in the AWS Organizations User Guide.
7873//
7874//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
7875//      policy from an entity that would cause the entity to have fewer than the
7876//      minimum number of policies of a certain type required.
7877//
7878//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
7879//      that requires the organization to be configured to support all features.
7880//      An organization that supports only consolidated billing features can't
7881//      perform this operation.
7882//
7883//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
7884//      too many levels deep.
7885//
7886//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
7887//      that you can have in an organization.
7888//
7889//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
7890//      is larger than the maximum size.
7891//
7892//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
7893//      policies that you can have in an organization.
7894//
7895//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
7896//      tags that are not compliant with the tag policy requirements for this
7897//      account.
7898//
7899//   * InvalidInputException
7900//   The requested operation failed because you provided invalid values for one
7901//   or more of the request parameters. This exception includes a reason that
7902//   contains additional information about the violated limit:
7903//
7904//   Some of the reasons in the following list might not be applicable to this
7905//   specific API or operation.
7906//
7907//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
7908//      the same entity.
7909//
7910//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7911//      can't be modified.
7912//
7913//      * INPUT_REQUIRED: You must include a value for all required parameters.
7914//
7915//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
7916//      for the invited account owner.
7917//
7918//      * INVALID_ENUM: You specified an invalid value.
7919//
7920//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
7921//
7922//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7923//      characters.
7924//
7925//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7926//      at least one invalid value.
7927//
7928//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7929//      from the response to a previous call of the operation.
7930//
7931//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7932//      organization, or email) as a party.
7933//
7934//      * INVALID_PATTERN: You provided a value that doesn't match the required
7935//      pattern.
7936//
7937//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7938//      match the required pattern.
7939//
7940//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7941//      name can't begin with the reserved prefix AWSServiceRoleFor.
7942//
7943//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7944//      Name (ARN) for the organization.
7945//
7946//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7947//
7948//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7949//      tag. You can’t add, edit, or delete system tag keys because they're
7950//      reserved for AWS use. System tags don’t count against your tags per
7951//      resource limit.
7952//
7953//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7954//      for the operation.
7955//
7956//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7957//      than allowed.
7958//
7959//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7960//      value than allowed.
7961//
7962//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7963//      than allowed.
7964//
7965//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7966//      value than allowed.
7967//
7968//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7969//      between entities in the same root.
7970//
7971//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
7972//      target entity.
7973//
7974//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
7975//      isn't recognized.
7976//
7977//   * MasterCannotLeaveOrganizationException
7978//   You can't remove a management account from an organization. If you want the
7979//   management account to become a member account in another organization, you
7980//   must first delete the current organization of the management account.
7981//
7982//   * ServiceException
7983//   AWS Organizations can't complete your request because of an internal service
7984//   error. Try again later.
7985//
7986//   * TooManyRequestsException
7987//   You have sent too many requests in too short a period of time. The quota
7988//   helps protect against denial-of-service attacks. Try again later.
7989//
7990//   For information about quotas that affect AWS Organizations, see Quotas for
7991//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
7992//   the AWS Organizations User Guide.
7993//
7994// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
7995func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) {
7996	req, out := c.LeaveOrganizationRequest(input)
7997	return out, req.Send()
7998}
7999
8000// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of
8001// the ability to pass a context and additional request options.
8002//
8003// See LeaveOrganization for details on how to use this API operation.
8004//
8005// The context must be non-nil and will be used for request cancellation. If
8006// the context is nil a panic will occur. In the future the SDK may create
8007// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8008// for more information on using Contexts.
8009func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) {
8010	req, out := c.LeaveOrganizationRequest(input)
8011	req.SetContext(ctx)
8012	req.ApplyOptions(opts...)
8013	return out, req.Send()
8014}
8015
8016const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization"
8017
8018// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the
8019// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return
8020// value will be populated with the request's response once the request completes
8021// successfully.
8022//
8023// Use "Send" method on the returned Request to send the API call to the service.
8024// the "output" return value is not valid until after Send returns without error.
8025//
8026// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization
8027// API call, and error handling.
8028//
8029// This method is useful when you want to inject custom logic or configuration
8030// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8031//
8032//
8033//    // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method.
8034//    req, resp := client.ListAWSServiceAccessForOrganizationRequest(params)
8035//
8036//    err := req.Send()
8037//    if err == nil { // resp is now filled
8038//        fmt.Println(resp)
8039//    }
8040//
8041// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
8042func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) {
8043	op := &request.Operation{
8044		Name:       opListAWSServiceAccessForOrganization,
8045		HTTPMethod: "POST",
8046		HTTPPath:   "/",
8047		Paginator: &request.Paginator{
8048			InputTokens:     []string{"NextToken"},
8049			OutputTokens:    []string{"NextToken"},
8050			LimitToken:      "MaxResults",
8051			TruncationToken: "",
8052		},
8053	}
8054
8055	if input == nil {
8056		input = &ListAWSServiceAccessForOrganizationInput{}
8057	}
8058
8059	output = &ListAWSServiceAccessForOrganizationOutput{}
8060	req = c.newRequest(op, input, output)
8061	return
8062}
8063
8064// ListAWSServiceAccessForOrganization API operation for AWS Organizations.
8065//
8066// Returns a list of the AWS services that you enabled to integrate with your
8067// organization. After a service on this list creates the resources that it
8068// requires for the integration, it can perform operations on your organization
8069// and its accounts.
8070//
8071// For more information about integrating other services with AWS Organizations,
8072// including the list of services that currently work with Organizations, see
8073// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
8074// in the AWS Organizations User Guide.
8075//
8076// This operation can be called only from the organization's management account
8077// or by a member account that is a delegated administrator for an AWS service.
8078//
8079// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8080// with awserr.Error's Code and Message methods to get detailed information about
8081// the error.
8082//
8083// See the AWS API reference guide for AWS Organizations's
8084// API operation ListAWSServiceAccessForOrganization for usage and error information.
8085//
8086// Returned Error Types:
8087//   * AccessDeniedException
8088//   You don't have permissions to perform the requested operation. The user or
8089//   role that is making the request must have at least one IAM permissions policy
8090//   attached that grants the required permissions. For more information, see
8091//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8092//   in the IAM User Guide.
8093//
8094//   * AWSOrganizationsNotInUseException
8095//   Your account isn't a member of an organization. To make this request, you
8096//   must use the credentials of an account that belongs to an organization.
8097//
8098//   * ConstraintViolationException
8099//   Performing this operation violates a minimum or maximum value limit. For
8100//   example, attempting to remove the last service control policy (SCP) from
8101//   an OU or root, inviting or creating too many accounts to the organization,
8102//   or attaching too many policies to an account, OU, or root. This exception
8103//   includes a reason that contains additional information about the violated
8104//   limit:
8105//
8106//   Some of the reasons in the following list might not be applicable to this
8107//   specific API or operation.
8108//
8109//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
8110//      account from the organization. You can't remove the management account.
8111//      Instead, after you remove all member accounts, delete the organization
8112//      itself.
8113//
8114//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
8115//      from the organization that doesn't yet have enough information to exist
8116//      as a standalone account. This account requires you to first agree to the
8117//      AWS Customer Agreement. Follow the steps at Removing a member account
8118//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
8119//      the AWS Organizations User Guide.
8120//
8121//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
8122//      an account from the organization that doesn't yet have enough information
8123//      to exist as a standalone account. This account requires you to first complete
8124//      phone verification. Follow the steps at Removing a member account from
8125//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
8126//      in the AWS Organizations User Guide.
8127//
8128//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
8129//      of accounts that you can create in one day.
8130//
8131//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
8132//      the number of accounts in an organization. If you need more accounts,
8133//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
8134//      request an increase in your limit. Or the number of invitations that you
8135//      tried to send would cause you to exceed the limit of accounts in your
8136//      organization. Send fewer invitations or contact AWS Support to request
8137//      an increase in the number of accounts. Deleted and closed accounts still
8138//      count toward your limit. If you get this exception when running a command
8139//      immediately after creating the organization, wait one hour and try again.
8140//      After an hour, if the command continues to fail with this error, contact
8141//      AWS Support (https://console.aws.amazon.com/support/home#/).
8142//
8143//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
8144//      register the management account of the organization as a delegated administrator
8145//      for an AWS service integrated with Organizations. You can designate only
8146//      a member account as a delegated administrator.
8147//
8148//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
8149//      an account that is registered as a delegated administrator for a service
8150//      integrated with your organization. To complete this operation, you must
8151//      first deregister this account as a delegated administrator.
8152//
8153//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
8154//      organization in the specified region, you must enable all features mode.
8155//
8156//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
8157//      an AWS account as a delegated administrator for an AWS service that already
8158//      has a delegated administrator. To complete this operation, you must first
8159//      deregister any existing delegated administrators for this service.
8160//
8161//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
8162//      valid for a limited period of time. You must resubmit the request and
8163//      generate a new verfication code.
8164//
8165//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
8166//      handshakes that you can send in one day.
8167//
8168//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
8169//      in this organization, you first must migrate the organization's management
8170//      account to the marketplace that corresponds to the management account's
8171//      address. For example, accounts with India addresses must be associated
8172//      with the AISPL marketplace. All accounts in an organization must be associated
8173//      with the same marketplace.
8174//
8175//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
8176//      in China. To create an organization, the master must have a valid business
8177//      license. For more information, contact customer support.
8178//
8179//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
8180//      must first provide a valid contact address and phone number for the management
8181//      account. Then try the operation again.
8182//
8183//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
8184//      management account must have an associated account in the AWS GovCloud
8185//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
8186//      in the AWS GovCloud User Guide.
8187//
8188//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
8189//      with this management account, you first must associate a valid payment
8190//      instrument, such as a credit card, with the account. Follow the steps
8191//      at To leave an organization when all required account information has
8192//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
8193//      in the AWS Organizations User Guide.
8194//
8195//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
8196//      to register more delegated administrators than allowed for the service
8197//      principal.
8198//
8199//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
8200//      number of policies of a certain type that can be attached to an entity
8201//      at one time.
8202//
8203//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
8204//      on this resource.
8205//
8206//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
8207//      with this member account, you first must associate a valid payment instrument,
8208//      such as a credit card, with the account. Follow the steps at To leave
8209//      an organization when all required account information has not yet been
8210//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
8211//      in the AWS Organizations User Guide.
8212//
8213//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
8214//      policy from an entity that would cause the entity to have fewer than the
8215//      minimum number of policies of a certain type required.
8216//
8217//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
8218//      that requires the organization to be configured to support all features.
8219//      An organization that supports only consolidated billing features can't
8220//      perform this operation.
8221//
8222//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
8223//      too many levels deep.
8224//
8225//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
8226//      that you can have in an organization.
8227//
8228//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
8229//      is larger than the maximum size.
8230//
8231//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
8232//      policies that you can have in an organization.
8233//
8234//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
8235//      tags that are not compliant with the tag policy requirements for this
8236//      account.
8237//
8238//   * InvalidInputException
8239//   The requested operation failed because you provided invalid values for one
8240//   or more of the request parameters. This exception includes a reason that
8241//   contains additional information about the violated limit:
8242//
8243//   Some of the reasons in the following list might not be applicable to this
8244//   specific API or operation.
8245//
8246//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
8247//      the same entity.
8248//
8249//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8250//      can't be modified.
8251//
8252//      * INPUT_REQUIRED: You must include a value for all required parameters.
8253//
8254//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
8255//      for the invited account owner.
8256//
8257//      * INVALID_ENUM: You specified an invalid value.
8258//
8259//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
8260//
8261//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8262//      characters.
8263//
8264//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8265//      at least one invalid value.
8266//
8267//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8268//      from the response to a previous call of the operation.
8269//
8270//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8271//      organization, or email) as a party.
8272//
8273//      * INVALID_PATTERN: You provided a value that doesn't match the required
8274//      pattern.
8275//
8276//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8277//      match the required pattern.
8278//
8279//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8280//      name can't begin with the reserved prefix AWSServiceRoleFor.
8281//
8282//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8283//      Name (ARN) for the organization.
8284//
8285//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8286//
8287//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8288//      tag. You can’t add, edit, or delete system tag keys because they're
8289//      reserved for AWS use. System tags don’t count against your tags per
8290//      resource limit.
8291//
8292//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8293//      for the operation.
8294//
8295//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8296//      than allowed.
8297//
8298//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8299//      value than allowed.
8300//
8301//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8302//      than allowed.
8303//
8304//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8305//      value than allowed.
8306//
8307//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8308//      between entities in the same root.
8309//
8310//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
8311//      target entity.
8312//
8313//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
8314//      isn't recognized.
8315//
8316//   * ServiceException
8317//   AWS Organizations can't complete your request because of an internal service
8318//   error. Try again later.
8319//
8320//   * TooManyRequestsException
8321//   You have sent too many requests in too short a period of time. The quota
8322//   helps protect against denial-of-service attacks. Try again later.
8323//
8324//   For information about quotas that affect AWS Organizations, see Quotas for
8325//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8326//   the AWS Organizations User Guide.
8327//
8328//   * UnsupportedAPIEndpointException
8329//   This action isn't available in the current AWS Region.
8330//
8331// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
8332func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) {
8333	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
8334	return out, req.Send()
8335}
8336
8337// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of
8338// the ability to pass a context and additional request options.
8339//
8340// See ListAWSServiceAccessForOrganization for details on how to use this API operation.
8341//
8342// The context must be non-nil and will be used for request cancellation. If
8343// the context is nil a panic will occur. In the future the SDK may create
8344// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8345// for more information on using Contexts.
8346func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) {
8347	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
8348	req.SetContext(ctx)
8349	req.ApplyOptions(opts...)
8350	return out, req.Send()
8351}
8352
8353// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation,
8354// calling the "fn" function with the response data for each page. To stop
8355// iterating, return false from the fn function.
8356//
8357// See ListAWSServiceAccessForOrganization method for more information on how to use this operation.
8358//
8359// Note: This operation can generate multiple requests to a service.
8360//
8361//    // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation.
8362//    pageNum := 0
8363//    err := client.ListAWSServiceAccessForOrganizationPages(params,
8364//        func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool {
8365//            pageNum++
8366//            fmt.Println(page)
8367//            return pageNum <= 3
8368//        })
8369//
8370func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error {
8371	return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
8372}
8373
8374// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except
8375// it takes a Context and allows setting request options on the pages.
8376//
8377// The context must be non-nil and will be used for request cancellation. If
8378// the context is nil a panic will occur. In the future the SDK may create
8379// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8380// for more information on using Contexts.
8381func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error {
8382	p := request.Pagination{
8383		NewRequest: func() (*request.Request, error) {
8384			var inCpy *ListAWSServiceAccessForOrganizationInput
8385			if input != nil {
8386				tmp := *input
8387				inCpy = &tmp
8388			}
8389			req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy)
8390			req.SetContext(ctx)
8391			req.ApplyOptions(opts...)
8392			return req, nil
8393		},
8394	}
8395
8396	for p.Next() {
8397		if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) {
8398			break
8399		}
8400	}
8401
8402	return p.Err()
8403}
8404
8405const opListAccounts = "ListAccounts"
8406
8407// ListAccountsRequest generates a "aws/request.Request" representing the
8408// client's request for the ListAccounts operation. The "output" return
8409// value will be populated with the request's response once the request completes
8410// successfully.
8411//
8412// Use "Send" method on the returned Request to send the API call to the service.
8413// the "output" return value is not valid until after Send returns without error.
8414//
8415// See ListAccounts for more information on using the ListAccounts
8416// API call, and error handling.
8417//
8418// This method is useful when you want to inject custom logic or configuration
8419// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8420//
8421//
8422//    // Example sending a request using the ListAccountsRequest method.
8423//    req, resp := client.ListAccountsRequest(params)
8424//
8425//    err := req.Send()
8426//    if err == nil { // resp is now filled
8427//        fmt.Println(resp)
8428//    }
8429//
8430// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
8431func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
8432	op := &request.Operation{
8433		Name:       opListAccounts,
8434		HTTPMethod: "POST",
8435		HTTPPath:   "/",
8436		Paginator: &request.Paginator{
8437			InputTokens:     []string{"NextToken"},
8438			OutputTokens:    []string{"NextToken"},
8439			LimitToken:      "MaxResults",
8440			TruncationToken: "",
8441		},
8442	}
8443
8444	if input == nil {
8445		input = &ListAccountsInput{}
8446	}
8447
8448	output = &ListAccountsOutput{}
8449	req = c.newRequest(op, input, output)
8450	return
8451}
8452
8453// ListAccounts API operation for AWS Organizations.
8454//
8455// Lists all the accounts in the organization. To request only the accounts
8456// in a specified root or organizational unit (OU), use the ListAccountsForParent
8457// operation instead.
8458//
8459// Always check the NextToken response parameter for a null value when calling
8460// a List* operation. These operations can occasionally return an empty set
8461// of results even when there are more results available. The NextToken response
8462// parameter value is null only when there are no more results to display.
8463//
8464// This operation can be called only from the organization's management account
8465// or by a member account that is a delegated administrator for an AWS service.
8466//
8467// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8468// with awserr.Error's Code and Message methods to get detailed information about
8469// the error.
8470//
8471// See the AWS API reference guide for AWS Organizations's
8472// API operation ListAccounts for usage and error information.
8473//
8474// Returned Error Types:
8475//   * AccessDeniedException
8476//   You don't have permissions to perform the requested operation. The user or
8477//   role that is making the request must have at least one IAM permissions policy
8478//   attached that grants the required permissions. For more information, see
8479//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8480//   in the IAM User Guide.
8481//
8482//   * AWSOrganizationsNotInUseException
8483//   Your account isn't a member of an organization. To make this request, you
8484//   must use the credentials of an account that belongs to an organization.
8485//
8486//   * InvalidInputException
8487//   The requested operation failed because you provided invalid values for one
8488//   or more of the request parameters. This exception includes a reason that
8489//   contains additional information about the violated limit:
8490//
8491//   Some of the reasons in the following list might not be applicable to this
8492//   specific API or operation.
8493//
8494//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
8495//      the same entity.
8496//
8497//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8498//      can't be modified.
8499//
8500//      * INPUT_REQUIRED: You must include a value for all required parameters.
8501//
8502//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
8503//      for the invited account owner.
8504//
8505//      * INVALID_ENUM: You specified an invalid value.
8506//
8507//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
8508//
8509//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8510//      characters.
8511//
8512//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8513//      at least one invalid value.
8514//
8515//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8516//      from the response to a previous call of the operation.
8517//
8518//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8519//      organization, or email) as a party.
8520//
8521//      * INVALID_PATTERN: You provided a value that doesn't match the required
8522//      pattern.
8523//
8524//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8525//      match the required pattern.
8526//
8527//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8528//      name can't begin with the reserved prefix AWSServiceRoleFor.
8529//
8530//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8531//      Name (ARN) for the organization.
8532//
8533//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8534//
8535//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8536//      tag. You can’t add, edit, or delete system tag keys because they're
8537//      reserved for AWS use. System tags don’t count against your tags per
8538//      resource limit.
8539//
8540//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8541//      for the operation.
8542//
8543//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8544//      than allowed.
8545//
8546//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8547//      value than allowed.
8548//
8549//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8550//      than allowed.
8551//
8552//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8553//      value than allowed.
8554//
8555//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8556//      between entities in the same root.
8557//
8558//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
8559//      target entity.
8560//
8561//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
8562//      isn't recognized.
8563//
8564//   * ServiceException
8565//   AWS Organizations can't complete your request because of an internal service
8566//   error. Try again later.
8567//
8568//   * TooManyRequestsException
8569//   You have sent too many requests in too short a period of time. The quota
8570//   helps protect against denial-of-service attacks. Try again later.
8571//
8572//   For information about quotas that affect AWS Organizations, see Quotas for
8573//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8574//   the AWS Organizations User Guide.
8575//
8576// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
8577func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
8578	req, out := c.ListAccountsRequest(input)
8579	return out, req.Send()
8580}
8581
8582// ListAccountsWithContext is the same as ListAccounts with the addition of
8583// the ability to pass a context and additional request options.
8584//
8585// See ListAccounts for details on how to use this API operation.
8586//
8587// The context must be non-nil and will be used for request cancellation. If
8588// the context is nil a panic will occur. In the future the SDK may create
8589// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8590// for more information on using Contexts.
8591func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
8592	req, out := c.ListAccountsRequest(input)
8593	req.SetContext(ctx)
8594	req.ApplyOptions(opts...)
8595	return out, req.Send()
8596}
8597
8598// ListAccountsPages iterates over the pages of a ListAccounts operation,
8599// calling the "fn" function with the response data for each page. To stop
8600// iterating, return false from the fn function.
8601//
8602// See ListAccounts method for more information on how to use this operation.
8603//
8604// Note: This operation can generate multiple requests to a service.
8605//
8606//    // Example iterating over at most 3 pages of a ListAccounts operation.
8607//    pageNum := 0
8608//    err := client.ListAccountsPages(params,
8609//        func(page *organizations.ListAccountsOutput, lastPage bool) bool {
8610//            pageNum++
8611//            fmt.Println(page)
8612//            return pageNum <= 3
8613//        })
8614//
8615func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
8616	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
8617}
8618
8619// ListAccountsPagesWithContext same as ListAccountsPages except
8620// it takes a Context and allows setting request options on the pages.
8621//
8622// The context must be non-nil and will be used for request cancellation. If
8623// the context is nil a panic will occur. In the future the SDK may create
8624// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8625// for more information on using Contexts.
8626func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
8627	p := request.Pagination{
8628		NewRequest: func() (*request.Request, error) {
8629			var inCpy *ListAccountsInput
8630			if input != nil {
8631				tmp := *input
8632				inCpy = &tmp
8633			}
8634			req, _ := c.ListAccountsRequest(inCpy)
8635			req.SetContext(ctx)
8636			req.ApplyOptions(opts...)
8637			return req, nil
8638		},
8639	}
8640
8641	for p.Next() {
8642		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
8643			break
8644		}
8645	}
8646
8647	return p.Err()
8648}
8649
8650const opListAccountsForParent = "ListAccountsForParent"
8651
8652// ListAccountsForParentRequest generates a "aws/request.Request" representing the
8653// client's request for the ListAccountsForParent operation. The "output" return
8654// value will be populated with the request's response once the request completes
8655// successfully.
8656//
8657// Use "Send" method on the returned Request to send the API call to the service.
8658// the "output" return value is not valid until after Send returns without error.
8659//
8660// See ListAccountsForParent for more information on using the ListAccountsForParent
8661// API call, and error handling.
8662//
8663// This method is useful when you want to inject custom logic or configuration
8664// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8665//
8666//
8667//    // Example sending a request using the ListAccountsForParentRequest method.
8668//    req, resp := client.ListAccountsForParentRequest(params)
8669//
8670//    err := req.Send()
8671//    if err == nil { // resp is now filled
8672//        fmt.Println(resp)
8673//    }
8674//
8675// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
8676func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) {
8677	op := &request.Operation{
8678		Name:       opListAccountsForParent,
8679		HTTPMethod: "POST",
8680		HTTPPath:   "/",
8681		Paginator: &request.Paginator{
8682			InputTokens:     []string{"NextToken"},
8683			OutputTokens:    []string{"NextToken"},
8684			LimitToken:      "MaxResults",
8685			TruncationToken: "",
8686		},
8687	}
8688
8689	if input == nil {
8690		input = &ListAccountsForParentInput{}
8691	}
8692
8693	output = &ListAccountsForParentOutput{}
8694	req = c.newRequest(op, input, output)
8695	return
8696}
8697
8698// ListAccountsForParent API operation for AWS Organizations.
8699//
8700// Lists the accounts in an organization that are contained by the specified
8701// target root or organizational unit (OU). If you specify the root, you get
8702// a list of all the accounts that aren't in any OU. If you specify an OU, you
8703// get a list of all the accounts in only that OU and not in any child OUs.
8704// To get a list of all accounts in the organization, use the ListAccounts operation.
8705//
8706// Always check the NextToken response parameter for a null value when calling
8707// a List* operation. These operations can occasionally return an empty set
8708// of results even when there are more results available. The NextToken response
8709// parameter value is null only when there are no more results to display.
8710//
8711// This operation can be called only from the organization's management account
8712// or by a member account that is a delegated administrator for an AWS service.
8713//
8714// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8715// with awserr.Error's Code and Message methods to get detailed information about
8716// the error.
8717//
8718// See the AWS API reference guide for AWS Organizations's
8719// API operation ListAccountsForParent for usage and error information.
8720//
8721// Returned Error Types:
8722//   * AccessDeniedException
8723//   You don't have permissions to perform the requested operation. The user or
8724//   role that is making the request must have at least one IAM permissions policy
8725//   attached that grants the required permissions. For more information, see
8726//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8727//   in the IAM User Guide.
8728//
8729//   * AWSOrganizationsNotInUseException
8730//   Your account isn't a member of an organization. To make this request, you
8731//   must use the credentials of an account that belongs to an organization.
8732//
8733//   * InvalidInputException
8734//   The requested operation failed because you provided invalid values for one
8735//   or more of the request parameters. This exception includes a reason that
8736//   contains additional information about the violated limit:
8737//
8738//   Some of the reasons in the following list might not be applicable to this
8739//   specific API or operation.
8740//
8741//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
8742//      the same entity.
8743//
8744//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8745//      can't be modified.
8746//
8747//      * INPUT_REQUIRED: You must include a value for all required parameters.
8748//
8749//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
8750//      for the invited account owner.
8751//
8752//      * INVALID_ENUM: You specified an invalid value.
8753//
8754//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
8755//
8756//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8757//      characters.
8758//
8759//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8760//      at least one invalid value.
8761//
8762//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8763//      from the response to a previous call of the operation.
8764//
8765//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8766//      organization, or email) as a party.
8767//
8768//      * INVALID_PATTERN: You provided a value that doesn't match the required
8769//      pattern.
8770//
8771//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8772//      match the required pattern.
8773//
8774//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8775//      name can't begin with the reserved prefix AWSServiceRoleFor.
8776//
8777//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8778//      Name (ARN) for the organization.
8779//
8780//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8781//
8782//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8783//      tag. You can’t add, edit, or delete system tag keys because they're
8784//      reserved for AWS use. System tags don’t count against your tags per
8785//      resource limit.
8786//
8787//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8788//      for the operation.
8789//
8790//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8791//      than allowed.
8792//
8793//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8794//      value than allowed.
8795//
8796//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8797//      than allowed.
8798//
8799//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8800//      value than allowed.
8801//
8802//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8803//      between entities in the same root.
8804//
8805//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
8806//      target entity.
8807//
8808//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
8809//      isn't recognized.
8810//
8811//   * ParentNotFoundException
8812//   We can't find a root or OU with the ParentId that you specified.
8813//
8814//   * ServiceException
8815//   AWS Organizations can't complete your request because of an internal service
8816//   error. Try again later.
8817//
8818//   * TooManyRequestsException
8819//   You have sent too many requests in too short a period of time. The quota
8820//   helps protect against denial-of-service attacks. Try again later.
8821//
8822//   For information about quotas that affect AWS Organizations, see Quotas for
8823//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
8824//   the AWS Organizations User Guide.
8825//
8826// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
8827func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) {
8828	req, out := c.ListAccountsForParentRequest(input)
8829	return out, req.Send()
8830}
8831
8832// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of
8833// the ability to pass a context and additional request options.
8834//
8835// See ListAccountsForParent for details on how to use this API operation.
8836//
8837// The context must be non-nil and will be used for request cancellation. If
8838// the context is nil a panic will occur. In the future the SDK may create
8839// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8840// for more information on using Contexts.
8841func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) {
8842	req, out := c.ListAccountsForParentRequest(input)
8843	req.SetContext(ctx)
8844	req.ApplyOptions(opts...)
8845	return out, req.Send()
8846}
8847
8848// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation,
8849// calling the "fn" function with the response data for each page. To stop
8850// iterating, return false from the fn function.
8851//
8852// See ListAccountsForParent method for more information on how to use this operation.
8853//
8854// Note: This operation can generate multiple requests to a service.
8855//
8856//    // Example iterating over at most 3 pages of a ListAccountsForParent operation.
8857//    pageNum := 0
8858//    err := client.ListAccountsForParentPages(params,
8859//        func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
8860//            pageNum++
8861//            fmt.Println(page)
8862//            return pageNum <= 3
8863//        })
8864//
8865func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error {
8866	return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
8867}
8868
8869// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except
8870// it takes a Context and allows setting request options on the pages.
8871//
8872// The context must be non-nil and will be used for request cancellation. If
8873// the context is nil a panic will occur. In the future the SDK may create
8874// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8875// for more information on using Contexts.
8876func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error {
8877	p := request.Pagination{
8878		NewRequest: func() (*request.Request, error) {
8879			var inCpy *ListAccountsForParentInput
8880			if input != nil {
8881				tmp := *input
8882				inCpy = &tmp
8883			}
8884			req, _ := c.ListAccountsForParentRequest(inCpy)
8885			req.SetContext(ctx)
8886			req.ApplyOptions(opts...)
8887			return req, nil
8888		},
8889	}
8890
8891	for p.Next() {
8892		if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) {
8893			break
8894		}
8895	}
8896
8897	return p.Err()
8898}
8899
8900const opListChildren = "ListChildren"
8901
8902// ListChildrenRequest generates a "aws/request.Request" representing the
8903// client's request for the ListChildren operation. The "output" return
8904// value will be populated with the request's response once the request completes
8905// successfully.
8906//
8907// Use "Send" method on the returned Request to send the API call to the service.
8908// the "output" return value is not valid until after Send returns without error.
8909//
8910// See ListChildren for more information on using the ListChildren
8911// API call, and error handling.
8912//
8913// This method is useful when you want to inject custom logic or configuration
8914// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8915//
8916//
8917//    // Example sending a request using the ListChildrenRequest method.
8918//    req, resp := client.ListChildrenRequest(params)
8919//
8920//    err := req.Send()
8921//    if err == nil { // resp is now filled
8922//        fmt.Println(resp)
8923//    }
8924//
8925// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
8926func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) {
8927	op := &request.Operation{
8928		Name:       opListChildren,
8929		HTTPMethod: "POST",
8930		HTTPPath:   "/",
8931		Paginator: &request.Paginator{
8932			InputTokens:     []string{"NextToken"},
8933			OutputTokens:    []string{"NextToken"},
8934			LimitToken:      "MaxResults",
8935			TruncationToken: "",
8936		},
8937	}
8938
8939	if input == nil {
8940		input = &ListChildrenInput{}
8941	}
8942
8943	output = &ListChildrenOutput{}
8944	req = c.newRequest(op, input, output)
8945	return
8946}
8947
8948// ListChildren API operation for AWS Organizations.
8949//
8950// Lists all of the organizational units (OUs) or accounts that are contained
8951// in the specified parent OU or root. This operation, along with ListParents
8952// enables you to traverse the tree structure that makes up this root.
8953//
8954// Always check the NextToken response parameter for a null value when calling
8955// a List* operation. These operations can occasionally return an empty set
8956// of results even when there are more results available. The NextToken response
8957// parameter value is null only when there are no more results to display.
8958//
8959// This operation can be called only from the organization's management account
8960// or by a member account that is a delegated administrator for an AWS service.
8961//
8962// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8963// with awserr.Error's Code and Message methods to get detailed information about
8964// the error.
8965//
8966// See the AWS API reference guide for AWS Organizations's
8967// API operation ListChildren for usage and error information.
8968//
8969// Returned Error Types:
8970//   * AccessDeniedException
8971//   You don't have permissions to perform the requested operation. The user or
8972//   role that is making the request must have at least one IAM permissions policy
8973//   attached that grants the required permissions. For more information, see
8974//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8975//   in the IAM User Guide.
8976//
8977//   * AWSOrganizationsNotInUseException
8978//   Your account isn't a member of an organization. To make this request, you
8979//   must use the credentials of an account that belongs to an organization.
8980//
8981//   * InvalidInputException
8982//   The requested operation failed because you provided invalid values for one
8983//   or more of the request parameters. This exception includes a reason that
8984//   contains additional information about the violated limit:
8985//
8986//   Some of the reasons in the following list might not be applicable to this
8987//   specific API or operation.
8988//
8989//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
8990//      the same entity.
8991//
8992//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8993//      can't be modified.
8994//
8995//      * INPUT_REQUIRED: You must include a value for all required parameters.
8996//
8997//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
8998//      for the invited account owner.
8999//
9000//      * INVALID_ENUM: You specified an invalid value.
9001//
9002//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
9003//
9004//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9005//      characters.
9006//
9007//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9008//      at least one invalid value.
9009//
9010//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9011//      from the response to a previous call of the operation.
9012//
9013//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9014//      organization, or email) as a party.
9015//
9016//      * INVALID_PATTERN: You provided a value that doesn't match the required
9017//      pattern.
9018//
9019//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9020//      match the required pattern.
9021//
9022//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9023//      name can't begin with the reserved prefix AWSServiceRoleFor.
9024//
9025//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9026//      Name (ARN) for the organization.
9027//
9028//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9029//
9030//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9031//      tag. You can’t add, edit, or delete system tag keys because they're
9032//      reserved for AWS use. System tags don’t count against your tags per
9033//      resource limit.
9034//
9035//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9036//      for the operation.
9037//
9038//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9039//      than allowed.
9040//
9041//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9042//      value than allowed.
9043//
9044//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9045//      than allowed.
9046//
9047//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9048//      value than allowed.
9049//
9050//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9051//      between entities in the same root.
9052//
9053//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
9054//      target entity.
9055//
9056//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
9057//      isn't recognized.
9058//
9059//   * ParentNotFoundException
9060//   We can't find a root or OU with the ParentId that you specified.
9061//
9062//   * ServiceException
9063//   AWS Organizations can't complete your request because of an internal service
9064//   error. Try again later.
9065//
9066//   * TooManyRequestsException
9067//   You have sent too many requests in too short a period of time. The quota
9068//   helps protect against denial-of-service attacks. Try again later.
9069//
9070//   For information about quotas that affect AWS Organizations, see Quotas for
9071//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9072//   the AWS Organizations User Guide.
9073//
9074// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
9075func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) {
9076	req, out := c.ListChildrenRequest(input)
9077	return out, req.Send()
9078}
9079
9080// ListChildrenWithContext is the same as ListChildren with the addition of
9081// the ability to pass a context and additional request options.
9082//
9083// See ListChildren for details on how to use this API operation.
9084//
9085// The context must be non-nil and will be used for request cancellation. If
9086// the context is nil a panic will occur. In the future the SDK may create
9087// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9088// for more information on using Contexts.
9089func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) {
9090	req, out := c.ListChildrenRequest(input)
9091	req.SetContext(ctx)
9092	req.ApplyOptions(opts...)
9093	return out, req.Send()
9094}
9095
9096// ListChildrenPages iterates over the pages of a ListChildren operation,
9097// calling the "fn" function with the response data for each page. To stop
9098// iterating, return false from the fn function.
9099//
9100// See ListChildren method for more information on how to use this operation.
9101//
9102// Note: This operation can generate multiple requests to a service.
9103//
9104//    // Example iterating over at most 3 pages of a ListChildren operation.
9105//    pageNum := 0
9106//    err := client.ListChildrenPages(params,
9107//        func(page *organizations.ListChildrenOutput, lastPage bool) bool {
9108//            pageNum++
9109//            fmt.Println(page)
9110//            return pageNum <= 3
9111//        })
9112//
9113func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error {
9114	return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn)
9115}
9116
9117// ListChildrenPagesWithContext same as ListChildrenPages except
9118// it takes a Context and allows setting request options on the pages.
9119//
9120// The context must be non-nil and will be used for request cancellation. If
9121// the context is nil a panic will occur. In the future the SDK may create
9122// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9123// for more information on using Contexts.
9124func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error {
9125	p := request.Pagination{
9126		NewRequest: func() (*request.Request, error) {
9127			var inCpy *ListChildrenInput
9128			if input != nil {
9129				tmp := *input
9130				inCpy = &tmp
9131			}
9132			req, _ := c.ListChildrenRequest(inCpy)
9133			req.SetContext(ctx)
9134			req.ApplyOptions(opts...)
9135			return req, nil
9136		},
9137	}
9138
9139	for p.Next() {
9140		if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) {
9141			break
9142		}
9143	}
9144
9145	return p.Err()
9146}
9147
9148const opListCreateAccountStatus = "ListCreateAccountStatus"
9149
9150// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the
9151// client's request for the ListCreateAccountStatus operation. The "output" return
9152// value will be populated with the request's response once the request completes
9153// successfully.
9154//
9155// Use "Send" method on the returned Request to send the API call to the service.
9156// the "output" return value is not valid until after Send returns without error.
9157//
9158// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus
9159// API call, and error handling.
9160//
9161// This method is useful when you want to inject custom logic or configuration
9162// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9163//
9164//
9165//    // Example sending a request using the ListCreateAccountStatusRequest method.
9166//    req, resp := client.ListCreateAccountStatusRequest(params)
9167//
9168//    err := req.Send()
9169//    if err == nil { // resp is now filled
9170//        fmt.Println(resp)
9171//    }
9172//
9173// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
9174func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) {
9175	op := &request.Operation{
9176		Name:       opListCreateAccountStatus,
9177		HTTPMethod: "POST",
9178		HTTPPath:   "/",
9179		Paginator: &request.Paginator{
9180			InputTokens:     []string{"NextToken"},
9181			OutputTokens:    []string{"NextToken"},
9182			LimitToken:      "MaxResults",
9183			TruncationToken: "",
9184		},
9185	}
9186
9187	if input == nil {
9188		input = &ListCreateAccountStatusInput{}
9189	}
9190
9191	output = &ListCreateAccountStatusOutput{}
9192	req = c.newRequest(op, input, output)
9193	return
9194}
9195
9196// ListCreateAccountStatus API operation for AWS Organizations.
9197//
9198// Lists the account creation requests that match the specified status that
9199// is currently being tracked for the organization.
9200//
9201// Always check the NextToken response parameter for a null value when calling
9202// a List* operation. These operations can occasionally return an empty set
9203// of results even when there are more results available. The NextToken response
9204// parameter value is null only when there are no more results to display.
9205//
9206// This operation can be called only from the organization's management account
9207// or by a member account that is a delegated administrator for an AWS service.
9208//
9209// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9210// with awserr.Error's Code and Message methods to get detailed information about
9211// the error.
9212//
9213// See the AWS API reference guide for AWS Organizations's
9214// API operation ListCreateAccountStatus for usage and error information.
9215//
9216// Returned Error Types:
9217//   * AccessDeniedException
9218//   You don't have permissions to perform the requested operation. The user or
9219//   role that is making the request must have at least one IAM permissions policy
9220//   attached that grants the required permissions. For more information, see
9221//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9222//   in the IAM User Guide.
9223//
9224//   * AWSOrganizationsNotInUseException
9225//   Your account isn't a member of an organization. To make this request, you
9226//   must use the credentials of an account that belongs to an organization.
9227//
9228//   * InvalidInputException
9229//   The requested operation failed because you provided invalid values for one
9230//   or more of the request parameters. This exception includes a reason that
9231//   contains additional information about the violated limit:
9232//
9233//   Some of the reasons in the following list might not be applicable to this
9234//   specific API or operation.
9235//
9236//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
9237//      the same entity.
9238//
9239//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9240//      can't be modified.
9241//
9242//      * INPUT_REQUIRED: You must include a value for all required parameters.
9243//
9244//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
9245//      for the invited account owner.
9246//
9247//      * INVALID_ENUM: You specified an invalid value.
9248//
9249//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
9250//
9251//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9252//      characters.
9253//
9254//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9255//      at least one invalid value.
9256//
9257//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9258//      from the response to a previous call of the operation.
9259//
9260//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9261//      organization, or email) as a party.
9262//
9263//      * INVALID_PATTERN: You provided a value that doesn't match the required
9264//      pattern.
9265//
9266//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9267//      match the required pattern.
9268//
9269//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9270//      name can't begin with the reserved prefix AWSServiceRoleFor.
9271//
9272//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9273//      Name (ARN) for the organization.
9274//
9275//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9276//
9277//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9278//      tag. You can’t add, edit, or delete system tag keys because they're
9279//      reserved for AWS use. System tags don’t count against your tags per
9280//      resource limit.
9281//
9282//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9283//      for the operation.
9284//
9285//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9286//      than allowed.
9287//
9288//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9289//      value than allowed.
9290//
9291//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9292//      than allowed.
9293//
9294//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9295//      value than allowed.
9296//
9297//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9298//      between entities in the same root.
9299//
9300//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
9301//      target entity.
9302//
9303//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
9304//      isn't recognized.
9305//
9306//   * ServiceException
9307//   AWS Organizations can't complete your request because of an internal service
9308//   error. Try again later.
9309//
9310//   * TooManyRequestsException
9311//   You have sent too many requests in too short a period of time. The quota
9312//   helps protect against denial-of-service attacks. Try again later.
9313//
9314//   For information about quotas that affect AWS Organizations, see Quotas for
9315//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9316//   the AWS Organizations User Guide.
9317//
9318//   * UnsupportedAPIEndpointException
9319//   This action isn't available in the current AWS Region.
9320//
9321// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
9322func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) {
9323	req, out := c.ListCreateAccountStatusRequest(input)
9324	return out, req.Send()
9325}
9326
9327// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of
9328// the ability to pass a context and additional request options.
9329//
9330// See ListCreateAccountStatus for details on how to use this API operation.
9331//
9332// The context must be non-nil and will be used for request cancellation. If
9333// the context is nil a panic will occur. In the future the SDK may create
9334// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9335// for more information on using Contexts.
9336func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) {
9337	req, out := c.ListCreateAccountStatusRequest(input)
9338	req.SetContext(ctx)
9339	req.ApplyOptions(opts...)
9340	return out, req.Send()
9341}
9342
9343// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation,
9344// calling the "fn" function with the response data for each page. To stop
9345// iterating, return false from the fn function.
9346//
9347// See ListCreateAccountStatus method for more information on how to use this operation.
9348//
9349// Note: This operation can generate multiple requests to a service.
9350//
9351//    // Example iterating over at most 3 pages of a ListCreateAccountStatus operation.
9352//    pageNum := 0
9353//    err := client.ListCreateAccountStatusPages(params,
9354//        func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool {
9355//            pageNum++
9356//            fmt.Println(page)
9357//            return pageNum <= 3
9358//        })
9359//
9360func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error {
9361	return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn)
9362}
9363
9364// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except
9365// it takes a Context and allows setting request options on the pages.
9366//
9367// The context must be non-nil and will be used for request cancellation. If
9368// the context is nil a panic will occur. In the future the SDK may create
9369// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9370// for more information on using Contexts.
9371func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error {
9372	p := request.Pagination{
9373		NewRequest: func() (*request.Request, error) {
9374			var inCpy *ListCreateAccountStatusInput
9375			if input != nil {
9376				tmp := *input
9377				inCpy = &tmp
9378			}
9379			req, _ := c.ListCreateAccountStatusRequest(inCpy)
9380			req.SetContext(ctx)
9381			req.ApplyOptions(opts...)
9382			return req, nil
9383		},
9384	}
9385
9386	for p.Next() {
9387		if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) {
9388			break
9389		}
9390	}
9391
9392	return p.Err()
9393}
9394
9395const opListDelegatedAdministrators = "ListDelegatedAdministrators"
9396
9397// ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the
9398// client's request for the ListDelegatedAdministrators operation. The "output" return
9399// value will be populated with the request's response once the request completes
9400// successfully.
9401//
9402// Use "Send" method on the returned Request to send the API call to the service.
9403// the "output" return value is not valid until after Send returns without error.
9404//
9405// See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators
9406// API call, and error handling.
9407//
9408// This method is useful when you want to inject custom logic or configuration
9409// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9410//
9411//
9412//    // Example sending a request using the ListDelegatedAdministratorsRequest method.
9413//    req, resp := client.ListDelegatedAdministratorsRequest(params)
9414//
9415//    err := req.Send()
9416//    if err == nil { // resp is now filled
9417//        fmt.Println(resp)
9418//    }
9419//
9420// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
9421func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) {
9422	op := &request.Operation{
9423		Name:       opListDelegatedAdministrators,
9424		HTTPMethod: "POST",
9425		HTTPPath:   "/",
9426		Paginator: &request.Paginator{
9427			InputTokens:     []string{"NextToken"},
9428			OutputTokens:    []string{"NextToken"},
9429			LimitToken:      "MaxResults",
9430			TruncationToken: "",
9431		},
9432	}
9433
9434	if input == nil {
9435		input = &ListDelegatedAdministratorsInput{}
9436	}
9437
9438	output = &ListDelegatedAdministratorsOutput{}
9439	req = c.newRequest(op, input, output)
9440	return
9441}
9442
9443// ListDelegatedAdministrators API operation for AWS Organizations.
9444//
9445// Lists the AWS accounts that are designated as delegated administrators in
9446// this organization.
9447//
9448// This operation can be called only from the organization's management account
9449// or by a member account that is a delegated administrator for an AWS service.
9450//
9451// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9452// with awserr.Error's Code and Message methods to get detailed information about
9453// the error.
9454//
9455// See the AWS API reference guide for AWS Organizations's
9456// API operation ListDelegatedAdministrators for usage and error information.
9457//
9458// Returned Error Types:
9459//   * AccessDeniedException
9460//   You don't have permissions to perform the requested operation. The user or
9461//   role that is making the request must have at least one IAM permissions policy
9462//   attached that grants the required permissions. For more information, see
9463//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9464//   in the IAM User Guide.
9465//
9466//   * AWSOrganizationsNotInUseException
9467//   Your account isn't a member of an organization. To make this request, you
9468//   must use the credentials of an account that belongs to an organization.
9469//
9470//   * ConstraintViolationException
9471//   Performing this operation violates a minimum or maximum value limit. For
9472//   example, attempting to remove the last service control policy (SCP) from
9473//   an OU or root, inviting or creating too many accounts to the organization,
9474//   or attaching too many policies to an account, OU, or root. This exception
9475//   includes a reason that contains additional information about the violated
9476//   limit:
9477//
9478//   Some of the reasons in the following list might not be applicable to this
9479//   specific API or operation.
9480//
9481//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
9482//      account from the organization. You can't remove the management account.
9483//      Instead, after you remove all member accounts, delete the organization
9484//      itself.
9485//
9486//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
9487//      from the organization that doesn't yet have enough information to exist
9488//      as a standalone account. This account requires you to first agree to the
9489//      AWS Customer Agreement. Follow the steps at Removing a member account
9490//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
9491//      the AWS Organizations User Guide.
9492//
9493//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
9494//      an account from the organization that doesn't yet have enough information
9495//      to exist as a standalone account. This account requires you to first complete
9496//      phone verification. Follow the steps at Removing a member account from
9497//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
9498//      in the AWS Organizations User Guide.
9499//
9500//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
9501//      of accounts that you can create in one day.
9502//
9503//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
9504//      the number of accounts in an organization. If you need more accounts,
9505//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
9506//      request an increase in your limit. Or the number of invitations that you
9507//      tried to send would cause you to exceed the limit of accounts in your
9508//      organization. Send fewer invitations or contact AWS Support to request
9509//      an increase in the number of accounts. Deleted and closed accounts still
9510//      count toward your limit. If you get this exception when running a command
9511//      immediately after creating the organization, wait one hour and try again.
9512//      After an hour, if the command continues to fail with this error, contact
9513//      AWS Support (https://console.aws.amazon.com/support/home#/).
9514//
9515//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
9516//      register the management account of the organization as a delegated administrator
9517//      for an AWS service integrated with Organizations. You can designate only
9518//      a member account as a delegated administrator.
9519//
9520//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
9521//      an account that is registered as a delegated administrator for a service
9522//      integrated with your organization. To complete this operation, you must
9523//      first deregister this account as a delegated administrator.
9524//
9525//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
9526//      organization in the specified region, you must enable all features mode.
9527//
9528//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
9529//      an AWS account as a delegated administrator for an AWS service that already
9530//      has a delegated administrator. To complete this operation, you must first
9531//      deregister any existing delegated administrators for this service.
9532//
9533//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
9534//      valid for a limited period of time. You must resubmit the request and
9535//      generate a new verfication code.
9536//
9537//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
9538//      handshakes that you can send in one day.
9539//
9540//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
9541//      in this organization, you first must migrate the organization's management
9542//      account to the marketplace that corresponds to the management account's
9543//      address. For example, accounts with India addresses must be associated
9544//      with the AISPL marketplace. All accounts in an organization must be associated
9545//      with the same marketplace.
9546//
9547//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
9548//      in China. To create an organization, the master must have a valid business
9549//      license. For more information, contact customer support.
9550//
9551//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
9552//      must first provide a valid contact address and phone number for the management
9553//      account. Then try the operation again.
9554//
9555//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
9556//      management account must have an associated account in the AWS GovCloud
9557//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
9558//      in the AWS GovCloud User Guide.
9559//
9560//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
9561//      with this management account, you first must associate a valid payment
9562//      instrument, such as a credit card, with the account. Follow the steps
9563//      at To leave an organization when all required account information has
9564//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9565//      in the AWS Organizations User Guide.
9566//
9567//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
9568//      to register more delegated administrators than allowed for the service
9569//      principal.
9570//
9571//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
9572//      number of policies of a certain type that can be attached to an entity
9573//      at one time.
9574//
9575//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
9576//      on this resource.
9577//
9578//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
9579//      with this member account, you first must associate a valid payment instrument,
9580//      such as a credit card, with the account. Follow the steps at To leave
9581//      an organization when all required account information has not yet been
9582//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9583//      in the AWS Organizations User Guide.
9584//
9585//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
9586//      policy from an entity that would cause the entity to have fewer than the
9587//      minimum number of policies of a certain type required.
9588//
9589//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
9590//      that requires the organization to be configured to support all features.
9591//      An organization that supports only consolidated billing features can't
9592//      perform this operation.
9593//
9594//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
9595//      too many levels deep.
9596//
9597//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
9598//      that you can have in an organization.
9599//
9600//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
9601//      is larger than the maximum size.
9602//
9603//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
9604//      policies that you can have in an organization.
9605//
9606//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
9607//      tags that are not compliant with the tag policy requirements for this
9608//      account.
9609//
9610//   * InvalidInputException
9611//   The requested operation failed because you provided invalid values for one
9612//   or more of the request parameters. This exception includes a reason that
9613//   contains additional information about the violated limit:
9614//
9615//   Some of the reasons in the following list might not be applicable to this
9616//   specific API or operation.
9617//
9618//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
9619//      the same entity.
9620//
9621//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9622//      can't be modified.
9623//
9624//      * INPUT_REQUIRED: You must include a value for all required parameters.
9625//
9626//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
9627//      for the invited account owner.
9628//
9629//      * INVALID_ENUM: You specified an invalid value.
9630//
9631//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
9632//
9633//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9634//      characters.
9635//
9636//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9637//      at least one invalid value.
9638//
9639//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9640//      from the response to a previous call of the operation.
9641//
9642//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9643//      organization, or email) as a party.
9644//
9645//      * INVALID_PATTERN: You provided a value that doesn't match the required
9646//      pattern.
9647//
9648//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9649//      match the required pattern.
9650//
9651//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9652//      name can't begin with the reserved prefix AWSServiceRoleFor.
9653//
9654//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9655//      Name (ARN) for the organization.
9656//
9657//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9658//
9659//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9660//      tag. You can’t add, edit, or delete system tag keys because they're
9661//      reserved for AWS use. System tags don’t count against your tags per
9662//      resource limit.
9663//
9664//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9665//      for the operation.
9666//
9667//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9668//      than allowed.
9669//
9670//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9671//      value than allowed.
9672//
9673//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9674//      than allowed.
9675//
9676//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9677//      value than allowed.
9678//
9679//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9680//      between entities in the same root.
9681//
9682//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
9683//      target entity.
9684//
9685//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
9686//      isn't recognized.
9687//
9688//   * TooManyRequestsException
9689//   You have sent too many requests in too short a period of time. The quota
9690//   helps protect against denial-of-service attacks. Try again later.
9691//
9692//   For information about quotas that affect AWS Organizations, see Quotas for
9693//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
9694//   the AWS Organizations User Guide.
9695//
9696//   * ServiceException
9697//   AWS Organizations can't complete your request because of an internal service
9698//   error. Try again later.
9699//
9700//   * UnsupportedAPIEndpointException
9701//   This action isn't available in the current AWS Region.
9702//
9703// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
9704func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) {
9705	req, out := c.ListDelegatedAdministratorsRequest(input)
9706	return out, req.Send()
9707}
9708
9709// ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of
9710// the ability to pass a context and additional request options.
9711//
9712// See ListDelegatedAdministrators for details on how to use this API operation.
9713//
9714// The context must be non-nil and will be used for request cancellation. If
9715// the context is nil a panic will occur. In the future the SDK may create
9716// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9717// for more information on using Contexts.
9718func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) {
9719	req, out := c.ListDelegatedAdministratorsRequest(input)
9720	req.SetContext(ctx)
9721	req.ApplyOptions(opts...)
9722	return out, req.Send()
9723}
9724
9725// ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation,
9726// calling the "fn" function with the response data for each page. To stop
9727// iterating, return false from the fn function.
9728//
9729// See ListDelegatedAdministrators method for more information on how to use this operation.
9730//
9731// Note: This operation can generate multiple requests to a service.
9732//
9733//    // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation.
9734//    pageNum := 0
9735//    err := client.ListDelegatedAdministratorsPages(params,
9736//        func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool {
9737//            pageNum++
9738//            fmt.Println(page)
9739//            return pageNum <= 3
9740//        })
9741//
9742func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error {
9743	return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn)
9744}
9745
9746// ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except
9747// it takes a Context and allows setting request options on the pages.
9748//
9749// The context must be non-nil and will be used for request cancellation. If
9750// the context is nil a panic will occur. In the future the SDK may create
9751// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9752// for more information on using Contexts.
9753func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error {
9754	p := request.Pagination{
9755		NewRequest: func() (*request.Request, error) {
9756			var inCpy *ListDelegatedAdministratorsInput
9757			if input != nil {
9758				tmp := *input
9759				inCpy = &tmp
9760			}
9761			req, _ := c.ListDelegatedAdministratorsRequest(inCpy)
9762			req.SetContext(ctx)
9763			req.ApplyOptions(opts...)
9764			return req, nil
9765		},
9766	}
9767
9768	for p.Next() {
9769		if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) {
9770			break
9771		}
9772	}
9773
9774	return p.Err()
9775}
9776
9777const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount"
9778
9779// ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the
9780// client's request for the ListDelegatedServicesForAccount operation. The "output" return
9781// value will be populated with the request's response once the request completes
9782// successfully.
9783//
9784// Use "Send" method on the returned Request to send the API call to the service.
9785// the "output" return value is not valid until after Send returns without error.
9786//
9787// See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount
9788// API call, and error handling.
9789//
9790// This method is useful when you want to inject custom logic or configuration
9791// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9792//
9793//
9794//    // Example sending a request using the ListDelegatedServicesForAccountRequest method.
9795//    req, resp := client.ListDelegatedServicesForAccountRequest(params)
9796//
9797//    err := req.Send()
9798//    if err == nil { // resp is now filled
9799//        fmt.Println(resp)
9800//    }
9801//
9802// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
9803func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) {
9804	op := &request.Operation{
9805		Name:       opListDelegatedServicesForAccount,
9806		HTTPMethod: "POST",
9807		HTTPPath:   "/",
9808		Paginator: &request.Paginator{
9809			InputTokens:     []string{"NextToken"},
9810			OutputTokens:    []string{"NextToken"},
9811			LimitToken:      "MaxResults",
9812			TruncationToken: "",
9813		},
9814	}
9815
9816	if input == nil {
9817		input = &ListDelegatedServicesForAccountInput{}
9818	}
9819
9820	output = &ListDelegatedServicesForAccountOutput{}
9821	req = c.newRequest(op, input, output)
9822	return
9823}
9824
9825// ListDelegatedServicesForAccount API operation for AWS Organizations.
9826//
9827// List the AWS services for which the specified account is a delegated administrator.
9828//
9829// This operation can be called only from the organization's management account
9830// or by a member account that is a delegated administrator for an AWS service.
9831//
9832// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9833// with awserr.Error's Code and Message methods to get detailed information about
9834// the error.
9835//
9836// See the AWS API reference guide for AWS Organizations's
9837// API operation ListDelegatedServicesForAccount for usage and error information.
9838//
9839// Returned Error Types:
9840//   * AccessDeniedException
9841//   You don't have permissions to perform the requested operation. The user or
9842//   role that is making the request must have at least one IAM permissions policy
9843//   attached that grants the required permissions. For more information, see
9844//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9845//   in the IAM User Guide.
9846//
9847//   * AccountNotFoundException
9848//   We can't find an AWS account with the AccountId that you specified, or the
9849//   account whose credentials you used to make this request isn't a member of
9850//   an organization.
9851//
9852//   * AccountNotRegisteredException
9853//   The specified account is not a delegated administrator for this AWS service.
9854//
9855//   * AWSOrganizationsNotInUseException
9856//   Your account isn't a member of an organization. To make this request, you
9857//   must use the credentials of an account that belongs to an organization.
9858//
9859//   * ConstraintViolationException
9860//   Performing this operation violates a minimum or maximum value limit. For
9861//   example, attempting to remove the last service control policy (SCP) from
9862//   an OU or root, inviting or creating too many accounts to the organization,
9863//   or attaching too many policies to an account, OU, or root. This exception
9864//   includes a reason that contains additional information about the violated
9865//   limit:
9866//
9867//   Some of the reasons in the following list might not be applicable to this
9868//   specific API or operation.
9869//
9870//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
9871//      account from the organization. You can't remove the management account.
9872//      Instead, after you remove all member accounts, delete the organization
9873//      itself.
9874//
9875//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
9876//      from the organization that doesn't yet have enough information to exist
9877//      as a standalone account. This account requires you to first agree to the
9878//      AWS Customer Agreement. Follow the steps at Removing a member account
9879//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
9880//      the AWS Organizations User Guide.
9881//
9882//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
9883//      an account from the organization that doesn't yet have enough information
9884//      to exist as a standalone account. This account requires you to first complete
9885//      phone verification. Follow the steps at Removing a member account from
9886//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
9887//      in the AWS Organizations User Guide.
9888//
9889//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
9890//      of accounts that you can create in one day.
9891//
9892//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
9893//      the number of accounts in an organization. If you need more accounts,
9894//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
9895//      request an increase in your limit. Or the number of invitations that you
9896//      tried to send would cause you to exceed the limit of accounts in your
9897//      organization. Send fewer invitations or contact AWS Support to request
9898//      an increase in the number of accounts. Deleted and closed accounts still
9899//      count toward your limit. If you get this exception when running a command
9900//      immediately after creating the organization, wait one hour and try again.
9901//      After an hour, if the command continues to fail with this error, contact
9902//      AWS Support (https://console.aws.amazon.com/support/home#/).
9903//
9904//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
9905//      register the management account of the organization as a delegated administrator
9906//      for an AWS service integrated with Organizations. You can designate only
9907//      a member account as a delegated administrator.
9908//
9909//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
9910//      an account that is registered as a delegated administrator for a service
9911//      integrated with your organization. To complete this operation, you must
9912//      first deregister this account as a delegated administrator.
9913//
9914//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
9915//      organization in the specified region, you must enable all features mode.
9916//
9917//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
9918//      an AWS account as a delegated administrator for an AWS service that already
9919//      has a delegated administrator. To complete this operation, you must first
9920//      deregister any existing delegated administrators for this service.
9921//
9922//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
9923//      valid for a limited period of time. You must resubmit the request and
9924//      generate a new verfication code.
9925//
9926//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
9927//      handshakes that you can send in one day.
9928//
9929//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
9930//      in this organization, you first must migrate the organization's management
9931//      account to the marketplace that corresponds to the management account's
9932//      address. For example, accounts with India addresses must be associated
9933//      with the AISPL marketplace. All accounts in an organization must be associated
9934//      with the same marketplace.
9935//
9936//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
9937//      in China. To create an organization, the master must have a valid business
9938//      license. For more information, contact customer support.
9939//
9940//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
9941//      must first provide a valid contact address and phone number for the management
9942//      account. Then try the operation again.
9943//
9944//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
9945//      management account must have an associated account in the AWS GovCloud
9946//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
9947//      in the AWS GovCloud User Guide.
9948//
9949//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
9950//      with this management account, you first must associate a valid payment
9951//      instrument, such as a credit card, with the account. Follow the steps
9952//      at To leave an organization when all required account information has
9953//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9954//      in the AWS Organizations User Guide.
9955//
9956//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
9957//      to register more delegated administrators than allowed for the service
9958//      principal.
9959//
9960//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
9961//      number of policies of a certain type that can be attached to an entity
9962//      at one time.
9963//
9964//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
9965//      on this resource.
9966//
9967//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
9968//      with this member account, you first must associate a valid payment instrument,
9969//      such as a credit card, with the account. Follow the steps at To leave
9970//      an organization when all required account information has not yet been
9971//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
9972//      in the AWS Organizations User Guide.
9973//
9974//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
9975//      policy from an entity that would cause the entity to have fewer than the
9976//      minimum number of policies of a certain type required.
9977//
9978//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
9979//      that requires the organization to be configured to support all features.
9980//      An organization that supports only consolidated billing features can't
9981//      perform this operation.
9982//
9983//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
9984//      too many levels deep.
9985//
9986//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
9987//      that you can have in an organization.
9988//
9989//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
9990//      is larger than the maximum size.
9991//
9992//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
9993//      policies that you can have in an organization.
9994//
9995//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
9996//      tags that are not compliant with the tag policy requirements for this
9997//      account.
9998//
9999//   * InvalidInputException
10000//   The requested operation failed because you provided invalid values for one
10001//   or more of the request parameters. This exception includes a reason that
10002//   contains additional information about the violated limit:
10003//
10004//   Some of the reasons in the following list might not be applicable to this
10005//   specific API or operation.
10006//
10007//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
10008//      the same entity.
10009//
10010//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10011//      can't be modified.
10012//
10013//      * INPUT_REQUIRED: You must include a value for all required parameters.
10014//
10015//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
10016//      for the invited account owner.
10017//
10018//      * INVALID_ENUM: You specified an invalid value.
10019//
10020//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
10021//
10022//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10023//      characters.
10024//
10025//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10026//      at least one invalid value.
10027//
10028//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10029//      from the response to a previous call of the operation.
10030//
10031//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10032//      organization, or email) as a party.
10033//
10034//      * INVALID_PATTERN: You provided a value that doesn't match the required
10035//      pattern.
10036//
10037//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10038//      match the required pattern.
10039//
10040//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10041//      name can't begin with the reserved prefix AWSServiceRoleFor.
10042//
10043//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10044//      Name (ARN) for the organization.
10045//
10046//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10047//
10048//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10049//      tag. You can’t add, edit, or delete system tag keys because they're
10050//      reserved for AWS use. System tags don’t count against your tags per
10051//      resource limit.
10052//
10053//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10054//      for the operation.
10055//
10056//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10057//      than allowed.
10058//
10059//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10060//      value than allowed.
10061//
10062//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10063//      than allowed.
10064//
10065//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10066//      value than allowed.
10067//
10068//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10069//      between entities in the same root.
10070//
10071//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
10072//      target entity.
10073//
10074//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
10075//      isn't recognized.
10076//
10077//   * TooManyRequestsException
10078//   You have sent too many requests in too short a period of time. The quota
10079//   helps protect against denial-of-service attacks. Try again later.
10080//
10081//   For information about quotas that affect AWS Organizations, see Quotas for
10082//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10083//   the AWS Organizations User Guide.
10084//
10085//   * ServiceException
10086//   AWS Organizations can't complete your request because of an internal service
10087//   error. Try again later.
10088//
10089//   * UnsupportedAPIEndpointException
10090//   This action isn't available in the current AWS Region.
10091//
10092// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
10093func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) {
10094	req, out := c.ListDelegatedServicesForAccountRequest(input)
10095	return out, req.Send()
10096}
10097
10098// ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of
10099// the ability to pass a context and additional request options.
10100//
10101// See ListDelegatedServicesForAccount for details on how to use this API operation.
10102//
10103// The context must be non-nil and will be used for request cancellation. If
10104// the context is nil a panic will occur. In the future the SDK may create
10105// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10106// for more information on using Contexts.
10107func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) {
10108	req, out := c.ListDelegatedServicesForAccountRequest(input)
10109	req.SetContext(ctx)
10110	req.ApplyOptions(opts...)
10111	return out, req.Send()
10112}
10113
10114// ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation,
10115// calling the "fn" function with the response data for each page. To stop
10116// iterating, return false from the fn function.
10117//
10118// See ListDelegatedServicesForAccount method for more information on how to use this operation.
10119//
10120// Note: This operation can generate multiple requests to a service.
10121//
10122//    // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation.
10123//    pageNum := 0
10124//    err := client.ListDelegatedServicesForAccountPages(params,
10125//        func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool {
10126//            pageNum++
10127//            fmt.Println(page)
10128//            return pageNum <= 3
10129//        })
10130//
10131func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error {
10132	return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
10133}
10134
10135// ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except
10136// it takes a Context and allows setting request options on the pages.
10137//
10138// The context must be non-nil and will be used for request cancellation. If
10139// the context is nil a panic will occur. In the future the SDK may create
10140// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10141// for more information on using Contexts.
10142func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error {
10143	p := request.Pagination{
10144		NewRequest: func() (*request.Request, error) {
10145			var inCpy *ListDelegatedServicesForAccountInput
10146			if input != nil {
10147				tmp := *input
10148				inCpy = &tmp
10149			}
10150			req, _ := c.ListDelegatedServicesForAccountRequest(inCpy)
10151			req.SetContext(ctx)
10152			req.ApplyOptions(opts...)
10153			return req, nil
10154		},
10155	}
10156
10157	for p.Next() {
10158		if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) {
10159			break
10160		}
10161	}
10162
10163	return p.Err()
10164}
10165
10166const opListHandshakesForAccount = "ListHandshakesForAccount"
10167
10168// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the
10169// client's request for the ListHandshakesForAccount operation. The "output" return
10170// value will be populated with the request's response once the request completes
10171// successfully.
10172//
10173// Use "Send" method on the returned Request to send the API call to the service.
10174// the "output" return value is not valid until after Send returns without error.
10175//
10176// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount
10177// API call, and error handling.
10178//
10179// This method is useful when you want to inject custom logic or configuration
10180// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10181//
10182//
10183//    // Example sending a request using the ListHandshakesForAccountRequest method.
10184//    req, resp := client.ListHandshakesForAccountRequest(params)
10185//
10186//    err := req.Send()
10187//    if err == nil { // resp is now filled
10188//        fmt.Println(resp)
10189//    }
10190//
10191// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
10192func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) {
10193	op := &request.Operation{
10194		Name:       opListHandshakesForAccount,
10195		HTTPMethod: "POST",
10196		HTTPPath:   "/",
10197		Paginator: &request.Paginator{
10198			InputTokens:     []string{"NextToken"},
10199			OutputTokens:    []string{"NextToken"},
10200			LimitToken:      "MaxResults",
10201			TruncationToken: "",
10202		},
10203	}
10204
10205	if input == nil {
10206		input = &ListHandshakesForAccountInput{}
10207	}
10208
10209	output = &ListHandshakesForAccountOutput{}
10210	req = c.newRequest(op, input, output)
10211	return
10212}
10213
10214// ListHandshakesForAccount API operation for AWS Organizations.
10215//
10216// Lists the current handshakes that are associated with the account of the
10217// requesting user.
10218//
10219// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
10220// of this API for only 30 days after changing to that state. After that, they're
10221// deleted and no longer accessible.
10222//
10223// Always check the NextToken response parameter for a null value when calling
10224// a List* operation. These operations can occasionally return an empty set
10225// of results even when there are more results available. The NextToken response
10226// parameter value is null only when there are no more results to display.
10227//
10228// This operation can be called from any account in the organization.
10229//
10230// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10231// with awserr.Error's Code and Message methods to get detailed information about
10232// the error.
10233//
10234// See the AWS API reference guide for AWS Organizations's
10235// API operation ListHandshakesForAccount for usage and error information.
10236//
10237// Returned Error Types:
10238//   * AccessDeniedException
10239//   You don't have permissions to perform the requested operation. The user or
10240//   role that is making the request must have at least one IAM permissions policy
10241//   attached that grants the required permissions. For more information, see
10242//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10243//   in the IAM User Guide.
10244//
10245//   * ConcurrentModificationException
10246//   The target of the operation is currently being modified by a different request.
10247//   Try again later.
10248//
10249//   * InvalidInputException
10250//   The requested operation failed because you provided invalid values for one
10251//   or more of the request parameters. This exception includes a reason that
10252//   contains additional information about the violated limit:
10253//
10254//   Some of the reasons in the following list might not be applicable to this
10255//   specific API or operation.
10256//
10257//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
10258//      the same entity.
10259//
10260//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10261//      can't be modified.
10262//
10263//      * INPUT_REQUIRED: You must include a value for all required parameters.
10264//
10265//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
10266//      for the invited account owner.
10267//
10268//      * INVALID_ENUM: You specified an invalid value.
10269//
10270//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
10271//
10272//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10273//      characters.
10274//
10275//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10276//      at least one invalid value.
10277//
10278//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10279//      from the response to a previous call of the operation.
10280//
10281//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10282//      organization, or email) as a party.
10283//
10284//      * INVALID_PATTERN: You provided a value that doesn't match the required
10285//      pattern.
10286//
10287//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10288//      match the required pattern.
10289//
10290//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10291//      name can't begin with the reserved prefix AWSServiceRoleFor.
10292//
10293//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10294//      Name (ARN) for the organization.
10295//
10296//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10297//
10298//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10299//      tag. You can’t add, edit, or delete system tag keys because they're
10300//      reserved for AWS use. System tags don’t count against your tags per
10301//      resource limit.
10302//
10303//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10304//      for the operation.
10305//
10306//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10307//      than allowed.
10308//
10309//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10310//      value than allowed.
10311//
10312//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10313//      than allowed.
10314//
10315//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10316//      value than allowed.
10317//
10318//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10319//      between entities in the same root.
10320//
10321//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
10322//      target entity.
10323//
10324//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
10325//      isn't recognized.
10326//
10327//   * ServiceException
10328//   AWS Organizations can't complete your request because of an internal service
10329//   error. Try again later.
10330//
10331//   * TooManyRequestsException
10332//   You have sent too many requests in too short a period of time. The quota
10333//   helps protect against denial-of-service attacks. Try again later.
10334//
10335//   For information about quotas that affect AWS Organizations, see Quotas for
10336//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10337//   the AWS Organizations User Guide.
10338//
10339// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
10340func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) {
10341	req, out := c.ListHandshakesForAccountRequest(input)
10342	return out, req.Send()
10343}
10344
10345// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of
10346// the ability to pass a context and additional request options.
10347//
10348// See ListHandshakesForAccount for details on how to use this API operation.
10349//
10350// The context must be non-nil and will be used for request cancellation. If
10351// the context is nil a panic will occur. In the future the SDK may create
10352// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10353// for more information on using Contexts.
10354func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) {
10355	req, out := c.ListHandshakesForAccountRequest(input)
10356	req.SetContext(ctx)
10357	req.ApplyOptions(opts...)
10358	return out, req.Send()
10359}
10360
10361// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation,
10362// calling the "fn" function with the response data for each page. To stop
10363// iterating, return false from the fn function.
10364//
10365// See ListHandshakesForAccount method for more information on how to use this operation.
10366//
10367// Note: This operation can generate multiple requests to a service.
10368//
10369//    // Example iterating over at most 3 pages of a ListHandshakesForAccount operation.
10370//    pageNum := 0
10371//    err := client.ListHandshakesForAccountPages(params,
10372//        func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool {
10373//            pageNum++
10374//            fmt.Println(page)
10375//            return pageNum <= 3
10376//        })
10377//
10378func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error {
10379	return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
10380}
10381
10382// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except
10383// it takes a Context and allows setting request options on the pages.
10384//
10385// The context must be non-nil and will be used for request cancellation. If
10386// the context is nil a panic will occur. In the future the SDK may create
10387// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10388// for more information on using Contexts.
10389func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error {
10390	p := request.Pagination{
10391		NewRequest: func() (*request.Request, error) {
10392			var inCpy *ListHandshakesForAccountInput
10393			if input != nil {
10394				tmp := *input
10395				inCpy = &tmp
10396			}
10397			req, _ := c.ListHandshakesForAccountRequest(inCpy)
10398			req.SetContext(ctx)
10399			req.ApplyOptions(opts...)
10400			return req, nil
10401		},
10402	}
10403
10404	for p.Next() {
10405		if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) {
10406			break
10407		}
10408	}
10409
10410	return p.Err()
10411}
10412
10413const opListHandshakesForOrganization = "ListHandshakesForOrganization"
10414
10415// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the
10416// client's request for the ListHandshakesForOrganization operation. The "output" return
10417// value will be populated with the request's response once the request completes
10418// successfully.
10419//
10420// Use "Send" method on the returned Request to send the API call to the service.
10421// the "output" return value is not valid until after Send returns without error.
10422//
10423// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization
10424// API call, and error handling.
10425//
10426// This method is useful when you want to inject custom logic or configuration
10427// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10428//
10429//
10430//    // Example sending a request using the ListHandshakesForOrganizationRequest method.
10431//    req, resp := client.ListHandshakesForOrganizationRequest(params)
10432//
10433//    err := req.Send()
10434//    if err == nil { // resp is now filled
10435//        fmt.Println(resp)
10436//    }
10437//
10438// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
10439func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) {
10440	op := &request.Operation{
10441		Name:       opListHandshakesForOrganization,
10442		HTTPMethod: "POST",
10443		HTTPPath:   "/",
10444		Paginator: &request.Paginator{
10445			InputTokens:     []string{"NextToken"},
10446			OutputTokens:    []string{"NextToken"},
10447			LimitToken:      "MaxResults",
10448			TruncationToken: "",
10449		},
10450	}
10451
10452	if input == nil {
10453		input = &ListHandshakesForOrganizationInput{}
10454	}
10455
10456	output = &ListHandshakesForOrganizationOutput{}
10457	req = c.newRequest(op, input, output)
10458	return
10459}
10460
10461// ListHandshakesForOrganization API operation for AWS Organizations.
10462//
10463// Lists the handshakes that are associated with the organization that the requesting
10464// user is part of. The ListHandshakesForOrganization operation returns a list
10465// of handshake structures. Each structure contains details and status about
10466// a handshake.
10467//
10468// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
10469// of this API for only 30 days after changing to that state. After that, they're
10470// deleted and no longer accessible.
10471//
10472// Always check the NextToken response parameter for a null value when calling
10473// a List* operation. These operations can occasionally return an empty set
10474// of results even when there are more results available. The NextToken response
10475// parameter value is null only when there are no more results to display.
10476//
10477// This operation can be called only from the organization's management account
10478// or by a member account that is a delegated administrator for an AWS service.
10479//
10480// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10481// with awserr.Error's Code and Message methods to get detailed information about
10482// the error.
10483//
10484// See the AWS API reference guide for AWS Organizations's
10485// API operation ListHandshakesForOrganization for usage and error information.
10486//
10487// Returned Error Types:
10488//   * AccessDeniedException
10489//   You don't have permissions to perform the requested operation. The user or
10490//   role that is making the request must have at least one IAM permissions policy
10491//   attached that grants the required permissions. For more information, see
10492//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10493//   in the IAM User Guide.
10494//
10495//   * AWSOrganizationsNotInUseException
10496//   Your account isn't a member of an organization. To make this request, you
10497//   must use the credentials of an account that belongs to an organization.
10498//
10499//   * ConcurrentModificationException
10500//   The target of the operation is currently being modified by a different request.
10501//   Try again later.
10502//
10503//   * InvalidInputException
10504//   The requested operation failed because you provided invalid values for one
10505//   or more of the request parameters. This exception includes a reason that
10506//   contains additional information about the violated limit:
10507//
10508//   Some of the reasons in the following list might not be applicable to this
10509//   specific API or operation.
10510//
10511//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
10512//      the same entity.
10513//
10514//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10515//      can't be modified.
10516//
10517//      * INPUT_REQUIRED: You must include a value for all required parameters.
10518//
10519//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
10520//      for the invited account owner.
10521//
10522//      * INVALID_ENUM: You specified an invalid value.
10523//
10524//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
10525//
10526//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10527//      characters.
10528//
10529//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10530//      at least one invalid value.
10531//
10532//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10533//      from the response to a previous call of the operation.
10534//
10535//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10536//      organization, or email) as a party.
10537//
10538//      * INVALID_PATTERN: You provided a value that doesn't match the required
10539//      pattern.
10540//
10541//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10542//      match the required pattern.
10543//
10544//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10545//      name can't begin with the reserved prefix AWSServiceRoleFor.
10546//
10547//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10548//      Name (ARN) for the organization.
10549//
10550//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10551//
10552//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10553//      tag. You can’t add, edit, or delete system tag keys because they're
10554//      reserved for AWS use. System tags don’t count against your tags per
10555//      resource limit.
10556//
10557//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10558//      for the operation.
10559//
10560//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10561//      than allowed.
10562//
10563//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10564//      value than allowed.
10565//
10566//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10567//      than allowed.
10568//
10569//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10570//      value than allowed.
10571//
10572//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10573//      between entities in the same root.
10574//
10575//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
10576//      target entity.
10577//
10578//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
10579//      isn't recognized.
10580//
10581//   * ServiceException
10582//   AWS Organizations can't complete your request because of an internal service
10583//   error. Try again later.
10584//
10585//   * TooManyRequestsException
10586//   You have sent too many requests in too short a period of time. The quota
10587//   helps protect against denial-of-service attacks. Try again later.
10588//
10589//   For information about quotas that affect AWS Organizations, see Quotas for
10590//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10591//   the AWS Organizations User Guide.
10592//
10593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
10594func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) {
10595	req, out := c.ListHandshakesForOrganizationRequest(input)
10596	return out, req.Send()
10597}
10598
10599// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of
10600// the ability to pass a context and additional request options.
10601//
10602// See ListHandshakesForOrganization for details on how to use this API operation.
10603//
10604// The context must be non-nil and will be used for request cancellation. If
10605// the context is nil a panic will occur. In the future the SDK may create
10606// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10607// for more information on using Contexts.
10608func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) {
10609	req, out := c.ListHandshakesForOrganizationRequest(input)
10610	req.SetContext(ctx)
10611	req.ApplyOptions(opts...)
10612	return out, req.Send()
10613}
10614
10615// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation,
10616// calling the "fn" function with the response data for each page. To stop
10617// iterating, return false from the fn function.
10618//
10619// See ListHandshakesForOrganization method for more information on how to use this operation.
10620//
10621// Note: This operation can generate multiple requests to a service.
10622//
10623//    // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation.
10624//    pageNum := 0
10625//    err := client.ListHandshakesForOrganizationPages(params,
10626//        func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool {
10627//            pageNum++
10628//            fmt.Println(page)
10629//            return pageNum <= 3
10630//        })
10631//
10632func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error {
10633	return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
10634}
10635
10636// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except
10637// it takes a Context and allows setting request options on the pages.
10638//
10639// The context must be non-nil and will be used for request cancellation. If
10640// the context is nil a panic will occur. In the future the SDK may create
10641// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10642// for more information on using Contexts.
10643func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error {
10644	p := request.Pagination{
10645		NewRequest: func() (*request.Request, error) {
10646			var inCpy *ListHandshakesForOrganizationInput
10647			if input != nil {
10648				tmp := *input
10649				inCpy = &tmp
10650			}
10651			req, _ := c.ListHandshakesForOrganizationRequest(inCpy)
10652			req.SetContext(ctx)
10653			req.ApplyOptions(opts...)
10654			return req, nil
10655		},
10656	}
10657
10658	for p.Next() {
10659		if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) {
10660			break
10661		}
10662	}
10663
10664	return p.Err()
10665}
10666
10667const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent"
10668
10669// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the
10670// client's request for the ListOrganizationalUnitsForParent operation. The "output" return
10671// value will be populated with the request's response once the request completes
10672// successfully.
10673//
10674// Use "Send" method on the returned Request to send the API call to the service.
10675// the "output" return value is not valid until after Send returns without error.
10676//
10677// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent
10678// API call, and error handling.
10679//
10680// This method is useful when you want to inject custom logic or configuration
10681// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10682//
10683//
10684//    // Example sending a request using the ListOrganizationalUnitsForParentRequest method.
10685//    req, resp := client.ListOrganizationalUnitsForParentRequest(params)
10686//
10687//    err := req.Send()
10688//    if err == nil { // resp is now filled
10689//        fmt.Println(resp)
10690//    }
10691//
10692// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
10693func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) {
10694	op := &request.Operation{
10695		Name:       opListOrganizationalUnitsForParent,
10696		HTTPMethod: "POST",
10697		HTTPPath:   "/",
10698		Paginator: &request.Paginator{
10699			InputTokens:     []string{"NextToken"},
10700			OutputTokens:    []string{"NextToken"},
10701			LimitToken:      "MaxResults",
10702			TruncationToken: "",
10703		},
10704	}
10705
10706	if input == nil {
10707		input = &ListOrganizationalUnitsForParentInput{}
10708	}
10709
10710	output = &ListOrganizationalUnitsForParentOutput{}
10711	req = c.newRequest(op, input, output)
10712	return
10713}
10714
10715// ListOrganizationalUnitsForParent API operation for AWS Organizations.
10716//
10717// Lists the organizational units (OUs) in a parent organizational unit or root.
10718//
10719// Always check the NextToken response parameter for a null value when calling
10720// a List* operation. These operations can occasionally return an empty set
10721// of results even when there are more results available. The NextToken response
10722// parameter value is null only when there are no more results to display.
10723//
10724// This operation can be called only from the organization's management account
10725// or by a member account that is a delegated administrator for an AWS service.
10726//
10727// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10728// with awserr.Error's Code and Message methods to get detailed information about
10729// the error.
10730//
10731// See the AWS API reference guide for AWS Organizations's
10732// API operation ListOrganizationalUnitsForParent for usage and error information.
10733//
10734// Returned Error Types:
10735//   * AccessDeniedException
10736//   You don't have permissions to perform the requested operation. The user or
10737//   role that is making the request must have at least one IAM permissions policy
10738//   attached that grants the required permissions. For more information, see
10739//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10740//   in the IAM User Guide.
10741//
10742//   * AWSOrganizationsNotInUseException
10743//   Your account isn't a member of an organization. To make this request, you
10744//   must use the credentials of an account that belongs to an organization.
10745//
10746//   * InvalidInputException
10747//   The requested operation failed because you provided invalid values for one
10748//   or more of the request parameters. This exception includes a reason that
10749//   contains additional information about the violated limit:
10750//
10751//   Some of the reasons in the following list might not be applicable to this
10752//   specific API or operation.
10753//
10754//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
10755//      the same entity.
10756//
10757//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10758//      can't be modified.
10759//
10760//      * INPUT_REQUIRED: You must include a value for all required parameters.
10761//
10762//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
10763//      for the invited account owner.
10764//
10765//      * INVALID_ENUM: You specified an invalid value.
10766//
10767//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
10768//
10769//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10770//      characters.
10771//
10772//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10773//      at least one invalid value.
10774//
10775//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10776//      from the response to a previous call of the operation.
10777//
10778//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10779//      organization, or email) as a party.
10780//
10781//      * INVALID_PATTERN: You provided a value that doesn't match the required
10782//      pattern.
10783//
10784//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10785//      match the required pattern.
10786//
10787//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10788//      name can't begin with the reserved prefix AWSServiceRoleFor.
10789//
10790//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10791//      Name (ARN) for the organization.
10792//
10793//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10794//
10795//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10796//      tag. You can’t add, edit, or delete system tag keys because they're
10797//      reserved for AWS use. System tags don’t count against your tags per
10798//      resource limit.
10799//
10800//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10801//      for the operation.
10802//
10803//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10804//      than allowed.
10805//
10806//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10807//      value than allowed.
10808//
10809//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10810//      than allowed.
10811//
10812//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10813//      value than allowed.
10814//
10815//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10816//      between entities in the same root.
10817//
10818//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
10819//      target entity.
10820//
10821//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
10822//      isn't recognized.
10823//
10824//   * ParentNotFoundException
10825//   We can't find a root or OU with the ParentId that you specified.
10826//
10827//   * ServiceException
10828//   AWS Organizations can't complete your request because of an internal service
10829//   error. Try again later.
10830//
10831//   * TooManyRequestsException
10832//   You have sent too many requests in too short a period of time. The quota
10833//   helps protect against denial-of-service attacks. Try again later.
10834//
10835//   For information about quotas that affect AWS Organizations, see Quotas for
10836//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
10837//   the AWS Organizations User Guide.
10838//
10839// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
10840func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) {
10841	req, out := c.ListOrganizationalUnitsForParentRequest(input)
10842	return out, req.Send()
10843}
10844
10845// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of
10846// the ability to pass a context and additional request options.
10847//
10848// See ListOrganizationalUnitsForParent for details on how to use this API operation.
10849//
10850// The context must be non-nil and will be used for request cancellation. If
10851// the context is nil a panic will occur. In the future the SDK may create
10852// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10853// for more information on using Contexts.
10854func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) {
10855	req, out := c.ListOrganizationalUnitsForParentRequest(input)
10856	req.SetContext(ctx)
10857	req.ApplyOptions(opts...)
10858	return out, req.Send()
10859}
10860
10861// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation,
10862// calling the "fn" function with the response data for each page. To stop
10863// iterating, return false from the fn function.
10864//
10865// See ListOrganizationalUnitsForParent method for more information on how to use this operation.
10866//
10867// Note: This operation can generate multiple requests to a service.
10868//
10869//    // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation.
10870//    pageNum := 0
10871//    err := client.ListOrganizationalUnitsForParentPages(params,
10872//        func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
10873//            pageNum++
10874//            fmt.Println(page)
10875//            return pageNum <= 3
10876//        })
10877//
10878func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error {
10879	return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
10880}
10881
10882// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except
10883// it takes a Context and allows setting request options on the pages.
10884//
10885// The context must be non-nil and will be used for request cancellation. If
10886// the context is nil a panic will occur. In the future the SDK may create
10887// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10888// for more information on using Contexts.
10889func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error {
10890	p := request.Pagination{
10891		NewRequest: func() (*request.Request, error) {
10892			var inCpy *ListOrganizationalUnitsForParentInput
10893			if input != nil {
10894				tmp := *input
10895				inCpy = &tmp
10896			}
10897			req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy)
10898			req.SetContext(ctx)
10899			req.ApplyOptions(opts...)
10900			return req, nil
10901		},
10902	}
10903
10904	for p.Next() {
10905		if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) {
10906			break
10907		}
10908	}
10909
10910	return p.Err()
10911}
10912
10913const opListParents = "ListParents"
10914
10915// ListParentsRequest generates a "aws/request.Request" representing the
10916// client's request for the ListParents operation. The "output" return
10917// value will be populated with the request's response once the request completes
10918// successfully.
10919//
10920// Use "Send" method on the returned Request to send the API call to the service.
10921// the "output" return value is not valid until after Send returns without error.
10922//
10923// See ListParents for more information on using the ListParents
10924// API call, and error handling.
10925//
10926// This method is useful when you want to inject custom logic or configuration
10927// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10928//
10929//
10930//    // Example sending a request using the ListParentsRequest method.
10931//    req, resp := client.ListParentsRequest(params)
10932//
10933//    err := req.Send()
10934//    if err == nil { // resp is now filled
10935//        fmt.Println(resp)
10936//    }
10937//
10938// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
10939func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) {
10940	op := &request.Operation{
10941		Name:       opListParents,
10942		HTTPMethod: "POST",
10943		HTTPPath:   "/",
10944		Paginator: &request.Paginator{
10945			InputTokens:     []string{"NextToken"},
10946			OutputTokens:    []string{"NextToken"},
10947			LimitToken:      "MaxResults",
10948			TruncationToken: "",
10949		},
10950	}
10951
10952	if input == nil {
10953		input = &ListParentsInput{}
10954	}
10955
10956	output = &ListParentsOutput{}
10957	req = c.newRequest(op, input, output)
10958	return
10959}
10960
10961// ListParents API operation for AWS Organizations.
10962//
10963// Lists the root or organizational units (OUs) that serve as the immediate
10964// parent of the specified child OU or account. This operation, along with ListChildren
10965// enables you to traverse the tree structure that makes up this root.
10966//
10967// Always check the NextToken response parameter for a null value when calling
10968// a List* operation. These operations can occasionally return an empty set
10969// of results even when there are more results available. The NextToken response
10970// parameter value is null only when there are no more results to display.
10971//
10972// This operation can be called only from the organization's management account
10973// or by a member account that is a delegated administrator for an AWS service.
10974//
10975// In the current release, a child can have only a single parent.
10976//
10977// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10978// with awserr.Error's Code and Message methods to get detailed information about
10979// the error.
10980//
10981// See the AWS API reference guide for AWS Organizations's
10982// API operation ListParents for usage and error information.
10983//
10984// Returned Error Types:
10985//   * AccessDeniedException
10986//   You don't have permissions to perform the requested operation. The user or
10987//   role that is making the request must have at least one IAM permissions policy
10988//   attached that grants the required permissions. For more information, see
10989//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10990//   in the IAM User Guide.
10991//
10992//   * AWSOrganizationsNotInUseException
10993//   Your account isn't a member of an organization. To make this request, you
10994//   must use the credentials of an account that belongs to an organization.
10995//
10996//   * ChildNotFoundException
10997//   We can't find an organizational unit (OU) or AWS account with the ChildId
10998//   that you specified.
10999//
11000//   * InvalidInputException
11001//   The requested operation failed because you provided invalid values for one
11002//   or more of the request parameters. This exception includes a reason that
11003//   contains additional information about the violated limit:
11004//
11005//   Some of the reasons in the following list might not be applicable to this
11006//   specific API or operation.
11007//
11008//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
11009//      the same entity.
11010//
11011//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11012//      can't be modified.
11013//
11014//      * INPUT_REQUIRED: You must include a value for all required parameters.
11015//
11016//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
11017//      for the invited account owner.
11018//
11019//      * INVALID_ENUM: You specified an invalid value.
11020//
11021//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
11022//
11023//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11024//      characters.
11025//
11026//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11027//      at least one invalid value.
11028//
11029//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11030//      from the response to a previous call of the operation.
11031//
11032//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11033//      organization, or email) as a party.
11034//
11035//      * INVALID_PATTERN: You provided a value that doesn't match the required
11036//      pattern.
11037//
11038//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11039//      match the required pattern.
11040//
11041//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11042//      name can't begin with the reserved prefix AWSServiceRoleFor.
11043//
11044//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11045//      Name (ARN) for the organization.
11046//
11047//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11048//
11049//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11050//      tag. You can’t add, edit, or delete system tag keys because they're
11051//      reserved for AWS use. System tags don’t count against your tags per
11052//      resource limit.
11053//
11054//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11055//      for the operation.
11056//
11057//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11058//      than allowed.
11059//
11060//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11061//      value than allowed.
11062//
11063//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11064//      than allowed.
11065//
11066//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11067//      value than allowed.
11068//
11069//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11070//      between entities in the same root.
11071//
11072//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
11073//      target entity.
11074//
11075//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
11076//      isn't recognized.
11077//
11078//   * ServiceException
11079//   AWS Organizations can't complete your request because of an internal service
11080//   error. Try again later.
11081//
11082//   * TooManyRequestsException
11083//   You have sent too many requests in too short a period of time. The quota
11084//   helps protect against denial-of-service attacks. Try again later.
11085//
11086//   For information about quotas that affect AWS Organizations, see Quotas for
11087//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11088//   the AWS Organizations User Guide.
11089//
11090// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
11091func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) {
11092	req, out := c.ListParentsRequest(input)
11093	return out, req.Send()
11094}
11095
11096// ListParentsWithContext is the same as ListParents with the addition of
11097// the ability to pass a context and additional request options.
11098//
11099// See ListParents for details on how to use this API operation.
11100//
11101// The context must be non-nil and will be used for request cancellation. If
11102// the context is nil a panic will occur. In the future the SDK may create
11103// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11104// for more information on using Contexts.
11105func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) {
11106	req, out := c.ListParentsRequest(input)
11107	req.SetContext(ctx)
11108	req.ApplyOptions(opts...)
11109	return out, req.Send()
11110}
11111
11112// ListParentsPages iterates over the pages of a ListParents operation,
11113// calling the "fn" function with the response data for each page. To stop
11114// iterating, return false from the fn function.
11115//
11116// See ListParents method for more information on how to use this operation.
11117//
11118// Note: This operation can generate multiple requests to a service.
11119//
11120//    // Example iterating over at most 3 pages of a ListParents operation.
11121//    pageNum := 0
11122//    err := client.ListParentsPages(params,
11123//        func(page *organizations.ListParentsOutput, lastPage bool) bool {
11124//            pageNum++
11125//            fmt.Println(page)
11126//            return pageNum <= 3
11127//        })
11128//
11129func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error {
11130	return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn)
11131}
11132
11133// ListParentsPagesWithContext same as ListParentsPages except
11134// it takes a Context and allows setting request options on the pages.
11135//
11136// The context must be non-nil and will be used for request cancellation. If
11137// the context is nil a panic will occur. In the future the SDK may create
11138// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11139// for more information on using Contexts.
11140func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error {
11141	p := request.Pagination{
11142		NewRequest: func() (*request.Request, error) {
11143			var inCpy *ListParentsInput
11144			if input != nil {
11145				tmp := *input
11146				inCpy = &tmp
11147			}
11148			req, _ := c.ListParentsRequest(inCpy)
11149			req.SetContext(ctx)
11150			req.ApplyOptions(opts...)
11151			return req, nil
11152		},
11153	}
11154
11155	for p.Next() {
11156		if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) {
11157			break
11158		}
11159	}
11160
11161	return p.Err()
11162}
11163
11164const opListPolicies = "ListPolicies"
11165
11166// ListPoliciesRequest generates a "aws/request.Request" representing the
11167// client's request for the ListPolicies operation. The "output" return
11168// value will be populated with the request's response once the request completes
11169// successfully.
11170//
11171// Use "Send" method on the returned Request to send the API call to the service.
11172// the "output" return value is not valid until after Send returns without error.
11173//
11174// See ListPolicies for more information on using the ListPolicies
11175// API call, and error handling.
11176//
11177// This method is useful when you want to inject custom logic or configuration
11178// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11179//
11180//
11181//    // Example sending a request using the ListPoliciesRequest method.
11182//    req, resp := client.ListPoliciesRequest(params)
11183//
11184//    err := req.Send()
11185//    if err == nil { // resp is now filled
11186//        fmt.Println(resp)
11187//    }
11188//
11189// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
11190func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
11191	op := &request.Operation{
11192		Name:       opListPolicies,
11193		HTTPMethod: "POST",
11194		HTTPPath:   "/",
11195		Paginator: &request.Paginator{
11196			InputTokens:     []string{"NextToken"},
11197			OutputTokens:    []string{"NextToken"},
11198			LimitToken:      "MaxResults",
11199			TruncationToken: "",
11200		},
11201	}
11202
11203	if input == nil {
11204		input = &ListPoliciesInput{}
11205	}
11206
11207	output = &ListPoliciesOutput{}
11208	req = c.newRequest(op, input, output)
11209	return
11210}
11211
11212// ListPolicies API operation for AWS Organizations.
11213//
11214// Retrieves the list of all policies in an organization of a specified type.
11215//
11216// Always check the NextToken response parameter for a null value when calling
11217// a List* operation. These operations can occasionally return an empty set
11218// of results even when there are more results available. The NextToken response
11219// parameter value is null only when there are no more results to display.
11220//
11221// This operation can be called only from the organization's management account
11222// or by a member account that is a delegated administrator for an AWS service.
11223//
11224// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11225// with awserr.Error's Code and Message methods to get detailed information about
11226// the error.
11227//
11228// See the AWS API reference guide for AWS Organizations's
11229// API operation ListPolicies for usage and error information.
11230//
11231// Returned Error Types:
11232//   * AccessDeniedException
11233//   You don't have permissions to perform the requested operation. The user or
11234//   role that is making the request must have at least one IAM permissions policy
11235//   attached that grants the required permissions. For more information, see
11236//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11237//   in the IAM User Guide.
11238//
11239//   * AWSOrganizationsNotInUseException
11240//   Your account isn't a member of an organization. To make this request, you
11241//   must use the credentials of an account that belongs to an organization.
11242//
11243//   * InvalidInputException
11244//   The requested operation failed because you provided invalid values for one
11245//   or more of the request parameters. This exception includes a reason that
11246//   contains additional information about the violated limit:
11247//
11248//   Some of the reasons in the following list might not be applicable to this
11249//   specific API or operation.
11250//
11251//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
11252//      the same entity.
11253//
11254//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11255//      can't be modified.
11256//
11257//      * INPUT_REQUIRED: You must include a value for all required parameters.
11258//
11259//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
11260//      for the invited account owner.
11261//
11262//      * INVALID_ENUM: You specified an invalid value.
11263//
11264//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
11265//
11266//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11267//      characters.
11268//
11269//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11270//      at least one invalid value.
11271//
11272//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11273//      from the response to a previous call of the operation.
11274//
11275//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11276//      organization, or email) as a party.
11277//
11278//      * INVALID_PATTERN: You provided a value that doesn't match the required
11279//      pattern.
11280//
11281//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11282//      match the required pattern.
11283//
11284//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11285//      name can't begin with the reserved prefix AWSServiceRoleFor.
11286//
11287//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11288//      Name (ARN) for the organization.
11289//
11290//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11291//
11292//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11293//      tag. You can’t add, edit, or delete system tag keys because they're
11294//      reserved for AWS use. System tags don’t count against your tags per
11295//      resource limit.
11296//
11297//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11298//      for the operation.
11299//
11300//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11301//      than allowed.
11302//
11303//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11304//      value than allowed.
11305//
11306//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11307//      than allowed.
11308//
11309//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11310//      value than allowed.
11311//
11312//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11313//      between entities in the same root.
11314//
11315//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
11316//      target entity.
11317//
11318//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
11319//      isn't recognized.
11320//
11321//   * ServiceException
11322//   AWS Organizations can't complete your request because of an internal service
11323//   error. Try again later.
11324//
11325//   * TooManyRequestsException
11326//   You have sent too many requests in too short a period of time. The quota
11327//   helps protect against denial-of-service attacks. Try again later.
11328//
11329//   For information about quotas that affect AWS Organizations, see Quotas for
11330//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11331//   the AWS Organizations User Guide.
11332//
11333//   * UnsupportedAPIEndpointException
11334//   This action isn't available in the current AWS Region.
11335//
11336// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
11337func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
11338	req, out := c.ListPoliciesRequest(input)
11339	return out, req.Send()
11340}
11341
11342// ListPoliciesWithContext is the same as ListPolicies with the addition of
11343// the ability to pass a context and additional request options.
11344//
11345// See ListPolicies for details on how to use this API operation.
11346//
11347// The context must be non-nil and will be used for request cancellation. If
11348// the context is nil a panic will occur. In the future the SDK may create
11349// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11350// for more information on using Contexts.
11351func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
11352	req, out := c.ListPoliciesRequest(input)
11353	req.SetContext(ctx)
11354	req.ApplyOptions(opts...)
11355	return out, req.Send()
11356}
11357
11358// ListPoliciesPages iterates over the pages of a ListPolicies operation,
11359// calling the "fn" function with the response data for each page. To stop
11360// iterating, return false from the fn function.
11361//
11362// See ListPolicies method for more information on how to use this operation.
11363//
11364// Note: This operation can generate multiple requests to a service.
11365//
11366//    // Example iterating over at most 3 pages of a ListPolicies operation.
11367//    pageNum := 0
11368//    err := client.ListPoliciesPages(params,
11369//        func(page *organizations.ListPoliciesOutput, lastPage bool) bool {
11370//            pageNum++
11371//            fmt.Println(page)
11372//            return pageNum <= 3
11373//        })
11374//
11375func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
11376	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
11377}
11378
11379// ListPoliciesPagesWithContext same as ListPoliciesPages except
11380// it takes a Context and allows setting request options on the pages.
11381//
11382// The context must be non-nil and will be used for request cancellation. If
11383// the context is nil a panic will occur. In the future the SDK may create
11384// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11385// for more information on using Contexts.
11386func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
11387	p := request.Pagination{
11388		NewRequest: func() (*request.Request, error) {
11389			var inCpy *ListPoliciesInput
11390			if input != nil {
11391				tmp := *input
11392				inCpy = &tmp
11393			}
11394			req, _ := c.ListPoliciesRequest(inCpy)
11395			req.SetContext(ctx)
11396			req.ApplyOptions(opts...)
11397			return req, nil
11398		},
11399	}
11400
11401	for p.Next() {
11402		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
11403			break
11404		}
11405	}
11406
11407	return p.Err()
11408}
11409
11410const opListPoliciesForTarget = "ListPoliciesForTarget"
11411
11412// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the
11413// client's request for the ListPoliciesForTarget operation. The "output" return
11414// value will be populated with the request's response once the request completes
11415// successfully.
11416//
11417// Use "Send" method on the returned Request to send the API call to the service.
11418// the "output" return value is not valid until after Send returns without error.
11419//
11420// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget
11421// API call, and error handling.
11422//
11423// This method is useful when you want to inject custom logic or configuration
11424// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11425//
11426//
11427//    // Example sending a request using the ListPoliciesForTargetRequest method.
11428//    req, resp := client.ListPoliciesForTargetRequest(params)
11429//
11430//    err := req.Send()
11431//    if err == nil { // resp is now filled
11432//        fmt.Println(resp)
11433//    }
11434//
11435// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
11436func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) {
11437	op := &request.Operation{
11438		Name:       opListPoliciesForTarget,
11439		HTTPMethod: "POST",
11440		HTTPPath:   "/",
11441		Paginator: &request.Paginator{
11442			InputTokens:     []string{"NextToken"},
11443			OutputTokens:    []string{"NextToken"},
11444			LimitToken:      "MaxResults",
11445			TruncationToken: "",
11446		},
11447	}
11448
11449	if input == nil {
11450		input = &ListPoliciesForTargetInput{}
11451	}
11452
11453	output = &ListPoliciesForTargetOutput{}
11454	req = c.newRequest(op, input, output)
11455	return
11456}
11457
11458// ListPoliciesForTarget API operation for AWS Organizations.
11459//
11460// Lists the policies that are directly attached to the specified target root,
11461// organizational unit (OU), or account. You must specify the policy type that
11462// you want included in the returned list.
11463//
11464// Always check the NextToken response parameter for a null value when calling
11465// a List* operation. These operations can occasionally return an empty set
11466// of results even when there are more results available. The NextToken response
11467// parameter value is null only when there are no more results to display.
11468//
11469// This operation can be called only from the organization's management account
11470// or by a member account that is a delegated administrator for an AWS service.
11471//
11472// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11473// with awserr.Error's Code and Message methods to get detailed information about
11474// the error.
11475//
11476// See the AWS API reference guide for AWS Organizations's
11477// API operation ListPoliciesForTarget for usage and error information.
11478//
11479// Returned Error Types:
11480//   * AccessDeniedException
11481//   You don't have permissions to perform the requested operation. The user or
11482//   role that is making the request must have at least one IAM permissions policy
11483//   attached that grants the required permissions. For more information, see
11484//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11485//   in the IAM User Guide.
11486//
11487//   * AWSOrganizationsNotInUseException
11488//   Your account isn't a member of an organization. To make this request, you
11489//   must use the credentials of an account that belongs to an organization.
11490//
11491//   * InvalidInputException
11492//   The requested operation failed because you provided invalid values for one
11493//   or more of the request parameters. This exception includes a reason that
11494//   contains additional information about the violated limit:
11495//
11496//   Some of the reasons in the following list might not be applicable to this
11497//   specific API or operation.
11498//
11499//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
11500//      the same entity.
11501//
11502//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11503//      can't be modified.
11504//
11505//      * INPUT_REQUIRED: You must include a value for all required parameters.
11506//
11507//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
11508//      for the invited account owner.
11509//
11510//      * INVALID_ENUM: You specified an invalid value.
11511//
11512//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
11513//
11514//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11515//      characters.
11516//
11517//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11518//      at least one invalid value.
11519//
11520//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11521//      from the response to a previous call of the operation.
11522//
11523//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11524//      organization, or email) as a party.
11525//
11526//      * INVALID_PATTERN: You provided a value that doesn't match the required
11527//      pattern.
11528//
11529//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11530//      match the required pattern.
11531//
11532//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11533//      name can't begin with the reserved prefix AWSServiceRoleFor.
11534//
11535//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11536//      Name (ARN) for the organization.
11537//
11538//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11539//
11540//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11541//      tag. You can’t add, edit, or delete system tag keys because they're
11542//      reserved for AWS use. System tags don’t count against your tags per
11543//      resource limit.
11544//
11545//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11546//      for the operation.
11547//
11548//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11549//      than allowed.
11550//
11551//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11552//      value than allowed.
11553//
11554//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11555//      than allowed.
11556//
11557//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11558//      value than allowed.
11559//
11560//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11561//      between entities in the same root.
11562//
11563//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
11564//      target entity.
11565//
11566//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
11567//      isn't recognized.
11568//
11569//   * ServiceException
11570//   AWS Organizations can't complete your request because of an internal service
11571//   error. Try again later.
11572//
11573//   * TargetNotFoundException
11574//   We can't find a root, OU, account, or policy with the TargetId that you specified.
11575//
11576//   * TooManyRequestsException
11577//   You have sent too many requests in too short a period of time. The quota
11578//   helps protect against denial-of-service attacks. Try again later.
11579//
11580//   For information about quotas that affect AWS Organizations, see Quotas for
11581//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11582//   the AWS Organizations User Guide.
11583//
11584//   * UnsupportedAPIEndpointException
11585//   This action isn't available in the current AWS Region.
11586//
11587// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
11588func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) {
11589	req, out := c.ListPoliciesForTargetRequest(input)
11590	return out, req.Send()
11591}
11592
11593// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of
11594// the ability to pass a context and additional request options.
11595//
11596// See ListPoliciesForTarget for details on how to use this API operation.
11597//
11598// The context must be non-nil and will be used for request cancellation. If
11599// the context is nil a panic will occur. In the future the SDK may create
11600// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11601// for more information on using Contexts.
11602func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) {
11603	req, out := c.ListPoliciesForTargetRequest(input)
11604	req.SetContext(ctx)
11605	req.ApplyOptions(opts...)
11606	return out, req.Send()
11607}
11608
11609// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation,
11610// calling the "fn" function with the response data for each page. To stop
11611// iterating, return false from the fn function.
11612//
11613// See ListPoliciesForTarget method for more information on how to use this operation.
11614//
11615// Note: This operation can generate multiple requests to a service.
11616//
11617//    // Example iterating over at most 3 pages of a ListPoliciesForTarget operation.
11618//    pageNum := 0
11619//    err := client.ListPoliciesForTargetPages(params,
11620//        func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
11621//            pageNum++
11622//            fmt.Println(page)
11623//            return pageNum <= 3
11624//        })
11625//
11626func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error {
11627	return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn)
11628}
11629
11630// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except
11631// it takes a Context and allows setting request options on the pages.
11632//
11633// The context must be non-nil and will be used for request cancellation. If
11634// the context is nil a panic will occur. In the future the SDK may create
11635// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11636// for more information on using Contexts.
11637func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error {
11638	p := request.Pagination{
11639		NewRequest: func() (*request.Request, error) {
11640			var inCpy *ListPoliciesForTargetInput
11641			if input != nil {
11642				tmp := *input
11643				inCpy = &tmp
11644			}
11645			req, _ := c.ListPoliciesForTargetRequest(inCpy)
11646			req.SetContext(ctx)
11647			req.ApplyOptions(opts...)
11648			return req, nil
11649		},
11650	}
11651
11652	for p.Next() {
11653		if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) {
11654			break
11655		}
11656	}
11657
11658	return p.Err()
11659}
11660
11661const opListRoots = "ListRoots"
11662
11663// ListRootsRequest generates a "aws/request.Request" representing the
11664// client's request for the ListRoots operation. The "output" return
11665// value will be populated with the request's response once the request completes
11666// successfully.
11667//
11668// Use "Send" method on the returned Request to send the API call to the service.
11669// the "output" return value is not valid until after Send returns without error.
11670//
11671// See ListRoots for more information on using the ListRoots
11672// API call, and error handling.
11673//
11674// This method is useful when you want to inject custom logic or configuration
11675// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11676//
11677//
11678//    // Example sending a request using the ListRootsRequest method.
11679//    req, resp := client.ListRootsRequest(params)
11680//
11681//    err := req.Send()
11682//    if err == nil { // resp is now filled
11683//        fmt.Println(resp)
11684//    }
11685//
11686// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
11687func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) {
11688	op := &request.Operation{
11689		Name:       opListRoots,
11690		HTTPMethod: "POST",
11691		HTTPPath:   "/",
11692		Paginator: &request.Paginator{
11693			InputTokens:     []string{"NextToken"},
11694			OutputTokens:    []string{"NextToken"},
11695			LimitToken:      "MaxResults",
11696			TruncationToken: "",
11697		},
11698	}
11699
11700	if input == nil {
11701		input = &ListRootsInput{}
11702	}
11703
11704	output = &ListRootsOutput{}
11705	req = c.newRequest(op, input, output)
11706	return
11707}
11708
11709// ListRoots API operation for AWS Organizations.
11710//
11711// Lists the roots that are defined in the current organization.
11712//
11713// Always check the NextToken response parameter for a null value when calling
11714// a List* operation. These operations can occasionally return an empty set
11715// of results even when there are more results available. The NextToken response
11716// parameter value is null only when there are no more results to display.
11717//
11718// This operation can be called only from the organization's management account
11719// or by a member account that is a delegated administrator for an AWS service.
11720//
11721// Policy types can be enabled and disabled in roots. This is distinct from
11722// whether they're available in the organization. When you enable all features,
11723// you make policy types available for use in that organization. Individual
11724// policy types can then be enabled and disabled in a root. To see the availability
11725// of a policy type in an organization, use DescribeOrganization.
11726//
11727// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11728// with awserr.Error's Code and Message methods to get detailed information about
11729// the error.
11730//
11731// See the AWS API reference guide for AWS Organizations's
11732// API operation ListRoots for usage and error information.
11733//
11734// Returned Error Types:
11735//   * AccessDeniedException
11736//   You don't have permissions to perform the requested operation. The user or
11737//   role that is making the request must have at least one IAM permissions policy
11738//   attached that grants the required permissions. For more information, see
11739//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11740//   in the IAM User Guide.
11741//
11742//   * AWSOrganizationsNotInUseException
11743//   Your account isn't a member of an organization. To make this request, you
11744//   must use the credentials of an account that belongs to an organization.
11745//
11746//   * InvalidInputException
11747//   The requested operation failed because you provided invalid values for one
11748//   or more of the request parameters. This exception includes a reason that
11749//   contains additional information about the violated limit:
11750//
11751//   Some of the reasons in the following list might not be applicable to this
11752//   specific API or operation.
11753//
11754//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
11755//      the same entity.
11756//
11757//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11758//      can't be modified.
11759//
11760//      * INPUT_REQUIRED: You must include a value for all required parameters.
11761//
11762//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
11763//      for the invited account owner.
11764//
11765//      * INVALID_ENUM: You specified an invalid value.
11766//
11767//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
11768//
11769//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11770//      characters.
11771//
11772//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11773//      at least one invalid value.
11774//
11775//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11776//      from the response to a previous call of the operation.
11777//
11778//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11779//      organization, or email) as a party.
11780//
11781//      * INVALID_PATTERN: You provided a value that doesn't match the required
11782//      pattern.
11783//
11784//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11785//      match the required pattern.
11786//
11787//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11788//      name can't begin with the reserved prefix AWSServiceRoleFor.
11789//
11790//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11791//      Name (ARN) for the organization.
11792//
11793//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11794//
11795//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11796//      tag. You can’t add, edit, or delete system tag keys because they're
11797//      reserved for AWS use. System tags don’t count against your tags per
11798//      resource limit.
11799//
11800//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11801//      for the operation.
11802//
11803//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11804//      than allowed.
11805//
11806//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11807//      value than allowed.
11808//
11809//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11810//      than allowed.
11811//
11812//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11813//      value than allowed.
11814//
11815//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11816//      between entities in the same root.
11817//
11818//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
11819//      target entity.
11820//
11821//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
11822//      isn't recognized.
11823//
11824//   * ServiceException
11825//   AWS Organizations can't complete your request because of an internal service
11826//   error. Try again later.
11827//
11828//   * TooManyRequestsException
11829//   You have sent too many requests in too short a period of time. The quota
11830//   helps protect against denial-of-service attacks. Try again later.
11831//
11832//   For information about quotas that affect AWS Organizations, see Quotas for
11833//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
11834//   the AWS Organizations User Guide.
11835//
11836// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
11837func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) {
11838	req, out := c.ListRootsRequest(input)
11839	return out, req.Send()
11840}
11841
11842// ListRootsWithContext is the same as ListRoots with the addition of
11843// the ability to pass a context and additional request options.
11844//
11845// See ListRoots for details on how to use this API operation.
11846//
11847// The context must be non-nil and will be used for request cancellation. If
11848// the context is nil a panic will occur. In the future the SDK may create
11849// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11850// for more information on using Contexts.
11851func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) {
11852	req, out := c.ListRootsRequest(input)
11853	req.SetContext(ctx)
11854	req.ApplyOptions(opts...)
11855	return out, req.Send()
11856}
11857
11858// ListRootsPages iterates over the pages of a ListRoots operation,
11859// calling the "fn" function with the response data for each page. To stop
11860// iterating, return false from the fn function.
11861//
11862// See ListRoots method for more information on how to use this operation.
11863//
11864// Note: This operation can generate multiple requests to a service.
11865//
11866//    // Example iterating over at most 3 pages of a ListRoots operation.
11867//    pageNum := 0
11868//    err := client.ListRootsPages(params,
11869//        func(page *organizations.ListRootsOutput, lastPage bool) bool {
11870//            pageNum++
11871//            fmt.Println(page)
11872//            return pageNum <= 3
11873//        })
11874//
11875func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error {
11876	return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn)
11877}
11878
11879// ListRootsPagesWithContext same as ListRootsPages except
11880// it takes a Context and allows setting request options on the pages.
11881//
11882// The context must be non-nil and will be used for request cancellation. If
11883// the context is nil a panic will occur. In the future the SDK may create
11884// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11885// for more information on using Contexts.
11886func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error {
11887	p := request.Pagination{
11888		NewRequest: func() (*request.Request, error) {
11889			var inCpy *ListRootsInput
11890			if input != nil {
11891				tmp := *input
11892				inCpy = &tmp
11893			}
11894			req, _ := c.ListRootsRequest(inCpy)
11895			req.SetContext(ctx)
11896			req.ApplyOptions(opts...)
11897			return req, nil
11898		},
11899	}
11900
11901	for p.Next() {
11902		if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) {
11903			break
11904		}
11905	}
11906
11907	return p.Err()
11908}
11909
11910const opListTagsForResource = "ListTagsForResource"
11911
11912// ListTagsForResourceRequest generates a "aws/request.Request" representing the
11913// client's request for the ListTagsForResource operation. The "output" return
11914// value will be populated with the request's response once the request completes
11915// successfully.
11916//
11917// Use "Send" method on the returned Request to send the API call to the service.
11918// the "output" return value is not valid until after Send returns without error.
11919//
11920// See ListTagsForResource for more information on using the ListTagsForResource
11921// API call, and error handling.
11922//
11923// This method is useful when you want to inject custom logic or configuration
11924// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11925//
11926//
11927//    // Example sending a request using the ListTagsForResourceRequest method.
11928//    req, resp := client.ListTagsForResourceRequest(params)
11929//
11930//    err := req.Send()
11931//    if err == nil { // resp is now filled
11932//        fmt.Println(resp)
11933//    }
11934//
11935// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
11936func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
11937	op := &request.Operation{
11938		Name:       opListTagsForResource,
11939		HTTPMethod: "POST",
11940		HTTPPath:   "/",
11941		Paginator: &request.Paginator{
11942			InputTokens:     []string{"NextToken"},
11943			OutputTokens:    []string{"NextToken"},
11944			LimitToken:      "",
11945			TruncationToken: "",
11946		},
11947	}
11948
11949	if input == nil {
11950		input = &ListTagsForResourceInput{}
11951	}
11952
11953	output = &ListTagsForResourceOutput{}
11954	req = c.newRequest(op, input, output)
11955	return
11956}
11957
11958// ListTagsForResource API operation for AWS Organizations.
11959//
11960// Lists tags that are attached to the specified resource.
11961//
11962// You can attach tags to the following resources in AWS Organizations.
11963//
11964//    * AWS account
11965//
11966//    * Organization root
11967//
11968//    * Organizational unit (OU)
11969//
11970//    * Policy (any type)
11971//
11972// This operation can be called only from the organization's management account
11973// or by a member account that is a delegated administrator for an AWS service.
11974//
11975// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11976// with awserr.Error's Code and Message methods to get detailed information about
11977// the error.
11978//
11979// See the AWS API reference guide for AWS Organizations's
11980// API operation ListTagsForResource for usage and error information.
11981//
11982// Returned Error Types:
11983//   * AccessDeniedException
11984//   You don't have permissions to perform the requested operation. The user or
11985//   role that is making the request must have at least one IAM permissions policy
11986//   attached that grants the required permissions. For more information, see
11987//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11988//   in the IAM User Guide.
11989//
11990//   * AWSOrganizationsNotInUseException
11991//   Your account isn't a member of an organization. To make this request, you
11992//   must use the credentials of an account that belongs to an organization.
11993//
11994//   * TargetNotFoundException
11995//   We can't find a root, OU, account, or policy with the TargetId that you specified.
11996//
11997//   * InvalidInputException
11998//   The requested operation failed because you provided invalid values for one
11999//   or more of the request parameters. This exception includes a reason that
12000//   contains additional information about the violated limit:
12001//
12002//   Some of the reasons in the following list might not be applicable to this
12003//   specific API or operation.
12004//
12005//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
12006//      the same entity.
12007//
12008//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12009//      can't be modified.
12010//
12011//      * INPUT_REQUIRED: You must include a value for all required parameters.
12012//
12013//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
12014//      for the invited account owner.
12015//
12016//      * INVALID_ENUM: You specified an invalid value.
12017//
12018//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
12019//
12020//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12021//      characters.
12022//
12023//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12024//      at least one invalid value.
12025//
12026//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12027//      from the response to a previous call of the operation.
12028//
12029//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12030//      organization, or email) as a party.
12031//
12032//      * INVALID_PATTERN: You provided a value that doesn't match the required
12033//      pattern.
12034//
12035//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12036//      match the required pattern.
12037//
12038//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12039//      name can't begin with the reserved prefix AWSServiceRoleFor.
12040//
12041//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12042//      Name (ARN) for the organization.
12043//
12044//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12045//
12046//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12047//      tag. You can’t add, edit, or delete system tag keys because they're
12048//      reserved for AWS use. System tags don’t count against your tags per
12049//      resource limit.
12050//
12051//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12052//      for the operation.
12053//
12054//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12055//      than allowed.
12056//
12057//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12058//      value than allowed.
12059//
12060//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12061//      than allowed.
12062//
12063//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12064//      value than allowed.
12065//
12066//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12067//      between entities in the same root.
12068//
12069//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
12070//      target entity.
12071//
12072//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
12073//      isn't recognized.
12074//
12075//   * ServiceException
12076//   AWS Organizations can't complete your request because of an internal service
12077//   error. Try again later.
12078//
12079//   * TooManyRequestsException
12080//   You have sent too many requests in too short a period of time. The quota
12081//   helps protect against denial-of-service attacks. Try again later.
12082//
12083//   For information about quotas that affect AWS Organizations, see Quotas for
12084//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12085//   the AWS Organizations User Guide.
12086//
12087// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
12088func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
12089	req, out := c.ListTagsForResourceRequest(input)
12090	return out, req.Send()
12091}
12092
12093// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
12094// the ability to pass a context and additional request options.
12095//
12096// See ListTagsForResource for details on how to use this API operation.
12097//
12098// The context must be non-nil and will be used for request cancellation. If
12099// the context is nil a panic will occur. In the future the SDK may create
12100// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12101// for more information on using Contexts.
12102func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
12103	req, out := c.ListTagsForResourceRequest(input)
12104	req.SetContext(ctx)
12105	req.ApplyOptions(opts...)
12106	return out, req.Send()
12107}
12108
12109// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
12110// calling the "fn" function with the response data for each page. To stop
12111// iterating, return false from the fn function.
12112//
12113// See ListTagsForResource method for more information on how to use this operation.
12114//
12115// Note: This operation can generate multiple requests to a service.
12116//
12117//    // Example iterating over at most 3 pages of a ListTagsForResource operation.
12118//    pageNum := 0
12119//    err := client.ListTagsForResourcePages(params,
12120//        func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool {
12121//            pageNum++
12122//            fmt.Println(page)
12123//            return pageNum <= 3
12124//        })
12125//
12126func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
12127	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
12128}
12129
12130// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
12131// it takes a Context and allows setting request options on the pages.
12132//
12133// The context must be non-nil and will be used for request cancellation. If
12134// the context is nil a panic will occur. In the future the SDK may create
12135// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12136// for more information on using Contexts.
12137func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
12138	p := request.Pagination{
12139		NewRequest: func() (*request.Request, error) {
12140			var inCpy *ListTagsForResourceInput
12141			if input != nil {
12142				tmp := *input
12143				inCpy = &tmp
12144			}
12145			req, _ := c.ListTagsForResourceRequest(inCpy)
12146			req.SetContext(ctx)
12147			req.ApplyOptions(opts...)
12148			return req, nil
12149		},
12150	}
12151
12152	for p.Next() {
12153		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
12154			break
12155		}
12156	}
12157
12158	return p.Err()
12159}
12160
12161const opListTargetsForPolicy = "ListTargetsForPolicy"
12162
12163// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the
12164// client's request for the ListTargetsForPolicy operation. The "output" return
12165// value will be populated with the request's response once the request completes
12166// successfully.
12167//
12168// Use "Send" method on the returned Request to send the API call to the service.
12169// the "output" return value is not valid until after Send returns without error.
12170//
12171// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy
12172// API call, and error handling.
12173//
12174// This method is useful when you want to inject custom logic or configuration
12175// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12176//
12177//
12178//    // Example sending a request using the ListTargetsForPolicyRequest method.
12179//    req, resp := client.ListTargetsForPolicyRequest(params)
12180//
12181//    err := req.Send()
12182//    if err == nil { // resp is now filled
12183//        fmt.Println(resp)
12184//    }
12185//
12186// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
12187func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) {
12188	op := &request.Operation{
12189		Name:       opListTargetsForPolicy,
12190		HTTPMethod: "POST",
12191		HTTPPath:   "/",
12192		Paginator: &request.Paginator{
12193			InputTokens:     []string{"NextToken"},
12194			OutputTokens:    []string{"NextToken"},
12195			LimitToken:      "MaxResults",
12196			TruncationToken: "",
12197		},
12198	}
12199
12200	if input == nil {
12201		input = &ListTargetsForPolicyInput{}
12202	}
12203
12204	output = &ListTargetsForPolicyOutput{}
12205	req = c.newRequest(op, input, output)
12206	return
12207}
12208
12209// ListTargetsForPolicy API operation for AWS Organizations.
12210//
12211// Lists all the roots, organizational units (OUs), and accounts that the specified
12212// policy is attached to.
12213//
12214// Always check the NextToken response parameter for a null value when calling
12215// a List* operation. These operations can occasionally return an empty set
12216// of results even when there are more results available. The NextToken response
12217// parameter value is null only when there are no more results to display.
12218//
12219// This operation can be called only from the organization's management account
12220// or by a member account that is a delegated administrator for an AWS service.
12221//
12222// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12223// with awserr.Error's Code and Message methods to get detailed information about
12224// the error.
12225//
12226// See the AWS API reference guide for AWS Organizations's
12227// API operation ListTargetsForPolicy for usage and error information.
12228//
12229// Returned Error Types:
12230//   * AccessDeniedException
12231//   You don't have permissions to perform the requested operation. The user or
12232//   role that is making the request must have at least one IAM permissions policy
12233//   attached that grants the required permissions. For more information, see
12234//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12235//   in the IAM User Guide.
12236//
12237//   * AWSOrganizationsNotInUseException
12238//   Your account isn't a member of an organization. To make this request, you
12239//   must use the credentials of an account that belongs to an organization.
12240//
12241//   * InvalidInputException
12242//   The requested operation failed because you provided invalid values for one
12243//   or more of the request parameters. This exception includes a reason that
12244//   contains additional information about the violated limit:
12245//
12246//   Some of the reasons in the following list might not be applicable to this
12247//   specific API or operation.
12248//
12249//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
12250//      the same entity.
12251//
12252//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12253//      can't be modified.
12254//
12255//      * INPUT_REQUIRED: You must include a value for all required parameters.
12256//
12257//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
12258//      for the invited account owner.
12259//
12260//      * INVALID_ENUM: You specified an invalid value.
12261//
12262//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
12263//
12264//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12265//      characters.
12266//
12267//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12268//      at least one invalid value.
12269//
12270//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12271//      from the response to a previous call of the operation.
12272//
12273//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12274//      organization, or email) as a party.
12275//
12276//      * INVALID_PATTERN: You provided a value that doesn't match the required
12277//      pattern.
12278//
12279//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12280//      match the required pattern.
12281//
12282//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12283//      name can't begin with the reserved prefix AWSServiceRoleFor.
12284//
12285//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12286//      Name (ARN) for the organization.
12287//
12288//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12289//
12290//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12291//      tag. You can’t add, edit, or delete system tag keys because they're
12292//      reserved for AWS use. System tags don’t count against your tags per
12293//      resource limit.
12294//
12295//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12296//      for the operation.
12297//
12298//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12299//      than allowed.
12300//
12301//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12302//      value than allowed.
12303//
12304//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12305//      than allowed.
12306//
12307//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12308//      value than allowed.
12309//
12310//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12311//      between entities in the same root.
12312//
12313//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
12314//      target entity.
12315//
12316//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
12317//      isn't recognized.
12318//
12319//   * PolicyNotFoundException
12320//   We can't find a policy with the PolicyId that you specified.
12321//
12322//   * ServiceException
12323//   AWS Organizations can't complete your request because of an internal service
12324//   error. Try again later.
12325//
12326//   * TooManyRequestsException
12327//   You have sent too many requests in too short a period of time. The quota
12328//   helps protect against denial-of-service attacks. Try again later.
12329//
12330//   For information about quotas that affect AWS Organizations, see Quotas for
12331//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12332//   the AWS Organizations User Guide.
12333//
12334//   * UnsupportedAPIEndpointException
12335//   This action isn't available in the current AWS Region.
12336//
12337// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
12338func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) {
12339	req, out := c.ListTargetsForPolicyRequest(input)
12340	return out, req.Send()
12341}
12342
12343// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of
12344// the ability to pass a context and additional request options.
12345//
12346// See ListTargetsForPolicy for details on how to use this API operation.
12347//
12348// The context must be non-nil and will be used for request cancellation. If
12349// the context is nil a panic will occur. In the future the SDK may create
12350// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12351// for more information on using Contexts.
12352func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) {
12353	req, out := c.ListTargetsForPolicyRequest(input)
12354	req.SetContext(ctx)
12355	req.ApplyOptions(opts...)
12356	return out, req.Send()
12357}
12358
12359// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation,
12360// calling the "fn" function with the response data for each page. To stop
12361// iterating, return false from the fn function.
12362//
12363// See ListTargetsForPolicy method for more information on how to use this operation.
12364//
12365// Note: This operation can generate multiple requests to a service.
12366//
12367//    // Example iterating over at most 3 pages of a ListTargetsForPolicy operation.
12368//    pageNum := 0
12369//    err := client.ListTargetsForPolicyPages(params,
12370//        func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool {
12371//            pageNum++
12372//            fmt.Println(page)
12373//            return pageNum <= 3
12374//        })
12375//
12376func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error {
12377	return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
12378}
12379
12380// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except
12381// it takes a Context and allows setting request options on the pages.
12382//
12383// The context must be non-nil and will be used for request cancellation. If
12384// the context is nil a panic will occur. In the future the SDK may create
12385// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12386// for more information on using Contexts.
12387func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error {
12388	p := request.Pagination{
12389		NewRequest: func() (*request.Request, error) {
12390			var inCpy *ListTargetsForPolicyInput
12391			if input != nil {
12392				tmp := *input
12393				inCpy = &tmp
12394			}
12395			req, _ := c.ListTargetsForPolicyRequest(inCpy)
12396			req.SetContext(ctx)
12397			req.ApplyOptions(opts...)
12398			return req, nil
12399		},
12400	}
12401
12402	for p.Next() {
12403		if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) {
12404			break
12405		}
12406	}
12407
12408	return p.Err()
12409}
12410
12411const opMoveAccount = "MoveAccount"
12412
12413// MoveAccountRequest generates a "aws/request.Request" representing the
12414// client's request for the MoveAccount operation. The "output" return
12415// value will be populated with the request's response once the request completes
12416// successfully.
12417//
12418// Use "Send" method on the returned Request to send the API call to the service.
12419// the "output" return value is not valid until after Send returns without error.
12420//
12421// See MoveAccount for more information on using the MoveAccount
12422// API call, and error handling.
12423//
12424// This method is useful when you want to inject custom logic or configuration
12425// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12426//
12427//
12428//    // Example sending a request using the MoveAccountRequest method.
12429//    req, resp := client.MoveAccountRequest(params)
12430//
12431//    err := req.Send()
12432//    if err == nil { // resp is now filled
12433//        fmt.Println(resp)
12434//    }
12435//
12436// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
12437func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) {
12438	op := &request.Operation{
12439		Name:       opMoveAccount,
12440		HTTPMethod: "POST",
12441		HTTPPath:   "/",
12442	}
12443
12444	if input == nil {
12445		input = &MoveAccountInput{}
12446	}
12447
12448	output = &MoveAccountOutput{}
12449	req = c.newRequest(op, input, output)
12450	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12451	return
12452}
12453
12454// MoveAccount API operation for AWS Organizations.
12455//
12456// Moves an account from its current source parent root or organizational unit
12457// (OU) to the specified destination parent root or OU.
12458//
12459// This operation can be called only from the organization's management account.
12460//
12461// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12462// with awserr.Error's Code and Message methods to get detailed information about
12463// the error.
12464//
12465// See the AWS API reference guide for AWS Organizations's
12466// API operation MoveAccount for usage and error information.
12467//
12468// Returned Error Types:
12469//   * AccessDeniedException
12470//   You don't have permissions to perform the requested operation. The user or
12471//   role that is making the request must have at least one IAM permissions policy
12472//   attached that grants the required permissions. For more information, see
12473//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12474//   in the IAM User Guide.
12475//
12476//   * InvalidInputException
12477//   The requested operation failed because you provided invalid values for one
12478//   or more of the request parameters. This exception includes a reason that
12479//   contains additional information about the violated limit:
12480//
12481//   Some of the reasons in the following list might not be applicable to this
12482//   specific API or operation.
12483//
12484//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
12485//      the same entity.
12486//
12487//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12488//      can't be modified.
12489//
12490//      * INPUT_REQUIRED: You must include a value for all required parameters.
12491//
12492//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
12493//      for the invited account owner.
12494//
12495//      * INVALID_ENUM: You specified an invalid value.
12496//
12497//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
12498//
12499//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12500//      characters.
12501//
12502//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12503//      at least one invalid value.
12504//
12505//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12506//      from the response to a previous call of the operation.
12507//
12508//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12509//      organization, or email) as a party.
12510//
12511//      * INVALID_PATTERN: You provided a value that doesn't match the required
12512//      pattern.
12513//
12514//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12515//      match the required pattern.
12516//
12517//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12518//      name can't begin with the reserved prefix AWSServiceRoleFor.
12519//
12520//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12521//      Name (ARN) for the organization.
12522//
12523//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12524//
12525//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12526//      tag. You can’t add, edit, or delete system tag keys because they're
12527//      reserved for AWS use. System tags don’t count against your tags per
12528//      resource limit.
12529//
12530//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12531//      for the operation.
12532//
12533//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12534//      than allowed.
12535//
12536//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12537//      value than allowed.
12538//
12539//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12540//      than allowed.
12541//
12542//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12543//      value than allowed.
12544//
12545//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12546//      between entities in the same root.
12547//
12548//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
12549//      target entity.
12550//
12551//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
12552//      isn't recognized.
12553//
12554//   * SourceParentNotFoundException
12555//   We can't find a source root or OU with the ParentId that you specified.
12556//
12557//   * DestinationParentNotFoundException
12558//   We can't find the destination container (a root or OU) with the ParentId
12559//   that you specified.
12560//
12561//   * DuplicateAccountException
12562//   That account is already present in the specified destination.
12563//
12564//   * AccountNotFoundException
12565//   We can't find an AWS account with the AccountId that you specified, or the
12566//   account whose credentials you used to make this request isn't a member of
12567//   an organization.
12568//
12569//   * TooManyRequestsException
12570//   You have sent too many requests in too short a period of time. The quota
12571//   helps protect against denial-of-service attacks. Try again later.
12572//
12573//   For information about quotas that affect AWS Organizations, see Quotas for
12574//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12575//   the AWS Organizations User Guide.
12576//
12577//   * ConcurrentModificationException
12578//   The target of the operation is currently being modified by a different request.
12579//   Try again later.
12580//
12581//   * AWSOrganizationsNotInUseException
12582//   Your account isn't a member of an organization. To make this request, you
12583//   must use the credentials of an account that belongs to an organization.
12584//
12585//   * ServiceException
12586//   AWS Organizations can't complete your request because of an internal service
12587//   error. Try again later.
12588//
12589// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
12590func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) {
12591	req, out := c.MoveAccountRequest(input)
12592	return out, req.Send()
12593}
12594
12595// MoveAccountWithContext is the same as MoveAccount with the addition of
12596// the ability to pass a context and additional request options.
12597//
12598// See MoveAccount for details on how to use this API operation.
12599//
12600// The context must be non-nil and will be used for request cancellation. If
12601// the context is nil a panic will occur. In the future the SDK may create
12602// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12603// for more information on using Contexts.
12604func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) {
12605	req, out := c.MoveAccountRequest(input)
12606	req.SetContext(ctx)
12607	req.ApplyOptions(opts...)
12608	return out, req.Send()
12609}
12610
12611const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator"
12612
12613// RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
12614// client's request for the RegisterDelegatedAdministrator operation. The "output" return
12615// value will be populated with the request's response once the request completes
12616// successfully.
12617//
12618// Use "Send" method on the returned Request to send the API call to the service.
12619// the "output" return value is not valid until after Send returns without error.
12620//
12621// See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator
12622// API call, and error handling.
12623//
12624// This method is useful when you want to inject custom logic or configuration
12625// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12626//
12627//
12628//    // Example sending a request using the RegisterDelegatedAdministratorRequest method.
12629//    req, resp := client.RegisterDelegatedAdministratorRequest(params)
12630//
12631//    err := req.Send()
12632//    if err == nil { // resp is now filled
12633//        fmt.Println(resp)
12634//    }
12635//
12636// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
12637func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) {
12638	op := &request.Operation{
12639		Name:       opRegisterDelegatedAdministrator,
12640		HTTPMethod: "POST",
12641		HTTPPath:   "/",
12642	}
12643
12644	if input == nil {
12645		input = &RegisterDelegatedAdministratorInput{}
12646	}
12647
12648	output = &RegisterDelegatedAdministratorOutput{}
12649	req = c.newRequest(op, input, output)
12650	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12651	return
12652}
12653
12654// RegisterDelegatedAdministrator API operation for AWS Organizations.
12655//
12656// Enables the specified member account to administer the Organizations features
12657// of the specified AWS service. It grants read-only access to AWS Organizations
12658// service data. The account still requires IAM permissions to access and administer
12659// the AWS service.
12660//
12661// You can run this action only for AWS services that support this feature.
12662// For a current list of services that support it, see the column Supports Delegated
12663// Administrator in the table at AWS Services that you can use with AWS Organizations
12664// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
12665// in the AWS Organizations User Guide.
12666//
12667// This operation can be called only from the organization's management account.
12668//
12669// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
12670// with awserr.Error's Code and Message methods to get detailed information about
12671// the error.
12672//
12673// See the AWS API reference guide for AWS Organizations's
12674// API operation RegisterDelegatedAdministrator for usage and error information.
12675//
12676// Returned Error Types:
12677//   * AccessDeniedException
12678//   You don't have permissions to perform the requested operation. The user or
12679//   role that is making the request must have at least one IAM permissions policy
12680//   attached that grants the required permissions. For more information, see
12681//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
12682//   in the IAM User Guide.
12683//
12684//   * AccountAlreadyRegisteredException
12685//   The specified account is already a delegated administrator for this AWS service.
12686//
12687//   * AccountNotFoundException
12688//   We can't find an AWS account with the AccountId that you specified, or the
12689//   account whose credentials you used to make this request isn't a member of
12690//   an organization.
12691//
12692//   * AWSOrganizationsNotInUseException
12693//   Your account isn't a member of an organization. To make this request, you
12694//   must use the credentials of an account that belongs to an organization.
12695//
12696//   * ConcurrentModificationException
12697//   The target of the operation is currently being modified by a different request.
12698//   Try again later.
12699//
12700//   * ConstraintViolationException
12701//   Performing this operation violates a minimum or maximum value limit. For
12702//   example, attempting to remove the last service control policy (SCP) from
12703//   an OU or root, inviting or creating too many accounts to the organization,
12704//   or attaching too many policies to an account, OU, or root. This exception
12705//   includes a reason that contains additional information about the violated
12706//   limit:
12707//
12708//   Some of the reasons in the following list might not be applicable to this
12709//   specific API or operation.
12710//
12711//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
12712//      account from the organization. You can't remove the management account.
12713//      Instead, after you remove all member accounts, delete the organization
12714//      itself.
12715//
12716//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
12717//      from the organization that doesn't yet have enough information to exist
12718//      as a standalone account. This account requires you to first agree to the
12719//      AWS Customer Agreement. Follow the steps at Removing a member account
12720//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
12721//      the AWS Organizations User Guide.
12722//
12723//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
12724//      an account from the organization that doesn't yet have enough information
12725//      to exist as a standalone account. This account requires you to first complete
12726//      phone verification. Follow the steps at Removing a member account from
12727//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
12728//      in the AWS Organizations User Guide.
12729//
12730//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
12731//      of accounts that you can create in one day.
12732//
12733//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
12734//      the number of accounts in an organization. If you need more accounts,
12735//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
12736//      request an increase in your limit. Or the number of invitations that you
12737//      tried to send would cause you to exceed the limit of accounts in your
12738//      organization. Send fewer invitations or contact AWS Support to request
12739//      an increase in the number of accounts. Deleted and closed accounts still
12740//      count toward your limit. If you get this exception when running a command
12741//      immediately after creating the organization, wait one hour and try again.
12742//      After an hour, if the command continues to fail with this error, contact
12743//      AWS Support (https://console.aws.amazon.com/support/home#/).
12744//
12745//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
12746//      register the management account of the organization as a delegated administrator
12747//      for an AWS service integrated with Organizations. You can designate only
12748//      a member account as a delegated administrator.
12749//
12750//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
12751//      an account that is registered as a delegated administrator for a service
12752//      integrated with your organization. To complete this operation, you must
12753//      first deregister this account as a delegated administrator.
12754//
12755//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
12756//      organization in the specified region, you must enable all features mode.
12757//
12758//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
12759//      an AWS account as a delegated administrator for an AWS service that already
12760//      has a delegated administrator. To complete this operation, you must first
12761//      deregister any existing delegated administrators for this service.
12762//
12763//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
12764//      valid for a limited period of time. You must resubmit the request and
12765//      generate a new verfication code.
12766//
12767//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
12768//      handshakes that you can send in one day.
12769//
12770//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
12771//      in this organization, you first must migrate the organization's management
12772//      account to the marketplace that corresponds to the management account's
12773//      address. For example, accounts with India addresses must be associated
12774//      with the AISPL marketplace. All accounts in an organization must be associated
12775//      with the same marketplace.
12776//
12777//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
12778//      in China. To create an organization, the master must have a valid business
12779//      license. For more information, contact customer support.
12780//
12781//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
12782//      must first provide a valid contact address and phone number for the management
12783//      account. Then try the operation again.
12784//
12785//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
12786//      management account must have an associated account in the AWS GovCloud
12787//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
12788//      in the AWS GovCloud User Guide.
12789//
12790//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
12791//      with this management account, you first must associate a valid payment
12792//      instrument, such as a credit card, with the account. Follow the steps
12793//      at To leave an organization when all required account information has
12794//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12795//      in the AWS Organizations User Guide.
12796//
12797//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
12798//      to register more delegated administrators than allowed for the service
12799//      principal.
12800//
12801//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
12802//      number of policies of a certain type that can be attached to an entity
12803//      at one time.
12804//
12805//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
12806//      on this resource.
12807//
12808//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
12809//      with this member account, you first must associate a valid payment instrument,
12810//      such as a credit card, with the account. Follow the steps at To leave
12811//      an organization when all required account information has not yet been
12812//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
12813//      in the AWS Organizations User Guide.
12814//
12815//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
12816//      policy from an entity that would cause the entity to have fewer than the
12817//      minimum number of policies of a certain type required.
12818//
12819//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
12820//      that requires the organization to be configured to support all features.
12821//      An organization that supports only consolidated billing features can't
12822//      perform this operation.
12823//
12824//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
12825//      too many levels deep.
12826//
12827//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
12828//      that you can have in an organization.
12829//
12830//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
12831//      is larger than the maximum size.
12832//
12833//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
12834//      policies that you can have in an organization.
12835//
12836//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
12837//      tags that are not compliant with the tag policy requirements for this
12838//      account.
12839//
12840//   * InvalidInputException
12841//   The requested operation failed because you provided invalid values for one
12842//   or more of the request parameters. This exception includes a reason that
12843//   contains additional information about the violated limit:
12844//
12845//   Some of the reasons in the following list might not be applicable to this
12846//   specific API or operation.
12847//
12848//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
12849//      the same entity.
12850//
12851//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
12852//      can't be modified.
12853//
12854//      * INPUT_REQUIRED: You must include a value for all required parameters.
12855//
12856//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
12857//      for the invited account owner.
12858//
12859//      * INVALID_ENUM: You specified an invalid value.
12860//
12861//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
12862//
12863//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
12864//      characters.
12865//
12866//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
12867//      at least one invalid value.
12868//
12869//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
12870//      from the response to a previous call of the operation.
12871//
12872//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
12873//      organization, or email) as a party.
12874//
12875//      * INVALID_PATTERN: You provided a value that doesn't match the required
12876//      pattern.
12877//
12878//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
12879//      match the required pattern.
12880//
12881//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
12882//      name can't begin with the reserved prefix AWSServiceRoleFor.
12883//
12884//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
12885//      Name (ARN) for the organization.
12886//
12887//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
12888//
12889//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
12890//      tag. You can’t add, edit, or delete system tag keys because they're
12891//      reserved for AWS use. System tags don’t count against your tags per
12892//      resource limit.
12893//
12894//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
12895//      for the operation.
12896//
12897//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
12898//      than allowed.
12899//
12900//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
12901//      value than allowed.
12902//
12903//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
12904//      than allowed.
12905//
12906//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
12907//      value than allowed.
12908//
12909//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
12910//      between entities in the same root.
12911//
12912//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
12913//      target entity.
12914//
12915//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
12916//      isn't recognized.
12917//
12918//   * TooManyRequestsException
12919//   You have sent too many requests in too short a period of time. The quota
12920//   helps protect against denial-of-service attacks. Try again later.
12921//
12922//   For information about quotas that affect AWS Organizations, see Quotas for
12923//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
12924//   the AWS Organizations User Guide.
12925//
12926//   * ServiceException
12927//   AWS Organizations can't complete your request because of an internal service
12928//   error. Try again later.
12929//
12930//   * UnsupportedAPIEndpointException
12931//   This action isn't available in the current AWS Region.
12932//
12933// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
12934func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) {
12935	req, out := c.RegisterDelegatedAdministratorRequest(input)
12936	return out, req.Send()
12937}
12938
12939// RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of
12940// the ability to pass a context and additional request options.
12941//
12942// See RegisterDelegatedAdministrator for details on how to use this API operation.
12943//
12944// The context must be non-nil and will be used for request cancellation. If
12945// the context is nil a panic will occur. In the future the SDK may create
12946// sub-contexts for http.Requests. See https://golang.org/pkg/context/
12947// for more information on using Contexts.
12948func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) {
12949	req, out := c.RegisterDelegatedAdministratorRequest(input)
12950	req.SetContext(ctx)
12951	req.ApplyOptions(opts...)
12952	return out, req.Send()
12953}
12954
12955const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization"
12956
12957// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the
12958// client's request for the RemoveAccountFromOrganization operation. The "output" return
12959// value will be populated with the request's response once the request completes
12960// successfully.
12961//
12962// Use "Send" method on the returned Request to send the API call to the service.
12963// the "output" return value is not valid until after Send returns without error.
12964//
12965// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization
12966// API call, and error handling.
12967//
12968// This method is useful when you want to inject custom logic or configuration
12969// into the SDK's request lifecycle. Such as custom headers, or retry logic.
12970//
12971//
12972//    // Example sending a request using the RemoveAccountFromOrganizationRequest method.
12973//    req, resp := client.RemoveAccountFromOrganizationRequest(params)
12974//
12975//    err := req.Send()
12976//    if err == nil { // resp is now filled
12977//        fmt.Println(resp)
12978//    }
12979//
12980// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
12981func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) {
12982	op := &request.Operation{
12983		Name:       opRemoveAccountFromOrganization,
12984		HTTPMethod: "POST",
12985		HTTPPath:   "/",
12986	}
12987
12988	if input == nil {
12989		input = &RemoveAccountFromOrganizationInput{}
12990	}
12991
12992	output = &RemoveAccountFromOrganizationOutput{}
12993	req = c.newRequest(op, input, output)
12994	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
12995	return
12996}
12997
12998// RemoveAccountFromOrganization API operation for AWS Organizations.
12999//
13000// Removes the specified account from the organization.
13001//
13002// The removed account becomes a standalone account that isn't a member of any
13003// organization. It's no longer subject to any policies and is responsible for
13004// its own bill payments. The organization's management account is no longer
13005// charged for any expenses accrued by the member account after it's removed
13006// from the organization.
13007//
13008// This operation can be called only from the organization's management account.
13009// Member accounts can remove themselves with LeaveOrganization instead.
13010//
13011//    * You can remove an account from your organization only if the account
13012//    is configured with the information required to operate as a standalone
13013//    account. When you create an account in an organization using the AWS Organizations
13014//    console, API, or CLI commands, the information required of standalone
13015//    accounts is not automatically collected. For an account that you want
13016//    to make standalone, you must choose a support plan, provide and verify
13017//    the required contact information, and provide a current payment method.
13018//    AWS uses the payment method to charge for any billable (not free tier)
13019//    AWS activity that occurs while the account isn't attached to an organization.
13020//    To remove an account that doesn't yet have this information, you must
13021//    sign in as the member account and follow the steps at To leave an organization
13022//    when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13023//    in the AWS Organizations User Guide.
13024//
13025//    * The account that you want to leave must not be a delegated administrator
13026//    account for any AWS service enabled for your organization. If the account
13027//    is a delegated administrator, you must first change the delegated administrator
13028//    account to another account that is remaining in the organization.
13029//
13030//    * After the account leaves the organization, all tags that were attached
13031//    to the account object in the organization are deleted. AWS accounts outside
13032//    of an organization do not support tags.
13033//
13034// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
13035// with awserr.Error's Code and Message methods to get detailed information about
13036// the error.
13037//
13038// See the AWS API reference guide for AWS Organizations's
13039// API operation RemoveAccountFromOrganization for usage and error information.
13040//
13041// Returned Error Types:
13042//   * AccessDeniedException
13043//   You don't have permissions to perform the requested operation. The user or
13044//   role that is making the request must have at least one IAM permissions policy
13045//   attached that grants the required permissions. For more information, see
13046//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13047//   in the IAM User Guide.
13048//
13049//   * AccountNotFoundException
13050//   We can't find an AWS account with the AccountId that you specified, or the
13051//   account whose credentials you used to make this request isn't a member of
13052//   an organization.
13053//
13054//   * AWSOrganizationsNotInUseException
13055//   Your account isn't a member of an organization. To make this request, you
13056//   must use the credentials of an account that belongs to an organization.
13057//
13058//   * ConcurrentModificationException
13059//   The target of the operation is currently being modified by a different request.
13060//   Try again later.
13061//
13062//   * ConstraintViolationException
13063//   Performing this operation violates a minimum or maximum value limit. For
13064//   example, attempting to remove the last service control policy (SCP) from
13065//   an OU or root, inviting or creating too many accounts to the organization,
13066//   or attaching too many policies to an account, OU, or root. This exception
13067//   includes a reason that contains additional information about the violated
13068//   limit:
13069//
13070//   Some of the reasons in the following list might not be applicable to this
13071//   specific API or operation.
13072//
13073//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
13074//      account from the organization. You can't remove the management account.
13075//      Instead, after you remove all member accounts, delete the organization
13076//      itself.
13077//
13078//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
13079//      from the organization that doesn't yet have enough information to exist
13080//      as a standalone account. This account requires you to first agree to the
13081//      AWS Customer Agreement. Follow the steps at Removing a member account
13082//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
13083//      the AWS Organizations User Guide.
13084//
13085//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
13086//      an account from the organization that doesn't yet have enough information
13087//      to exist as a standalone account. This account requires you to first complete
13088//      phone verification. Follow the steps at Removing a member account from
13089//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
13090//      in the AWS Organizations User Guide.
13091//
13092//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
13093//      of accounts that you can create in one day.
13094//
13095//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
13096//      the number of accounts in an organization. If you need more accounts,
13097//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
13098//      request an increase in your limit. Or the number of invitations that you
13099//      tried to send would cause you to exceed the limit of accounts in your
13100//      organization. Send fewer invitations or contact AWS Support to request
13101//      an increase in the number of accounts. Deleted and closed accounts still
13102//      count toward your limit. If you get this exception when running a command
13103//      immediately after creating the organization, wait one hour and try again.
13104//      After an hour, if the command continues to fail with this error, contact
13105//      AWS Support (https://console.aws.amazon.com/support/home#/).
13106//
13107//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
13108//      register the management account of the organization as a delegated administrator
13109//      for an AWS service integrated with Organizations. You can designate only
13110//      a member account as a delegated administrator.
13111//
13112//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
13113//      an account that is registered as a delegated administrator for a service
13114//      integrated with your organization. To complete this operation, you must
13115//      first deregister this account as a delegated administrator.
13116//
13117//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
13118//      organization in the specified region, you must enable all features mode.
13119//
13120//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
13121//      an AWS account as a delegated administrator for an AWS service that already
13122//      has a delegated administrator. To complete this operation, you must first
13123//      deregister any existing delegated administrators for this service.
13124//
13125//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
13126//      valid for a limited period of time. You must resubmit the request and
13127//      generate a new verfication code.
13128//
13129//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
13130//      handshakes that you can send in one day.
13131//
13132//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
13133//      in this organization, you first must migrate the organization's management
13134//      account to the marketplace that corresponds to the management account's
13135//      address. For example, accounts with India addresses must be associated
13136//      with the AISPL marketplace. All accounts in an organization must be associated
13137//      with the same marketplace.
13138//
13139//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
13140//      in China. To create an organization, the master must have a valid business
13141//      license. For more information, contact customer support.
13142//
13143//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
13144//      must first provide a valid contact address and phone number for the management
13145//      account. Then try the operation again.
13146//
13147//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
13148//      management account must have an associated account in the AWS GovCloud
13149//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
13150//      in the AWS GovCloud User Guide.
13151//
13152//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
13153//      with this management account, you first must associate a valid payment
13154//      instrument, such as a credit card, with the account. Follow the steps
13155//      at To leave an organization when all required account information has
13156//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13157//      in the AWS Organizations User Guide.
13158//
13159//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
13160//      to register more delegated administrators than allowed for the service
13161//      principal.
13162//
13163//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
13164//      number of policies of a certain type that can be attached to an entity
13165//      at one time.
13166//
13167//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
13168//      on this resource.
13169//
13170//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
13171//      with this member account, you first must associate a valid payment instrument,
13172//      such as a credit card, with the account. Follow the steps at To leave
13173//      an organization when all required account information has not yet been
13174//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13175//      in the AWS Organizations User Guide.
13176//
13177//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
13178//      policy from an entity that would cause the entity to have fewer than the
13179//      minimum number of policies of a certain type required.
13180//
13181//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
13182//      that requires the organization to be configured to support all features.
13183//      An organization that supports only consolidated billing features can't
13184//      perform this operation.
13185//
13186//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
13187//      too many levels deep.
13188//
13189//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
13190//      that you can have in an organization.
13191//
13192//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
13193//      is larger than the maximum size.
13194//
13195//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
13196//      policies that you can have in an organization.
13197//
13198//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
13199//      tags that are not compliant with the tag policy requirements for this
13200//      account.
13201//
13202//   * InvalidInputException
13203//   The requested operation failed because you provided invalid values for one
13204//   or more of the request parameters. This exception includes a reason that
13205//   contains additional information about the violated limit:
13206//
13207//   Some of the reasons in the following list might not be applicable to this
13208//   specific API or operation.
13209//
13210//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
13211//      the same entity.
13212//
13213//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
13214//      can't be modified.
13215//
13216//      * INPUT_REQUIRED: You must include a value for all required parameters.
13217//
13218//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
13219//      for the invited account owner.
13220//
13221//      * INVALID_ENUM: You specified an invalid value.
13222//
13223//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
13224//
13225//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
13226//      characters.
13227//
13228//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
13229//      at least one invalid value.
13230//
13231//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
13232//      from the response to a previous call of the operation.
13233//
13234//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
13235//      organization, or email) as a party.
13236//
13237//      * INVALID_PATTERN: You provided a value that doesn't match the required
13238//      pattern.
13239//
13240//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
13241//      match the required pattern.
13242//
13243//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
13244//      name can't begin with the reserved prefix AWSServiceRoleFor.
13245//
13246//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
13247//      Name (ARN) for the organization.
13248//
13249//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
13250//
13251//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
13252//      tag. You can’t add, edit, or delete system tag keys because they're
13253//      reserved for AWS use. System tags don’t count against your tags per
13254//      resource limit.
13255//
13256//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13257//      for the operation.
13258//
13259//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13260//      than allowed.
13261//
13262//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13263//      value than allowed.
13264//
13265//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13266//      than allowed.
13267//
13268//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13269//      value than allowed.
13270//
13271//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13272//      between entities in the same root.
13273//
13274//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
13275//      target entity.
13276//
13277//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
13278//      isn't recognized.
13279//
13280//   * MasterCannotLeaveOrganizationException
13281//   You can't remove a management account from an organization. If you want the
13282//   management account to become a member account in another organization, you
13283//   must first delete the current organization of the management account.
13284//
13285//   * ServiceException
13286//   AWS Organizations can't complete your request because of an internal service
13287//   error. Try again later.
13288//
13289//   * TooManyRequestsException
13290//   You have sent too many requests in too short a period of time. The quota
13291//   helps protect against denial-of-service attacks. Try again later.
13292//
13293//   For information about quotas that affect AWS Organizations, see Quotas for
13294//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13295//   the AWS Organizations User Guide.
13296//
13297// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
13298func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) {
13299	req, out := c.RemoveAccountFromOrganizationRequest(input)
13300	return out, req.Send()
13301}
13302
13303// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of
13304// the ability to pass a context and additional request options.
13305//
13306// See RemoveAccountFromOrganization for details on how to use this API operation.
13307//
13308// The context must be non-nil and will be used for request cancellation. If
13309// the context is nil a panic will occur. In the future the SDK may create
13310// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13311// for more information on using Contexts.
13312func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) {
13313	req, out := c.RemoveAccountFromOrganizationRequest(input)
13314	req.SetContext(ctx)
13315	req.ApplyOptions(opts...)
13316	return out, req.Send()
13317}
13318
13319const opTagResource = "TagResource"
13320
13321// TagResourceRequest generates a "aws/request.Request" representing the
13322// client's request for the TagResource operation. The "output" return
13323// value will be populated with the request's response once the request completes
13324// successfully.
13325//
13326// Use "Send" method on the returned Request to send the API call to the service.
13327// the "output" return value is not valid until after Send returns without error.
13328//
13329// See TagResource for more information on using the TagResource
13330// API call, and error handling.
13331//
13332// This method is useful when you want to inject custom logic or configuration
13333// into the SDK's request lifecycle. Such as custom headers, or retry logic.
13334//
13335//
13336//    // Example sending a request using the TagResourceRequest method.
13337//    req, resp := client.TagResourceRequest(params)
13338//
13339//    err := req.Send()
13340//    if err == nil { // resp is now filled
13341//        fmt.Println(resp)
13342//    }
13343//
13344// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
13345func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
13346	op := &request.Operation{
13347		Name:       opTagResource,
13348		HTTPMethod: "POST",
13349		HTTPPath:   "/",
13350	}
13351
13352	if input == nil {
13353		input = &TagResourceInput{}
13354	}
13355
13356	output = &TagResourceOutput{}
13357	req = c.newRequest(op, input, output)
13358	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
13359	return
13360}
13361
13362// TagResource API operation for AWS Organizations.
13363//
13364// Adds one or more tags to the specified resource.
13365//
13366// Currently, you can attach tags to the following resources in AWS Organizations.
13367//
13368//    * AWS account
13369//
13370//    * Organization root
13371//
13372//    * Organizational unit (OU)
13373//
13374//    * Policy (any type)
13375//
13376// This operation can be called only from the organization's management account.
13377//
13378// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
13379// with awserr.Error's Code and Message methods to get detailed information about
13380// the error.
13381//
13382// See the AWS API reference guide for AWS Organizations's
13383// API operation TagResource for usage and error information.
13384//
13385// Returned Error Types:
13386//   * AccessDeniedException
13387//   You don't have permissions to perform the requested operation. The user or
13388//   role that is making the request must have at least one IAM permissions policy
13389//   attached that grants the required permissions. For more information, see
13390//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13391//   in the IAM User Guide.
13392//
13393//   * ConcurrentModificationException
13394//   The target of the operation is currently being modified by a different request.
13395//   Try again later.
13396//
13397//   * AWSOrganizationsNotInUseException
13398//   Your account isn't a member of an organization. To make this request, you
13399//   must use the credentials of an account that belongs to an organization.
13400//
13401//   * TargetNotFoundException
13402//   We can't find a root, OU, account, or policy with the TargetId that you specified.
13403//
13404//   * ConstraintViolationException
13405//   Performing this operation violates a minimum or maximum value limit. For
13406//   example, attempting to remove the last service control policy (SCP) from
13407//   an OU or root, inviting or creating too many accounts to the organization,
13408//   or attaching too many policies to an account, OU, or root. This exception
13409//   includes a reason that contains additional information about the violated
13410//   limit:
13411//
13412//   Some of the reasons in the following list might not be applicable to this
13413//   specific API or operation.
13414//
13415//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
13416//      account from the organization. You can't remove the management account.
13417//      Instead, after you remove all member accounts, delete the organization
13418//      itself.
13419//
13420//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
13421//      from the organization that doesn't yet have enough information to exist
13422//      as a standalone account. This account requires you to first agree to the
13423//      AWS Customer Agreement. Follow the steps at Removing a member account
13424//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
13425//      the AWS Organizations User Guide.
13426//
13427//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
13428//      an account from the organization that doesn't yet have enough information
13429//      to exist as a standalone account. This account requires you to first complete
13430//      phone verification. Follow the steps at Removing a member account from
13431//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
13432//      in the AWS Organizations User Guide.
13433//
13434//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
13435//      of accounts that you can create in one day.
13436//
13437//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
13438//      the number of accounts in an organization. If you need more accounts,
13439//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
13440//      request an increase in your limit. Or the number of invitations that you
13441//      tried to send would cause you to exceed the limit of accounts in your
13442//      organization. Send fewer invitations or contact AWS Support to request
13443//      an increase in the number of accounts. Deleted and closed accounts still
13444//      count toward your limit. If you get this exception when running a command
13445//      immediately after creating the organization, wait one hour and try again.
13446//      After an hour, if the command continues to fail with this error, contact
13447//      AWS Support (https://console.aws.amazon.com/support/home#/).
13448//
13449//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
13450//      register the management account of the organization as a delegated administrator
13451//      for an AWS service integrated with Organizations. You can designate only
13452//      a member account as a delegated administrator.
13453//
13454//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
13455//      an account that is registered as a delegated administrator for a service
13456//      integrated with your organization. To complete this operation, you must
13457//      first deregister this account as a delegated administrator.
13458//
13459//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
13460//      organization in the specified region, you must enable all features mode.
13461//
13462//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
13463//      an AWS account as a delegated administrator for an AWS service that already
13464//      has a delegated administrator. To complete this operation, you must first
13465//      deregister any existing delegated administrators for this service.
13466//
13467//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
13468//      valid for a limited period of time. You must resubmit the request and
13469//      generate a new verfication code.
13470//
13471//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
13472//      handshakes that you can send in one day.
13473//
13474//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
13475//      in this organization, you first must migrate the organization's management
13476//      account to the marketplace that corresponds to the management account's
13477//      address. For example, accounts with India addresses must be associated
13478//      with the AISPL marketplace. All accounts in an organization must be associated
13479//      with the same marketplace.
13480//
13481//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
13482//      in China. To create an organization, the master must have a valid business
13483//      license. For more information, contact customer support.
13484//
13485//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
13486//      must first provide a valid contact address and phone number for the management
13487//      account. Then try the operation again.
13488//
13489//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
13490//      management account must have an associated account in the AWS GovCloud
13491//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
13492//      in the AWS GovCloud User Guide.
13493//
13494//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
13495//      with this management account, you first must associate a valid payment
13496//      instrument, such as a credit card, with the account. Follow the steps
13497//      at To leave an organization when all required account information has
13498//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13499//      in the AWS Organizations User Guide.
13500//
13501//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
13502//      to register more delegated administrators than allowed for the service
13503//      principal.
13504//
13505//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
13506//      number of policies of a certain type that can be attached to an entity
13507//      at one time.
13508//
13509//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
13510//      on this resource.
13511//
13512//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
13513//      with this member account, you first must associate a valid payment instrument,
13514//      such as a credit card, with the account. Follow the steps at To leave
13515//      an organization when all required account information has not yet been
13516//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13517//      in the AWS Organizations User Guide.
13518//
13519//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
13520//      policy from an entity that would cause the entity to have fewer than the
13521//      minimum number of policies of a certain type required.
13522//
13523//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
13524//      that requires the organization to be configured to support all features.
13525//      An organization that supports only consolidated billing features can't
13526//      perform this operation.
13527//
13528//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
13529//      too many levels deep.
13530//
13531//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
13532//      that you can have in an organization.
13533//
13534//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
13535//      is larger than the maximum size.
13536//
13537//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
13538//      policies that you can have in an organization.
13539//
13540//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
13541//      tags that are not compliant with the tag policy requirements for this
13542//      account.
13543//
13544//   * InvalidInputException
13545//   The requested operation failed because you provided invalid values for one
13546//   or more of the request parameters. This exception includes a reason that
13547//   contains additional information about the violated limit:
13548//
13549//   Some of the reasons in the following list might not be applicable to this
13550//   specific API or operation.
13551//
13552//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
13553//      the same entity.
13554//
13555//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
13556//      can't be modified.
13557//
13558//      * INPUT_REQUIRED: You must include a value for all required parameters.
13559//
13560//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
13561//      for the invited account owner.
13562//
13563//      * INVALID_ENUM: You specified an invalid value.
13564//
13565//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
13566//
13567//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
13568//      characters.
13569//
13570//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
13571//      at least one invalid value.
13572//
13573//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
13574//      from the response to a previous call of the operation.
13575//
13576//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
13577//      organization, or email) as a party.
13578//
13579//      * INVALID_PATTERN: You provided a value that doesn't match the required
13580//      pattern.
13581//
13582//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
13583//      match the required pattern.
13584//
13585//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
13586//      name can't begin with the reserved prefix AWSServiceRoleFor.
13587//
13588//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
13589//      Name (ARN) for the organization.
13590//
13591//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
13592//
13593//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
13594//      tag. You can’t add, edit, or delete system tag keys because they're
13595//      reserved for AWS use. System tags don’t count against your tags per
13596//      resource limit.
13597//
13598//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13599//      for the operation.
13600//
13601//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13602//      than allowed.
13603//
13604//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13605//      value than allowed.
13606//
13607//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13608//      than allowed.
13609//
13610//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13611//      value than allowed.
13612//
13613//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13614//      between entities in the same root.
13615//
13616//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
13617//      target entity.
13618//
13619//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
13620//      isn't recognized.
13621//
13622//   * ServiceException
13623//   AWS Organizations can't complete your request because of an internal service
13624//   error. Try again later.
13625//
13626//   * TooManyRequestsException
13627//   You have sent too many requests in too short a period of time. The quota
13628//   helps protect against denial-of-service attacks. Try again later.
13629//
13630//   For information about quotas that affect AWS Organizations, see Quotas for
13631//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13632//   the AWS Organizations User Guide.
13633//
13634// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
13635func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
13636	req, out := c.TagResourceRequest(input)
13637	return out, req.Send()
13638}
13639
13640// TagResourceWithContext is the same as TagResource with the addition of
13641// the ability to pass a context and additional request options.
13642//
13643// See TagResource for details on how to use this API operation.
13644//
13645// The context must be non-nil and will be used for request cancellation. If
13646// the context is nil a panic will occur. In the future the SDK may create
13647// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13648// for more information on using Contexts.
13649func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
13650	req, out := c.TagResourceRequest(input)
13651	req.SetContext(ctx)
13652	req.ApplyOptions(opts...)
13653	return out, req.Send()
13654}
13655
13656const opUntagResource = "UntagResource"
13657
13658// UntagResourceRequest generates a "aws/request.Request" representing the
13659// client's request for the UntagResource operation. The "output" return
13660// value will be populated with the request's response once the request completes
13661// successfully.
13662//
13663// Use "Send" method on the returned Request to send the API call to the service.
13664// the "output" return value is not valid until after Send returns without error.
13665//
13666// See UntagResource for more information on using the UntagResource
13667// API call, and error handling.
13668//
13669// This method is useful when you want to inject custom logic or configuration
13670// into the SDK's request lifecycle. Such as custom headers, or retry logic.
13671//
13672//
13673//    // Example sending a request using the UntagResourceRequest method.
13674//    req, resp := client.UntagResourceRequest(params)
13675//
13676//    err := req.Send()
13677//    if err == nil { // resp is now filled
13678//        fmt.Println(resp)
13679//    }
13680//
13681// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
13682func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
13683	op := &request.Operation{
13684		Name:       opUntagResource,
13685		HTTPMethod: "POST",
13686		HTTPPath:   "/",
13687	}
13688
13689	if input == nil {
13690		input = &UntagResourceInput{}
13691	}
13692
13693	output = &UntagResourceOutput{}
13694	req = c.newRequest(op, input, output)
13695	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
13696	return
13697}
13698
13699// UntagResource API operation for AWS Organizations.
13700//
13701// Removes any tags with the specified keys from the specified resource.
13702//
13703// You can attach tags to the following resources in AWS Organizations.
13704//
13705//    * AWS account
13706//
13707//    * Organization root
13708//
13709//    * Organizational unit (OU)
13710//
13711//    * Policy (any type)
13712//
13713// This operation can be called only from the organization's management account.
13714//
13715// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
13716// with awserr.Error's Code and Message methods to get detailed information about
13717// the error.
13718//
13719// See the AWS API reference guide for AWS Organizations's
13720// API operation UntagResource for usage and error information.
13721//
13722// Returned Error Types:
13723//   * AccessDeniedException
13724//   You don't have permissions to perform the requested operation. The user or
13725//   role that is making the request must have at least one IAM permissions policy
13726//   attached that grants the required permissions. For more information, see
13727//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
13728//   in the IAM User Guide.
13729//
13730//   * ConcurrentModificationException
13731//   The target of the operation is currently being modified by a different request.
13732//   Try again later.
13733//
13734//   * AWSOrganizationsNotInUseException
13735//   Your account isn't a member of an organization. To make this request, you
13736//   must use the credentials of an account that belongs to an organization.
13737//
13738//   * TargetNotFoundException
13739//   We can't find a root, OU, account, or policy with the TargetId that you specified.
13740//
13741//   * ConstraintViolationException
13742//   Performing this operation violates a minimum or maximum value limit. For
13743//   example, attempting to remove the last service control policy (SCP) from
13744//   an OU or root, inviting or creating too many accounts to the organization,
13745//   or attaching too many policies to an account, OU, or root. This exception
13746//   includes a reason that contains additional information about the violated
13747//   limit:
13748//
13749//   Some of the reasons in the following list might not be applicable to this
13750//   specific API or operation.
13751//
13752//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
13753//      account from the organization. You can't remove the management account.
13754//      Instead, after you remove all member accounts, delete the organization
13755//      itself.
13756//
13757//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
13758//      from the organization that doesn't yet have enough information to exist
13759//      as a standalone account. This account requires you to first agree to the
13760//      AWS Customer Agreement. Follow the steps at Removing a member account
13761//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
13762//      the AWS Organizations User Guide.
13763//
13764//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
13765//      an account from the organization that doesn't yet have enough information
13766//      to exist as a standalone account. This account requires you to first complete
13767//      phone verification. Follow the steps at Removing a member account from
13768//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
13769//      in the AWS Organizations User Guide.
13770//
13771//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
13772//      of accounts that you can create in one day.
13773//
13774//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
13775//      the number of accounts in an organization. If you need more accounts,
13776//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
13777//      request an increase in your limit. Or the number of invitations that you
13778//      tried to send would cause you to exceed the limit of accounts in your
13779//      organization. Send fewer invitations or contact AWS Support to request
13780//      an increase in the number of accounts. Deleted and closed accounts still
13781//      count toward your limit. If you get this exception when running a command
13782//      immediately after creating the organization, wait one hour and try again.
13783//      After an hour, if the command continues to fail with this error, contact
13784//      AWS Support (https://console.aws.amazon.com/support/home#/).
13785//
13786//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
13787//      register the management account of the organization as a delegated administrator
13788//      for an AWS service integrated with Organizations. You can designate only
13789//      a member account as a delegated administrator.
13790//
13791//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
13792//      an account that is registered as a delegated administrator for a service
13793//      integrated with your organization. To complete this operation, you must
13794//      first deregister this account as a delegated administrator.
13795//
13796//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
13797//      organization in the specified region, you must enable all features mode.
13798//
13799//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
13800//      an AWS account as a delegated administrator for an AWS service that already
13801//      has a delegated administrator. To complete this operation, you must first
13802//      deregister any existing delegated administrators for this service.
13803//
13804//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
13805//      valid for a limited period of time. You must resubmit the request and
13806//      generate a new verfication code.
13807//
13808//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
13809//      handshakes that you can send in one day.
13810//
13811//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
13812//      in this organization, you first must migrate the organization's management
13813//      account to the marketplace that corresponds to the management account's
13814//      address. For example, accounts with India addresses must be associated
13815//      with the AISPL marketplace. All accounts in an organization must be associated
13816//      with the same marketplace.
13817//
13818//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
13819//      in China. To create an organization, the master must have a valid business
13820//      license. For more information, contact customer support.
13821//
13822//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
13823//      must first provide a valid contact address and phone number for the management
13824//      account. Then try the operation again.
13825//
13826//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
13827//      management account must have an associated account in the AWS GovCloud
13828//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
13829//      in the AWS GovCloud User Guide.
13830//
13831//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
13832//      with this management account, you first must associate a valid payment
13833//      instrument, such as a credit card, with the account. Follow the steps
13834//      at To leave an organization when all required account information has
13835//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13836//      in the AWS Organizations User Guide.
13837//
13838//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
13839//      to register more delegated administrators than allowed for the service
13840//      principal.
13841//
13842//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
13843//      number of policies of a certain type that can be attached to an entity
13844//      at one time.
13845//
13846//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
13847//      on this resource.
13848//
13849//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
13850//      with this member account, you first must associate a valid payment instrument,
13851//      such as a credit card, with the account. Follow the steps at To leave
13852//      an organization when all required account information has not yet been
13853//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
13854//      in the AWS Organizations User Guide.
13855//
13856//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
13857//      policy from an entity that would cause the entity to have fewer than the
13858//      minimum number of policies of a certain type required.
13859//
13860//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
13861//      that requires the organization to be configured to support all features.
13862//      An organization that supports only consolidated billing features can't
13863//      perform this operation.
13864//
13865//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
13866//      too many levels deep.
13867//
13868//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
13869//      that you can have in an organization.
13870//
13871//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
13872//      is larger than the maximum size.
13873//
13874//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
13875//      policies that you can have in an organization.
13876//
13877//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
13878//      tags that are not compliant with the tag policy requirements for this
13879//      account.
13880//
13881//   * InvalidInputException
13882//   The requested operation failed because you provided invalid values for one
13883//   or more of the request parameters. This exception includes a reason that
13884//   contains additional information about the violated limit:
13885//
13886//   Some of the reasons in the following list might not be applicable to this
13887//   specific API or operation.
13888//
13889//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
13890//      the same entity.
13891//
13892//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
13893//      can't be modified.
13894//
13895//      * INPUT_REQUIRED: You must include a value for all required parameters.
13896//
13897//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
13898//      for the invited account owner.
13899//
13900//      * INVALID_ENUM: You specified an invalid value.
13901//
13902//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
13903//
13904//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
13905//      characters.
13906//
13907//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
13908//      at least one invalid value.
13909//
13910//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
13911//      from the response to a previous call of the operation.
13912//
13913//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
13914//      organization, or email) as a party.
13915//
13916//      * INVALID_PATTERN: You provided a value that doesn't match the required
13917//      pattern.
13918//
13919//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
13920//      match the required pattern.
13921//
13922//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
13923//      name can't begin with the reserved prefix AWSServiceRoleFor.
13924//
13925//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
13926//      Name (ARN) for the organization.
13927//
13928//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
13929//
13930//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
13931//      tag. You can’t add, edit, or delete system tag keys because they're
13932//      reserved for AWS use. System tags don’t count against your tags per
13933//      resource limit.
13934//
13935//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
13936//      for the operation.
13937//
13938//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
13939//      than allowed.
13940//
13941//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
13942//      value than allowed.
13943//
13944//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
13945//      than allowed.
13946//
13947//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
13948//      value than allowed.
13949//
13950//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
13951//      between entities in the same root.
13952//
13953//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
13954//      target entity.
13955//
13956//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
13957//      isn't recognized.
13958//
13959//   * ServiceException
13960//   AWS Organizations can't complete your request because of an internal service
13961//   error. Try again later.
13962//
13963//   * TooManyRequestsException
13964//   You have sent too many requests in too short a period of time. The quota
13965//   helps protect against denial-of-service attacks. Try again later.
13966//
13967//   For information about quotas that affect AWS Organizations, see Quotas for
13968//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
13969//   the AWS Organizations User Guide.
13970//
13971// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
13972func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
13973	req, out := c.UntagResourceRequest(input)
13974	return out, req.Send()
13975}
13976
13977// UntagResourceWithContext is the same as UntagResource with the addition of
13978// the ability to pass a context and additional request options.
13979//
13980// See UntagResource for details on how to use this API operation.
13981//
13982// The context must be non-nil and will be used for request cancellation. If
13983// the context is nil a panic will occur. In the future the SDK may create
13984// sub-contexts for http.Requests. See https://golang.org/pkg/context/
13985// for more information on using Contexts.
13986func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
13987	req, out := c.UntagResourceRequest(input)
13988	req.SetContext(ctx)
13989	req.ApplyOptions(opts...)
13990	return out, req.Send()
13991}
13992
13993const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit"
13994
13995// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the
13996// client's request for the UpdateOrganizationalUnit operation. The "output" return
13997// value will be populated with the request's response once the request completes
13998// successfully.
13999//
14000// Use "Send" method on the returned Request to send the API call to the service.
14001// the "output" return value is not valid until after Send returns without error.
14002//
14003// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit
14004// API call, and error handling.
14005//
14006// This method is useful when you want to inject custom logic or configuration
14007// into the SDK's request lifecycle. Such as custom headers, or retry logic.
14008//
14009//
14010//    // Example sending a request using the UpdateOrganizationalUnitRequest method.
14011//    req, resp := client.UpdateOrganizationalUnitRequest(params)
14012//
14013//    err := req.Send()
14014//    if err == nil { // resp is now filled
14015//        fmt.Println(resp)
14016//    }
14017//
14018// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
14019func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) {
14020	op := &request.Operation{
14021		Name:       opUpdateOrganizationalUnit,
14022		HTTPMethod: "POST",
14023		HTTPPath:   "/",
14024	}
14025
14026	if input == nil {
14027		input = &UpdateOrganizationalUnitInput{}
14028	}
14029
14030	output = &UpdateOrganizationalUnitOutput{}
14031	req = c.newRequest(op, input, output)
14032	return
14033}
14034
14035// UpdateOrganizationalUnit API operation for AWS Organizations.
14036//
14037// Renames the specified organizational unit (OU). The ID and ARN don't change.
14038// The child OUs and accounts remain in place, and any attached policies of
14039// the OU remain attached.
14040//
14041// This operation can be called only from the organization's management account.
14042//
14043// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
14044// with awserr.Error's Code and Message methods to get detailed information about
14045// the error.
14046//
14047// See the AWS API reference guide for AWS Organizations's
14048// API operation UpdateOrganizationalUnit for usage and error information.
14049//
14050// Returned Error Types:
14051//   * AccessDeniedException
14052//   You don't have permissions to perform the requested operation. The user or
14053//   role that is making the request must have at least one IAM permissions policy
14054//   attached that grants the required permissions. For more information, see
14055//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
14056//   in the IAM User Guide.
14057//
14058//   * AWSOrganizationsNotInUseException
14059//   Your account isn't a member of an organization. To make this request, you
14060//   must use the credentials of an account that belongs to an organization.
14061//
14062//   * ConcurrentModificationException
14063//   The target of the operation is currently being modified by a different request.
14064//   Try again later.
14065//
14066//   * DuplicateOrganizationalUnitException
14067//   An OU with the same name already exists.
14068//
14069//   * InvalidInputException
14070//   The requested operation failed because you provided invalid values for one
14071//   or more of the request parameters. This exception includes a reason that
14072//   contains additional information about the violated limit:
14073//
14074//   Some of the reasons in the following list might not be applicable to this
14075//   specific API or operation.
14076//
14077//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
14078//      the same entity.
14079//
14080//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
14081//      can't be modified.
14082//
14083//      * INPUT_REQUIRED: You must include a value for all required parameters.
14084//
14085//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
14086//      for the invited account owner.
14087//
14088//      * INVALID_ENUM: You specified an invalid value.
14089//
14090//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
14091//
14092//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
14093//      characters.
14094//
14095//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
14096//      at least one invalid value.
14097//
14098//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
14099//      from the response to a previous call of the operation.
14100//
14101//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
14102//      organization, or email) as a party.
14103//
14104//      * INVALID_PATTERN: You provided a value that doesn't match the required
14105//      pattern.
14106//
14107//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
14108//      match the required pattern.
14109//
14110//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
14111//      name can't begin with the reserved prefix AWSServiceRoleFor.
14112//
14113//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
14114//      Name (ARN) for the organization.
14115//
14116//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
14117//
14118//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
14119//      tag. You can’t add, edit, or delete system tag keys because they're
14120//      reserved for AWS use. System tags don’t count against your tags per
14121//      resource limit.
14122//
14123//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
14124//      for the operation.
14125//
14126//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
14127//      than allowed.
14128//
14129//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
14130//      value than allowed.
14131//
14132//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
14133//      than allowed.
14134//
14135//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
14136//      value than allowed.
14137//
14138//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
14139//      between entities in the same root.
14140//
14141//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
14142//      target entity.
14143//
14144//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
14145//      isn't recognized.
14146//
14147//   * OrganizationalUnitNotFoundException
14148//   We can't find an OU with the OrganizationalUnitId that you specified.
14149//
14150//   * ServiceException
14151//   AWS Organizations can't complete your request because of an internal service
14152//   error. Try again later.
14153//
14154//   * TooManyRequestsException
14155//   You have sent too many requests in too short a period of time. The quota
14156//   helps protect against denial-of-service attacks. Try again later.
14157//
14158//   For information about quotas that affect AWS Organizations, see Quotas for
14159//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
14160//   the AWS Organizations User Guide.
14161//
14162// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
14163func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) {
14164	req, out := c.UpdateOrganizationalUnitRequest(input)
14165	return out, req.Send()
14166}
14167
14168// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of
14169// the ability to pass a context and additional request options.
14170//
14171// See UpdateOrganizationalUnit for details on how to use this API operation.
14172//
14173// The context must be non-nil and will be used for request cancellation. If
14174// the context is nil a panic will occur. In the future the SDK may create
14175// sub-contexts for http.Requests. See https://golang.org/pkg/context/
14176// for more information on using Contexts.
14177func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) {
14178	req, out := c.UpdateOrganizationalUnitRequest(input)
14179	req.SetContext(ctx)
14180	req.ApplyOptions(opts...)
14181	return out, req.Send()
14182}
14183
14184const opUpdatePolicy = "UpdatePolicy"
14185
14186// UpdatePolicyRequest generates a "aws/request.Request" representing the
14187// client's request for the UpdatePolicy operation. The "output" return
14188// value will be populated with the request's response once the request completes
14189// successfully.
14190//
14191// Use "Send" method on the returned Request to send the API call to the service.
14192// the "output" return value is not valid until after Send returns without error.
14193//
14194// See UpdatePolicy for more information on using the UpdatePolicy
14195// API call, and error handling.
14196//
14197// This method is useful when you want to inject custom logic or configuration
14198// into the SDK's request lifecycle. Such as custom headers, or retry logic.
14199//
14200//
14201//    // Example sending a request using the UpdatePolicyRequest method.
14202//    req, resp := client.UpdatePolicyRequest(params)
14203//
14204//    err := req.Send()
14205//    if err == nil { // resp is now filled
14206//        fmt.Println(resp)
14207//    }
14208//
14209// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
14210func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
14211	op := &request.Operation{
14212		Name:       opUpdatePolicy,
14213		HTTPMethod: "POST",
14214		HTTPPath:   "/",
14215	}
14216
14217	if input == nil {
14218		input = &UpdatePolicyInput{}
14219	}
14220
14221	output = &UpdatePolicyOutput{}
14222	req = c.newRequest(op, input, output)
14223	return
14224}
14225
14226// UpdatePolicy API operation for AWS Organizations.
14227//
14228// Updates an existing policy with a new name, description, or content. If you
14229// don't supply any parameter, that value remains unchanged. You can't change
14230// a policy's type.
14231//
14232// This operation can be called only from the organization's management account.
14233//
14234// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
14235// with awserr.Error's Code and Message methods to get detailed information about
14236// the error.
14237//
14238// See the AWS API reference guide for AWS Organizations's
14239// API operation UpdatePolicy for usage and error information.
14240//
14241// Returned Error Types:
14242//   * AccessDeniedException
14243//   You don't have permissions to perform the requested operation. The user or
14244//   role that is making the request must have at least one IAM permissions policy
14245//   attached that grants the required permissions. For more information, see
14246//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
14247//   in the IAM User Guide.
14248//
14249//   * AWSOrganizationsNotInUseException
14250//   Your account isn't a member of an organization. To make this request, you
14251//   must use the credentials of an account that belongs to an organization.
14252//
14253//   * ConcurrentModificationException
14254//   The target of the operation is currently being modified by a different request.
14255//   Try again later.
14256//
14257//   * ConstraintViolationException
14258//   Performing this operation violates a minimum or maximum value limit. For
14259//   example, attempting to remove the last service control policy (SCP) from
14260//   an OU or root, inviting or creating too many accounts to the organization,
14261//   or attaching too many policies to an account, OU, or root. This exception
14262//   includes a reason that contains additional information about the violated
14263//   limit:
14264//
14265//   Some of the reasons in the following list might not be applicable to this
14266//   specific API or operation.
14267//
14268//      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
14269//      account from the organization. You can't remove the management account.
14270//      Instead, after you remove all member accounts, delete the organization
14271//      itself.
14272//
14273//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
14274//      from the organization that doesn't yet have enough information to exist
14275//      as a standalone account. This account requires you to first agree to the
14276//      AWS Customer Agreement. Follow the steps at Removing a member account
14277//      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
14278//      the AWS Organizations User Guide.
14279//
14280//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
14281//      an account from the organization that doesn't yet have enough information
14282//      to exist as a standalone account. This account requires you to first complete
14283//      phone verification. Follow the steps at Removing a member account from
14284//      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
14285//      in the AWS Organizations User Guide.
14286//
14287//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
14288//      of accounts that you can create in one day.
14289//
14290//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
14291//      the number of accounts in an organization. If you need more accounts,
14292//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
14293//      request an increase in your limit. Or the number of invitations that you
14294//      tried to send would cause you to exceed the limit of accounts in your
14295//      organization. Send fewer invitations or contact AWS Support to request
14296//      an increase in the number of accounts. Deleted and closed accounts still
14297//      count toward your limit. If you get this exception when running a command
14298//      immediately after creating the organization, wait one hour and try again.
14299//      After an hour, if the command continues to fail with this error, contact
14300//      AWS Support (https://console.aws.amazon.com/support/home#/).
14301//
14302//      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
14303//      register the management account of the organization as a delegated administrator
14304//      for an AWS service integrated with Organizations. You can designate only
14305//      a member account as a delegated administrator.
14306//
14307//      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
14308//      an account that is registered as a delegated administrator for a service
14309//      integrated with your organization. To complete this operation, you must
14310//      first deregister this account as a delegated administrator.
14311//
14312//      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
14313//      organization in the specified region, you must enable all features mode.
14314//
14315//      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
14316//      an AWS account as a delegated administrator for an AWS service that already
14317//      has a delegated administrator. To complete this operation, you must first
14318//      deregister any existing delegated administrators for this service.
14319//
14320//      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
14321//      valid for a limited period of time. You must resubmit the request and
14322//      generate a new verfication code.
14323//
14324//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
14325//      handshakes that you can send in one day.
14326//
14327//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
14328//      in this organization, you first must migrate the organization's management
14329//      account to the marketplace that corresponds to the management account's
14330//      address. For example, accounts with India addresses must be associated
14331//      with the AISPL marketplace. All accounts in an organization must be associated
14332//      with the same marketplace.
14333//
14334//      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
14335//      in China. To create an organization, the master must have a valid business
14336//      license. For more information, contact customer support.
14337//
14338//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
14339//      must first provide a valid contact address and phone number for the management
14340//      account. Then try the operation again.
14341//
14342//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
14343//      management account must have an associated account in the AWS GovCloud
14344//      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
14345//      in the AWS GovCloud User Guide.
14346//
14347//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
14348//      with this management account, you first must associate a valid payment
14349//      instrument, such as a credit card, with the account. Follow the steps
14350//      at To leave an organization when all required account information has
14351//      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
14352//      in the AWS Organizations User Guide.
14353//
14354//      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
14355//      to register more delegated administrators than allowed for the service
14356//      principal.
14357//
14358//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
14359//      number of policies of a certain type that can be attached to an entity
14360//      at one time.
14361//
14362//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
14363//      on this resource.
14364//
14365//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
14366//      with this member account, you first must associate a valid payment instrument,
14367//      such as a credit card, with the account. Follow the steps at To leave
14368//      an organization when all required account information has not yet been
14369//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
14370//      in the AWS Organizations User Guide.
14371//
14372//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
14373//      policy from an entity that would cause the entity to have fewer than the
14374//      minimum number of policies of a certain type required.
14375//
14376//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
14377//      that requires the organization to be configured to support all features.
14378//      An organization that supports only consolidated billing features can't
14379//      perform this operation.
14380//
14381//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
14382//      too many levels deep.
14383//
14384//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
14385//      that you can have in an organization.
14386//
14387//      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
14388//      is larger than the maximum size.
14389//
14390//      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
14391//      policies that you can have in an organization.
14392//
14393//      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
14394//      tags that are not compliant with the tag policy requirements for this
14395//      account.
14396//
14397//   * DuplicatePolicyException
14398//   A policy with the same name already exists.
14399//
14400//   * InvalidInputException
14401//   The requested operation failed because you provided invalid values for one
14402//   or more of the request parameters. This exception includes a reason that
14403//   contains additional information about the violated limit:
14404//
14405//   Some of the reasons in the following list might not be applicable to this
14406//   specific API or operation.
14407//
14408//      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
14409//      the same entity.
14410//
14411//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
14412//      can't be modified.
14413//
14414//      * INPUT_REQUIRED: You must include a value for all required parameters.
14415//
14416//      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
14417//      for the invited account owner.
14418//
14419//      * INVALID_ENUM: You specified an invalid value.
14420//
14421//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
14422//
14423//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
14424//      characters.
14425//
14426//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
14427//      at least one invalid value.
14428//
14429//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
14430//      from the response to a previous call of the operation.
14431//
14432//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
14433//      organization, or email) as a party.
14434//
14435//      * INVALID_PATTERN: You provided a value that doesn't match the required
14436//      pattern.
14437//
14438//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
14439//      match the required pattern.
14440//
14441//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
14442//      name can't begin with the reserved prefix AWSServiceRoleFor.
14443//
14444//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
14445//      Name (ARN) for the organization.
14446//
14447//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
14448//
14449//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
14450//      tag. You can’t add, edit, or delete system tag keys because they're
14451//      reserved for AWS use. System tags don’t count against your tags per
14452//      resource limit.
14453//
14454//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
14455//      for the operation.
14456//
14457//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
14458//      than allowed.
14459//
14460//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
14461//      value than allowed.
14462//
14463//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
14464//      than allowed.
14465//
14466//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
14467//      value than allowed.
14468//
14469//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
14470//      between entities in the same root.
14471//
14472//      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
14473//      target entity.
14474//
14475//      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
14476//      isn't recognized.
14477//
14478//   * MalformedPolicyDocumentException
14479//   The provided policy document doesn't meet the requirements of the specified
14480//   policy type. For example, the syntax might be incorrect. For details about
14481//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
14482//   in the AWS Organizations User Guide.
14483//
14484//   * PolicyNotFoundException
14485//   We can't find a policy with the PolicyId that you specified.
14486//
14487//   * ServiceException
14488//   AWS Organizations can't complete your request because of an internal service
14489//   error. Try again later.
14490//
14491//   * TooManyRequestsException
14492//   You have sent too many requests in too short a period of time. The quota
14493//   helps protect against denial-of-service attacks. Try again later.
14494//
14495//   For information about quotas that affect AWS Organizations, see Quotas for
14496//   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
14497//   the AWS Organizations User Guide.
14498//
14499//   * UnsupportedAPIEndpointException
14500//   This action isn't available in the current AWS Region.
14501//
14502//   * PolicyChangesInProgressException
14503//   Changes to the effective policy are in progress, and its contents can't be
14504//   returned. Try the operation again later.
14505//
14506// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
14507func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
14508	req, out := c.UpdatePolicyRequest(input)
14509	return out, req.Send()
14510}
14511
14512// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
14513// the ability to pass a context and additional request options.
14514//
14515// See UpdatePolicy for details on how to use this API operation.
14516//
14517// The context must be non-nil and will be used for request cancellation. If
14518// the context is nil a panic will occur. In the future the SDK may create
14519// sub-contexts for http.Requests. See https://golang.org/pkg/context/
14520// for more information on using Contexts.
14521func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
14522	req, out := c.UpdatePolicyRequest(input)
14523	req.SetContext(ctx)
14524	req.ApplyOptions(opts...)
14525	return out, req.Send()
14526}
14527
14528// Your account isn't a member of an organization. To make this request, you
14529// must use the credentials of an account that belongs to an organization.
14530type AWSOrganizationsNotInUseException struct {
14531	_            struct{}                  `type:"structure"`
14532	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14533
14534	Message_ *string `locationName:"Message" type:"string"`
14535}
14536
14537// String returns the string representation
14538func (s AWSOrganizationsNotInUseException) String() string {
14539	return awsutil.Prettify(s)
14540}
14541
14542// GoString returns the string representation
14543func (s AWSOrganizationsNotInUseException) GoString() string {
14544	return s.String()
14545}
14546
14547func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error {
14548	return &AWSOrganizationsNotInUseException{
14549		RespMetadata: v,
14550	}
14551}
14552
14553// Code returns the exception type name.
14554func (s *AWSOrganizationsNotInUseException) Code() string {
14555	return "AWSOrganizationsNotInUseException"
14556}
14557
14558// Message returns the exception's message.
14559func (s *AWSOrganizationsNotInUseException) Message() string {
14560	if s.Message_ != nil {
14561		return *s.Message_
14562	}
14563	return ""
14564}
14565
14566// OrigErr always returns nil, satisfies awserr.Error interface.
14567func (s *AWSOrganizationsNotInUseException) OrigErr() error {
14568	return nil
14569}
14570
14571func (s *AWSOrganizationsNotInUseException) Error() string {
14572	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14573}
14574
14575// Status code returns the HTTP status code for the request's response error.
14576func (s *AWSOrganizationsNotInUseException) StatusCode() int {
14577	return s.RespMetadata.StatusCode
14578}
14579
14580// RequestID returns the service's response RequestID for request.
14581func (s *AWSOrganizationsNotInUseException) RequestID() string {
14582	return s.RespMetadata.RequestID
14583}
14584
14585type AcceptHandshakeInput struct {
14586	_ struct{} `type:"structure"`
14587
14588	// The unique identifier (ID) of the handshake that you want to accept.
14589	//
14590	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
14591	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
14592	//
14593	// HandshakeId is a required field
14594	HandshakeId *string `type:"string" required:"true"`
14595}
14596
14597// String returns the string representation
14598func (s AcceptHandshakeInput) String() string {
14599	return awsutil.Prettify(s)
14600}
14601
14602// GoString returns the string representation
14603func (s AcceptHandshakeInput) GoString() string {
14604	return s.String()
14605}
14606
14607// Validate inspects the fields of the type to determine if they are valid.
14608func (s *AcceptHandshakeInput) Validate() error {
14609	invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"}
14610	if s.HandshakeId == nil {
14611		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
14612	}
14613
14614	if invalidParams.Len() > 0 {
14615		return invalidParams
14616	}
14617	return nil
14618}
14619
14620// SetHandshakeId sets the HandshakeId field's value.
14621func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput {
14622	s.HandshakeId = &v
14623	return s
14624}
14625
14626type AcceptHandshakeOutput struct {
14627	_ struct{} `type:"structure"`
14628
14629	// A structure that contains details about the accepted handshake.
14630	Handshake *Handshake `type:"structure"`
14631}
14632
14633// String returns the string representation
14634func (s AcceptHandshakeOutput) String() string {
14635	return awsutil.Prettify(s)
14636}
14637
14638// GoString returns the string representation
14639func (s AcceptHandshakeOutput) GoString() string {
14640	return s.String()
14641}
14642
14643// SetHandshake sets the Handshake field's value.
14644func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput {
14645	s.Handshake = v
14646	return s
14647}
14648
14649// You don't have permissions to perform the requested operation. The user or
14650// role that is making the request must have at least one IAM permissions policy
14651// attached that grants the required permissions. For more information, see
14652// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
14653// in the IAM User Guide.
14654type AccessDeniedException struct {
14655	_            struct{}                  `type:"structure"`
14656	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14657
14658	Message_ *string `locationName:"Message" type:"string"`
14659}
14660
14661// String returns the string representation
14662func (s AccessDeniedException) String() string {
14663	return awsutil.Prettify(s)
14664}
14665
14666// GoString returns the string representation
14667func (s AccessDeniedException) GoString() string {
14668	return s.String()
14669}
14670
14671func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
14672	return &AccessDeniedException{
14673		RespMetadata: v,
14674	}
14675}
14676
14677// Code returns the exception type name.
14678func (s *AccessDeniedException) Code() string {
14679	return "AccessDeniedException"
14680}
14681
14682// Message returns the exception's message.
14683func (s *AccessDeniedException) Message() string {
14684	if s.Message_ != nil {
14685		return *s.Message_
14686	}
14687	return ""
14688}
14689
14690// OrigErr always returns nil, satisfies awserr.Error interface.
14691func (s *AccessDeniedException) OrigErr() error {
14692	return nil
14693}
14694
14695func (s *AccessDeniedException) Error() string {
14696	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14697}
14698
14699// Status code returns the HTTP status code for the request's response error.
14700func (s *AccessDeniedException) StatusCode() int {
14701	return s.RespMetadata.StatusCode
14702}
14703
14704// RequestID returns the service's response RequestID for request.
14705func (s *AccessDeniedException) RequestID() string {
14706	return s.RespMetadata.RequestID
14707}
14708
14709// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
14710// for organizations.amazonaws.com permission so that AWS Organizations can
14711// create the required service-linked role. You don't have that permission.
14712type AccessDeniedForDependencyException struct {
14713	_            struct{}                  `type:"structure"`
14714	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14715
14716	Message_ *string `locationName:"Message" type:"string"`
14717
14718	Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"`
14719}
14720
14721// String returns the string representation
14722func (s AccessDeniedForDependencyException) String() string {
14723	return awsutil.Prettify(s)
14724}
14725
14726// GoString returns the string representation
14727func (s AccessDeniedForDependencyException) GoString() string {
14728	return s.String()
14729}
14730
14731func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error {
14732	return &AccessDeniedForDependencyException{
14733		RespMetadata: v,
14734	}
14735}
14736
14737// Code returns the exception type name.
14738func (s *AccessDeniedForDependencyException) Code() string {
14739	return "AccessDeniedForDependencyException"
14740}
14741
14742// Message returns the exception's message.
14743func (s *AccessDeniedForDependencyException) Message() string {
14744	if s.Message_ != nil {
14745		return *s.Message_
14746	}
14747	return ""
14748}
14749
14750// OrigErr always returns nil, satisfies awserr.Error interface.
14751func (s *AccessDeniedForDependencyException) OrigErr() error {
14752	return nil
14753}
14754
14755func (s *AccessDeniedForDependencyException) Error() string {
14756	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
14757}
14758
14759// Status code returns the HTTP status code for the request's response error.
14760func (s *AccessDeniedForDependencyException) StatusCode() int {
14761	return s.RespMetadata.StatusCode
14762}
14763
14764// RequestID returns the service's response RequestID for request.
14765func (s *AccessDeniedForDependencyException) RequestID() string {
14766	return s.RespMetadata.RequestID
14767}
14768
14769// Contains information about an AWS account that is a member of an organization.
14770type Account struct {
14771	_ struct{} `type:"structure"`
14772
14773	// The Amazon Resource Name (ARN) of the account.
14774	//
14775	// For more information about ARNs in Organizations, see ARN Formats Supported
14776	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
14777	// in the AWS Service Authorization Reference.
14778	Arn *string `type:"string"`
14779
14780	// The email address associated with the AWS account.
14781	//
14782	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
14783	// a string of characters that represents a standard internet email address.
14784	Email *string `min:"6" type:"string" sensitive:"true"`
14785
14786	// The unique identifier (ID) of the account.
14787	//
14788	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
14789	// requires exactly 12 digits.
14790	Id *string `type:"string"`
14791
14792	// The method by which the account joined the organization.
14793	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
14794
14795	// The date the account became a part of the organization.
14796	JoinedTimestamp *time.Time `type:"timestamp"`
14797
14798	// The friendly name of the account.
14799	//
14800	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
14801	// this parameter is a string of any of the characters in the ASCII character
14802	// range.
14803	Name *string `min:"1" type:"string" sensitive:"true"`
14804
14805	// The status of the account in the organization.
14806	Status *string `type:"string" enum:"AccountStatus"`
14807}
14808
14809// String returns the string representation
14810func (s Account) String() string {
14811	return awsutil.Prettify(s)
14812}
14813
14814// GoString returns the string representation
14815func (s Account) GoString() string {
14816	return s.String()
14817}
14818
14819// SetArn sets the Arn field's value.
14820func (s *Account) SetArn(v string) *Account {
14821	s.Arn = &v
14822	return s
14823}
14824
14825// SetEmail sets the Email field's value.
14826func (s *Account) SetEmail(v string) *Account {
14827	s.Email = &v
14828	return s
14829}
14830
14831// SetId sets the Id field's value.
14832func (s *Account) SetId(v string) *Account {
14833	s.Id = &v
14834	return s
14835}
14836
14837// SetJoinedMethod sets the JoinedMethod field's value.
14838func (s *Account) SetJoinedMethod(v string) *Account {
14839	s.JoinedMethod = &v
14840	return s
14841}
14842
14843// SetJoinedTimestamp sets the JoinedTimestamp field's value.
14844func (s *Account) SetJoinedTimestamp(v time.Time) *Account {
14845	s.JoinedTimestamp = &v
14846	return s
14847}
14848
14849// SetName sets the Name field's value.
14850func (s *Account) SetName(v string) *Account {
14851	s.Name = &v
14852	return s
14853}
14854
14855// SetStatus sets the Status field's value.
14856func (s *Account) SetStatus(v string) *Account {
14857	s.Status = &v
14858	return s
14859}
14860
14861// The specified account is already a delegated administrator for this AWS service.
14862type AccountAlreadyRegisteredException struct {
14863	_            struct{}                  `type:"structure"`
14864	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14865
14866	Message_ *string `locationName:"Message" type:"string"`
14867}
14868
14869// String returns the string representation
14870func (s AccountAlreadyRegisteredException) String() string {
14871	return awsutil.Prettify(s)
14872}
14873
14874// GoString returns the string representation
14875func (s AccountAlreadyRegisteredException) GoString() string {
14876	return s.String()
14877}
14878
14879func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error {
14880	return &AccountAlreadyRegisteredException{
14881		RespMetadata: v,
14882	}
14883}
14884
14885// Code returns the exception type name.
14886func (s *AccountAlreadyRegisteredException) Code() string {
14887	return "AccountAlreadyRegisteredException"
14888}
14889
14890// Message returns the exception's message.
14891func (s *AccountAlreadyRegisteredException) Message() string {
14892	if s.Message_ != nil {
14893		return *s.Message_
14894	}
14895	return ""
14896}
14897
14898// OrigErr always returns nil, satisfies awserr.Error interface.
14899func (s *AccountAlreadyRegisteredException) OrigErr() error {
14900	return nil
14901}
14902
14903func (s *AccountAlreadyRegisteredException) Error() string {
14904	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14905}
14906
14907// Status code returns the HTTP status code for the request's response error.
14908func (s *AccountAlreadyRegisteredException) StatusCode() int {
14909	return s.RespMetadata.StatusCode
14910}
14911
14912// RequestID returns the service's response RequestID for request.
14913func (s *AccountAlreadyRegisteredException) RequestID() string {
14914	return s.RespMetadata.RequestID
14915}
14916
14917// We can't find an AWS account with the AccountId that you specified, or the
14918// account whose credentials you used to make this request isn't a member of
14919// an organization.
14920type AccountNotFoundException struct {
14921	_            struct{}                  `type:"structure"`
14922	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14923
14924	Message_ *string `locationName:"Message" type:"string"`
14925}
14926
14927// String returns the string representation
14928func (s AccountNotFoundException) String() string {
14929	return awsutil.Prettify(s)
14930}
14931
14932// GoString returns the string representation
14933func (s AccountNotFoundException) GoString() string {
14934	return s.String()
14935}
14936
14937func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error {
14938	return &AccountNotFoundException{
14939		RespMetadata: v,
14940	}
14941}
14942
14943// Code returns the exception type name.
14944func (s *AccountNotFoundException) Code() string {
14945	return "AccountNotFoundException"
14946}
14947
14948// Message returns the exception's message.
14949func (s *AccountNotFoundException) Message() string {
14950	if s.Message_ != nil {
14951		return *s.Message_
14952	}
14953	return ""
14954}
14955
14956// OrigErr always returns nil, satisfies awserr.Error interface.
14957func (s *AccountNotFoundException) OrigErr() error {
14958	return nil
14959}
14960
14961func (s *AccountNotFoundException) Error() string {
14962	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
14963}
14964
14965// Status code returns the HTTP status code for the request's response error.
14966func (s *AccountNotFoundException) StatusCode() int {
14967	return s.RespMetadata.StatusCode
14968}
14969
14970// RequestID returns the service's response RequestID for request.
14971func (s *AccountNotFoundException) RequestID() string {
14972	return s.RespMetadata.RequestID
14973}
14974
14975// The specified account is not a delegated administrator for this AWS service.
14976type AccountNotRegisteredException struct {
14977	_            struct{}                  `type:"structure"`
14978	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
14979
14980	Message_ *string `locationName:"Message" type:"string"`
14981}
14982
14983// String returns the string representation
14984func (s AccountNotRegisteredException) String() string {
14985	return awsutil.Prettify(s)
14986}
14987
14988// GoString returns the string representation
14989func (s AccountNotRegisteredException) GoString() string {
14990	return s.String()
14991}
14992
14993func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error {
14994	return &AccountNotRegisteredException{
14995		RespMetadata: v,
14996	}
14997}
14998
14999// Code returns the exception type name.
15000func (s *AccountNotRegisteredException) Code() string {
15001	return "AccountNotRegisteredException"
15002}
15003
15004// Message returns the exception's message.
15005func (s *AccountNotRegisteredException) Message() string {
15006	if s.Message_ != nil {
15007		return *s.Message_
15008	}
15009	return ""
15010}
15011
15012// OrigErr always returns nil, satisfies awserr.Error interface.
15013func (s *AccountNotRegisteredException) OrigErr() error {
15014	return nil
15015}
15016
15017func (s *AccountNotRegisteredException) Error() string {
15018	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
15019}
15020
15021// Status code returns the HTTP status code for the request's response error.
15022func (s *AccountNotRegisteredException) StatusCode() int {
15023	return s.RespMetadata.StatusCode
15024}
15025
15026// RequestID returns the service's response RequestID for request.
15027func (s *AccountNotRegisteredException) RequestID() string {
15028	return s.RespMetadata.RequestID
15029}
15030
15031// You can't invite an existing account to your organization until you verify
15032// that you own the email address associated with the management account. For
15033// more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
15034// in the AWS Organizations User Guide.
15035type AccountOwnerNotVerifiedException struct {
15036	_            struct{}                  `type:"structure"`
15037	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15038
15039	Message_ *string `locationName:"Message" type:"string"`
15040}
15041
15042// String returns the string representation
15043func (s AccountOwnerNotVerifiedException) String() string {
15044	return awsutil.Prettify(s)
15045}
15046
15047// GoString returns the string representation
15048func (s AccountOwnerNotVerifiedException) GoString() string {
15049	return s.String()
15050}
15051
15052func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error {
15053	return &AccountOwnerNotVerifiedException{
15054		RespMetadata: v,
15055	}
15056}
15057
15058// Code returns the exception type name.
15059func (s *AccountOwnerNotVerifiedException) Code() string {
15060	return "AccountOwnerNotVerifiedException"
15061}
15062
15063// Message returns the exception's message.
15064func (s *AccountOwnerNotVerifiedException) Message() string {
15065	if s.Message_ != nil {
15066		return *s.Message_
15067	}
15068	return ""
15069}
15070
15071// OrigErr always returns nil, satisfies awserr.Error interface.
15072func (s *AccountOwnerNotVerifiedException) OrigErr() error {
15073	return nil
15074}
15075
15076func (s *AccountOwnerNotVerifiedException) Error() string {
15077	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
15078}
15079
15080// Status code returns the HTTP status code for the request's response error.
15081func (s *AccountOwnerNotVerifiedException) StatusCode() int {
15082	return s.RespMetadata.StatusCode
15083}
15084
15085// RequestID returns the service's response RequestID for request.
15086func (s *AccountOwnerNotVerifiedException) RequestID() string {
15087	return s.RespMetadata.RequestID
15088}
15089
15090// This account is already a member of an organization. An account can belong
15091// to only one organization at a time.
15092type AlreadyInOrganizationException struct {
15093	_            struct{}                  `type:"structure"`
15094	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15095
15096	Message_ *string `locationName:"Message" type:"string"`
15097}
15098
15099// String returns the string representation
15100func (s AlreadyInOrganizationException) String() string {
15101	return awsutil.Prettify(s)
15102}
15103
15104// GoString returns the string representation
15105func (s AlreadyInOrganizationException) GoString() string {
15106	return s.String()
15107}
15108
15109func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error {
15110	return &AlreadyInOrganizationException{
15111		RespMetadata: v,
15112	}
15113}
15114
15115// Code returns the exception type name.
15116func (s *AlreadyInOrganizationException) Code() string {
15117	return "AlreadyInOrganizationException"
15118}
15119
15120// Message returns the exception's message.
15121func (s *AlreadyInOrganizationException) Message() string {
15122	if s.Message_ != nil {
15123		return *s.Message_
15124	}
15125	return ""
15126}
15127
15128// OrigErr always returns nil, satisfies awserr.Error interface.
15129func (s *AlreadyInOrganizationException) OrigErr() error {
15130	return nil
15131}
15132
15133func (s *AlreadyInOrganizationException) Error() string {
15134	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
15135}
15136
15137// Status code returns the HTTP status code for the request's response error.
15138func (s *AlreadyInOrganizationException) StatusCode() int {
15139	return s.RespMetadata.StatusCode
15140}
15141
15142// RequestID returns the service's response RequestID for request.
15143func (s *AlreadyInOrganizationException) RequestID() string {
15144	return s.RespMetadata.RequestID
15145}
15146
15147type AttachPolicyInput struct {
15148	_ struct{} `type:"structure"`
15149
15150	// The unique identifier (ID) of the policy that you want to attach to the target.
15151	// You can get the ID for the policy by calling the ListPolicies operation.
15152	//
15153	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
15154	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
15155	// or the underscore character (_).
15156	//
15157	// PolicyId is a required field
15158	PolicyId *string `type:"string" required:"true"`
15159
15160	// The unique identifier (ID) of the root, OU, or account that you want to attach
15161	// the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent,
15162	// or ListAccounts operations.
15163	//
15164	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
15165	// requires one of the following:
15166	//
15167	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
15168	//    letters or digits.
15169	//
15170	//    * Account - A string that consists of exactly 12 digits.
15171	//
15172	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15173	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
15174	//    OU is in). This string is followed by a second "-" dash and from 8 to
15175	//    32 additional lowercase letters or digits.
15176	//
15177	// TargetId is a required field
15178	TargetId *string `type:"string" required:"true"`
15179}
15180
15181// String returns the string representation
15182func (s AttachPolicyInput) String() string {
15183	return awsutil.Prettify(s)
15184}
15185
15186// GoString returns the string representation
15187func (s AttachPolicyInput) GoString() string {
15188	return s.String()
15189}
15190
15191// Validate inspects the fields of the type to determine if they are valid.
15192func (s *AttachPolicyInput) Validate() error {
15193	invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"}
15194	if s.PolicyId == nil {
15195		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
15196	}
15197	if s.TargetId == nil {
15198		invalidParams.Add(request.NewErrParamRequired("TargetId"))
15199	}
15200
15201	if invalidParams.Len() > 0 {
15202		return invalidParams
15203	}
15204	return nil
15205}
15206
15207// SetPolicyId sets the PolicyId field's value.
15208func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput {
15209	s.PolicyId = &v
15210	return s
15211}
15212
15213// SetTargetId sets the TargetId field's value.
15214func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput {
15215	s.TargetId = &v
15216	return s
15217}
15218
15219type AttachPolicyOutput struct {
15220	_ struct{} `type:"structure"`
15221}
15222
15223// String returns the string representation
15224func (s AttachPolicyOutput) String() string {
15225	return awsutil.Prettify(s)
15226}
15227
15228// GoString returns the string representation
15229func (s AttachPolicyOutput) GoString() string {
15230	return s.String()
15231}
15232
15233type CancelHandshakeInput struct {
15234	_ struct{} `type:"structure"`
15235
15236	// The unique identifier (ID) of the handshake that you want to cancel. You
15237	// can get the ID from the ListHandshakesForOrganization operation.
15238	//
15239	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
15240	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
15241	//
15242	// HandshakeId is a required field
15243	HandshakeId *string `type:"string" required:"true"`
15244}
15245
15246// String returns the string representation
15247func (s CancelHandshakeInput) String() string {
15248	return awsutil.Prettify(s)
15249}
15250
15251// GoString returns the string representation
15252func (s CancelHandshakeInput) GoString() string {
15253	return s.String()
15254}
15255
15256// Validate inspects the fields of the type to determine if they are valid.
15257func (s *CancelHandshakeInput) Validate() error {
15258	invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"}
15259	if s.HandshakeId == nil {
15260		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
15261	}
15262
15263	if invalidParams.Len() > 0 {
15264		return invalidParams
15265	}
15266	return nil
15267}
15268
15269// SetHandshakeId sets the HandshakeId field's value.
15270func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput {
15271	s.HandshakeId = &v
15272	return s
15273}
15274
15275type CancelHandshakeOutput struct {
15276	_ struct{} `type:"structure"`
15277
15278	// A structure that contains details about the handshake that you canceled.
15279	Handshake *Handshake `type:"structure"`
15280}
15281
15282// String returns the string representation
15283func (s CancelHandshakeOutput) String() string {
15284	return awsutil.Prettify(s)
15285}
15286
15287// GoString returns the string representation
15288func (s CancelHandshakeOutput) GoString() string {
15289	return s.String()
15290}
15291
15292// SetHandshake sets the Handshake field's value.
15293func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput {
15294	s.Handshake = v
15295	return s
15296}
15297
15298// Contains a list of child entities, either OUs or accounts.
15299type Child struct {
15300	_ struct{} `type:"structure"`
15301
15302	// The unique identifier (ID) of this child entity.
15303	//
15304	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
15305	// requires one of the following:
15306	//
15307	//    * Account - A string that consists of exactly 12 digits.
15308	//
15309	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15310	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
15311	//    the OU). This string is followed by a second "-" dash and from 8 to 32
15312	//    additional lowercase letters or digits.
15313	Id *string `type:"string"`
15314
15315	// The type of this child entity.
15316	Type *string `type:"string" enum:"ChildType"`
15317}
15318
15319// String returns the string representation
15320func (s Child) String() string {
15321	return awsutil.Prettify(s)
15322}
15323
15324// GoString returns the string representation
15325func (s Child) GoString() string {
15326	return s.String()
15327}
15328
15329// SetId sets the Id field's value.
15330func (s *Child) SetId(v string) *Child {
15331	s.Id = &v
15332	return s
15333}
15334
15335// SetType sets the Type field's value.
15336func (s *Child) SetType(v string) *Child {
15337	s.Type = &v
15338	return s
15339}
15340
15341// We can't find an organizational unit (OU) or AWS account with the ChildId
15342// that you specified.
15343type ChildNotFoundException struct {
15344	_            struct{}                  `type:"structure"`
15345	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15346
15347	Message_ *string `locationName:"Message" type:"string"`
15348}
15349
15350// String returns the string representation
15351func (s ChildNotFoundException) String() string {
15352	return awsutil.Prettify(s)
15353}
15354
15355// GoString returns the string representation
15356func (s ChildNotFoundException) GoString() string {
15357	return s.String()
15358}
15359
15360func newErrorChildNotFoundException(v protocol.ResponseMetadata) error {
15361	return &ChildNotFoundException{
15362		RespMetadata: v,
15363	}
15364}
15365
15366// Code returns the exception type name.
15367func (s *ChildNotFoundException) Code() string {
15368	return "ChildNotFoundException"
15369}
15370
15371// Message returns the exception's message.
15372func (s *ChildNotFoundException) Message() string {
15373	if s.Message_ != nil {
15374		return *s.Message_
15375	}
15376	return ""
15377}
15378
15379// OrigErr always returns nil, satisfies awserr.Error interface.
15380func (s *ChildNotFoundException) OrigErr() error {
15381	return nil
15382}
15383
15384func (s *ChildNotFoundException) Error() string {
15385	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
15386}
15387
15388// Status code returns the HTTP status code for the request's response error.
15389func (s *ChildNotFoundException) StatusCode() int {
15390	return s.RespMetadata.StatusCode
15391}
15392
15393// RequestID returns the service's response RequestID for request.
15394func (s *ChildNotFoundException) RequestID() string {
15395	return s.RespMetadata.RequestID
15396}
15397
15398// The target of the operation is currently being modified by a different request.
15399// Try again later.
15400type ConcurrentModificationException struct {
15401	_            struct{}                  `type:"structure"`
15402	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15403
15404	Message_ *string `locationName:"Message" type:"string"`
15405}
15406
15407// String returns the string representation
15408func (s ConcurrentModificationException) String() string {
15409	return awsutil.Prettify(s)
15410}
15411
15412// GoString returns the string representation
15413func (s ConcurrentModificationException) GoString() string {
15414	return s.String()
15415}
15416
15417func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error {
15418	return &ConcurrentModificationException{
15419		RespMetadata: v,
15420	}
15421}
15422
15423// Code returns the exception type name.
15424func (s *ConcurrentModificationException) Code() string {
15425	return "ConcurrentModificationException"
15426}
15427
15428// Message returns the exception's message.
15429func (s *ConcurrentModificationException) Message() string {
15430	if s.Message_ != nil {
15431		return *s.Message_
15432	}
15433	return ""
15434}
15435
15436// OrigErr always returns nil, satisfies awserr.Error interface.
15437func (s *ConcurrentModificationException) OrigErr() error {
15438	return nil
15439}
15440
15441func (s *ConcurrentModificationException) Error() string {
15442	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
15443}
15444
15445// Status code returns the HTTP status code for the request's response error.
15446func (s *ConcurrentModificationException) StatusCode() int {
15447	return s.RespMetadata.StatusCode
15448}
15449
15450// RequestID returns the service's response RequestID for request.
15451func (s *ConcurrentModificationException) RequestID() string {
15452	return s.RespMetadata.RequestID
15453}
15454
15455// Performing this operation violates a minimum or maximum value limit. For
15456// example, attempting to remove the last service control policy (SCP) from
15457// an OU or root, inviting or creating too many accounts to the organization,
15458// or attaching too many policies to an account, OU, or root. This exception
15459// includes a reason that contains additional information about the violated
15460// limit:
15461//
15462// Some of the reasons in the following list might not be applicable to this
15463// specific API or operation.
15464//
15465//    * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
15466//    account from the organization. You can't remove the management account.
15467//    Instead, after you remove all member accounts, delete the organization
15468//    itself.
15469//
15470//    * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
15471//    from the organization that doesn't yet have enough information to exist
15472//    as a standalone account. This account requires you to first agree to the
15473//    AWS Customer Agreement. Follow the steps at Removing a member account
15474//    from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
15475//    the AWS Organizations User Guide.
15476//
15477//    * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
15478//    an account from the organization that doesn't yet have enough information
15479//    to exist as a standalone account. This account requires you to first complete
15480//    phone verification. Follow the steps at Removing a member account from
15481//    your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
15482//    in the AWS Organizations User Guide.
15483//
15484//    * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
15485//    of accounts that you can create in one day.
15486//
15487//    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
15488//    the number of accounts in an organization. If you need more accounts,
15489//    contact AWS Support (https://console.aws.amazon.com/support/home#/) to
15490//    request an increase in your limit. Or the number of invitations that you
15491//    tried to send would cause you to exceed the limit of accounts in your
15492//    organization. Send fewer invitations or contact AWS Support to request
15493//    an increase in the number of accounts. Deleted and closed accounts still
15494//    count toward your limit. If you get this exception when running a command
15495//    immediately after creating the organization, wait one hour and try again.
15496//    After an hour, if the command continues to fail with this error, contact
15497//    AWS Support (https://console.aws.amazon.com/support/home#/).
15498//
15499//    * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
15500//    register the management account of the organization as a delegated administrator
15501//    for an AWS service integrated with Organizations. You can designate only
15502//    a member account as a delegated administrator.
15503//
15504//    * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
15505//    an account that is registered as a delegated administrator for a service
15506//    integrated with your organization. To complete this operation, you must
15507//    first deregister this account as a delegated administrator.
15508//
15509//    * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
15510//    organization in the specified region, you must enable all features mode.
15511//
15512//    * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
15513//    an AWS account as a delegated administrator for an AWS service that already
15514//    has a delegated administrator. To complete this operation, you must first
15515//    deregister any existing delegated administrators for this service.
15516//
15517//    * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
15518//    valid for a limited period of time. You must resubmit the request and
15519//    generate a new verfication code.
15520//
15521//    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
15522//    handshakes that you can send in one day.
15523//
15524//    * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
15525//    in this organization, you first must migrate the organization's management
15526//    account to the marketplace that corresponds to the management account's
15527//    address. For example, accounts with India addresses must be associated
15528//    with the AISPL marketplace. All accounts in an organization must be associated
15529//    with the same marketplace.
15530//
15531//    * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
15532//    in China. To create an organization, the master must have a valid business
15533//    license. For more information, contact customer support.
15534//
15535//    * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
15536//    must first provide a valid contact address and phone number for the management
15537//    account. Then try the operation again.
15538//
15539//    * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
15540//    management account must have an associated account in the AWS GovCloud
15541//    (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
15542//    in the AWS GovCloud User Guide.
15543//
15544//    * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
15545//    with this management account, you first must associate a valid payment
15546//    instrument, such as a credit card, with the account. Follow the steps
15547//    at To leave an organization when all required account information has
15548//    not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
15549//    in the AWS Organizations User Guide.
15550//
15551//    * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
15552//    to register more delegated administrators than allowed for the service
15553//    principal.
15554//
15555//    * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
15556//    number of policies of a certain type that can be attached to an entity
15557//    at one time.
15558//
15559//    * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
15560//    on this resource.
15561//
15562//    * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
15563//    with this member account, you first must associate a valid payment instrument,
15564//    such as a credit card, with the account. Follow the steps at To leave
15565//    an organization when all required account information has not yet been
15566//    provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
15567//    in the AWS Organizations User Guide.
15568//
15569//    * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
15570//    policy from an entity that would cause the entity to have fewer than the
15571//    minimum number of policies of a certain type required.
15572//
15573//    * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
15574//    that requires the organization to be configured to support all features.
15575//    An organization that supports only consolidated billing features can't
15576//    perform this operation.
15577//
15578//    * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
15579//    too many levels deep.
15580//
15581//    * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
15582//    that you can have in an organization.
15583//
15584//    * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
15585//    is larger than the maximum size.
15586//
15587//    * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
15588//    policies that you can have in an organization.
15589//
15590//    * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
15591//    tags that are not compliant with the tag policy requirements for this
15592//    account.
15593type ConstraintViolationException struct {
15594	_            struct{}                  `type:"structure"`
15595	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15596
15597	Message_ *string `locationName:"Message" type:"string"`
15598
15599	Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"`
15600}
15601
15602// String returns the string representation
15603func (s ConstraintViolationException) String() string {
15604	return awsutil.Prettify(s)
15605}
15606
15607// GoString returns the string representation
15608func (s ConstraintViolationException) GoString() string {
15609	return s.String()
15610}
15611
15612func newErrorConstraintViolationException(v protocol.ResponseMetadata) error {
15613	return &ConstraintViolationException{
15614		RespMetadata: v,
15615	}
15616}
15617
15618// Code returns the exception type name.
15619func (s *ConstraintViolationException) Code() string {
15620	return "ConstraintViolationException"
15621}
15622
15623// Message returns the exception's message.
15624func (s *ConstraintViolationException) Message() string {
15625	if s.Message_ != nil {
15626		return *s.Message_
15627	}
15628	return ""
15629}
15630
15631// OrigErr always returns nil, satisfies awserr.Error interface.
15632func (s *ConstraintViolationException) OrigErr() error {
15633	return nil
15634}
15635
15636func (s *ConstraintViolationException) Error() string {
15637	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
15638}
15639
15640// Status code returns the HTTP status code for the request's response error.
15641func (s *ConstraintViolationException) StatusCode() int {
15642	return s.RespMetadata.StatusCode
15643}
15644
15645// RequestID returns the service's response RequestID for request.
15646func (s *ConstraintViolationException) RequestID() string {
15647	return s.RespMetadata.RequestID
15648}
15649
15650type CreateAccountInput struct {
15651	_ struct{} `type:"structure"`
15652
15653	// The friendly name of the member account.
15654	//
15655	// AccountName is a required field
15656	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
15657
15658	// The email address of the owner to assign to the new member account. This
15659	// email address must not already be associated with another AWS account. You
15660	// must use a valid email address to complete account creation. You can't access
15661	// the root user of the account or remove an account that was created with an
15662	// invalid email address.
15663	//
15664	// Email is a required field
15665	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
15666
15667	// If set to ALLOW, the new account enables IAM users to access account billing
15668	// information if they have the required permissions. If set to DENY, only the
15669	// root user of the new account can access account billing information. For
15670	// more information, see Activating Access to the Billing and Cost Management
15671	// Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
15672	// in the AWS Billing and Cost Management User Guide.
15673	//
15674	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
15675	// users and roles with the required permissions can access billing information
15676	// for the new account.
15677	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
15678
15679	// (Optional)
15680	//
15681	// The name of an IAM role that AWS Organizations automatically preconfigures
15682	// in the new member account. This role trusts the management account, allowing
15683	// users in the management account to assume the role, as permitted by the management
15684	// account administrator. The role has administrator permissions in the new
15685	// member account.
15686	//
15687	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
15688	//
15689	// For more information about how to use this role to access the member account,
15690	// see the following links:
15691	//
15692	//    * Accessing and Administering the Member Accounts in Your Organization
15693	//    (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
15694	//    in the AWS Organizations User Guide
15695	//
15696	//    * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using
15697	//    IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
15698	//    in the IAM User Guide
15699	//
15700	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15701	// this parameter. The pattern can include uppercase letters, lowercase letters,
15702	// digits with no spaces, and any of the following characters: =,.@-
15703	RoleName *string `type:"string"`
15704
15705	// A list of tags that you want to attach to the newly created account. For
15706	// each tag in the list, you must specify both a tag key and a value. You can
15707	// set the value to an empty string, but you can't set it to null. For more
15708	// information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
15709	// in the AWS Organizations User Guide.
15710	//
15711	// If any one of the tags is invalid or if you exceed the allowed number of
15712	// tags for an account, then the entire request fails and the account is not
15713	// created.
15714	Tags []*Tag `type:"list"`
15715}
15716
15717// String returns the string representation
15718func (s CreateAccountInput) String() string {
15719	return awsutil.Prettify(s)
15720}
15721
15722// GoString returns the string representation
15723func (s CreateAccountInput) GoString() string {
15724	return s.String()
15725}
15726
15727// Validate inspects the fields of the type to determine if they are valid.
15728func (s *CreateAccountInput) Validate() error {
15729	invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"}
15730	if s.AccountName == nil {
15731		invalidParams.Add(request.NewErrParamRequired("AccountName"))
15732	}
15733	if s.AccountName != nil && len(*s.AccountName) < 1 {
15734		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
15735	}
15736	if s.Email == nil {
15737		invalidParams.Add(request.NewErrParamRequired("Email"))
15738	}
15739	if s.Email != nil && len(*s.Email) < 6 {
15740		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
15741	}
15742	if s.Tags != nil {
15743		for i, v := range s.Tags {
15744			if v == nil {
15745				continue
15746			}
15747			if err := v.Validate(); err != nil {
15748				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
15749			}
15750		}
15751	}
15752
15753	if invalidParams.Len() > 0 {
15754		return invalidParams
15755	}
15756	return nil
15757}
15758
15759// SetAccountName sets the AccountName field's value.
15760func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput {
15761	s.AccountName = &v
15762	return s
15763}
15764
15765// SetEmail sets the Email field's value.
15766func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput {
15767	s.Email = &v
15768	return s
15769}
15770
15771// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
15772func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput {
15773	s.IamUserAccessToBilling = &v
15774	return s
15775}
15776
15777// SetRoleName sets the RoleName field's value.
15778func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput {
15779	s.RoleName = &v
15780	return s
15781}
15782
15783// SetTags sets the Tags field's value.
15784func (s *CreateAccountInput) SetTags(v []*Tag) *CreateAccountInput {
15785	s.Tags = v
15786	return s
15787}
15788
15789type CreateAccountOutput struct {
15790	_ struct{} `type:"structure"`
15791
15792	// A structure that contains details about the request to create an account.
15793	// This response structure might not be fully populated when you first receive
15794	// it because account creation is an asynchronous process. You can pass the
15795	// returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
15796	// to get status about the progress of the request at later times. You can also
15797	// check the AWS CloudTrail log for the CreateAccountResult event. For more
15798	// information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
15799	// in the AWS Organizations User Guide.
15800	CreateAccountStatus *CreateAccountStatus `type:"structure"`
15801}
15802
15803// String returns the string representation
15804func (s CreateAccountOutput) String() string {
15805	return awsutil.Prettify(s)
15806}
15807
15808// GoString returns the string representation
15809func (s CreateAccountOutput) GoString() string {
15810	return s.String()
15811}
15812
15813// SetCreateAccountStatus sets the CreateAccountStatus field's value.
15814func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput {
15815	s.CreateAccountStatus = v
15816	return s
15817}
15818
15819// Contains the status about a CreateAccount or CreateGovCloudAccount request
15820// to create an AWS account or an AWS GovCloud (US) account in an organization.
15821type CreateAccountStatus struct {
15822	_ struct{} `type:"structure"`
15823
15824	// If the account was created successfully, the unique identifier (ID) of the
15825	// new account.
15826	//
15827	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
15828	// requires exactly 12 digits.
15829	AccountId *string `type:"string"`
15830
15831	// The account name given to the account when it was created.
15832	AccountName *string `min:"1" type:"string" sensitive:"true"`
15833
15834	// The date and time that the account was created and the request completed.
15835	CompletedTimestamp *time.Time `type:"timestamp"`
15836
15837	// If the request failed, a description of the reason for the failure.
15838	//
15839	//    * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you
15840	//    reached the limit on the number of accounts in your organization.
15841	//
15842	//    * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with
15843	//    the same information.
15844	//
15845	//    * EMAIL_ALREADY_EXISTS: The account could not be created because another
15846	//    AWS account with that email address already exists.
15847	//
15848	//    * FAILED_BUSINESS_VALIDATION: The AWS account that owns your organization
15849	//    failed to receive business license validation.
15850	//
15851	//    * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US)
15852	//    Region could not be created because this Region already includes an account
15853	//    with that email address.
15854	//
15855	//    * IDENTITY_INVALID_BUSINESS_VALIDATION: The AWS account that owns your
15856	//    organization can't complete business license validation because it doesn't
15857	//    have valid identity data.
15858	//
15859	//    * INVALID_ADDRESS: The account could not be created because the address
15860	//    you provided is not valid.
15861	//
15862	//    * INVALID_EMAIL: The account could not be created because the email address
15863	//    you provided is not valid.
15864	//
15865	//    * INTERNAL_FAILURE: The account could not be created because of an internal
15866	//    failure. Try again later. If the problem persists, contact AWS Customer
15867	//    Support.
15868	//
15869	//    * MISSING_BUSINESS_VALIDATION: The AWS account that owns your organization
15870	//    has not received Business Validation.
15871	//
15872	//    * MISSING_PAYMENT_INSTRUMENT: You must configure the management account
15873	//    with a valid payment method, such as a credit card.
15874	//
15875	//    * PENDING_BUSINESS_VALIDATION: The AWS account that owns your organization
15876	//    is still in the process of completing business license validation.
15877	//
15878	//    * UNKNOWN_BUSINESS_VALIDATION: The AWS account that owns your organization
15879	//    has an unknown issue with business license validation.
15880	FailureReason *string `type:"string" enum:"CreateAccountFailureReason"`
15881
15882	// If the account was created successfully, the unique identifier (ID) of the
15883	// new account in the AWS GovCloud (US) Region.
15884	GovCloudAccountId *string `type:"string"`
15885
15886	// The unique identifier (ID) that references this request. You get this value
15887	// from the response of the initial CreateAccount request to create the account.
15888	//
15889	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
15890	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
15891	// or digits.
15892	Id *string `type:"string"`
15893
15894	// The date and time that the request was made for the account creation.
15895	RequestedTimestamp *time.Time `type:"timestamp"`
15896
15897	// The status of the asynchronous request to create an AWS account.
15898	State *string `type:"string" enum:"CreateAccountState"`
15899}
15900
15901// String returns the string representation
15902func (s CreateAccountStatus) String() string {
15903	return awsutil.Prettify(s)
15904}
15905
15906// GoString returns the string representation
15907func (s CreateAccountStatus) GoString() string {
15908	return s.String()
15909}
15910
15911// SetAccountId sets the AccountId field's value.
15912func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus {
15913	s.AccountId = &v
15914	return s
15915}
15916
15917// SetAccountName sets the AccountName field's value.
15918func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus {
15919	s.AccountName = &v
15920	return s
15921}
15922
15923// SetCompletedTimestamp sets the CompletedTimestamp field's value.
15924func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus {
15925	s.CompletedTimestamp = &v
15926	return s
15927}
15928
15929// SetFailureReason sets the FailureReason field's value.
15930func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus {
15931	s.FailureReason = &v
15932	return s
15933}
15934
15935// SetGovCloudAccountId sets the GovCloudAccountId field's value.
15936func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus {
15937	s.GovCloudAccountId = &v
15938	return s
15939}
15940
15941// SetId sets the Id field's value.
15942func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus {
15943	s.Id = &v
15944	return s
15945}
15946
15947// SetRequestedTimestamp sets the RequestedTimestamp field's value.
15948func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus {
15949	s.RequestedTimestamp = &v
15950	return s
15951}
15952
15953// SetState sets the State field's value.
15954func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus {
15955	s.State = &v
15956	return s
15957}
15958
15959// We can't find an create account request with the CreateAccountRequestId that
15960// you specified.
15961type CreateAccountStatusNotFoundException struct {
15962	_            struct{}                  `type:"structure"`
15963	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
15964
15965	Message_ *string `locationName:"Message" type:"string"`
15966}
15967
15968// String returns the string representation
15969func (s CreateAccountStatusNotFoundException) String() string {
15970	return awsutil.Prettify(s)
15971}
15972
15973// GoString returns the string representation
15974func (s CreateAccountStatusNotFoundException) GoString() string {
15975	return s.String()
15976}
15977
15978func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error {
15979	return &CreateAccountStatusNotFoundException{
15980		RespMetadata: v,
15981	}
15982}
15983
15984// Code returns the exception type name.
15985func (s *CreateAccountStatusNotFoundException) Code() string {
15986	return "CreateAccountStatusNotFoundException"
15987}
15988
15989// Message returns the exception's message.
15990func (s *CreateAccountStatusNotFoundException) Message() string {
15991	if s.Message_ != nil {
15992		return *s.Message_
15993	}
15994	return ""
15995}
15996
15997// OrigErr always returns nil, satisfies awserr.Error interface.
15998func (s *CreateAccountStatusNotFoundException) OrigErr() error {
15999	return nil
16000}
16001
16002func (s *CreateAccountStatusNotFoundException) Error() string {
16003	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
16004}
16005
16006// Status code returns the HTTP status code for the request's response error.
16007func (s *CreateAccountStatusNotFoundException) StatusCode() int {
16008	return s.RespMetadata.StatusCode
16009}
16010
16011// RequestID returns the service's response RequestID for request.
16012func (s *CreateAccountStatusNotFoundException) RequestID() string {
16013	return s.RespMetadata.RequestID
16014}
16015
16016type CreateGovCloudAccountInput struct {
16017	_ struct{} `type:"structure"`
16018
16019	// The friendly name of the member account.
16020	//
16021	// AccountName is a required field
16022	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
16023
16024	// The email address of the owner to assign to the new member account in the
16025	// commercial Region. This email address must not already be associated with
16026	// another AWS account. You must use a valid email address to complete account
16027	// creation. You can't access the root user of the account or remove an account
16028	// that was created with an invalid email address. Like all request parameters
16029	// for CreateGovCloudAccount, the request for the email address for the AWS
16030	// GovCloud (US) account originates from the commercial Region, not from the
16031	// AWS GovCloud (US) Region.
16032	//
16033	// Email is a required field
16034	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
16035
16036	// If set to ALLOW, the new linked account in the commercial Region enables
16037	// IAM users to access account billing information if they have the required
16038	// permissions. If set to DENY, only the root user of the new account can access
16039	// account billing information. For more information, see Activating Access
16040	// to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
16041	// in the AWS Billing and Cost Management User Guide.
16042	//
16043	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
16044	// users and roles with the required permissions can access billing information
16045	// for the new account.
16046	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
16047
16048	// (Optional)
16049	//
16050	// The name of an IAM role that AWS Organizations automatically preconfigures
16051	// in the new member accounts in both the AWS GovCloud (US) Region and in the
16052	// commercial Region. This role trusts the management account, allowing users
16053	// in the management account to assume the role, as permitted by the management
16054	// account administrator. The role has administrator permissions in the new
16055	// member account.
16056	//
16057	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
16058	//
16059	// For more information about how to use this role to access the member account,
16060	// see Accessing and Administering the Member Accounts in Your Organization
16061	// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
16062	// in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate
16063	// Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
16064	// in the IAM User Guide.
16065	//
16066	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
16067	// this parameter. The pattern can include uppercase letters, lowercase letters,
16068	// digits with no spaces, and any of the following characters: =,.@-
16069	RoleName *string `type:"string"`
16070
16071	// A list of tags that you want to attach to the newly created account. These
16072	// tags are attached to the commercial account associated with the GovCloud
16073	// account, and not to the GovCloud account itself. To add tags to the actual
16074	// GovCloud account, call the TagResource operation in the GovCloud region after
16075	// the new GovCloud account exists.
16076	//
16077	// For each tag in the list, you must specify both a tag key and a value. You
16078	// can set the value to an empty string, but you can't set it to null. For more
16079	// information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
16080	// in the AWS Organizations User Guide.
16081	//
16082	// If any one of the tags is invalid or if you exceed the allowed number of
16083	// tags for an account, then the entire request fails and the account is not
16084	// created.
16085	Tags []*Tag `type:"list"`
16086}
16087
16088// String returns the string representation
16089func (s CreateGovCloudAccountInput) String() string {
16090	return awsutil.Prettify(s)
16091}
16092
16093// GoString returns the string representation
16094func (s CreateGovCloudAccountInput) GoString() string {
16095	return s.String()
16096}
16097
16098// Validate inspects the fields of the type to determine if they are valid.
16099func (s *CreateGovCloudAccountInput) Validate() error {
16100	invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"}
16101	if s.AccountName == nil {
16102		invalidParams.Add(request.NewErrParamRequired("AccountName"))
16103	}
16104	if s.AccountName != nil && len(*s.AccountName) < 1 {
16105		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
16106	}
16107	if s.Email == nil {
16108		invalidParams.Add(request.NewErrParamRequired("Email"))
16109	}
16110	if s.Email != nil && len(*s.Email) < 6 {
16111		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
16112	}
16113	if s.Tags != nil {
16114		for i, v := range s.Tags {
16115			if v == nil {
16116				continue
16117			}
16118			if err := v.Validate(); err != nil {
16119				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
16120			}
16121		}
16122	}
16123
16124	if invalidParams.Len() > 0 {
16125		return invalidParams
16126	}
16127	return nil
16128}
16129
16130// SetAccountName sets the AccountName field's value.
16131func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput {
16132	s.AccountName = &v
16133	return s
16134}
16135
16136// SetEmail sets the Email field's value.
16137func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput {
16138	s.Email = &v
16139	return s
16140}
16141
16142// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
16143func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput {
16144	s.IamUserAccessToBilling = &v
16145	return s
16146}
16147
16148// SetRoleName sets the RoleName field's value.
16149func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput {
16150	s.RoleName = &v
16151	return s
16152}
16153
16154// SetTags sets the Tags field's value.
16155func (s *CreateGovCloudAccountInput) SetTags(v []*Tag) *CreateGovCloudAccountInput {
16156	s.Tags = v
16157	return s
16158}
16159
16160type CreateGovCloudAccountOutput struct {
16161	_ struct{} `type:"structure"`
16162
16163	// Contains the status about a CreateAccount or CreateGovCloudAccount request
16164	// to create an AWS account or an AWS GovCloud (US) account in an organization.
16165	CreateAccountStatus *CreateAccountStatus `type:"structure"`
16166}
16167
16168// String returns the string representation
16169func (s CreateGovCloudAccountOutput) String() string {
16170	return awsutil.Prettify(s)
16171}
16172
16173// GoString returns the string representation
16174func (s CreateGovCloudAccountOutput) GoString() string {
16175	return s.String()
16176}
16177
16178// SetCreateAccountStatus sets the CreateAccountStatus field's value.
16179func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput {
16180	s.CreateAccountStatus = v
16181	return s
16182}
16183
16184type CreateOrganizationInput struct {
16185	_ struct{} `type:"structure"`
16186
16187	// Specifies the feature set supported by the new organization. Each feature
16188	// set supports different levels of functionality.
16189	//
16190	//    * CONSOLIDATED_BILLING: All member accounts have their bills consolidated
16191	//    to and paid by the management account. For more information, see Consolidated
16192	//    billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only)
16193	//    in the AWS Organizations User Guide. The consolidated billing feature
16194	//    subset isn't available for organizations in the AWS GovCloud (US) Region.
16195	//
16196	//    * ALL: In addition to all the features supported by the consolidated billing
16197	//    feature set, the management account can also apply any policy type to
16198	//    any member account in the organization. For more information, see All
16199	//    features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all)
16200	//    in the AWS Organizations User Guide.
16201	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
16202}
16203
16204// String returns the string representation
16205func (s CreateOrganizationInput) String() string {
16206	return awsutil.Prettify(s)
16207}
16208
16209// GoString returns the string representation
16210func (s CreateOrganizationInput) GoString() string {
16211	return s.String()
16212}
16213
16214// SetFeatureSet sets the FeatureSet field's value.
16215func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput {
16216	s.FeatureSet = &v
16217	return s
16218}
16219
16220type CreateOrganizationOutput struct {
16221	_ struct{} `type:"structure"`
16222
16223	// A structure that contains details about the newly created organization.
16224	Organization *Organization `type:"structure"`
16225}
16226
16227// String returns the string representation
16228func (s CreateOrganizationOutput) String() string {
16229	return awsutil.Prettify(s)
16230}
16231
16232// GoString returns the string representation
16233func (s CreateOrganizationOutput) GoString() string {
16234	return s.String()
16235}
16236
16237// SetOrganization sets the Organization field's value.
16238func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput {
16239	s.Organization = v
16240	return s
16241}
16242
16243type CreateOrganizationalUnitInput struct {
16244	_ struct{} `type:"structure"`
16245
16246	// The friendly name to assign to the new OU.
16247	//
16248	// Name is a required field
16249	Name *string `min:"1" type:"string" required:"true"`
16250
16251	// The unique identifier (ID) of the parent root or OU that you want to create
16252	// the new OU in.
16253	//
16254	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
16255	// requires one of the following:
16256	//
16257	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
16258	//    letters or digits.
16259	//
16260	//    * Organizational unit (OU) - A string that begins with "ou-" followed
16261	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
16262	//    OU is in). This string is followed by a second "-" dash and from 8 to
16263	//    32 additional lowercase letters or digits.
16264	//
16265	// ParentId is a required field
16266	ParentId *string `type:"string" required:"true"`
16267
16268	// A list of tags that you want to attach to the newly created OU. For each
16269	// tag in the list, you must specify both a tag key and a value. You can set
16270	// the value to an empty string, but you can't set it to null. For more information
16271	// about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
16272	// in the AWS Organizations User Guide.
16273	//
16274	// If any one of the tags is invalid or if you exceed the allowed number of
16275	// tags for an OU, then the entire request fails and the OU is not created.
16276	Tags []*Tag `type:"list"`
16277}
16278
16279// String returns the string representation
16280func (s CreateOrganizationalUnitInput) String() string {
16281	return awsutil.Prettify(s)
16282}
16283
16284// GoString returns the string representation
16285func (s CreateOrganizationalUnitInput) GoString() string {
16286	return s.String()
16287}
16288
16289// Validate inspects the fields of the type to determine if they are valid.
16290func (s *CreateOrganizationalUnitInput) Validate() error {
16291	invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"}
16292	if s.Name == nil {
16293		invalidParams.Add(request.NewErrParamRequired("Name"))
16294	}
16295	if s.Name != nil && len(*s.Name) < 1 {
16296		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
16297	}
16298	if s.ParentId == nil {
16299		invalidParams.Add(request.NewErrParamRequired("ParentId"))
16300	}
16301	if s.Tags != nil {
16302		for i, v := range s.Tags {
16303			if v == nil {
16304				continue
16305			}
16306			if err := v.Validate(); err != nil {
16307				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
16308			}
16309		}
16310	}
16311
16312	if invalidParams.Len() > 0 {
16313		return invalidParams
16314	}
16315	return nil
16316}
16317
16318// SetName sets the Name field's value.
16319func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput {
16320	s.Name = &v
16321	return s
16322}
16323
16324// SetParentId sets the ParentId field's value.
16325func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput {
16326	s.ParentId = &v
16327	return s
16328}
16329
16330// SetTags sets the Tags field's value.
16331func (s *CreateOrganizationalUnitInput) SetTags(v []*Tag) *CreateOrganizationalUnitInput {
16332	s.Tags = v
16333	return s
16334}
16335
16336type CreateOrganizationalUnitOutput struct {
16337	_ struct{} `type:"structure"`
16338
16339	// A structure that contains details about the newly created OU.
16340	OrganizationalUnit *OrganizationalUnit `type:"structure"`
16341}
16342
16343// String returns the string representation
16344func (s CreateOrganizationalUnitOutput) String() string {
16345	return awsutil.Prettify(s)
16346}
16347
16348// GoString returns the string representation
16349func (s CreateOrganizationalUnitOutput) GoString() string {
16350	return s.String()
16351}
16352
16353// SetOrganizationalUnit sets the OrganizationalUnit field's value.
16354func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput {
16355	s.OrganizationalUnit = v
16356	return s
16357}
16358
16359type CreatePolicyInput struct {
16360	_ struct{} `type:"structure"`
16361
16362	// The policy text content to add to the new policy. The text that you supply
16363	// must adhere to the rules of the policy type you specify in the Type parameter.
16364	//
16365	// Content is a required field
16366	Content *string `min:"1" type:"string" required:"true"`
16367
16368	// An optional description to assign to the policy.
16369	//
16370	// Description is a required field
16371	Description *string `type:"string" required:"true"`
16372
16373	// The friendly name to assign to the policy.
16374	//
16375	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
16376	// this parameter is a string of any of the characters in the ASCII character
16377	// range.
16378	//
16379	// Name is a required field
16380	Name *string `min:"1" type:"string" required:"true"`
16381
16382	// A list of tags that you want to attach to the newly created policy. For each
16383	// tag in the list, you must specify both a tag key and a value. You can set
16384	// the value to an empty string, but you can't set it to null. For more information
16385	// about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
16386	// in the AWS Organizations User Guide.
16387	//
16388	// If any one of the tags is invalid or if you exceed the allowed number of
16389	// tags for a policy, then the entire request fails and the policy is not created.
16390	Tags []*Tag `type:"list"`
16391
16392	// The type of policy to create. You can specify one of the following values:
16393	//
16394	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
16395	//
16396	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
16397	//
16398	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
16399	//
16400	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
16401	//
16402	// Type is a required field
16403	Type *string `type:"string" required:"true" enum:"PolicyType"`
16404}
16405
16406// String returns the string representation
16407func (s CreatePolicyInput) String() string {
16408	return awsutil.Prettify(s)
16409}
16410
16411// GoString returns the string representation
16412func (s CreatePolicyInput) GoString() string {
16413	return s.String()
16414}
16415
16416// Validate inspects the fields of the type to determine if they are valid.
16417func (s *CreatePolicyInput) Validate() error {
16418	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
16419	if s.Content == nil {
16420		invalidParams.Add(request.NewErrParamRequired("Content"))
16421	}
16422	if s.Content != nil && len(*s.Content) < 1 {
16423		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
16424	}
16425	if s.Description == nil {
16426		invalidParams.Add(request.NewErrParamRequired("Description"))
16427	}
16428	if s.Name == nil {
16429		invalidParams.Add(request.NewErrParamRequired("Name"))
16430	}
16431	if s.Name != nil && len(*s.Name) < 1 {
16432		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
16433	}
16434	if s.Type == nil {
16435		invalidParams.Add(request.NewErrParamRequired("Type"))
16436	}
16437	if s.Tags != nil {
16438		for i, v := range s.Tags {
16439			if v == nil {
16440				continue
16441			}
16442			if err := v.Validate(); err != nil {
16443				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
16444			}
16445		}
16446	}
16447
16448	if invalidParams.Len() > 0 {
16449		return invalidParams
16450	}
16451	return nil
16452}
16453
16454// SetContent sets the Content field's value.
16455func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput {
16456	s.Content = &v
16457	return s
16458}
16459
16460// SetDescription sets the Description field's value.
16461func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
16462	s.Description = &v
16463	return s
16464}
16465
16466// SetName sets the Name field's value.
16467func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput {
16468	s.Name = &v
16469	return s
16470}
16471
16472// SetTags sets the Tags field's value.
16473func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput {
16474	s.Tags = v
16475	return s
16476}
16477
16478// SetType sets the Type field's value.
16479func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput {
16480	s.Type = &v
16481	return s
16482}
16483
16484type CreatePolicyOutput struct {
16485	_ struct{} `type:"structure"`
16486
16487	// A structure that contains details about the newly created policy.
16488	Policy *Policy `type:"structure"`
16489}
16490
16491// String returns the string representation
16492func (s CreatePolicyOutput) String() string {
16493	return awsutil.Prettify(s)
16494}
16495
16496// GoString returns the string representation
16497func (s CreatePolicyOutput) GoString() string {
16498	return s.String()
16499}
16500
16501// SetPolicy sets the Policy field's value.
16502func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
16503	s.Policy = v
16504	return s
16505}
16506
16507type DeclineHandshakeInput struct {
16508	_ struct{} `type:"structure"`
16509
16510	// The unique identifier (ID) of the handshake that you want to decline. You
16511	// can get the ID from the ListHandshakesForAccount operation.
16512	//
16513	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
16514	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
16515	//
16516	// HandshakeId is a required field
16517	HandshakeId *string `type:"string" required:"true"`
16518}
16519
16520// String returns the string representation
16521func (s DeclineHandshakeInput) String() string {
16522	return awsutil.Prettify(s)
16523}
16524
16525// GoString returns the string representation
16526func (s DeclineHandshakeInput) GoString() string {
16527	return s.String()
16528}
16529
16530// Validate inspects the fields of the type to determine if they are valid.
16531func (s *DeclineHandshakeInput) Validate() error {
16532	invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"}
16533	if s.HandshakeId == nil {
16534		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
16535	}
16536
16537	if invalidParams.Len() > 0 {
16538		return invalidParams
16539	}
16540	return nil
16541}
16542
16543// SetHandshakeId sets the HandshakeId field's value.
16544func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput {
16545	s.HandshakeId = &v
16546	return s
16547}
16548
16549type DeclineHandshakeOutput struct {
16550	_ struct{} `type:"structure"`
16551
16552	// A structure that contains details about the declined handshake. The state
16553	// is updated to show the value DECLINED.
16554	Handshake *Handshake `type:"structure"`
16555}
16556
16557// String returns the string representation
16558func (s DeclineHandshakeOutput) String() string {
16559	return awsutil.Prettify(s)
16560}
16561
16562// GoString returns the string representation
16563func (s DeclineHandshakeOutput) GoString() string {
16564	return s.String()
16565}
16566
16567// SetHandshake sets the Handshake field's value.
16568func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput {
16569	s.Handshake = v
16570	return s
16571}
16572
16573// Contains information about the delegated administrator.
16574type DelegatedAdministrator struct {
16575	_ struct{} `type:"structure"`
16576
16577	// The Amazon Resource Name (ARN) of the delegated administrator's account.
16578	Arn *string `type:"string"`
16579
16580	// The date when the account was made a delegated administrator.
16581	DelegationEnabledDate *time.Time `type:"timestamp"`
16582
16583	// The email address that is associated with the delegated administrator's AWS
16584	// account.
16585	Email *string `min:"6" type:"string" sensitive:"true"`
16586
16587	// The unique identifier (ID) of the delegated administrator's account.
16588	Id *string `type:"string"`
16589
16590	// The method by which the delegated administrator's account joined the organization.
16591	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
16592
16593	// The date when the delegated administrator's account became a part of the
16594	// organization.
16595	JoinedTimestamp *time.Time `type:"timestamp"`
16596
16597	// The friendly name of the delegated administrator's account.
16598	Name *string `min:"1" type:"string" sensitive:"true"`
16599
16600	// The status of the delegated administrator's account in the organization.
16601	Status *string `type:"string" enum:"AccountStatus"`
16602}
16603
16604// String returns the string representation
16605func (s DelegatedAdministrator) String() string {
16606	return awsutil.Prettify(s)
16607}
16608
16609// GoString returns the string representation
16610func (s DelegatedAdministrator) GoString() string {
16611	return s.String()
16612}
16613
16614// SetArn sets the Arn field's value.
16615func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator {
16616	s.Arn = &v
16617	return s
16618}
16619
16620// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
16621func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator {
16622	s.DelegationEnabledDate = &v
16623	return s
16624}
16625
16626// SetEmail sets the Email field's value.
16627func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator {
16628	s.Email = &v
16629	return s
16630}
16631
16632// SetId sets the Id field's value.
16633func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator {
16634	s.Id = &v
16635	return s
16636}
16637
16638// SetJoinedMethod sets the JoinedMethod field's value.
16639func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator {
16640	s.JoinedMethod = &v
16641	return s
16642}
16643
16644// SetJoinedTimestamp sets the JoinedTimestamp field's value.
16645func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator {
16646	s.JoinedTimestamp = &v
16647	return s
16648}
16649
16650// SetName sets the Name field's value.
16651func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator {
16652	s.Name = &v
16653	return s
16654}
16655
16656// SetStatus sets the Status field's value.
16657func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator {
16658	s.Status = &v
16659	return s
16660}
16661
16662// Contains information about the AWS service for which the account is a delegated
16663// administrator.
16664type DelegatedService struct {
16665	_ struct{} `type:"structure"`
16666
16667	// The date that the account became a delegated administrator for this service.
16668	DelegationEnabledDate *time.Time `type:"timestamp"`
16669
16670	// The name of an AWS service that can request an operation for the specified
16671	// service. This is typically in the form of a URL, such as: servicename.amazonaws.com.
16672	ServicePrincipal *string `min:"1" type:"string"`
16673}
16674
16675// String returns the string representation
16676func (s DelegatedService) String() string {
16677	return awsutil.Prettify(s)
16678}
16679
16680// GoString returns the string representation
16681func (s DelegatedService) GoString() string {
16682	return s.String()
16683}
16684
16685// SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
16686func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService {
16687	s.DelegationEnabledDate = &v
16688	return s
16689}
16690
16691// SetServicePrincipal sets the ServicePrincipal field's value.
16692func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService {
16693	s.ServicePrincipal = &v
16694	return s
16695}
16696
16697type DeleteOrganizationInput struct {
16698	_ struct{} `type:"structure"`
16699}
16700
16701// String returns the string representation
16702func (s DeleteOrganizationInput) String() string {
16703	return awsutil.Prettify(s)
16704}
16705
16706// GoString returns the string representation
16707func (s DeleteOrganizationInput) GoString() string {
16708	return s.String()
16709}
16710
16711type DeleteOrganizationOutput struct {
16712	_ struct{} `type:"structure"`
16713}
16714
16715// String returns the string representation
16716func (s DeleteOrganizationOutput) String() string {
16717	return awsutil.Prettify(s)
16718}
16719
16720// GoString returns the string representation
16721func (s DeleteOrganizationOutput) GoString() string {
16722	return s.String()
16723}
16724
16725type DeleteOrganizationalUnitInput struct {
16726	_ struct{} `type:"structure"`
16727
16728	// The unique identifier (ID) of the organizational unit that you want to delete.
16729	// You can get the ID from the ListOrganizationalUnitsForParent operation.
16730	//
16731	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
16732	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
16733	// or digits (the ID of the root that contains the OU). This string is followed
16734	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
16735	//
16736	// OrganizationalUnitId is a required field
16737	OrganizationalUnitId *string `type:"string" required:"true"`
16738}
16739
16740// String returns the string representation
16741func (s DeleteOrganizationalUnitInput) String() string {
16742	return awsutil.Prettify(s)
16743}
16744
16745// GoString returns the string representation
16746func (s DeleteOrganizationalUnitInput) GoString() string {
16747	return s.String()
16748}
16749
16750// Validate inspects the fields of the type to determine if they are valid.
16751func (s *DeleteOrganizationalUnitInput) Validate() error {
16752	invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"}
16753	if s.OrganizationalUnitId == nil {
16754		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
16755	}
16756
16757	if invalidParams.Len() > 0 {
16758		return invalidParams
16759	}
16760	return nil
16761}
16762
16763// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
16764func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput {
16765	s.OrganizationalUnitId = &v
16766	return s
16767}
16768
16769type DeleteOrganizationalUnitOutput struct {
16770	_ struct{} `type:"structure"`
16771}
16772
16773// String returns the string representation
16774func (s DeleteOrganizationalUnitOutput) String() string {
16775	return awsutil.Prettify(s)
16776}
16777
16778// GoString returns the string representation
16779func (s DeleteOrganizationalUnitOutput) GoString() string {
16780	return s.String()
16781}
16782
16783type DeletePolicyInput struct {
16784	_ struct{} `type:"structure"`
16785
16786	// The unique identifier (ID) of the policy that you want to delete. You can
16787	// get the ID from the ListPolicies or ListPoliciesForTarget operations.
16788	//
16789	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
16790	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
16791	// or the underscore character (_).
16792	//
16793	// PolicyId is a required field
16794	PolicyId *string `type:"string" required:"true"`
16795}
16796
16797// String returns the string representation
16798func (s DeletePolicyInput) String() string {
16799	return awsutil.Prettify(s)
16800}
16801
16802// GoString returns the string representation
16803func (s DeletePolicyInput) GoString() string {
16804	return s.String()
16805}
16806
16807// Validate inspects the fields of the type to determine if they are valid.
16808func (s *DeletePolicyInput) Validate() error {
16809	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
16810	if s.PolicyId == nil {
16811		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
16812	}
16813
16814	if invalidParams.Len() > 0 {
16815		return invalidParams
16816	}
16817	return nil
16818}
16819
16820// SetPolicyId sets the PolicyId field's value.
16821func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
16822	s.PolicyId = &v
16823	return s
16824}
16825
16826type DeletePolicyOutput struct {
16827	_ struct{} `type:"structure"`
16828}
16829
16830// String returns the string representation
16831func (s DeletePolicyOutput) String() string {
16832	return awsutil.Prettify(s)
16833}
16834
16835// GoString returns the string representation
16836func (s DeletePolicyOutput) GoString() string {
16837	return s.String()
16838}
16839
16840type DeregisterDelegatedAdministratorInput struct {
16841	_ struct{} `type:"structure"`
16842
16843	// The account ID number of the member account in the organization that you
16844	// want to deregister as a delegated administrator.
16845	//
16846	// AccountId is a required field
16847	AccountId *string `type:"string" required:"true"`
16848
16849	// The service principal name of an AWS service for which the account is a delegated
16850	// administrator.
16851	//
16852	// Delegated administrator privileges are revoked for only the specified AWS
16853	// service from the member account. If the specified service is the only service
16854	// for which the member account is a delegated administrator, the operation
16855	// also revokes Organizations read action permissions.
16856	//
16857	// ServicePrincipal is a required field
16858	ServicePrincipal *string `min:"1" type:"string" required:"true"`
16859}
16860
16861// String returns the string representation
16862func (s DeregisterDelegatedAdministratorInput) String() string {
16863	return awsutil.Prettify(s)
16864}
16865
16866// GoString returns the string representation
16867func (s DeregisterDelegatedAdministratorInput) GoString() string {
16868	return s.String()
16869}
16870
16871// Validate inspects the fields of the type to determine if they are valid.
16872func (s *DeregisterDelegatedAdministratorInput) Validate() error {
16873	invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"}
16874	if s.AccountId == nil {
16875		invalidParams.Add(request.NewErrParamRequired("AccountId"))
16876	}
16877	if s.ServicePrincipal == nil {
16878		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
16879	}
16880	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
16881		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
16882	}
16883
16884	if invalidParams.Len() > 0 {
16885		return invalidParams
16886	}
16887	return nil
16888}
16889
16890// SetAccountId sets the AccountId field's value.
16891func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput {
16892	s.AccountId = &v
16893	return s
16894}
16895
16896// SetServicePrincipal sets the ServicePrincipal field's value.
16897func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput {
16898	s.ServicePrincipal = &v
16899	return s
16900}
16901
16902type DeregisterDelegatedAdministratorOutput struct {
16903	_ struct{} `type:"structure"`
16904}
16905
16906// String returns the string representation
16907func (s DeregisterDelegatedAdministratorOutput) String() string {
16908	return awsutil.Prettify(s)
16909}
16910
16911// GoString returns the string representation
16912func (s DeregisterDelegatedAdministratorOutput) GoString() string {
16913	return s.String()
16914}
16915
16916type DescribeAccountInput struct {
16917	_ struct{} `type:"structure"`
16918
16919	// The unique identifier (ID) of the AWS account that you want information about.
16920	// You can get the ID from the ListAccounts or ListAccountsForParent operations.
16921	//
16922	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
16923	// requires exactly 12 digits.
16924	//
16925	// AccountId is a required field
16926	AccountId *string `type:"string" required:"true"`
16927}
16928
16929// String returns the string representation
16930func (s DescribeAccountInput) String() string {
16931	return awsutil.Prettify(s)
16932}
16933
16934// GoString returns the string representation
16935func (s DescribeAccountInput) GoString() string {
16936	return s.String()
16937}
16938
16939// Validate inspects the fields of the type to determine if they are valid.
16940func (s *DescribeAccountInput) Validate() error {
16941	invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"}
16942	if s.AccountId == nil {
16943		invalidParams.Add(request.NewErrParamRequired("AccountId"))
16944	}
16945
16946	if invalidParams.Len() > 0 {
16947		return invalidParams
16948	}
16949	return nil
16950}
16951
16952// SetAccountId sets the AccountId field's value.
16953func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput {
16954	s.AccountId = &v
16955	return s
16956}
16957
16958type DescribeAccountOutput struct {
16959	_ struct{} `type:"structure"`
16960
16961	// A structure that contains information about the requested account.
16962	Account *Account `type:"structure"`
16963}
16964
16965// String returns the string representation
16966func (s DescribeAccountOutput) String() string {
16967	return awsutil.Prettify(s)
16968}
16969
16970// GoString returns the string representation
16971func (s DescribeAccountOutput) GoString() string {
16972	return s.String()
16973}
16974
16975// SetAccount sets the Account field's value.
16976func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput {
16977	s.Account = v
16978	return s
16979}
16980
16981type DescribeCreateAccountStatusInput struct {
16982	_ struct{} `type:"structure"`
16983
16984	// Specifies the Id value that uniquely identifies the CreateAccount request.
16985	// You can get the value from the CreateAccountStatus.Id response in an earlier
16986	// CreateAccount request, or from the ListCreateAccountStatus operation.
16987	//
16988	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
16989	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
16990	// or digits.
16991	//
16992	// CreateAccountRequestId is a required field
16993	CreateAccountRequestId *string `type:"string" required:"true"`
16994}
16995
16996// String returns the string representation
16997func (s DescribeCreateAccountStatusInput) String() string {
16998	return awsutil.Prettify(s)
16999}
17000
17001// GoString returns the string representation
17002func (s DescribeCreateAccountStatusInput) GoString() string {
17003	return s.String()
17004}
17005
17006// Validate inspects the fields of the type to determine if they are valid.
17007func (s *DescribeCreateAccountStatusInput) Validate() error {
17008	invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"}
17009	if s.CreateAccountRequestId == nil {
17010		invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId"))
17011	}
17012
17013	if invalidParams.Len() > 0 {
17014		return invalidParams
17015	}
17016	return nil
17017}
17018
17019// SetCreateAccountRequestId sets the CreateAccountRequestId field's value.
17020func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput {
17021	s.CreateAccountRequestId = &v
17022	return s
17023}
17024
17025type DescribeCreateAccountStatusOutput struct {
17026	_ struct{} `type:"structure"`
17027
17028	// A structure that contains the current status of an account creation request.
17029	CreateAccountStatus *CreateAccountStatus `type:"structure"`
17030}
17031
17032// String returns the string representation
17033func (s DescribeCreateAccountStatusOutput) String() string {
17034	return awsutil.Prettify(s)
17035}
17036
17037// GoString returns the string representation
17038func (s DescribeCreateAccountStatusOutput) GoString() string {
17039	return s.String()
17040}
17041
17042// SetCreateAccountStatus sets the CreateAccountStatus field's value.
17043func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput {
17044	s.CreateAccountStatus = v
17045	return s
17046}
17047
17048type DescribeEffectivePolicyInput struct {
17049	_ struct{} `type:"structure"`
17050
17051	// The type of policy that you want information about. You can specify one of
17052	// the following values:
17053	//
17054	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
17055	//
17056	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
17057	//
17058	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
17059	//
17060	// PolicyType is a required field
17061	PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"`
17062
17063	// When you're signed in as the management account, specify the ID of the account
17064	// that you want details about. Specifying an organization root or organizational
17065	// unit (OU) as the target is not supported.
17066	TargetId *string `type:"string"`
17067}
17068
17069// String returns the string representation
17070func (s DescribeEffectivePolicyInput) String() string {
17071	return awsutil.Prettify(s)
17072}
17073
17074// GoString returns the string representation
17075func (s DescribeEffectivePolicyInput) GoString() string {
17076	return s.String()
17077}
17078
17079// Validate inspects the fields of the type to determine if they are valid.
17080func (s *DescribeEffectivePolicyInput) Validate() error {
17081	invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"}
17082	if s.PolicyType == nil {
17083		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
17084	}
17085
17086	if invalidParams.Len() > 0 {
17087		return invalidParams
17088	}
17089	return nil
17090}
17091
17092// SetPolicyType sets the PolicyType field's value.
17093func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput {
17094	s.PolicyType = &v
17095	return s
17096}
17097
17098// SetTargetId sets the TargetId field's value.
17099func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput {
17100	s.TargetId = &v
17101	return s
17102}
17103
17104type DescribeEffectivePolicyOutput struct {
17105	_ struct{} `type:"structure"`
17106
17107	// The contents of the effective policy.
17108	EffectivePolicy *EffectivePolicy `type:"structure"`
17109}
17110
17111// String returns the string representation
17112func (s DescribeEffectivePolicyOutput) String() string {
17113	return awsutil.Prettify(s)
17114}
17115
17116// GoString returns the string representation
17117func (s DescribeEffectivePolicyOutput) GoString() string {
17118	return s.String()
17119}
17120
17121// SetEffectivePolicy sets the EffectivePolicy field's value.
17122func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput {
17123	s.EffectivePolicy = v
17124	return s
17125}
17126
17127type DescribeHandshakeInput struct {
17128	_ struct{} `type:"structure"`
17129
17130	// The unique identifier (ID) of the handshake that you want information about.
17131	// You can get the ID from the original call to InviteAccountToOrganization,
17132	// or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
17133	//
17134	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
17135	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
17136	//
17137	// HandshakeId is a required field
17138	HandshakeId *string `type:"string" required:"true"`
17139}
17140
17141// String returns the string representation
17142func (s DescribeHandshakeInput) String() string {
17143	return awsutil.Prettify(s)
17144}
17145
17146// GoString returns the string representation
17147func (s DescribeHandshakeInput) GoString() string {
17148	return s.String()
17149}
17150
17151// Validate inspects the fields of the type to determine if they are valid.
17152func (s *DescribeHandshakeInput) Validate() error {
17153	invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"}
17154	if s.HandshakeId == nil {
17155		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
17156	}
17157
17158	if invalidParams.Len() > 0 {
17159		return invalidParams
17160	}
17161	return nil
17162}
17163
17164// SetHandshakeId sets the HandshakeId field's value.
17165func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput {
17166	s.HandshakeId = &v
17167	return s
17168}
17169
17170type DescribeHandshakeOutput struct {
17171	_ struct{} `type:"structure"`
17172
17173	// A structure that contains information about the specified handshake.
17174	Handshake *Handshake `type:"structure"`
17175}
17176
17177// String returns the string representation
17178func (s DescribeHandshakeOutput) String() string {
17179	return awsutil.Prettify(s)
17180}
17181
17182// GoString returns the string representation
17183func (s DescribeHandshakeOutput) GoString() string {
17184	return s.String()
17185}
17186
17187// SetHandshake sets the Handshake field's value.
17188func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput {
17189	s.Handshake = v
17190	return s
17191}
17192
17193type DescribeOrganizationInput struct {
17194	_ struct{} `type:"structure"`
17195}
17196
17197// String returns the string representation
17198func (s DescribeOrganizationInput) String() string {
17199	return awsutil.Prettify(s)
17200}
17201
17202// GoString returns the string representation
17203func (s DescribeOrganizationInput) GoString() string {
17204	return s.String()
17205}
17206
17207type DescribeOrganizationOutput struct {
17208	_ struct{} `type:"structure"`
17209
17210	// A structure that contains information about the organization.
17211	//
17212	// The AvailablePolicyTypes part of the response is deprecated, and you shouldn't
17213	// use it in your apps. It doesn't include any policy type supported by Organizations
17214	// other than SCPs. To determine which policy types are enabled in your organization,
17215	// use the ListRoots operation.
17216	Organization *Organization `type:"structure"`
17217}
17218
17219// String returns the string representation
17220func (s DescribeOrganizationOutput) String() string {
17221	return awsutil.Prettify(s)
17222}
17223
17224// GoString returns the string representation
17225func (s DescribeOrganizationOutput) GoString() string {
17226	return s.String()
17227}
17228
17229// SetOrganization sets the Organization field's value.
17230func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput {
17231	s.Organization = v
17232	return s
17233}
17234
17235type DescribeOrganizationalUnitInput struct {
17236	_ struct{} `type:"structure"`
17237
17238	// The unique identifier (ID) of the organizational unit that you want details
17239	// about. You can get the ID from the ListOrganizationalUnitsForParent operation.
17240	//
17241	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
17242	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
17243	// or digits (the ID of the root that contains the OU). This string is followed
17244	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
17245	//
17246	// OrganizationalUnitId is a required field
17247	OrganizationalUnitId *string `type:"string" required:"true"`
17248}
17249
17250// String returns the string representation
17251func (s DescribeOrganizationalUnitInput) String() string {
17252	return awsutil.Prettify(s)
17253}
17254
17255// GoString returns the string representation
17256func (s DescribeOrganizationalUnitInput) GoString() string {
17257	return s.String()
17258}
17259
17260// Validate inspects the fields of the type to determine if they are valid.
17261func (s *DescribeOrganizationalUnitInput) Validate() error {
17262	invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"}
17263	if s.OrganizationalUnitId == nil {
17264		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
17265	}
17266
17267	if invalidParams.Len() > 0 {
17268		return invalidParams
17269	}
17270	return nil
17271}
17272
17273// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
17274func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput {
17275	s.OrganizationalUnitId = &v
17276	return s
17277}
17278
17279type DescribeOrganizationalUnitOutput struct {
17280	_ struct{} `type:"structure"`
17281
17282	// A structure that contains details about the specified OU.
17283	OrganizationalUnit *OrganizationalUnit `type:"structure"`
17284}
17285
17286// String returns the string representation
17287func (s DescribeOrganizationalUnitOutput) String() string {
17288	return awsutil.Prettify(s)
17289}
17290
17291// GoString returns the string representation
17292func (s DescribeOrganizationalUnitOutput) GoString() string {
17293	return s.String()
17294}
17295
17296// SetOrganizationalUnit sets the OrganizationalUnit field's value.
17297func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput {
17298	s.OrganizationalUnit = v
17299	return s
17300}
17301
17302type DescribePolicyInput struct {
17303	_ struct{} `type:"structure"`
17304
17305	// The unique identifier (ID) of the policy that you want details about. You
17306	// can get the ID from the ListPolicies or ListPoliciesForTarget operations.
17307	//
17308	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
17309	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
17310	// or the underscore character (_).
17311	//
17312	// PolicyId is a required field
17313	PolicyId *string `type:"string" required:"true"`
17314}
17315
17316// String returns the string representation
17317func (s DescribePolicyInput) String() string {
17318	return awsutil.Prettify(s)
17319}
17320
17321// GoString returns the string representation
17322func (s DescribePolicyInput) GoString() string {
17323	return s.String()
17324}
17325
17326// Validate inspects the fields of the type to determine if they are valid.
17327func (s *DescribePolicyInput) Validate() error {
17328	invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"}
17329	if s.PolicyId == nil {
17330		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
17331	}
17332
17333	if invalidParams.Len() > 0 {
17334		return invalidParams
17335	}
17336	return nil
17337}
17338
17339// SetPolicyId sets the PolicyId field's value.
17340func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput {
17341	s.PolicyId = &v
17342	return s
17343}
17344
17345type DescribePolicyOutput struct {
17346	_ struct{} `type:"structure"`
17347
17348	// A structure that contains details about the specified policy.
17349	Policy *Policy `type:"structure"`
17350}
17351
17352// String returns the string representation
17353func (s DescribePolicyOutput) String() string {
17354	return awsutil.Prettify(s)
17355}
17356
17357// GoString returns the string representation
17358func (s DescribePolicyOutput) GoString() string {
17359	return s.String()
17360}
17361
17362// SetPolicy sets the Policy field's value.
17363func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput {
17364	s.Policy = v
17365	return s
17366}
17367
17368// We can't find the destination container (a root or OU) with the ParentId
17369// that you specified.
17370type DestinationParentNotFoundException struct {
17371	_            struct{}                  `type:"structure"`
17372	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17373
17374	Message_ *string `locationName:"Message" type:"string"`
17375}
17376
17377// String returns the string representation
17378func (s DestinationParentNotFoundException) String() string {
17379	return awsutil.Prettify(s)
17380}
17381
17382// GoString returns the string representation
17383func (s DestinationParentNotFoundException) GoString() string {
17384	return s.String()
17385}
17386
17387func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error {
17388	return &DestinationParentNotFoundException{
17389		RespMetadata: v,
17390	}
17391}
17392
17393// Code returns the exception type name.
17394func (s *DestinationParentNotFoundException) Code() string {
17395	return "DestinationParentNotFoundException"
17396}
17397
17398// Message returns the exception's message.
17399func (s *DestinationParentNotFoundException) Message() string {
17400	if s.Message_ != nil {
17401		return *s.Message_
17402	}
17403	return ""
17404}
17405
17406// OrigErr always returns nil, satisfies awserr.Error interface.
17407func (s *DestinationParentNotFoundException) OrigErr() error {
17408	return nil
17409}
17410
17411func (s *DestinationParentNotFoundException) Error() string {
17412	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17413}
17414
17415// Status code returns the HTTP status code for the request's response error.
17416func (s *DestinationParentNotFoundException) StatusCode() int {
17417	return s.RespMetadata.StatusCode
17418}
17419
17420// RequestID returns the service's response RequestID for request.
17421func (s *DestinationParentNotFoundException) RequestID() string {
17422	return s.RespMetadata.RequestID
17423}
17424
17425type DetachPolicyInput struct {
17426	_ struct{} `type:"structure"`
17427
17428	// The unique identifier (ID) of the policy you want to detach. You can get
17429	// the ID from the ListPolicies or ListPoliciesForTarget operations.
17430	//
17431	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
17432	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
17433	// or the underscore character (_).
17434	//
17435	// PolicyId is a required field
17436	PolicyId *string `type:"string" required:"true"`
17437
17438	// The unique identifier (ID) of the root, OU, or account that you want to detach
17439	// the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent,
17440	// or ListAccounts operations.
17441	//
17442	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
17443	// requires one of the following:
17444	//
17445	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
17446	//    letters or digits.
17447	//
17448	//    * Account - A string that consists of exactly 12 digits.
17449	//
17450	//    * Organizational unit (OU) - A string that begins with "ou-" followed
17451	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
17452	//    OU is in). This string is followed by a second "-" dash and from 8 to
17453	//    32 additional lowercase letters or digits.
17454	//
17455	// TargetId is a required field
17456	TargetId *string `type:"string" required:"true"`
17457}
17458
17459// String returns the string representation
17460func (s DetachPolicyInput) String() string {
17461	return awsutil.Prettify(s)
17462}
17463
17464// GoString returns the string representation
17465func (s DetachPolicyInput) GoString() string {
17466	return s.String()
17467}
17468
17469// Validate inspects the fields of the type to determine if they are valid.
17470func (s *DetachPolicyInput) Validate() error {
17471	invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"}
17472	if s.PolicyId == nil {
17473		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
17474	}
17475	if s.TargetId == nil {
17476		invalidParams.Add(request.NewErrParamRequired("TargetId"))
17477	}
17478
17479	if invalidParams.Len() > 0 {
17480		return invalidParams
17481	}
17482	return nil
17483}
17484
17485// SetPolicyId sets the PolicyId field's value.
17486func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput {
17487	s.PolicyId = &v
17488	return s
17489}
17490
17491// SetTargetId sets the TargetId field's value.
17492func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput {
17493	s.TargetId = &v
17494	return s
17495}
17496
17497type DetachPolicyOutput struct {
17498	_ struct{} `type:"structure"`
17499}
17500
17501// String returns the string representation
17502func (s DetachPolicyOutput) String() string {
17503	return awsutil.Prettify(s)
17504}
17505
17506// GoString returns the string representation
17507func (s DetachPolicyOutput) GoString() string {
17508	return s.String()
17509}
17510
17511type DisableAWSServiceAccessInput struct {
17512	_ struct{} `type:"structure"`
17513
17514	// The service principal name of the AWS service for which you want to disable
17515	// integration with your organization. This is typically in the form of a URL,
17516	// such as service-abbreviation.amazonaws.com.
17517	//
17518	// ServicePrincipal is a required field
17519	ServicePrincipal *string `min:"1" type:"string" required:"true"`
17520}
17521
17522// String returns the string representation
17523func (s DisableAWSServiceAccessInput) String() string {
17524	return awsutil.Prettify(s)
17525}
17526
17527// GoString returns the string representation
17528func (s DisableAWSServiceAccessInput) GoString() string {
17529	return s.String()
17530}
17531
17532// Validate inspects the fields of the type to determine if they are valid.
17533func (s *DisableAWSServiceAccessInput) Validate() error {
17534	invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"}
17535	if s.ServicePrincipal == nil {
17536		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
17537	}
17538	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
17539		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
17540	}
17541
17542	if invalidParams.Len() > 0 {
17543		return invalidParams
17544	}
17545	return nil
17546}
17547
17548// SetServicePrincipal sets the ServicePrincipal field's value.
17549func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput {
17550	s.ServicePrincipal = &v
17551	return s
17552}
17553
17554type DisableAWSServiceAccessOutput struct {
17555	_ struct{} `type:"structure"`
17556}
17557
17558// String returns the string representation
17559func (s DisableAWSServiceAccessOutput) String() string {
17560	return awsutil.Prettify(s)
17561}
17562
17563// GoString returns the string representation
17564func (s DisableAWSServiceAccessOutput) GoString() string {
17565	return s.String()
17566}
17567
17568type DisablePolicyTypeInput struct {
17569	_ struct{} `type:"structure"`
17570
17571	// The policy type that you want to disable in this root. You can specify one
17572	// of the following values:
17573	//
17574	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
17575	//
17576	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
17577	//
17578	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
17579	//
17580	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
17581	//
17582	// PolicyType is a required field
17583	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
17584
17585	// The unique identifier (ID) of the root in which you want to disable a policy
17586	// type. You can get the ID from the ListRoots operation.
17587	//
17588	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
17589	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
17590	//
17591	// RootId is a required field
17592	RootId *string `type:"string" required:"true"`
17593}
17594
17595// String returns the string representation
17596func (s DisablePolicyTypeInput) String() string {
17597	return awsutil.Prettify(s)
17598}
17599
17600// GoString returns the string representation
17601func (s DisablePolicyTypeInput) GoString() string {
17602	return s.String()
17603}
17604
17605// Validate inspects the fields of the type to determine if they are valid.
17606func (s *DisablePolicyTypeInput) Validate() error {
17607	invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"}
17608	if s.PolicyType == nil {
17609		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
17610	}
17611	if s.RootId == nil {
17612		invalidParams.Add(request.NewErrParamRequired("RootId"))
17613	}
17614
17615	if invalidParams.Len() > 0 {
17616		return invalidParams
17617	}
17618	return nil
17619}
17620
17621// SetPolicyType sets the PolicyType field's value.
17622func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput {
17623	s.PolicyType = &v
17624	return s
17625}
17626
17627// SetRootId sets the RootId field's value.
17628func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput {
17629	s.RootId = &v
17630	return s
17631}
17632
17633type DisablePolicyTypeOutput struct {
17634	_ struct{} `type:"structure"`
17635
17636	// A structure that shows the root with the updated list of enabled policy types.
17637	Root *Root `type:"structure"`
17638}
17639
17640// String returns the string representation
17641func (s DisablePolicyTypeOutput) String() string {
17642	return awsutil.Prettify(s)
17643}
17644
17645// GoString returns the string representation
17646func (s DisablePolicyTypeOutput) GoString() string {
17647	return s.String()
17648}
17649
17650// SetRoot sets the Root field's value.
17651func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput {
17652	s.Root = v
17653	return s
17654}
17655
17656// That account is already present in the specified destination.
17657type DuplicateAccountException struct {
17658	_            struct{}                  `type:"structure"`
17659	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17660
17661	Message_ *string `locationName:"Message" type:"string"`
17662}
17663
17664// String returns the string representation
17665func (s DuplicateAccountException) String() string {
17666	return awsutil.Prettify(s)
17667}
17668
17669// GoString returns the string representation
17670func (s DuplicateAccountException) GoString() string {
17671	return s.String()
17672}
17673
17674func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error {
17675	return &DuplicateAccountException{
17676		RespMetadata: v,
17677	}
17678}
17679
17680// Code returns the exception type name.
17681func (s *DuplicateAccountException) Code() string {
17682	return "DuplicateAccountException"
17683}
17684
17685// Message returns the exception's message.
17686func (s *DuplicateAccountException) Message() string {
17687	if s.Message_ != nil {
17688		return *s.Message_
17689	}
17690	return ""
17691}
17692
17693// OrigErr always returns nil, satisfies awserr.Error interface.
17694func (s *DuplicateAccountException) OrigErr() error {
17695	return nil
17696}
17697
17698func (s *DuplicateAccountException) Error() string {
17699	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17700}
17701
17702// Status code returns the HTTP status code for the request's response error.
17703func (s *DuplicateAccountException) StatusCode() int {
17704	return s.RespMetadata.StatusCode
17705}
17706
17707// RequestID returns the service's response RequestID for request.
17708func (s *DuplicateAccountException) RequestID() string {
17709	return s.RespMetadata.RequestID
17710}
17711
17712// A handshake with the same action and target already exists. For example,
17713// if you invited an account to join your organization, the invited account
17714// might already have a pending invitation from this organization. If you intend
17715// to resend an invitation to an account, ensure that existing handshakes that
17716// might be considered duplicates are canceled or declined.
17717type DuplicateHandshakeException struct {
17718	_            struct{}                  `type:"structure"`
17719	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17720
17721	Message_ *string `locationName:"Message" type:"string"`
17722}
17723
17724// String returns the string representation
17725func (s DuplicateHandshakeException) String() string {
17726	return awsutil.Prettify(s)
17727}
17728
17729// GoString returns the string representation
17730func (s DuplicateHandshakeException) GoString() string {
17731	return s.String()
17732}
17733
17734func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error {
17735	return &DuplicateHandshakeException{
17736		RespMetadata: v,
17737	}
17738}
17739
17740// Code returns the exception type name.
17741func (s *DuplicateHandshakeException) Code() string {
17742	return "DuplicateHandshakeException"
17743}
17744
17745// Message returns the exception's message.
17746func (s *DuplicateHandshakeException) Message() string {
17747	if s.Message_ != nil {
17748		return *s.Message_
17749	}
17750	return ""
17751}
17752
17753// OrigErr always returns nil, satisfies awserr.Error interface.
17754func (s *DuplicateHandshakeException) OrigErr() error {
17755	return nil
17756}
17757
17758func (s *DuplicateHandshakeException) Error() string {
17759	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17760}
17761
17762// Status code returns the HTTP status code for the request's response error.
17763func (s *DuplicateHandshakeException) StatusCode() int {
17764	return s.RespMetadata.StatusCode
17765}
17766
17767// RequestID returns the service's response RequestID for request.
17768func (s *DuplicateHandshakeException) RequestID() string {
17769	return s.RespMetadata.RequestID
17770}
17771
17772// An OU with the same name already exists.
17773type DuplicateOrganizationalUnitException struct {
17774	_            struct{}                  `type:"structure"`
17775	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17776
17777	Message_ *string `locationName:"Message" type:"string"`
17778}
17779
17780// String returns the string representation
17781func (s DuplicateOrganizationalUnitException) String() string {
17782	return awsutil.Prettify(s)
17783}
17784
17785// GoString returns the string representation
17786func (s DuplicateOrganizationalUnitException) GoString() string {
17787	return s.String()
17788}
17789
17790func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error {
17791	return &DuplicateOrganizationalUnitException{
17792		RespMetadata: v,
17793	}
17794}
17795
17796// Code returns the exception type name.
17797func (s *DuplicateOrganizationalUnitException) Code() string {
17798	return "DuplicateOrganizationalUnitException"
17799}
17800
17801// Message returns the exception's message.
17802func (s *DuplicateOrganizationalUnitException) Message() string {
17803	if s.Message_ != nil {
17804		return *s.Message_
17805	}
17806	return ""
17807}
17808
17809// OrigErr always returns nil, satisfies awserr.Error interface.
17810func (s *DuplicateOrganizationalUnitException) OrigErr() error {
17811	return nil
17812}
17813
17814func (s *DuplicateOrganizationalUnitException) Error() string {
17815	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17816}
17817
17818// Status code returns the HTTP status code for the request's response error.
17819func (s *DuplicateOrganizationalUnitException) StatusCode() int {
17820	return s.RespMetadata.StatusCode
17821}
17822
17823// RequestID returns the service's response RequestID for request.
17824func (s *DuplicateOrganizationalUnitException) RequestID() string {
17825	return s.RespMetadata.RequestID
17826}
17827
17828// The selected policy is already attached to the specified target.
17829type DuplicatePolicyAttachmentException struct {
17830	_            struct{}                  `type:"structure"`
17831	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17832
17833	Message_ *string `locationName:"Message" type:"string"`
17834}
17835
17836// String returns the string representation
17837func (s DuplicatePolicyAttachmentException) String() string {
17838	return awsutil.Prettify(s)
17839}
17840
17841// GoString returns the string representation
17842func (s DuplicatePolicyAttachmentException) GoString() string {
17843	return s.String()
17844}
17845
17846func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error {
17847	return &DuplicatePolicyAttachmentException{
17848		RespMetadata: v,
17849	}
17850}
17851
17852// Code returns the exception type name.
17853func (s *DuplicatePolicyAttachmentException) Code() string {
17854	return "DuplicatePolicyAttachmentException"
17855}
17856
17857// Message returns the exception's message.
17858func (s *DuplicatePolicyAttachmentException) Message() string {
17859	if s.Message_ != nil {
17860		return *s.Message_
17861	}
17862	return ""
17863}
17864
17865// OrigErr always returns nil, satisfies awserr.Error interface.
17866func (s *DuplicatePolicyAttachmentException) OrigErr() error {
17867	return nil
17868}
17869
17870func (s *DuplicatePolicyAttachmentException) Error() string {
17871	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17872}
17873
17874// Status code returns the HTTP status code for the request's response error.
17875func (s *DuplicatePolicyAttachmentException) StatusCode() int {
17876	return s.RespMetadata.StatusCode
17877}
17878
17879// RequestID returns the service's response RequestID for request.
17880func (s *DuplicatePolicyAttachmentException) RequestID() string {
17881	return s.RespMetadata.RequestID
17882}
17883
17884// A policy with the same name already exists.
17885type DuplicatePolicyException struct {
17886	_            struct{}                  `type:"structure"`
17887	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
17888
17889	Message_ *string `locationName:"Message" type:"string"`
17890}
17891
17892// String returns the string representation
17893func (s DuplicatePolicyException) String() string {
17894	return awsutil.Prettify(s)
17895}
17896
17897// GoString returns the string representation
17898func (s DuplicatePolicyException) GoString() string {
17899	return s.String()
17900}
17901
17902func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error {
17903	return &DuplicatePolicyException{
17904		RespMetadata: v,
17905	}
17906}
17907
17908// Code returns the exception type name.
17909func (s *DuplicatePolicyException) Code() string {
17910	return "DuplicatePolicyException"
17911}
17912
17913// Message returns the exception's message.
17914func (s *DuplicatePolicyException) Message() string {
17915	if s.Message_ != nil {
17916		return *s.Message_
17917	}
17918	return ""
17919}
17920
17921// OrigErr always returns nil, satisfies awserr.Error interface.
17922func (s *DuplicatePolicyException) OrigErr() error {
17923	return nil
17924}
17925
17926func (s *DuplicatePolicyException) Error() string {
17927	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
17928}
17929
17930// Status code returns the HTTP status code for the request's response error.
17931func (s *DuplicatePolicyException) StatusCode() int {
17932	return s.RespMetadata.StatusCode
17933}
17934
17935// RequestID returns the service's response RequestID for request.
17936func (s *DuplicatePolicyException) RequestID() string {
17937	return s.RespMetadata.RequestID
17938}
17939
17940// Contains rules to be applied to the affected accounts. The effective policy
17941// is the aggregation of any policies the account inherits, plus any policy
17942// directly attached to the account.
17943type EffectivePolicy struct {
17944	_ struct{} `type:"structure"`
17945
17946	// The time of the last update to this policy.
17947	LastUpdatedTimestamp *time.Time `type:"timestamp"`
17948
17949	// The text content of the policy.
17950	PolicyContent *string `min:"1" type:"string"`
17951
17952	// The policy type.
17953	PolicyType *string `type:"string" enum:"EffectivePolicyType"`
17954
17955	// The account ID of the policy target.
17956	TargetId *string `type:"string"`
17957}
17958
17959// String returns the string representation
17960func (s EffectivePolicy) String() string {
17961	return awsutil.Prettify(s)
17962}
17963
17964// GoString returns the string representation
17965func (s EffectivePolicy) GoString() string {
17966	return s.String()
17967}
17968
17969// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value.
17970func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy {
17971	s.LastUpdatedTimestamp = &v
17972	return s
17973}
17974
17975// SetPolicyContent sets the PolicyContent field's value.
17976func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy {
17977	s.PolicyContent = &v
17978	return s
17979}
17980
17981// SetPolicyType sets the PolicyType field's value.
17982func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy {
17983	s.PolicyType = &v
17984	return s
17985}
17986
17987// SetTargetId sets the TargetId field's value.
17988func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy {
17989	s.TargetId = &v
17990	return s
17991}
17992
17993// If you ran this action on the management account, this policy type is not
17994// enabled. If you ran the action on a member account, the account doesn't have
17995// an effective policy of this type. Contact the administrator of your organization
17996// about attaching a policy of this type to the account.
17997type EffectivePolicyNotFoundException struct {
17998	_            struct{}                  `type:"structure"`
17999	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18000
18001	Message_ *string `locationName:"Message" type:"string"`
18002}
18003
18004// String returns the string representation
18005func (s EffectivePolicyNotFoundException) String() string {
18006	return awsutil.Prettify(s)
18007}
18008
18009// GoString returns the string representation
18010func (s EffectivePolicyNotFoundException) GoString() string {
18011	return s.String()
18012}
18013
18014func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error {
18015	return &EffectivePolicyNotFoundException{
18016		RespMetadata: v,
18017	}
18018}
18019
18020// Code returns the exception type name.
18021func (s *EffectivePolicyNotFoundException) Code() string {
18022	return "EffectivePolicyNotFoundException"
18023}
18024
18025// Message returns the exception's message.
18026func (s *EffectivePolicyNotFoundException) Message() string {
18027	if s.Message_ != nil {
18028		return *s.Message_
18029	}
18030	return ""
18031}
18032
18033// OrigErr always returns nil, satisfies awserr.Error interface.
18034func (s *EffectivePolicyNotFoundException) OrigErr() error {
18035	return nil
18036}
18037
18038func (s *EffectivePolicyNotFoundException) Error() string {
18039	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
18040}
18041
18042// Status code returns the HTTP status code for the request's response error.
18043func (s *EffectivePolicyNotFoundException) StatusCode() int {
18044	return s.RespMetadata.StatusCode
18045}
18046
18047// RequestID returns the service's response RequestID for request.
18048func (s *EffectivePolicyNotFoundException) RequestID() string {
18049	return s.RespMetadata.RequestID
18050}
18051
18052type EnableAWSServiceAccessInput struct {
18053	_ struct{} `type:"structure"`
18054
18055	// The service principal name of the AWS service for which you want to enable
18056	// integration with your organization. This is typically in the form of a URL,
18057	// such as service-abbreviation.amazonaws.com.
18058	//
18059	// ServicePrincipal is a required field
18060	ServicePrincipal *string `min:"1" type:"string" required:"true"`
18061}
18062
18063// String returns the string representation
18064func (s EnableAWSServiceAccessInput) String() string {
18065	return awsutil.Prettify(s)
18066}
18067
18068// GoString returns the string representation
18069func (s EnableAWSServiceAccessInput) GoString() string {
18070	return s.String()
18071}
18072
18073// Validate inspects the fields of the type to determine if they are valid.
18074func (s *EnableAWSServiceAccessInput) Validate() error {
18075	invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"}
18076	if s.ServicePrincipal == nil {
18077		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
18078	}
18079	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
18080		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
18081	}
18082
18083	if invalidParams.Len() > 0 {
18084		return invalidParams
18085	}
18086	return nil
18087}
18088
18089// SetServicePrincipal sets the ServicePrincipal field's value.
18090func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput {
18091	s.ServicePrincipal = &v
18092	return s
18093}
18094
18095type EnableAWSServiceAccessOutput struct {
18096	_ struct{} `type:"structure"`
18097}
18098
18099// String returns the string representation
18100func (s EnableAWSServiceAccessOutput) String() string {
18101	return awsutil.Prettify(s)
18102}
18103
18104// GoString returns the string representation
18105func (s EnableAWSServiceAccessOutput) GoString() string {
18106	return s.String()
18107}
18108
18109type EnableAllFeaturesInput struct {
18110	_ struct{} `type:"structure"`
18111}
18112
18113// String returns the string representation
18114func (s EnableAllFeaturesInput) String() string {
18115	return awsutil.Prettify(s)
18116}
18117
18118// GoString returns the string representation
18119func (s EnableAllFeaturesInput) GoString() string {
18120	return s.String()
18121}
18122
18123type EnableAllFeaturesOutput struct {
18124	_ struct{} `type:"structure"`
18125
18126	// A structure that contains details about the handshake created to support
18127	// this request to enable all features in the organization.
18128	Handshake *Handshake `type:"structure"`
18129}
18130
18131// String returns the string representation
18132func (s EnableAllFeaturesOutput) String() string {
18133	return awsutil.Prettify(s)
18134}
18135
18136// GoString returns the string representation
18137func (s EnableAllFeaturesOutput) GoString() string {
18138	return s.String()
18139}
18140
18141// SetHandshake sets the Handshake field's value.
18142func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput {
18143	s.Handshake = v
18144	return s
18145}
18146
18147type EnablePolicyTypeInput struct {
18148	_ struct{} `type:"structure"`
18149
18150	// The policy type that you want to enable. You can specify one of the following
18151	// values:
18152	//
18153	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
18154	//
18155	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
18156	//
18157	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
18158	//
18159	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
18160	//
18161	// PolicyType is a required field
18162	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
18163
18164	// The unique identifier (ID) of the root in which you want to enable a policy
18165	// type. You can get the ID from the ListRoots operation.
18166	//
18167	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
18168	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
18169	//
18170	// RootId is a required field
18171	RootId *string `type:"string" required:"true"`
18172}
18173
18174// String returns the string representation
18175func (s EnablePolicyTypeInput) String() string {
18176	return awsutil.Prettify(s)
18177}
18178
18179// GoString returns the string representation
18180func (s EnablePolicyTypeInput) GoString() string {
18181	return s.String()
18182}
18183
18184// Validate inspects the fields of the type to determine if they are valid.
18185func (s *EnablePolicyTypeInput) Validate() error {
18186	invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"}
18187	if s.PolicyType == nil {
18188		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
18189	}
18190	if s.RootId == nil {
18191		invalidParams.Add(request.NewErrParamRequired("RootId"))
18192	}
18193
18194	if invalidParams.Len() > 0 {
18195		return invalidParams
18196	}
18197	return nil
18198}
18199
18200// SetPolicyType sets the PolicyType field's value.
18201func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput {
18202	s.PolicyType = &v
18203	return s
18204}
18205
18206// SetRootId sets the RootId field's value.
18207func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput {
18208	s.RootId = &v
18209	return s
18210}
18211
18212type EnablePolicyTypeOutput struct {
18213	_ struct{} `type:"structure"`
18214
18215	// A structure that shows the root with the updated list of enabled policy types.
18216	Root *Root `type:"structure"`
18217}
18218
18219// String returns the string representation
18220func (s EnablePolicyTypeOutput) String() string {
18221	return awsutil.Prettify(s)
18222}
18223
18224// GoString returns the string representation
18225func (s EnablePolicyTypeOutput) GoString() string {
18226	return s.String()
18227}
18228
18229// SetRoot sets the Root field's value.
18230func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput {
18231	s.Root = v
18232	return s
18233}
18234
18235// A structure that contains details of a service principal that represents
18236// an AWS service that is enabled to integrate with AWS Organizations.
18237type EnabledServicePrincipal struct {
18238	_ struct{} `type:"structure"`
18239
18240	// The date that the service principal was enabled for integration with AWS
18241	// Organizations.
18242	DateEnabled *time.Time `type:"timestamp"`
18243
18244	// The name of the service principal. This is typically in the form of a URL,
18245	// such as: servicename.amazonaws.com.
18246	ServicePrincipal *string `min:"1" type:"string"`
18247}
18248
18249// String returns the string representation
18250func (s EnabledServicePrincipal) String() string {
18251	return awsutil.Prettify(s)
18252}
18253
18254// GoString returns the string representation
18255func (s EnabledServicePrincipal) GoString() string {
18256	return s.String()
18257}
18258
18259// SetDateEnabled sets the DateEnabled field's value.
18260func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal {
18261	s.DateEnabled = &v
18262	return s
18263}
18264
18265// SetServicePrincipal sets the ServicePrincipal field's value.
18266func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal {
18267	s.ServicePrincipal = &v
18268	return s
18269}
18270
18271// AWS Organizations couldn't perform the operation because your organization
18272// hasn't finished initializing. This can take up to an hour. Try again later.
18273// If after one hour you continue to receive this error, contact AWS Support
18274// (https://console.aws.amazon.com/support/home#/).
18275type FinalizingOrganizationException struct {
18276	_            struct{}                  `type:"structure"`
18277	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18278
18279	Message_ *string `locationName:"Message" type:"string"`
18280}
18281
18282// String returns the string representation
18283func (s FinalizingOrganizationException) String() string {
18284	return awsutil.Prettify(s)
18285}
18286
18287// GoString returns the string representation
18288func (s FinalizingOrganizationException) GoString() string {
18289	return s.String()
18290}
18291
18292func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error {
18293	return &FinalizingOrganizationException{
18294		RespMetadata: v,
18295	}
18296}
18297
18298// Code returns the exception type name.
18299func (s *FinalizingOrganizationException) Code() string {
18300	return "FinalizingOrganizationException"
18301}
18302
18303// Message returns the exception's message.
18304func (s *FinalizingOrganizationException) Message() string {
18305	if s.Message_ != nil {
18306		return *s.Message_
18307	}
18308	return ""
18309}
18310
18311// OrigErr always returns nil, satisfies awserr.Error interface.
18312func (s *FinalizingOrganizationException) OrigErr() error {
18313	return nil
18314}
18315
18316func (s *FinalizingOrganizationException) Error() string {
18317	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
18318}
18319
18320// Status code returns the HTTP status code for the request's response error.
18321func (s *FinalizingOrganizationException) StatusCode() int {
18322	return s.RespMetadata.StatusCode
18323}
18324
18325// RequestID returns the service's response RequestID for request.
18326func (s *FinalizingOrganizationException) RequestID() string {
18327	return s.RespMetadata.RequestID
18328}
18329
18330// Contains information that must be exchanged to securely establish a relationship
18331// between two accounts (an originator and a recipient). For example, when a
18332// management account (the originator) invites another account (the recipient)
18333// to join its organization, the two accounts exchange information as a series
18334// of handshake requests and responses.
18335//
18336// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists
18337// for only 30 days after entering that state After that they are deleted.
18338type Handshake struct {
18339	_ struct{} `type:"structure"`
18340
18341	// The type of handshake, indicating what action occurs when the recipient accepts
18342	// the handshake. The following handshake types are supported:
18343	//
18344	//    * INVITE: This type of handshake represents a request to join an organization.
18345	//    It is always sent from the management account to only non-member accounts.
18346	//
18347	//    * ENABLE_ALL_FEATURES: This type of handshake represents a request to
18348	//    enable all features in an organization. It is always sent from the management
18349	//    account to only invited member accounts. Created accounts do not receive
18350	//    this because those accounts were created by the organization's management
18351	//    account and approval is inferred.
18352	//
18353	//    * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations
18354	//    service when all member accounts have approved the ENABLE_ALL_FEATURES
18355	//    invitation. It is sent only to the management account and signals the
18356	//    master that it can finalize the process to enable all features.
18357	Action *string `type:"string" enum:"ActionType"`
18358
18359	// The Amazon Resource Name (ARN) of a handshake.
18360	//
18361	// For more information about ARNs in Organizations, see ARN Formats Supported
18362	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
18363	// in the AWS Service Authorization Reference.
18364	Arn *string `type:"string"`
18365
18366	// The date and time that the handshake expires. If the recipient of the handshake
18367	// request fails to respond before the specified date and time, the handshake
18368	// becomes inactive and is no longer valid.
18369	ExpirationTimestamp *time.Time `type:"timestamp"`
18370
18371	// The unique identifier (ID) of a handshake. The originating account creates
18372	// the ID when it initiates the handshake.
18373	//
18374	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
18375	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
18376	Id *string `type:"string"`
18377
18378	// Information about the two accounts that are participating in the handshake.
18379	Parties []*HandshakeParty `type:"list"`
18380
18381	// The date and time that the handshake request was made.
18382	RequestedTimestamp *time.Time `type:"timestamp"`
18383
18384	// Additional information that is needed to process the handshake.
18385	Resources []*HandshakeResource `type:"list"`
18386
18387	// The current state of the handshake. Use the state to trace the flow of the
18388	// handshake through the process from its creation to its acceptance. The meaning
18389	// of each of the valid values is as follows:
18390	//
18391	//    * REQUESTED: This handshake was sent to multiple recipients (applicable
18392	//    to only some handshake types) and not all recipients have responded yet.
18393	//    The request stays in this state until all recipients respond.
18394	//
18395	//    * OPEN: This handshake was sent to multiple recipients (applicable to
18396	//    only some policy types) and all recipients have responded, allowing the
18397	//    originator to complete the handshake action.
18398	//
18399	//    * CANCELED: This handshake is no longer active because it was canceled
18400	//    by the originating account.
18401	//
18402	//    * ACCEPTED: This handshake is complete because it has been accepted by
18403	//    the recipient.
18404	//
18405	//    * DECLINED: This handshake is no longer active because it was declined
18406	//    by the recipient account.
18407	//
18408	//    * EXPIRED: This handshake is no longer active because the originator did
18409	//    not receive a response of any kind from the recipient before the expiration
18410	//    time (15 days).
18411	State *string `type:"string" enum:"HandshakeState"`
18412}
18413
18414// String returns the string representation
18415func (s Handshake) String() string {
18416	return awsutil.Prettify(s)
18417}
18418
18419// GoString returns the string representation
18420func (s Handshake) GoString() string {
18421	return s.String()
18422}
18423
18424// SetAction sets the Action field's value.
18425func (s *Handshake) SetAction(v string) *Handshake {
18426	s.Action = &v
18427	return s
18428}
18429
18430// SetArn sets the Arn field's value.
18431func (s *Handshake) SetArn(v string) *Handshake {
18432	s.Arn = &v
18433	return s
18434}
18435
18436// SetExpirationTimestamp sets the ExpirationTimestamp field's value.
18437func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake {
18438	s.ExpirationTimestamp = &v
18439	return s
18440}
18441
18442// SetId sets the Id field's value.
18443func (s *Handshake) SetId(v string) *Handshake {
18444	s.Id = &v
18445	return s
18446}
18447
18448// SetParties sets the Parties field's value.
18449func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake {
18450	s.Parties = v
18451	return s
18452}
18453
18454// SetRequestedTimestamp sets the RequestedTimestamp field's value.
18455func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake {
18456	s.RequestedTimestamp = &v
18457	return s
18458}
18459
18460// SetResources sets the Resources field's value.
18461func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake {
18462	s.Resources = v
18463	return s
18464}
18465
18466// SetState sets the State field's value.
18467func (s *Handshake) SetState(v string) *Handshake {
18468	s.State = &v
18469	return s
18470}
18471
18472// The specified handshake is already in the requested state. For example, you
18473// can't accept a handshake that was already accepted.
18474type HandshakeAlreadyInStateException struct {
18475	_            struct{}                  `type:"structure"`
18476	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18477
18478	Message_ *string `locationName:"Message" type:"string"`
18479}
18480
18481// String returns the string representation
18482func (s HandshakeAlreadyInStateException) String() string {
18483	return awsutil.Prettify(s)
18484}
18485
18486// GoString returns the string representation
18487func (s HandshakeAlreadyInStateException) GoString() string {
18488	return s.String()
18489}
18490
18491func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error {
18492	return &HandshakeAlreadyInStateException{
18493		RespMetadata: v,
18494	}
18495}
18496
18497// Code returns the exception type name.
18498func (s *HandshakeAlreadyInStateException) Code() string {
18499	return "HandshakeAlreadyInStateException"
18500}
18501
18502// Message returns the exception's message.
18503func (s *HandshakeAlreadyInStateException) Message() string {
18504	if s.Message_ != nil {
18505		return *s.Message_
18506	}
18507	return ""
18508}
18509
18510// OrigErr always returns nil, satisfies awserr.Error interface.
18511func (s *HandshakeAlreadyInStateException) OrigErr() error {
18512	return nil
18513}
18514
18515func (s *HandshakeAlreadyInStateException) Error() string {
18516	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
18517}
18518
18519// Status code returns the HTTP status code for the request's response error.
18520func (s *HandshakeAlreadyInStateException) StatusCode() int {
18521	return s.RespMetadata.StatusCode
18522}
18523
18524// RequestID returns the service's response RequestID for request.
18525func (s *HandshakeAlreadyInStateException) RequestID() string {
18526	return s.RespMetadata.RequestID
18527}
18528
18529// The requested operation would violate the constraint identified in the reason
18530// code.
18531//
18532// Some of the reasons in the following list might not be applicable to this
18533// specific API or operation:
18534//
18535//    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
18536//    the number of accounts in an organization. Note that deleted and closed
18537//    accounts still count toward your limit. If you get this exception immediately
18538//    after creating the organization, wait one hour and try again. If after
18539//    an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
18540//
18541//    * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
18542//    the invited account is already a member of an organization.
18543//
18544//    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
18545//    handshakes that you can send in one day.
18546//
18547//    * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
18548//    to join an organization while it's in the process of enabling all features.
18549//    You can resume inviting accounts after you finalize the process when all
18550//    accounts have agreed to the change.
18551//
18552//    * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
18553//    because the organization has already enabled all features.
18554//
18555//    * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
18556//    request is invalid because the organization has already started the process
18557//    to enable all features.
18558//
18559//    * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
18560//    the account is from a different marketplace than the accounts in the organization.
18561//    For example, accounts with India addresses must be associated with the
18562//    AISPL marketplace. All accounts in an organization must be from the same
18563//    marketplace.
18564//
18565//    * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
18566//    change the membership of an account too quickly after its previous change.
18567//
18568//    * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
18569//    account that doesn't have a payment instrument, such as a credit card,
18570//    associated with it.
18571type HandshakeConstraintViolationException struct {
18572	_            struct{}                  `type:"structure"`
18573	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18574
18575	Message_ *string `locationName:"Message" type:"string"`
18576
18577	Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"`
18578}
18579
18580// String returns the string representation
18581func (s HandshakeConstraintViolationException) String() string {
18582	return awsutil.Prettify(s)
18583}
18584
18585// GoString returns the string representation
18586func (s HandshakeConstraintViolationException) GoString() string {
18587	return s.String()
18588}
18589
18590func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error {
18591	return &HandshakeConstraintViolationException{
18592		RespMetadata: v,
18593	}
18594}
18595
18596// Code returns the exception type name.
18597func (s *HandshakeConstraintViolationException) Code() string {
18598	return "HandshakeConstraintViolationException"
18599}
18600
18601// Message returns the exception's message.
18602func (s *HandshakeConstraintViolationException) Message() string {
18603	if s.Message_ != nil {
18604		return *s.Message_
18605	}
18606	return ""
18607}
18608
18609// OrigErr always returns nil, satisfies awserr.Error interface.
18610func (s *HandshakeConstraintViolationException) OrigErr() error {
18611	return nil
18612}
18613
18614func (s *HandshakeConstraintViolationException) Error() string {
18615	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
18616}
18617
18618// Status code returns the HTTP status code for the request's response error.
18619func (s *HandshakeConstraintViolationException) StatusCode() int {
18620	return s.RespMetadata.StatusCode
18621}
18622
18623// RequestID returns the service's response RequestID for request.
18624func (s *HandshakeConstraintViolationException) RequestID() string {
18625	return s.RespMetadata.RequestID
18626}
18627
18628// Specifies the criteria that are used to select the handshakes for the operation.
18629type HandshakeFilter struct {
18630	_ struct{} `type:"structure"`
18631
18632	// Specifies the type of handshake action.
18633	//
18634	// If you specify ActionType, you cannot also specify ParentHandshakeId.
18635	ActionType *string `type:"string" enum:"ActionType"`
18636
18637	// Specifies the parent handshake. Only used for handshake types that are a
18638	// child of another type.
18639	//
18640	// If you specify ParentHandshakeId, you cannot also specify ActionType.
18641	//
18642	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
18643	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
18644	ParentHandshakeId *string `type:"string"`
18645}
18646
18647// String returns the string representation
18648func (s HandshakeFilter) String() string {
18649	return awsutil.Prettify(s)
18650}
18651
18652// GoString returns the string representation
18653func (s HandshakeFilter) GoString() string {
18654	return s.String()
18655}
18656
18657// SetActionType sets the ActionType field's value.
18658func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter {
18659	s.ActionType = &v
18660	return s
18661}
18662
18663// SetParentHandshakeId sets the ParentHandshakeId field's value.
18664func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter {
18665	s.ParentHandshakeId = &v
18666	return s
18667}
18668
18669// We can't find a handshake with the HandshakeId that you specified.
18670type HandshakeNotFoundException struct {
18671	_            struct{}                  `type:"structure"`
18672	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18673
18674	Message_ *string `locationName:"Message" type:"string"`
18675}
18676
18677// String returns the string representation
18678func (s HandshakeNotFoundException) String() string {
18679	return awsutil.Prettify(s)
18680}
18681
18682// GoString returns the string representation
18683func (s HandshakeNotFoundException) GoString() string {
18684	return s.String()
18685}
18686
18687func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error {
18688	return &HandshakeNotFoundException{
18689		RespMetadata: v,
18690	}
18691}
18692
18693// Code returns the exception type name.
18694func (s *HandshakeNotFoundException) Code() string {
18695	return "HandshakeNotFoundException"
18696}
18697
18698// Message returns the exception's message.
18699func (s *HandshakeNotFoundException) Message() string {
18700	if s.Message_ != nil {
18701		return *s.Message_
18702	}
18703	return ""
18704}
18705
18706// OrigErr always returns nil, satisfies awserr.Error interface.
18707func (s *HandshakeNotFoundException) OrigErr() error {
18708	return nil
18709}
18710
18711func (s *HandshakeNotFoundException) Error() string {
18712	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
18713}
18714
18715// Status code returns the HTTP status code for the request's response error.
18716func (s *HandshakeNotFoundException) StatusCode() int {
18717	return s.RespMetadata.StatusCode
18718}
18719
18720// RequestID returns the service's response RequestID for request.
18721func (s *HandshakeNotFoundException) RequestID() string {
18722	return s.RespMetadata.RequestID
18723}
18724
18725// Identifies a participant in a handshake.
18726type HandshakeParty struct {
18727	_ struct{} `type:"structure"`
18728
18729	// The unique identifier (ID) for the party.
18730	//
18731	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
18732	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
18733	//
18734	// Id is a required field
18735	Id *string `min:"1" type:"string" required:"true" sensitive:"true"`
18736
18737	// The type of party.
18738	//
18739	// Type is a required field
18740	Type *string `type:"string" required:"true" enum:"HandshakePartyType"`
18741}
18742
18743// String returns the string representation
18744func (s HandshakeParty) String() string {
18745	return awsutil.Prettify(s)
18746}
18747
18748// GoString returns the string representation
18749func (s HandshakeParty) GoString() string {
18750	return s.String()
18751}
18752
18753// Validate inspects the fields of the type to determine if they are valid.
18754func (s *HandshakeParty) Validate() error {
18755	invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"}
18756	if s.Id == nil {
18757		invalidParams.Add(request.NewErrParamRequired("Id"))
18758	}
18759	if s.Id != nil && len(*s.Id) < 1 {
18760		invalidParams.Add(request.NewErrParamMinLen("Id", 1))
18761	}
18762	if s.Type == nil {
18763		invalidParams.Add(request.NewErrParamRequired("Type"))
18764	}
18765
18766	if invalidParams.Len() > 0 {
18767		return invalidParams
18768	}
18769	return nil
18770}
18771
18772// SetId sets the Id field's value.
18773func (s *HandshakeParty) SetId(v string) *HandshakeParty {
18774	s.Id = &v
18775	return s
18776}
18777
18778// SetType sets the Type field's value.
18779func (s *HandshakeParty) SetType(v string) *HandshakeParty {
18780	s.Type = &v
18781	return s
18782}
18783
18784// Contains additional data that is needed to process a handshake.
18785type HandshakeResource struct {
18786	_ struct{} `type:"structure"`
18787
18788	// When needed, contains an additional array of HandshakeResource objects.
18789	Resources []*HandshakeResource `type:"list"`
18790
18791	// The type of information being passed, specifying how the value is to be interpreted
18792	// by the other party:
18793	//
18794	//    * ACCOUNT - Specifies an AWS account ID number.
18795	//
18796	//    * ORGANIZATION - Specifies an organization ID number.
18797	//
18798	//    * EMAIL - Specifies the email address that is associated with the account
18799	//    that receives the handshake.
18800	//
18801	//    * OWNER_EMAIL - Specifies the email address associated with the management
18802	//    account. Included as information about an organization.
18803	//
18804	//    * OWNER_NAME - Specifies the name associated with the management account.
18805	//    Included as information about an organization.
18806	//
18807	//    * NOTES - Additional text provided by the handshake initiator and intended
18808	//    for the recipient to read.
18809	Type *string `type:"string" enum:"HandshakeResourceType"`
18810
18811	// The information that is passed to the other party in the handshake. The format
18812	// of the value string must match the requirements of the specified type.
18813	Value *string `type:"string" sensitive:"true"`
18814}
18815
18816// String returns the string representation
18817func (s HandshakeResource) String() string {
18818	return awsutil.Prettify(s)
18819}
18820
18821// GoString returns the string representation
18822func (s HandshakeResource) GoString() string {
18823	return s.String()
18824}
18825
18826// SetResources sets the Resources field's value.
18827func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource {
18828	s.Resources = v
18829	return s
18830}
18831
18832// SetType sets the Type field's value.
18833func (s *HandshakeResource) SetType(v string) *HandshakeResource {
18834	s.Type = &v
18835	return s
18836}
18837
18838// SetValue sets the Value field's value.
18839func (s *HandshakeResource) SetValue(v string) *HandshakeResource {
18840	s.Value = &v
18841	return s
18842}
18843
18844// You can't perform the operation on the handshake in its current state. For
18845// example, you can't cancel a handshake that was already accepted or accept
18846// a handshake that was already declined.
18847type InvalidHandshakeTransitionException struct {
18848	_            struct{}                  `type:"structure"`
18849	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18850
18851	Message_ *string `locationName:"Message" type:"string"`
18852}
18853
18854// String returns the string representation
18855func (s InvalidHandshakeTransitionException) String() string {
18856	return awsutil.Prettify(s)
18857}
18858
18859// GoString returns the string representation
18860func (s InvalidHandshakeTransitionException) GoString() string {
18861	return s.String()
18862}
18863
18864func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error {
18865	return &InvalidHandshakeTransitionException{
18866		RespMetadata: v,
18867	}
18868}
18869
18870// Code returns the exception type name.
18871func (s *InvalidHandshakeTransitionException) Code() string {
18872	return "InvalidHandshakeTransitionException"
18873}
18874
18875// Message returns the exception's message.
18876func (s *InvalidHandshakeTransitionException) Message() string {
18877	if s.Message_ != nil {
18878		return *s.Message_
18879	}
18880	return ""
18881}
18882
18883// OrigErr always returns nil, satisfies awserr.Error interface.
18884func (s *InvalidHandshakeTransitionException) OrigErr() error {
18885	return nil
18886}
18887
18888func (s *InvalidHandshakeTransitionException) Error() string {
18889	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
18890}
18891
18892// Status code returns the HTTP status code for the request's response error.
18893func (s *InvalidHandshakeTransitionException) StatusCode() int {
18894	return s.RespMetadata.StatusCode
18895}
18896
18897// RequestID returns the service's response RequestID for request.
18898func (s *InvalidHandshakeTransitionException) RequestID() string {
18899	return s.RespMetadata.RequestID
18900}
18901
18902// The requested operation failed because you provided invalid values for one
18903// or more of the request parameters. This exception includes a reason that
18904// contains additional information about the violated limit:
18905//
18906// Some of the reasons in the following list might not be applicable to this
18907// specific API or operation.
18908//
18909//    * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
18910//    the same entity.
18911//
18912//    * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
18913//    can't be modified.
18914//
18915//    * INPUT_REQUIRED: You must include a value for all required parameters.
18916//
18917//    * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
18918//    for the invited account owner.
18919//
18920//    * INVALID_ENUM: You specified an invalid value.
18921//
18922//    * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
18923//
18924//    * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
18925//    characters.
18926//
18927//    * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
18928//    at least one invalid value.
18929//
18930//    * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
18931//    from the response to a previous call of the operation.
18932//
18933//    * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
18934//    organization, or email) as a party.
18935//
18936//    * INVALID_PATTERN: You provided a value that doesn't match the required
18937//    pattern.
18938//
18939//    * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
18940//    match the required pattern.
18941//
18942//    * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
18943//    name can't begin with the reserved prefix AWSServiceRoleFor.
18944//
18945//    * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
18946//    Name (ARN) for the organization.
18947//
18948//    * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
18949//
18950//    * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
18951//    tag. You can’t add, edit, or delete system tag keys because they're
18952//    reserved for AWS use. System tags don’t count against your tags per
18953//    resource limit.
18954//
18955//    * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
18956//    for the operation.
18957//
18958//    * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
18959//    than allowed.
18960//
18961//    * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
18962//    value than allowed.
18963//
18964//    * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
18965//    than allowed.
18966//
18967//    * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
18968//    value than allowed.
18969//
18970//    * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
18971//    between entities in the same root.
18972//
18973//    * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
18974//    target entity.
18975//
18976//    * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
18977//    isn't recognized.
18978type InvalidInputException struct {
18979	_            struct{}                  `type:"structure"`
18980	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
18981
18982	Message_ *string `locationName:"Message" type:"string"`
18983
18984	Reason *string `type:"string" enum:"InvalidInputExceptionReason"`
18985}
18986
18987// String returns the string representation
18988func (s InvalidInputException) String() string {
18989	return awsutil.Prettify(s)
18990}
18991
18992// GoString returns the string representation
18993func (s InvalidInputException) GoString() string {
18994	return s.String()
18995}
18996
18997func newErrorInvalidInputException(v protocol.ResponseMetadata) error {
18998	return &InvalidInputException{
18999		RespMetadata: v,
19000	}
19001}
19002
19003// Code returns the exception type name.
19004func (s *InvalidInputException) Code() string {
19005	return "InvalidInputException"
19006}
19007
19008// Message returns the exception's message.
19009func (s *InvalidInputException) Message() string {
19010	if s.Message_ != nil {
19011		return *s.Message_
19012	}
19013	return ""
19014}
19015
19016// OrigErr always returns nil, satisfies awserr.Error interface.
19017func (s *InvalidInputException) OrigErr() error {
19018	return nil
19019}
19020
19021func (s *InvalidInputException) Error() string {
19022	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
19023}
19024
19025// Status code returns the HTTP status code for the request's response error.
19026func (s *InvalidInputException) StatusCode() int {
19027	return s.RespMetadata.StatusCode
19028}
19029
19030// RequestID returns the service's response RequestID for request.
19031func (s *InvalidInputException) RequestID() string {
19032	return s.RespMetadata.RequestID
19033}
19034
19035type InviteAccountToOrganizationInput struct {
19036	_ struct{} `type:"structure"`
19037
19038	// Additional information that you want to include in the generated email to
19039	// the recipient account owner.
19040	Notes *string `type:"string" sensitive:"true"`
19041
19042	// A list of tags that you want to attach to the account when it becomes a member
19043	// of the organization. For each tag in the list, you must specify both a tag
19044	// key and a value. You can set the value to an empty string, but you can't
19045	// set it to null. For more information about tagging, see Tagging AWS Organizations
19046	// resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
19047	// in the AWS Organizations User Guide.
19048	//
19049	// Any tags in the request are checked for compliance with any applicable tag
19050	// policies when the request is made. The request is rejected if the tags in
19051	// the request don't match the requirements of the policy at that time. Tag
19052	// policy compliance is not checked again when the invitation is accepted and
19053	// the tags are actually attached to the account. That means that if the tag
19054	// policy changes between the invitation and the acceptance, then that tags
19055	// could potentially be non-compliant.
19056	//
19057	// If any one of the tags is invalid or if you exceed the allowed number of
19058	// tags for an account, then the entire request fails and invitations are not
19059	// sent.
19060	Tags []*Tag `type:"list"`
19061
19062	// The identifier (ID) of the AWS account that you want to invite to join your
19063	// organization. This is a JSON object that contains the following elements:
19064	//
19065	// { "Type": "ACCOUNT", "Id": "< account id number >" }
19066	//
19067	// If you use the AWS CLI, you can submit this as a single string, similar to
19068	// the following example:
19069	//
19070	// --target Id=123456789012,Type=ACCOUNT
19071	//
19072	// If you specify "Type": "ACCOUNT", you must provide the AWS account ID number
19073	// as the Id. If you specify "Type": "EMAIL", you must specify the email address
19074	// that is associated with the account.
19075	//
19076	// --target Id=diego@example.com,Type=EMAIL
19077	//
19078	// Target is a required field
19079	Target *HandshakeParty `type:"structure" required:"true"`
19080}
19081
19082// String returns the string representation
19083func (s InviteAccountToOrganizationInput) String() string {
19084	return awsutil.Prettify(s)
19085}
19086
19087// GoString returns the string representation
19088func (s InviteAccountToOrganizationInput) GoString() string {
19089	return s.String()
19090}
19091
19092// Validate inspects the fields of the type to determine if they are valid.
19093func (s *InviteAccountToOrganizationInput) Validate() error {
19094	invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"}
19095	if s.Target == nil {
19096		invalidParams.Add(request.NewErrParamRequired("Target"))
19097	}
19098	if s.Tags != nil {
19099		for i, v := range s.Tags {
19100			if v == nil {
19101				continue
19102			}
19103			if err := v.Validate(); err != nil {
19104				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
19105			}
19106		}
19107	}
19108	if s.Target != nil {
19109		if err := s.Target.Validate(); err != nil {
19110			invalidParams.AddNested("Target", err.(request.ErrInvalidParams))
19111		}
19112	}
19113
19114	if invalidParams.Len() > 0 {
19115		return invalidParams
19116	}
19117	return nil
19118}
19119
19120// SetNotes sets the Notes field's value.
19121func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput {
19122	s.Notes = &v
19123	return s
19124}
19125
19126// SetTags sets the Tags field's value.
19127func (s *InviteAccountToOrganizationInput) SetTags(v []*Tag) *InviteAccountToOrganizationInput {
19128	s.Tags = v
19129	return s
19130}
19131
19132// SetTarget sets the Target field's value.
19133func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput {
19134	s.Target = v
19135	return s
19136}
19137
19138type InviteAccountToOrganizationOutput struct {
19139	_ struct{} `type:"structure"`
19140
19141	// A structure that contains details about the handshake that is created to
19142	// support this invitation request.
19143	Handshake *Handshake `type:"structure"`
19144}
19145
19146// String returns the string representation
19147func (s InviteAccountToOrganizationOutput) String() string {
19148	return awsutil.Prettify(s)
19149}
19150
19151// GoString returns the string representation
19152func (s InviteAccountToOrganizationOutput) GoString() string {
19153	return s.String()
19154}
19155
19156// SetHandshake sets the Handshake field's value.
19157func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput {
19158	s.Handshake = v
19159	return s
19160}
19161
19162type LeaveOrganizationInput struct {
19163	_ struct{} `type:"structure"`
19164}
19165
19166// String returns the string representation
19167func (s LeaveOrganizationInput) String() string {
19168	return awsutil.Prettify(s)
19169}
19170
19171// GoString returns the string representation
19172func (s LeaveOrganizationInput) GoString() string {
19173	return s.String()
19174}
19175
19176type LeaveOrganizationOutput struct {
19177	_ struct{} `type:"structure"`
19178}
19179
19180// String returns the string representation
19181func (s LeaveOrganizationOutput) String() string {
19182	return awsutil.Prettify(s)
19183}
19184
19185// GoString returns the string representation
19186func (s LeaveOrganizationOutput) GoString() string {
19187	return s.String()
19188}
19189
19190type ListAWSServiceAccessForOrganizationInput struct {
19191	_ struct{} `type:"structure"`
19192
19193	// The total number of results that you want included on each page of the response.
19194	// If you do not include this parameter, it defaults to a value that is specific
19195	// to the operation. If additional items exist beyond the maximum you specify,
19196	// the NextToken response element is present and has a value (is not null).
19197	// Include that value as the NextToken request parameter in the next call to
19198	// the operation to get the next part of the results. Note that Organizations
19199	// might return fewer results than the maximum even when there are more results
19200	// available. You should check NextToken after every operation to ensure that
19201	// you receive all of the results.
19202	MaxResults *int64 `min:"1" type:"integer"`
19203
19204	// The parameter for receiving additional results if you receive a NextToken
19205	// response in a previous request. A NextToken response indicates that more
19206	// output is available. Set this parameter to the value of the previous call's
19207	// NextToken response to indicate where the output should continue from.
19208	NextToken *string `type:"string"`
19209}
19210
19211// String returns the string representation
19212func (s ListAWSServiceAccessForOrganizationInput) String() string {
19213	return awsutil.Prettify(s)
19214}
19215
19216// GoString returns the string representation
19217func (s ListAWSServiceAccessForOrganizationInput) GoString() string {
19218	return s.String()
19219}
19220
19221// Validate inspects the fields of the type to determine if they are valid.
19222func (s *ListAWSServiceAccessForOrganizationInput) Validate() error {
19223	invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"}
19224	if s.MaxResults != nil && *s.MaxResults < 1 {
19225		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19226	}
19227
19228	if invalidParams.Len() > 0 {
19229		return invalidParams
19230	}
19231	return nil
19232}
19233
19234// SetMaxResults sets the MaxResults field's value.
19235func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput {
19236	s.MaxResults = &v
19237	return s
19238}
19239
19240// SetNextToken sets the NextToken field's value.
19241func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput {
19242	s.NextToken = &v
19243	return s
19244}
19245
19246type ListAWSServiceAccessForOrganizationOutput struct {
19247	_ struct{} `type:"structure"`
19248
19249	// A list of the service principals for the services that are enabled to integrate
19250	// with your organization. Each principal is a structure that includes the name
19251	// and the date that it was enabled for integration with AWS Organizations.
19252	EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"`
19253
19254	// If present, indicates that more output is available than is included in the
19255	// current response. Use this value in the NextToken request parameter in a
19256	// subsequent call to the operation to get the next part of the output. You
19257	// should repeat this until the NextToken response element comes back as null.
19258	NextToken *string `type:"string"`
19259}
19260
19261// String returns the string representation
19262func (s ListAWSServiceAccessForOrganizationOutput) String() string {
19263	return awsutil.Prettify(s)
19264}
19265
19266// GoString returns the string representation
19267func (s ListAWSServiceAccessForOrganizationOutput) GoString() string {
19268	return s.String()
19269}
19270
19271// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value.
19272func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput {
19273	s.EnabledServicePrincipals = v
19274	return s
19275}
19276
19277// SetNextToken sets the NextToken field's value.
19278func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput {
19279	s.NextToken = &v
19280	return s
19281}
19282
19283type ListAccountsForParentInput struct {
19284	_ struct{} `type:"structure"`
19285
19286	// The total number of results that you want included on each page of the response.
19287	// If you do not include this parameter, it defaults to a value that is specific
19288	// to the operation. If additional items exist beyond the maximum you specify,
19289	// the NextToken response element is present and has a value (is not null).
19290	// Include that value as the NextToken request parameter in the next call to
19291	// the operation to get the next part of the results. Note that Organizations
19292	// might return fewer results than the maximum even when there are more results
19293	// available. You should check NextToken after every operation to ensure that
19294	// you receive all of the results.
19295	MaxResults *int64 `min:"1" type:"integer"`
19296
19297	// The parameter for receiving additional results if you receive a NextToken
19298	// response in a previous request. A NextToken response indicates that more
19299	// output is available. Set this parameter to the value of the previous call's
19300	// NextToken response to indicate where the output should continue from.
19301	NextToken *string `type:"string"`
19302
19303	// The unique identifier (ID) for the parent root or organization unit (OU)
19304	// whose accounts you want to list.
19305	//
19306	// ParentId is a required field
19307	ParentId *string `type:"string" required:"true"`
19308}
19309
19310// String returns the string representation
19311func (s ListAccountsForParentInput) String() string {
19312	return awsutil.Prettify(s)
19313}
19314
19315// GoString returns the string representation
19316func (s ListAccountsForParentInput) GoString() string {
19317	return s.String()
19318}
19319
19320// Validate inspects the fields of the type to determine if they are valid.
19321func (s *ListAccountsForParentInput) Validate() error {
19322	invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"}
19323	if s.MaxResults != nil && *s.MaxResults < 1 {
19324		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19325	}
19326	if s.ParentId == nil {
19327		invalidParams.Add(request.NewErrParamRequired("ParentId"))
19328	}
19329
19330	if invalidParams.Len() > 0 {
19331		return invalidParams
19332	}
19333	return nil
19334}
19335
19336// SetMaxResults sets the MaxResults field's value.
19337func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput {
19338	s.MaxResults = &v
19339	return s
19340}
19341
19342// SetNextToken sets the NextToken field's value.
19343func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput {
19344	s.NextToken = &v
19345	return s
19346}
19347
19348// SetParentId sets the ParentId field's value.
19349func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput {
19350	s.ParentId = &v
19351	return s
19352}
19353
19354type ListAccountsForParentOutput struct {
19355	_ struct{} `type:"structure"`
19356
19357	// A list of the accounts in the specified root or OU.
19358	Accounts []*Account `type:"list"`
19359
19360	// If present, indicates that more output is available than is included in the
19361	// current response. Use this value in the NextToken request parameter in a
19362	// subsequent call to the operation to get the next part of the output. You
19363	// should repeat this until the NextToken response element comes back as null.
19364	NextToken *string `type:"string"`
19365}
19366
19367// String returns the string representation
19368func (s ListAccountsForParentOutput) String() string {
19369	return awsutil.Prettify(s)
19370}
19371
19372// GoString returns the string representation
19373func (s ListAccountsForParentOutput) GoString() string {
19374	return s.String()
19375}
19376
19377// SetAccounts sets the Accounts field's value.
19378func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput {
19379	s.Accounts = v
19380	return s
19381}
19382
19383// SetNextToken sets the NextToken field's value.
19384func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput {
19385	s.NextToken = &v
19386	return s
19387}
19388
19389type ListAccountsInput struct {
19390	_ struct{} `type:"structure"`
19391
19392	// The total number of results that you want included on each page of the response.
19393	// If you do not include this parameter, it defaults to a value that is specific
19394	// to the operation. If additional items exist beyond the maximum you specify,
19395	// the NextToken response element is present and has a value (is not null).
19396	// Include that value as the NextToken request parameter in the next call to
19397	// the operation to get the next part of the results. Note that Organizations
19398	// might return fewer results than the maximum even when there are more results
19399	// available. You should check NextToken after every operation to ensure that
19400	// you receive all of the results.
19401	MaxResults *int64 `min:"1" type:"integer"`
19402
19403	// The parameter for receiving additional results if you receive a NextToken
19404	// response in a previous request. A NextToken response indicates that more
19405	// output is available. Set this parameter to the value of the previous call's
19406	// NextToken response to indicate where the output should continue from.
19407	NextToken *string `type:"string"`
19408}
19409
19410// String returns the string representation
19411func (s ListAccountsInput) String() string {
19412	return awsutil.Prettify(s)
19413}
19414
19415// GoString returns the string representation
19416func (s ListAccountsInput) GoString() string {
19417	return s.String()
19418}
19419
19420// Validate inspects the fields of the type to determine if they are valid.
19421func (s *ListAccountsInput) Validate() error {
19422	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
19423	if s.MaxResults != nil && *s.MaxResults < 1 {
19424		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19425	}
19426
19427	if invalidParams.Len() > 0 {
19428		return invalidParams
19429	}
19430	return nil
19431}
19432
19433// SetMaxResults sets the MaxResults field's value.
19434func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
19435	s.MaxResults = &v
19436	return s
19437}
19438
19439// SetNextToken sets the NextToken field's value.
19440func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
19441	s.NextToken = &v
19442	return s
19443}
19444
19445type ListAccountsOutput struct {
19446	_ struct{} `type:"structure"`
19447
19448	// A list of objects in the organization.
19449	Accounts []*Account `type:"list"`
19450
19451	// If present, indicates that more output is available than is included in the
19452	// current response. Use this value in the NextToken request parameter in a
19453	// subsequent call to the operation to get the next part of the output. You
19454	// should repeat this until the NextToken response element comes back as null.
19455	NextToken *string `type:"string"`
19456}
19457
19458// String returns the string representation
19459func (s ListAccountsOutput) String() string {
19460	return awsutil.Prettify(s)
19461}
19462
19463// GoString returns the string representation
19464func (s ListAccountsOutput) GoString() string {
19465	return s.String()
19466}
19467
19468// SetAccounts sets the Accounts field's value.
19469func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput {
19470	s.Accounts = v
19471	return s
19472}
19473
19474// SetNextToken sets the NextToken field's value.
19475func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
19476	s.NextToken = &v
19477	return s
19478}
19479
19480type ListChildrenInput struct {
19481	_ struct{} `type:"structure"`
19482
19483	// Filters the output to include only the specified child type.
19484	//
19485	// ChildType is a required field
19486	ChildType *string `type:"string" required:"true" enum:"ChildType"`
19487
19488	// The total number of results that you want included on each page of the response.
19489	// If you do not include this parameter, it defaults to a value that is specific
19490	// to the operation. If additional items exist beyond the maximum you specify,
19491	// the NextToken response element is present and has a value (is not null).
19492	// Include that value as the NextToken request parameter in the next call to
19493	// the operation to get the next part of the results. Note that Organizations
19494	// might return fewer results than the maximum even when there are more results
19495	// available. You should check NextToken after every operation to ensure that
19496	// you receive all of the results.
19497	MaxResults *int64 `min:"1" type:"integer"`
19498
19499	// The parameter for receiving additional results if you receive a NextToken
19500	// response in a previous request. A NextToken response indicates that more
19501	// output is available. Set this parameter to the value of the previous call's
19502	// NextToken response to indicate where the output should continue from.
19503	NextToken *string `type:"string"`
19504
19505	// The unique identifier (ID) for the parent root or OU whose children you want
19506	// to list.
19507	//
19508	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
19509	// requires one of the following:
19510	//
19511	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
19512	//    letters or digits.
19513	//
19514	//    * Organizational unit (OU) - A string that begins with "ou-" followed
19515	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
19516	//    OU is in). This string is followed by a second "-" dash and from 8 to
19517	//    32 additional lowercase letters or digits.
19518	//
19519	// ParentId is a required field
19520	ParentId *string `type:"string" required:"true"`
19521}
19522
19523// String returns the string representation
19524func (s ListChildrenInput) String() string {
19525	return awsutil.Prettify(s)
19526}
19527
19528// GoString returns the string representation
19529func (s ListChildrenInput) GoString() string {
19530	return s.String()
19531}
19532
19533// Validate inspects the fields of the type to determine if they are valid.
19534func (s *ListChildrenInput) Validate() error {
19535	invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"}
19536	if s.ChildType == nil {
19537		invalidParams.Add(request.NewErrParamRequired("ChildType"))
19538	}
19539	if s.MaxResults != nil && *s.MaxResults < 1 {
19540		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19541	}
19542	if s.ParentId == nil {
19543		invalidParams.Add(request.NewErrParamRequired("ParentId"))
19544	}
19545
19546	if invalidParams.Len() > 0 {
19547		return invalidParams
19548	}
19549	return nil
19550}
19551
19552// SetChildType sets the ChildType field's value.
19553func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput {
19554	s.ChildType = &v
19555	return s
19556}
19557
19558// SetMaxResults sets the MaxResults field's value.
19559func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput {
19560	s.MaxResults = &v
19561	return s
19562}
19563
19564// SetNextToken sets the NextToken field's value.
19565func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput {
19566	s.NextToken = &v
19567	return s
19568}
19569
19570// SetParentId sets the ParentId field's value.
19571func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput {
19572	s.ParentId = &v
19573	return s
19574}
19575
19576type ListChildrenOutput struct {
19577	_ struct{} `type:"structure"`
19578
19579	// The list of children of the specified parent container.
19580	Children []*Child `type:"list"`
19581
19582	// If present, indicates that more output is available than is included in the
19583	// current response. Use this value in the NextToken request parameter in a
19584	// subsequent call to the operation to get the next part of the output. You
19585	// should repeat this until the NextToken response element comes back as null.
19586	NextToken *string `type:"string"`
19587}
19588
19589// String returns the string representation
19590func (s ListChildrenOutput) String() string {
19591	return awsutil.Prettify(s)
19592}
19593
19594// GoString returns the string representation
19595func (s ListChildrenOutput) GoString() string {
19596	return s.String()
19597}
19598
19599// SetChildren sets the Children field's value.
19600func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput {
19601	s.Children = v
19602	return s
19603}
19604
19605// SetNextToken sets the NextToken field's value.
19606func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput {
19607	s.NextToken = &v
19608	return s
19609}
19610
19611type ListCreateAccountStatusInput struct {
19612	_ struct{} `type:"structure"`
19613
19614	// The total number of results that you want included on each page of the response.
19615	// If you do not include this parameter, it defaults to a value that is specific
19616	// to the operation. If additional items exist beyond the maximum you specify,
19617	// the NextToken response element is present and has a value (is not null).
19618	// Include that value as the NextToken request parameter in the next call to
19619	// the operation to get the next part of the results. Note that Organizations
19620	// might return fewer results than the maximum even when there are more results
19621	// available. You should check NextToken after every operation to ensure that
19622	// you receive all of the results.
19623	MaxResults *int64 `min:"1" type:"integer"`
19624
19625	// The parameter for receiving additional results if you receive a NextToken
19626	// response in a previous request. A NextToken response indicates that more
19627	// output is available. Set this parameter to the value of the previous call's
19628	// NextToken response to indicate where the output should continue from.
19629	NextToken *string `type:"string"`
19630
19631	// A list of one or more states that you want included in the response. If this
19632	// parameter isn't present, all requests are included in the response.
19633	States []*string `type:"list"`
19634}
19635
19636// String returns the string representation
19637func (s ListCreateAccountStatusInput) String() string {
19638	return awsutil.Prettify(s)
19639}
19640
19641// GoString returns the string representation
19642func (s ListCreateAccountStatusInput) GoString() string {
19643	return s.String()
19644}
19645
19646// Validate inspects the fields of the type to determine if they are valid.
19647func (s *ListCreateAccountStatusInput) Validate() error {
19648	invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"}
19649	if s.MaxResults != nil && *s.MaxResults < 1 {
19650		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19651	}
19652
19653	if invalidParams.Len() > 0 {
19654		return invalidParams
19655	}
19656	return nil
19657}
19658
19659// SetMaxResults sets the MaxResults field's value.
19660func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput {
19661	s.MaxResults = &v
19662	return s
19663}
19664
19665// SetNextToken sets the NextToken field's value.
19666func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput {
19667	s.NextToken = &v
19668	return s
19669}
19670
19671// SetStates sets the States field's value.
19672func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput {
19673	s.States = v
19674	return s
19675}
19676
19677type ListCreateAccountStatusOutput struct {
19678	_ struct{} `type:"structure"`
19679
19680	// A list of objects with details about the requests. Certain elements, such
19681	// as the accountId number, are present in the output only after the account
19682	// has been successfully created.
19683	CreateAccountStatuses []*CreateAccountStatus `type:"list"`
19684
19685	// If present, indicates that more output is available than is included in the
19686	// current response. Use this value in the NextToken request parameter in a
19687	// subsequent call to the operation to get the next part of the output. You
19688	// should repeat this until the NextToken response element comes back as null.
19689	NextToken *string `type:"string"`
19690}
19691
19692// String returns the string representation
19693func (s ListCreateAccountStatusOutput) String() string {
19694	return awsutil.Prettify(s)
19695}
19696
19697// GoString returns the string representation
19698func (s ListCreateAccountStatusOutput) GoString() string {
19699	return s.String()
19700}
19701
19702// SetCreateAccountStatuses sets the CreateAccountStatuses field's value.
19703func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput {
19704	s.CreateAccountStatuses = v
19705	return s
19706}
19707
19708// SetNextToken sets the NextToken field's value.
19709func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput {
19710	s.NextToken = &v
19711	return s
19712}
19713
19714type ListDelegatedAdministratorsInput struct {
19715	_ struct{} `type:"structure"`
19716
19717	// The total number of results that you want included on each page of the response.
19718	// If you do not include this parameter, it defaults to a value that is specific
19719	// to the operation. If additional items exist beyond the maximum you specify,
19720	// the NextToken response element is present and has a value (is not null).
19721	// Include that value as the NextToken request parameter in the next call to
19722	// the operation to get the next part of the results. Note that Organizations
19723	// might return fewer results than the maximum even when there are more results
19724	// available. You should check NextToken after every operation to ensure that
19725	// you receive all of the results.
19726	MaxResults *int64 `min:"1" type:"integer"`
19727
19728	// The parameter for receiving additional results if you receive a NextToken
19729	// response in a previous request. A NextToken response indicates that more
19730	// output is available. Set this parameter to the value of the previous call's
19731	// NextToken response to indicate where the output should continue from.
19732	NextToken *string `type:"string"`
19733
19734	// Specifies a service principal name. If specified, then the operation lists
19735	// the delegated administrators only for the specified service.
19736	//
19737	// If you don't specify a service principal, the operation lists all delegated
19738	// administrators for all services in your organization.
19739	ServicePrincipal *string `min:"1" type:"string"`
19740}
19741
19742// String returns the string representation
19743func (s ListDelegatedAdministratorsInput) String() string {
19744	return awsutil.Prettify(s)
19745}
19746
19747// GoString returns the string representation
19748func (s ListDelegatedAdministratorsInput) GoString() string {
19749	return s.String()
19750}
19751
19752// Validate inspects the fields of the type to determine if they are valid.
19753func (s *ListDelegatedAdministratorsInput) Validate() error {
19754	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"}
19755	if s.MaxResults != nil && *s.MaxResults < 1 {
19756		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19757	}
19758	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
19759		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
19760	}
19761
19762	if invalidParams.Len() > 0 {
19763		return invalidParams
19764	}
19765	return nil
19766}
19767
19768// SetMaxResults sets the MaxResults field's value.
19769func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput {
19770	s.MaxResults = &v
19771	return s
19772}
19773
19774// SetNextToken sets the NextToken field's value.
19775func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput {
19776	s.NextToken = &v
19777	return s
19778}
19779
19780// SetServicePrincipal sets the ServicePrincipal field's value.
19781func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput {
19782	s.ServicePrincipal = &v
19783	return s
19784}
19785
19786type ListDelegatedAdministratorsOutput struct {
19787	_ struct{} `type:"structure"`
19788
19789	// The list of delegated administrators in your organization.
19790	DelegatedAdministrators []*DelegatedAdministrator `type:"list"`
19791
19792	// If present, indicates that more output is available than is included in the
19793	// current response. Use this value in the NextToken request parameter in a
19794	// subsequent call to the operation to get the next part of the output. You
19795	// should repeat this until the NextToken response element comes back as null.
19796	NextToken *string `type:"string"`
19797}
19798
19799// String returns the string representation
19800func (s ListDelegatedAdministratorsOutput) String() string {
19801	return awsutil.Prettify(s)
19802}
19803
19804// GoString returns the string representation
19805func (s ListDelegatedAdministratorsOutput) GoString() string {
19806	return s.String()
19807}
19808
19809// SetDelegatedAdministrators sets the DelegatedAdministrators field's value.
19810func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput {
19811	s.DelegatedAdministrators = v
19812	return s
19813}
19814
19815// SetNextToken sets the NextToken field's value.
19816func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput {
19817	s.NextToken = &v
19818	return s
19819}
19820
19821type ListDelegatedServicesForAccountInput struct {
19822	_ struct{} `type:"structure"`
19823
19824	// The account ID number of a delegated administrator account in the organization.
19825	//
19826	// AccountId is a required field
19827	AccountId *string `type:"string" required:"true"`
19828
19829	// The total number of results that you want included on each page of the response.
19830	// If you do not include this parameter, it defaults to a value that is specific
19831	// to the operation. If additional items exist beyond the maximum you specify,
19832	// the NextToken response element is present and has a value (is not null).
19833	// Include that value as the NextToken request parameter in the next call to
19834	// the operation to get the next part of the results. Note that Organizations
19835	// might return fewer results than the maximum even when there are more results
19836	// available. You should check NextToken after every operation to ensure that
19837	// you receive all of the results.
19838	MaxResults *int64 `min:"1" type:"integer"`
19839
19840	// The parameter for receiving additional results if you receive a NextToken
19841	// response in a previous request. A NextToken response indicates that more
19842	// output is available. Set this parameter to the value of the previous call's
19843	// NextToken response to indicate where the output should continue from.
19844	NextToken *string `type:"string"`
19845}
19846
19847// String returns the string representation
19848func (s ListDelegatedServicesForAccountInput) String() string {
19849	return awsutil.Prettify(s)
19850}
19851
19852// GoString returns the string representation
19853func (s ListDelegatedServicesForAccountInput) GoString() string {
19854	return s.String()
19855}
19856
19857// Validate inspects the fields of the type to determine if they are valid.
19858func (s *ListDelegatedServicesForAccountInput) Validate() error {
19859	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"}
19860	if s.AccountId == nil {
19861		invalidParams.Add(request.NewErrParamRequired("AccountId"))
19862	}
19863	if s.MaxResults != nil && *s.MaxResults < 1 {
19864		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19865	}
19866
19867	if invalidParams.Len() > 0 {
19868		return invalidParams
19869	}
19870	return nil
19871}
19872
19873// SetAccountId sets the AccountId field's value.
19874func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput {
19875	s.AccountId = &v
19876	return s
19877}
19878
19879// SetMaxResults sets the MaxResults field's value.
19880func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput {
19881	s.MaxResults = &v
19882	return s
19883}
19884
19885// SetNextToken sets the NextToken field's value.
19886func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput {
19887	s.NextToken = &v
19888	return s
19889}
19890
19891type ListDelegatedServicesForAccountOutput struct {
19892	_ struct{} `type:"structure"`
19893
19894	// The services for which the account is a delegated administrator.
19895	DelegatedServices []*DelegatedService `type:"list"`
19896
19897	// If present, indicates that more output is available than is included in the
19898	// current response. Use this value in the NextToken request parameter in a
19899	// subsequent call to the operation to get the next part of the output. You
19900	// should repeat this until the NextToken response element comes back as null.
19901	NextToken *string `type:"string"`
19902}
19903
19904// String returns the string representation
19905func (s ListDelegatedServicesForAccountOutput) String() string {
19906	return awsutil.Prettify(s)
19907}
19908
19909// GoString returns the string representation
19910func (s ListDelegatedServicesForAccountOutput) GoString() string {
19911	return s.String()
19912}
19913
19914// SetDelegatedServices sets the DelegatedServices field's value.
19915func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput {
19916	s.DelegatedServices = v
19917	return s
19918}
19919
19920// SetNextToken sets the NextToken field's value.
19921func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput {
19922	s.NextToken = &v
19923	return s
19924}
19925
19926type ListHandshakesForAccountInput struct {
19927	_ struct{} `type:"structure"`
19928
19929	// Filters the handshakes that you want included in the response. The default
19930	// is all types. Use the ActionType element to limit the output to only a specified
19931	// type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively,
19932	// for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake
19933	// for each member account, you can specify ParentHandshakeId to see only the
19934	// handshakes that were generated by that parent request.
19935	Filter *HandshakeFilter `type:"structure"`
19936
19937	// The total number of results that you want included on each page of the response.
19938	// If you do not include this parameter, it defaults to a value that is specific
19939	// to the operation. If additional items exist beyond the maximum you specify,
19940	// the NextToken response element is present and has a value (is not null).
19941	// Include that value as the NextToken request parameter in the next call to
19942	// the operation to get the next part of the results. Note that Organizations
19943	// might return fewer results than the maximum even when there are more results
19944	// available. You should check NextToken after every operation to ensure that
19945	// you receive all of the results.
19946	MaxResults *int64 `min:"1" type:"integer"`
19947
19948	// The parameter for receiving additional results if you receive a NextToken
19949	// response in a previous request. A NextToken response indicates that more
19950	// output is available. Set this parameter to the value of the previous call's
19951	// NextToken response to indicate where the output should continue from.
19952	NextToken *string `type:"string"`
19953}
19954
19955// String returns the string representation
19956func (s ListHandshakesForAccountInput) String() string {
19957	return awsutil.Prettify(s)
19958}
19959
19960// GoString returns the string representation
19961func (s ListHandshakesForAccountInput) GoString() string {
19962	return s.String()
19963}
19964
19965// Validate inspects the fields of the type to determine if they are valid.
19966func (s *ListHandshakesForAccountInput) Validate() error {
19967	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"}
19968	if s.MaxResults != nil && *s.MaxResults < 1 {
19969		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
19970	}
19971
19972	if invalidParams.Len() > 0 {
19973		return invalidParams
19974	}
19975	return nil
19976}
19977
19978// SetFilter sets the Filter field's value.
19979func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput {
19980	s.Filter = v
19981	return s
19982}
19983
19984// SetMaxResults sets the MaxResults field's value.
19985func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput {
19986	s.MaxResults = &v
19987	return s
19988}
19989
19990// SetNextToken sets the NextToken field's value.
19991func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput {
19992	s.NextToken = &v
19993	return s
19994}
19995
19996type ListHandshakesForAccountOutput struct {
19997	_ struct{} `type:"structure"`
19998
19999	// A list of Handshake objects with details about each of the handshakes that
20000	// is associated with the specified account.
20001	Handshakes []*Handshake `type:"list"`
20002
20003	// If present, indicates that more output is available than is included in the
20004	// current response. Use this value in the NextToken request parameter in a
20005	// subsequent call to the operation to get the next part of the output. You
20006	// should repeat this until the NextToken response element comes back as null.
20007	NextToken *string `type:"string"`
20008}
20009
20010// String returns the string representation
20011func (s ListHandshakesForAccountOutput) String() string {
20012	return awsutil.Prettify(s)
20013}
20014
20015// GoString returns the string representation
20016func (s ListHandshakesForAccountOutput) GoString() string {
20017	return s.String()
20018}
20019
20020// SetHandshakes sets the Handshakes field's value.
20021func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput {
20022	s.Handshakes = v
20023	return s
20024}
20025
20026// SetNextToken sets the NextToken field's value.
20027func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput {
20028	s.NextToken = &v
20029	return s
20030}
20031
20032type ListHandshakesForOrganizationInput struct {
20033	_ struct{} `type:"structure"`
20034
20035	// A filter of the handshakes that you want included in the response. The default
20036	// is all types. Use the ActionType element to limit the output to only a specified
20037	// type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively,
20038	// for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake
20039	// for each member account, you can specify the ParentHandshakeId to see only
20040	// the handshakes that were generated by that parent request.
20041	Filter *HandshakeFilter `type:"structure"`
20042
20043	// The total number of results that you want included on each page of the response.
20044	// If you do not include this parameter, it defaults to a value that is specific
20045	// to the operation. If additional items exist beyond the maximum you specify,
20046	// the NextToken response element is present and has a value (is not null).
20047	// Include that value as the NextToken request parameter in the next call to
20048	// the operation to get the next part of the results. Note that Organizations
20049	// might return fewer results than the maximum even when there are more results
20050	// available. You should check NextToken after every operation to ensure that
20051	// you receive all of the results.
20052	MaxResults *int64 `min:"1" type:"integer"`
20053
20054	// The parameter for receiving additional results if you receive a NextToken
20055	// response in a previous request. A NextToken response indicates that more
20056	// output is available. Set this parameter to the value of the previous call's
20057	// NextToken response to indicate where the output should continue from.
20058	NextToken *string `type:"string"`
20059}
20060
20061// String returns the string representation
20062func (s ListHandshakesForOrganizationInput) String() string {
20063	return awsutil.Prettify(s)
20064}
20065
20066// GoString returns the string representation
20067func (s ListHandshakesForOrganizationInput) GoString() string {
20068	return s.String()
20069}
20070
20071// Validate inspects the fields of the type to determine if they are valid.
20072func (s *ListHandshakesForOrganizationInput) Validate() error {
20073	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"}
20074	if s.MaxResults != nil && *s.MaxResults < 1 {
20075		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20076	}
20077
20078	if invalidParams.Len() > 0 {
20079		return invalidParams
20080	}
20081	return nil
20082}
20083
20084// SetFilter sets the Filter field's value.
20085func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput {
20086	s.Filter = v
20087	return s
20088}
20089
20090// SetMaxResults sets the MaxResults field's value.
20091func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput {
20092	s.MaxResults = &v
20093	return s
20094}
20095
20096// SetNextToken sets the NextToken field's value.
20097func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput {
20098	s.NextToken = &v
20099	return s
20100}
20101
20102type ListHandshakesForOrganizationOutput struct {
20103	_ struct{} `type:"structure"`
20104
20105	// A list of Handshake objects with details about each of the handshakes that
20106	// are associated with an organization.
20107	Handshakes []*Handshake `type:"list"`
20108
20109	// If present, indicates that more output is available than is included in the
20110	// current response. Use this value in the NextToken request parameter in a
20111	// subsequent call to the operation to get the next part of the output. You
20112	// should repeat this until the NextToken response element comes back as null.
20113	NextToken *string `type:"string"`
20114}
20115
20116// String returns the string representation
20117func (s ListHandshakesForOrganizationOutput) String() string {
20118	return awsutil.Prettify(s)
20119}
20120
20121// GoString returns the string representation
20122func (s ListHandshakesForOrganizationOutput) GoString() string {
20123	return s.String()
20124}
20125
20126// SetHandshakes sets the Handshakes field's value.
20127func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput {
20128	s.Handshakes = v
20129	return s
20130}
20131
20132// SetNextToken sets the NextToken field's value.
20133func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput {
20134	s.NextToken = &v
20135	return s
20136}
20137
20138type ListOrganizationalUnitsForParentInput struct {
20139	_ struct{} `type:"structure"`
20140
20141	// The total number of results that you want included on each page of the response.
20142	// If you do not include this parameter, it defaults to a value that is specific
20143	// to the operation. If additional items exist beyond the maximum you specify,
20144	// the NextToken response element is present and has a value (is not null).
20145	// Include that value as the NextToken request parameter in the next call to
20146	// the operation to get the next part of the results. Note that Organizations
20147	// might return fewer results than the maximum even when there are more results
20148	// available. You should check NextToken after every operation to ensure that
20149	// you receive all of the results.
20150	MaxResults *int64 `min:"1" type:"integer"`
20151
20152	// The parameter for receiving additional results if you receive a NextToken
20153	// response in a previous request. A NextToken response indicates that more
20154	// output is available. Set this parameter to the value of the previous call's
20155	// NextToken response to indicate where the output should continue from.
20156	NextToken *string `type:"string"`
20157
20158	// The unique identifier (ID) of the root or OU whose child OUs you want to
20159	// list.
20160	//
20161	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
20162	// requires one of the following:
20163	//
20164	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
20165	//    letters or digits.
20166	//
20167	//    * Organizational unit (OU) - A string that begins with "ou-" followed
20168	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
20169	//    OU is in). This string is followed by a second "-" dash and from 8 to
20170	//    32 additional lowercase letters or digits.
20171	//
20172	// ParentId is a required field
20173	ParentId *string `type:"string" required:"true"`
20174}
20175
20176// String returns the string representation
20177func (s ListOrganizationalUnitsForParentInput) String() string {
20178	return awsutil.Prettify(s)
20179}
20180
20181// GoString returns the string representation
20182func (s ListOrganizationalUnitsForParentInput) GoString() string {
20183	return s.String()
20184}
20185
20186// Validate inspects the fields of the type to determine if they are valid.
20187func (s *ListOrganizationalUnitsForParentInput) Validate() error {
20188	invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"}
20189	if s.MaxResults != nil && *s.MaxResults < 1 {
20190		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20191	}
20192	if s.ParentId == nil {
20193		invalidParams.Add(request.NewErrParamRequired("ParentId"))
20194	}
20195
20196	if invalidParams.Len() > 0 {
20197		return invalidParams
20198	}
20199	return nil
20200}
20201
20202// SetMaxResults sets the MaxResults field's value.
20203func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput {
20204	s.MaxResults = &v
20205	return s
20206}
20207
20208// SetNextToken sets the NextToken field's value.
20209func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput {
20210	s.NextToken = &v
20211	return s
20212}
20213
20214// SetParentId sets the ParentId field's value.
20215func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput {
20216	s.ParentId = &v
20217	return s
20218}
20219
20220type ListOrganizationalUnitsForParentOutput struct {
20221	_ struct{} `type:"structure"`
20222
20223	// If present, indicates that more output is available than is included in the
20224	// current response. Use this value in the NextToken request parameter in a
20225	// subsequent call to the operation to get the next part of the output. You
20226	// should repeat this until the NextToken response element comes back as null.
20227	NextToken *string `type:"string"`
20228
20229	// A list of the OUs in the specified root or parent OU.
20230	OrganizationalUnits []*OrganizationalUnit `type:"list"`
20231}
20232
20233// String returns the string representation
20234func (s ListOrganizationalUnitsForParentOutput) String() string {
20235	return awsutil.Prettify(s)
20236}
20237
20238// GoString returns the string representation
20239func (s ListOrganizationalUnitsForParentOutput) GoString() string {
20240	return s.String()
20241}
20242
20243// SetNextToken sets the NextToken field's value.
20244func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput {
20245	s.NextToken = &v
20246	return s
20247}
20248
20249// SetOrganizationalUnits sets the OrganizationalUnits field's value.
20250func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput {
20251	s.OrganizationalUnits = v
20252	return s
20253}
20254
20255type ListParentsInput struct {
20256	_ struct{} `type:"structure"`
20257
20258	// The unique identifier (ID) of the OU or account whose parent containers you
20259	// want to list. Don't specify a root.
20260	//
20261	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
20262	// requires one of the following:
20263	//
20264	//    * Account - A string that consists of exactly 12 digits.
20265	//
20266	//    * Organizational unit (OU) - A string that begins with "ou-" followed
20267	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
20268	//    the OU). This string is followed by a second "-" dash and from 8 to 32
20269	//    additional lowercase letters or digits.
20270	//
20271	// ChildId is a required field
20272	ChildId *string `type:"string" required:"true"`
20273
20274	// The total number of results that you want included on each page of the response.
20275	// If you do not include this parameter, it defaults to a value that is specific
20276	// to the operation. If additional items exist beyond the maximum you specify,
20277	// the NextToken response element is present and has a value (is not null).
20278	// Include that value as the NextToken request parameter in the next call to
20279	// the operation to get the next part of the results. Note that Organizations
20280	// might return fewer results than the maximum even when there are more results
20281	// available. You should check NextToken after every operation to ensure that
20282	// you receive all of the results.
20283	MaxResults *int64 `min:"1" type:"integer"`
20284
20285	// The parameter for receiving additional results if you receive a NextToken
20286	// response in a previous request. A NextToken response indicates that more
20287	// output is available. Set this parameter to the value of the previous call's
20288	// NextToken response to indicate where the output should continue from.
20289	NextToken *string `type:"string"`
20290}
20291
20292// String returns the string representation
20293func (s ListParentsInput) String() string {
20294	return awsutil.Prettify(s)
20295}
20296
20297// GoString returns the string representation
20298func (s ListParentsInput) GoString() string {
20299	return s.String()
20300}
20301
20302// Validate inspects the fields of the type to determine if they are valid.
20303func (s *ListParentsInput) Validate() error {
20304	invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"}
20305	if s.ChildId == nil {
20306		invalidParams.Add(request.NewErrParamRequired("ChildId"))
20307	}
20308	if s.MaxResults != nil && *s.MaxResults < 1 {
20309		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20310	}
20311
20312	if invalidParams.Len() > 0 {
20313		return invalidParams
20314	}
20315	return nil
20316}
20317
20318// SetChildId sets the ChildId field's value.
20319func (s *ListParentsInput) SetChildId(v string) *ListParentsInput {
20320	s.ChildId = &v
20321	return s
20322}
20323
20324// SetMaxResults sets the MaxResults field's value.
20325func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput {
20326	s.MaxResults = &v
20327	return s
20328}
20329
20330// SetNextToken sets the NextToken field's value.
20331func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput {
20332	s.NextToken = &v
20333	return s
20334}
20335
20336type ListParentsOutput struct {
20337	_ struct{} `type:"structure"`
20338
20339	// If present, indicates that more output is available than is included in the
20340	// current response. Use this value in the NextToken request parameter in a
20341	// subsequent call to the operation to get the next part of the output. You
20342	// should repeat this until the NextToken response element comes back as null.
20343	NextToken *string `type:"string"`
20344
20345	// A list of parents for the specified child account or OU.
20346	Parents []*Parent `type:"list"`
20347}
20348
20349// String returns the string representation
20350func (s ListParentsOutput) String() string {
20351	return awsutil.Prettify(s)
20352}
20353
20354// GoString returns the string representation
20355func (s ListParentsOutput) GoString() string {
20356	return s.String()
20357}
20358
20359// SetNextToken sets the NextToken field's value.
20360func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput {
20361	s.NextToken = &v
20362	return s
20363}
20364
20365// SetParents sets the Parents field's value.
20366func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput {
20367	s.Parents = v
20368	return s
20369}
20370
20371type ListPoliciesForTargetInput struct {
20372	_ struct{} `type:"structure"`
20373
20374	// The type of policy that you want to include in the returned list. You must
20375	// specify one of the following values:
20376	//
20377	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
20378	//
20379	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
20380	//
20381	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
20382	//
20383	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
20384	//
20385	// Filter is a required field
20386	Filter *string `type:"string" required:"true" enum:"PolicyType"`
20387
20388	// The total number of results that you want included on each page of the response.
20389	// If you do not include this parameter, it defaults to a value that is specific
20390	// to the operation. If additional items exist beyond the maximum you specify,
20391	// the NextToken response element is present and has a value (is not null).
20392	// Include that value as the NextToken request parameter in the next call to
20393	// the operation to get the next part of the results. Note that Organizations
20394	// might return fewer results than the maximum even when there are more results
20395	// available. You should check NextToken after every operation to ensure that
20396	// you receive all of the results.
20397	MaxResults *int64 `min:"1" type:"integer"`
20398
20399	// The parameter for receiving additional results if you receive a NextToken
20400	// response in a previous request. A NextToken response indicates that more
20401	// output is available. Set this parameter to the value of the previous call's
20402	// NextToken response to indicate where the output should continue from.
20403	NextToken *string `type:"string"`
20404
20405	// The unique identifier (ID) of the root, organizational unit, or account whose
20406	// policies you want to list.
20407	//
20408	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
20409	// requires one of the following:
20410	//
20411	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
20412	//    letters or digits.
20413	//
20414	//    * Account - A string that consists of exactly 12 digits.
20415	//
20416	//    * Organizational unit (OU) - A string that begins with "ou-" followed
20417	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
20418	//    OU is in). This string is followed by a second "-" dash and from 8 to
20419	//    32 additional lowercase letters or digits.
20420	//
20421	// TargetId is a required field
20422	TargetId *string `type:"string" required:"true"`
20423}
20424
20425// String returns the string representation
20426func (s ListPoliciesForTargetInput) String() string {
20427	return awsutil.Prettify(s)
20428}
20429
20430// GoString returns the string representation
20431func (s ListPoliciesForTargetInput) GoString() string {
20432	return s.String()
20433}
20434
20435// Validate inspects the fields of the type to determine if they are valid.
20436func (s *ListPoliciesForTargetInput) Validate() error {
20437	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"}
20438	if s.Filter == nil {
20439		invalidParams.Add(request.NewErrParamRequired("Filter"))
20440	}
20441	if s.MaxResults != nil && *s.MaxResults < 1 {
20442		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20443	}
20444	if s.TargetId == nil {
20445		invalidParams.Add(request.NewErrParamRequired("TargetId"))
20446	}
20447
20448	if invalidParams.Len() > 0 {
20449		return invalidParams
20450	}
20451	return nil
20452}
20453
20454// SetFilter sets the Filter field's value.
20455func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput {
20456	s.Filter = &v
20457	return s
20458}
20459
20460// SetMaxResults sets the MaxResults field's value.
20461func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput {
20462	s.MaxResults = &v
20463	return s
20464}
20465
20466// SetNextToken sets the NextToken field's value.
20467func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput {
20468	s.NextToken = &v
20469	return s
20470}
20471
20472// SetTargetId sets the TargetId field's value.
20473func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput {
20474	s.TargetId = &v
20475	return s
20476}
20477
20478type ListPoliciesForTargetOutput struct {
20479	_ struct{} `type:"structure"`
20480
20481	// If present, indicates that more output is available than is included in the
20482	// current response. Use this value in the NextToken request parameter in a
20483	// subsequent call to the operation to get the next part of the output. You
20484	// should repeat this until the NextToken response element comes back as null.
20485	NextToken *string `type:"string"`
20486
20487	// The list of policies that match the criteria in the request.
20488	Policies []*PolicySummary `type:"list"`
20489}
20490
20491// String returns the string representation
20492func (s ListPoliciesForTargetOutput) String() string {
20493	return awsutil.Prettify(s)
20494}
20495
20496// GoString returns the string representation
20497func (s ListPoliciesForTargetOutput) GoString() string {
20498	return s.String()
20499}
20500
20501// SetNextToken sets the NextToken field's value.
20502func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput {
20503	s.NextToken = &v
20504	return s
20505}
20506
20507// SetPolicies sets the Policies field's value.
20508func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput {
20509	s.Policies = v
20510	return s
20511}
20512
20513type ListPoliciesInput struct {
20514	_ struct{} `type:"structure"`
20515
20516	// Specifies the type of policy that you want to include in the response. You
20517	// must specify one of the following values:
20518	//
20519	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
20520	//
20521	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
20522	//
20523	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
20524	//
20525	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
20526	//
20527	// Filter is a required field
20528	Filter *string `type:"string" required:"true" enum:"PolicyType"`
20529
20530	// The total number of results that you want included on each page of the response.
20531	// If you do not include this parameter, it defaults to a value that is specific
20532	// to the operation. If additional items exist beyond the maximum you specify,
20533	// the NextToken response element is present and has a value (is not null).
20534	// Include that value as the NextToken request parameter in the next call to
20535	// the operation to get the next part of the results. Note that Organizations
20536	// might return fewer results than the maximum even when there are more results
20537	// available. You should check NextToken after every operation to ensure that
20538	// you receive all of the results.
20539	MaxResults *int64 `min:"1" type:"integer"`
20540
20541	// The parameter for receiving additional results if you receive a NextToken
20542	// response in a previous request. A NextToken response indicates that more
20543	// output is available. Set this parameter to the value of the previous call's
20544	// NextToken response to indicate where the output should continue from.
20545	NextToken *string `type:"string"`
20546}
20547
20548// String returns the string representation
20549func (s ListPoliciesInput) String() string {
20550	return awsutil.Prettify(s)
20551}
20552
20553// GoString returns the string representation
20554func (s ListPoliciesInput) GoString() string {
20555	return s.String()
20556}
20557
20558// Validate inspects the fields of the type to determine if they are valid.
20559func (s *ListPoliciesInput) Validate() error {
20560	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
20561	if s.Filter == nil {
20562		invalidParams.Add(request.NewErrParamRequired("Filter"))
20563	}
20564	if s.MaxResults != nil && *s.MaxResults < 1 {
20565		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20566	}
20567
20568	if invalidParams.Len() > 0 {
20569		return invalidParams
20570	}
20571	return nil
20572}
20573
20574// SetFilter sets the Filter field's value.
20575func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput {
20576	s.Filter = &v
20577	return s
20578}
20579
20580// SetMaxResults sets the MaxResults field's value.
20581func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
20582	s.MaxResults = &v
20583	return s
20584}
20585
20586// SetNextToken sets the NextToken field's value.
20587func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
20588	s.NextToken = &v
20589	return s
20590}
20591
20592type ListPoliciesOutput struct {
20593	_ struct{} `type:"structure"`
20594
20595	// If present, indicates that more output is available than is included in the
20596	// current response. Use this value in the NextToken request parameter in a
20597	// subsequent call to the operation to get the next part of the output. You
20598	// should repeat this until the NextToken response element comes back as null.
20599	NextToken *string `type:"string"`
20600
20601	// A list of policies that match the filter criteria in the request. The output
20602	// list doesn't include the policy contents. To see the content for a policy,
20603	// see DescribePolicy.
20604	Policies []*PolicySummary `type:"list"`
20605}
20606
20607// String returns the string representation
20608func (s ListPoliciesOutput) String() string {
20609	return awsutil.Prettify(s)
20610}
20611
20612// GoString returns the string representation
20613func (s ListPoliciesOutput) GoString() string {
20614	return s.String()
20615}
20616
20617// SetNextToken sets the NextToken field's value.
20618func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
20619	s.NextToken = &v
20620	return s
20621}
20622
20623// SetPolicies sets the Policies field's value.
20624func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput {
20625	s.Policies = v
20626	return s
20627}
20628
20629type ListRootsInput struct {
20630	_ struct{} `type:"structure"`
20631
20632	// The total number of results that you want included on each page of the response.
20633	// If you do not include this parameter, it defaults to a value that is specific
20634	// to the operation. If additional items exist beyond the maximum you specify,
20635	// the NextToken response element is present and has a value (is not null).
20636	// Include that value as the NextToken request parameter in the next call to
20637	// the operation to get the next part of the results. Note that Organizations
20638	// might return fewer results than the maximum even when there are more results
20639	// available. You should check NextToken after every operation to ensure that
20640	// you receive all of the results.
20641	MaxResults *int64 `min:"1" type:"integer"`
20642
20643	// The parameter for receiving additional results if you receive a NextToken
20644	// response in a previous request. A NextToken response indicates that more
20645	// output is available. Set this parameter to the value of the previous call's
20646	// NextToken response to indicate where the output should continue from.
20647	NextToken *string `type:"string"`
20648}
20649
20650// String returns the string representation
20651func (s ListRootsInput) String() string {
20652	return awsutil.Prettify(s)
20653}
20654
20655// GoString returns the string representation
20656func (s ListRootsInput) GoString() string {
20657	return s.String()
20658}
20659
20660// Validate inspects the fields of the type to determine if they are valid.
20661func (s *ListRootsInput) Validate() error {
20662	invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"}
20663	if s.MaxResults != nil && *s.MaxResults < 1 {
20664		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20665	}
20666
20667	if invalidParams.Len() > 0 {
20668		return invalidParams
20669	}
20670	return nil
20671}
20672
20673// SetMaxResults sets the MaxResults field's value.
20674func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput {
20675	s.MaxResults = &v
20676	return s
20677}
20678
20679// SetNextToken sets the NextToken field's value.
20680func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput {
20681	s.NextToken = &v
20682	return s
20683}
20684
20685type ListRootsOutput struct {
20686	_ struct{} `type:"structure"`
20687
20688	// If present, indicates that more output is available than is included in the
20689	// current response. Use this value in the NextToken request parameter in a
20690	// subsequent call to the operation to get the next part of the output. You
20691	// should repeat this until the NextToken response element comes back as null.
20692	NextToken *string `type:"string"`
20693
20694	// A list of roots that are defined in an organization.
20695	Roots []*Root `type:"list"`
20696}
20697
20698// String returns the string representation
20699func (s ListRootsOutput) String() string {
20700	return awsutil.Prettify(s)
20701}
20702
20703// GoString returns the string representation
20704func (s ListRootsOutput) GoString() string {
20705	return s.String()
20706}
20707
20708// SetNextToken sets the NextToken field's value.
20709func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput {
20710	s.NextToken = &v
20711	return s
20712}
20713
20714// SetRoots sets the Roots field's value.
20715func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput {
20716	s.Roots = v
20717	return s
20718}
20719
20720type ListTagsForResourceInput struct {
20721	_ struct{} `type:"structure"`
20722
20723	// The parameter for receiving additional results if you receive a NextToken
20724	// response in a previous request. A NextToken response indicates that more
20725	// output is available. Set this parameter to the value of the previous call's
20726	// NextToken response to indicate where the output should continue from.
20727	NextToken *string `type:"string"`
20728
20729	// The ID of the resource with the tags to list.
20730	//
20731	// You can specify any of the following taggable resources.
20732	//
20733	//    * AWS account – specify the account ID number.
20734	//
20735	//    * Organizational unit – specify the OU ID that begins with ou- and looks
20736	//    similar to: ou-1a2b-34uvwxyz
20737	//
20738	//    * Root – specify the root ID that begins with r- and looks similar to:
20739	//    r-1a2b
20740	//
20741	//    * Policy – specify the policy ID that begins with p- andlooks similar
20742	//    to: p-12abcdefg3
20743	//
20744	// ResourceId is a required field
20745	ResourceId *string `type:"string" required:"true"`
20746}
20747
20748// String returns the string representation
20749func (s ListTagsForResourceInput) String() string {
20750	return awsutil.Prettify(s)
20751}
20752
20753// GoString returns the string representation
20754func (s ListTagsForResourceInput) GoString() string {
20755	return s.String()
20756}
20757
20758// Validate inspects the fields of the type to determine if they are valid.
20759func (s *ListTagsForResourceInput) Validate() error {
20760	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
20761	if s.ResourceId == nil {
20762		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
20763	}
20764
20765	if invalidParams.Len() > 0 {
20766		return invalidParams
20767	}
20768	return nil
20769}
20770
20771// SetNextToken sets the NextToken field's value.
20772func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
20773	s.NextToken = &v
20774	return s
20775}
20776
20777// SetResourceId sets the ResourceId field's value.
20778func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput {
20779	s.ResourceId = &v
20780	return s
20781}
20782
20783type ListTagsForResourceOutput struct {
20784	_ struct{} `type:"structure"`
20785
20786	// If present, indicates that more output is available than is included in the
20787	// current response. Use this value in the NextToken request parameter in a
20788	// subsequent call to the operation to get the next part of the output. You
20789	// should repeat this until the NextToken response element comes back as null.
20790	NextToken *string `type:"string"`
20791
20792	// The tags that are assigned to the resource.
20793	Tags []*Tag `type:"list"`
20794}
20795
20796// String returns the string representation
20797func (s ListTagsForResourceOutput) String() string {
20798	return awsutil.Prettify(s)
20799}
20800
20801// GoString returns the string representation
20802func (s ListTagsForResourceOutput) GoString() string {
20803	return s.String()
20804}
20805
20806// SetNextToken sets the NextToken field's value.
20807func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
20808	s.NextToken = &v
20809	return s
20810}
20811
20812// SetTags sets the Tags field's value.
20813func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
20814	s.Tags = v
20815	return s
20816}
20817
20818type ListTargetsForPolicyInput struct {
20819	_ struct{} `type:"structure"`
20820
20821	// The total number of results that you want included on each page of the response.
20822	// If you do not include this parameter, it defaults to a value that is specific
20823	// to the operation. If additional items exist beyond the maximum you specify,
20824	// the NextToken response element is present and has a value (is not null).
20825	// Include that value as the NextToken request parameter in the next call to
20826	// the operation to get the next part of the results. Note that Organizations
20827	// might return fewer results than the maximum even when there are more results
20828	// available. You should check NextToken after every operation to ensure that
20829	// you receive all of the results.
20830	MaxResults *int64 `min:"1" type:"integer"`
20831
20832	// The parameter for receiving additional results if you receive a NextToken
20833	// response in a previous request. A NextToken response indicates that more
20834	// output is available. Set this parameter to the value of the previous call's
20835	// NextToken response to indicate where the output should continue from.
20836	NextToken *string `type:"string"`
20837
20838	// The unique identifier (ID) of the policy whose attachments you want to know.
20839	//
20840	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
20841	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
20842	// or the underscore character (_).
20843	//
20844	// PolicyId is a required field
20845	PolicyId *string `type:"string" required:"true"`
20846}
20847
20848// String returns the string representation
20849func (s ListTargetsForPolicyInput) String() string {
20850	return awsutil.Prettify(s)
20851}
20852
20853// GoString returns the string representation
20854func (s ListTargetsForPolicyInput) GoString() string {
20855	return s.String()
20856}
20857
20858// Validate inspects the fields of the type to determine if they are valid.
20859func (s *ListTargetsForPolicyInput) Validate() error {
20860	invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"}
20861	if s.MaxResults != nil && *s.MaxResults < 1 {
20862		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
20863	}
20864	if s.PolicyId == nil {
20865		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
20866	}
20867
20868	if invalidParams.Len() > 0 {
20869		return invalidParams
20870	}
20871	return nil
20872}
20873
20874// SetMaxResults sets the MaxResults field's value.
20875func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput {
20876	s.MaxResults = &v
20877	return s
20878}
20879
20880// SetNextToken sets the NextToken field's value.
20881func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput {
20882	s.NextToken = &v
20883	return s
20884}
20885
20886// SetPolicyId sets the PolicyId field's value.
20887func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput {
20888	s.PolicyId = &v
20889	return s
20890}
20891
20892type ListTargetsForPolicyOutput struct {
20893	_ struct{} `type:"structure"`
20894
20895	// If present, indicates that more output is available than is included in the
20896	// current response. Use this value in the NextToken request parameter in a
20897	// subsequent call to the operation to get the next part of the output. You
20898	// should repeat this until the NextToken response element comes back as null.
20899	NextToken *string `type:"string"`
20900
20901	// A list of structures, each of which contains details about one of the entities
20902	// to which the specified policy is attached.
20903	Targets []*PolicyTargetSummary `type:"list"`
20904}
20905
20906// String returns the string representation
20907func (s ListTargetsForPolicyOutput) String() string {
20908	return awsutil.Prettify(s)
20909}
20910
20911// GoString returns the string representation
20912func (s ListTargetsForPolicyOutput) GoString() string {
20913	return s.String()
20914}
20915
20916// SetNextToken sets the NextToken field's value.
20917func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput {
20918	s.NextToken = &v
20919	return s
20920}
20921
20922// SetTargets sets the Targets field's value.
20923func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput {
20924	s.Targets = v
20925	return s
20926}
20927
20928// The provided policy document doesn't meet the requirements of the specified
20929// policy type. For example, the syntax might be incorrect. For details about
20930// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
20931// in the AWS Organizations User Guide.
20932type MalformedPolicyDocumentException struct {
20933	_            struct{}                  `type:"structure"`
20934	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20935
20936	Message_ *string `locationName:"Message" type:"string"`
20937}
20938
20939// String returns the string representation
20940func (s MalformedPolicyDocumentException) String() string {
20941	return awsutil.Prettify(s)
20942}
20943
20944// GoString returns the string representation
20945func (s MalformedPolicyDocumentException) GoString() string {
20946	return s.String()
20947}
20948
20949func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error {
20950	return &MalformedPolicyDocumentException{
20951		RespMetadata: v,
20952	}
20953}
20954
20955// Code returns the exception type name.
20956func (s *MalformedPolicyDocumentException) Code() string {
20957	return "MalformedPolicyDocumentException"
20958}
20959
20960// Message returns the exception's message.
20961func (s *MalformedPolicyDocumentException) Message() string {
20962	if s.Message_ != nil {
20963		return *s.Message_
20964	}
20965	return ""
20966}
20967
20968// OrigErr always returns nil, satisfies awserr.Error interface.
20969func (s *MalformedPolicyDocumentException) OrigErr() error {
20970	return nil
20971}
20972
20973func (s *MalformedPolicyDocumentException) Error() string {
20974	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
20975}
20976
20977// Status code returns the HTTP status code for the request's response error.
20978func (s *MalformedPolicyDocumentException) StatusCode() int {
20979	return s.RespMetadata.StatusCode
20980}
20981
20982// RequestID returns the service's response RequestID for request.
20983func (s *MalformedPolicyDocumentException) RequestID() string {
20984	return s.RespMetadata.RequestID
20985}
20986
20987// You can't remove a management account from an organization. If you want the
20988// management account to become a member account in another organization, you
20989// must first delete the current organization of the management account.
20990type MasterCannotLeaveOrganizationException struct {
20991	_            struct{}                  `type:"structure"`
20992	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
20993
20994	Message_ *string `locationName:"Message" type:"string"`
20995}
20996
20997// String returns the string representation
20998func (s MasterCannotLeaveOrganizationException) String() string {
20999	return awsutil.Prettify(s)
21000}
21001
21002// GoString returns the string representation
21003func (s MasterCannotLeaveOrganizationException) GoString() string {
21004	return s.String()
21005}
21006
21007func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error {
21008	return &MasterCannotLeaveOrganizationException{
21009		RespMetadata: v,
21010	}
21011}
21012
21013// Code returns the exception type name.
21014func (s *MasterCannotLeaveOrganizationException) Code() string {
21015	return "MasterCannotLeaveOrganizationException"
21016}
21017
21018// Message returns the exception's message.
21019func (s *MasterCannotLeaveOrganizationException) Message() string {
21020	if s.Message_ != nil {
21021		return *s.Message_
21022	}
21023	return ""
21024}
21025
21026// OrigErr always returns nil, satisfies awserr.Error interface.
21027func (s *MasterCannotLeaveOrganizationException) OrigErr() error {
21028	return nil
21029}
21030
21031func (s *MasterCannotLeaveOrganizationException) Error() string {
21032	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21033}
21034
21035// Status code returns the HTTP status code for the request's response error.
21036func (s *MasterCannotLeaveOrganizationException) StatusCode() int {
21037	return s.RespMetadata.StatusCode
21038}
21039
21040// RequestID returns the service's response RequestID for request.
21041func (s *MasterCannotLeaveOrganizationException) RequestID() string {
21042	return s.RespMetadata.RequestID
21043}
21044
21045type MoveAccountInput struct {
21046	_ struct{} `type:"structure"`
21047
21048	// The unique identifier (ID) of the account that you want to move.
21049	//
21050	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
21051	// requires exactly 12 digits.
21052	//
21053	// AccountId is a required field
21054	AccountId *string `type:"string" required:"true"`
21055
21056	// The unique identifier (ID) of the root or organizational unit that you want
21057	// to move the account to.
21058	//
21059	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
21060	// requires one of the following:
21061	//
21062	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
21063	//    letters or digits.
21064	//
21065	//    * Organizational unit (OU) - A string that begins with "ou-" followed
21066	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
21067	//    OU is in). This string is followed by a second "-" dash and from 8 to
21068	//    32 additional lowercase letters or digits.
21069	//
21070	// DestinationParentId is a required field
21071	DestinationParentId *string `type:"string" required:"true"`
21072
21073	// The unique identifier (ID) of the root or organizational unit that you want
21074	// to move the account from.
21075	//
21076	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
21077	// requires one of the following:
21078	//
21079	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
21080	//    letters or digits.
21081	//
21082	//    * Organizational unit (OU) - A string that begins with "ou-" followed
21083	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
21084	//    OU is in). This string is followed by a second "-" dash and from 8 to
21085	//    32 additional lowercase letters or digits.
21086	//
21087	// SourceParentId is a required field
21088	SourceParentId *string `type:"string" required:"true"`
21089}
21090
21091// String returns the string representation
21092func (s MoveAccountInput) String() string {
21093	return awsutil.Prettify(s)
21094}
21095
21096// GoString returns the string representation
21097func (s MoveAccountInput) GoString() string {
21098	return s.String()
21099}
21100
21101// Validate inspects the fields of the type to determine if they are valid.
21102func (s *MoveAccountInput) Validate() error {
21103	invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"}
21104	if s.AccountId == nil {
21105		invalidParams.Add(request.NewErrParamRequired("AccountId"))
21106	}
21107	if s.DestinationParentId == nil {
21108		invalidParams.Add(request.NewErrParamRequired("DestinationParentId"))
21109	}
21110	if s.SourceParentId == nil {
21111		invalidParams.Add(request.NewErrParamRequired("SourceParentId"))
21112	}
21113
21114	if invalidParams.Len() > 0 {
21115		return invalidParams
21116	}
21117	return nil
21118}
21119
21120// SetAccountId sets the AccountId field's value.
21121func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput {
21122	s.AccountId = &v
21123	return s
21124}
21125
21126// SetDestinationParentId sets the DestinationParentId field's value.
21127func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput {
21128	s.DestinationParentId = &v
21129	return s
21130}
21131
21132// SetSourceParentId sets the SourceParentId field's value.
21133func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput {
21134	s.SourceParentId = &v
21135	return s
21136}
21137
21138type MoveAccountOutput struct {
21139	_ struct{} `type:"structure"`
21140}
21141
21142// String returns the string representation
21143func (s MoveAccountOutput) String() string {
21144	return awsutil.Prettify(s)
21145}
21146
21147// GoString returns the string representation
21148func (s MoveAccountOutput) GoString() string {
21149	return s.String()
21150}
21151
21152// Contains details about an organization. An organization is a collection of
21153// accounts that are centrally managed together using consolidated billing,
21154// organized hierarchically with organizational units (OUs), and controlled
21155// with policies .
21156type Organization struct {
21157	_ struct{} `type:"structure"`
21158
21159	// The Amazon Resource Name (ARN) of an organization.
21160	//
21161	// For more information about ARNs in Organizations, see ARN Formats Supported
21162	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
21163	// in the AWS Service Authorization Reference.
21164	Arn *string `type:"string"`
21165
21166	//
21167	// Do not use. This field is deprecated and doesn't provide complete information
21168	// about the policies in your organization.
21169	//
21170	// To determine the policies that are enabled and available for use in your
21171	// organization, use the ListRoots operation instead.
21172	AvailablePolicyTypes []*PolicyTypeSummary `type:"list"`
21173
21174	// Specifies the functionality that currently is available to the organization.
21175	// If set to "ALL", then all features are enabled and policies can be applied
21176	// to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only
21177	// consolidated billing functionality is available. For more information, see
21178	// Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
21179	// in the AWS Organizations User Guide.
21180	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
21181
21182	// The unique identifier (ID) of an organization.
21183	//
21184	// The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID
21185	// string requires "o-" followed by from 10 to 32 lowercase letters or digits.
21186	Id *string `type:"string"`
21187
21188	// The Amazon Resource Name (ARN) of the account that is designated as the management
21189	// account for the organization.
21190	//
21191	// For more information about ARNs in Organizations, see ARN Formats Supported
21192	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
21193	// in the AWS Service Authorization Reference.
21194	MasterAccountArn *string `type:"string"`
21195
21196	// The email address that is associated with the AWS account that is designated
21197	// as the management account for the organization.
21198	MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"`
21199
21200	// The unique identifier (ID) of the management account of an organization.
21201	//
21202	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
21203	// requires exactly 12 digits.
21204	MasterAccountId *string `type:"string"`
21205}
21206
21207// String returns the string representation
21208func (s Organization) String() string {
21209	return awsutil.Prettify(s)
21210}
21211
21212// GoString returns the string representation
21213func (s Organization) GoString() string {
21214	return s.String()
21215}
21216
21217// SetArn sets the Arn field's value.
21218func (s *Organization) SetArn(v string) *Organization {
21219	s.Arn = &v
21220	return s
21221}
21222
21223// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value.
21224func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization {
21225	s.AvailablePolicyTypes = v
21226	return s
21227}
21228
21229// SetFeatureSet sets the FeatureSet field's value.
21230func (s *Organization) SetFeatureSet(v string) *Organization {
21231	s.FeatureSet = &v
21232	return s
21233}
21234
21235// SetId sets the Id field's value.
21236func (s *Organization) SetId(v string) *Organization {
21237	s.Id = &v
21238	return s
21239}
21240
21241// SetMasterAccountArn sets the MasterAccountArn field's value.
21242func (s *Organization) SetMasterAccountArn(v string) *Organization {
21243	s.MasterAccountArn = &v
21244	return s
21245}
21246
21247// SetMasterAccountEmail sets the MasterAccountEmail field's value.
21248func (s *Organization) SetMasterAccountEmail(v string) *Organization {
21249	s.MasterAccountEmail = &v
21250	return s
21251}
21252
21253// SetMasterAccountId sets the MasterAccountId field's value.
21254func (s *Organization) SetMasterAccountId(v string) *Organization {
21255	s.MasterAccountId = &v
21256	return s
21257}
21258
21259// The organization isn't empty. To delete an organization, you must first remove
21260// all accounts except the management account, delete all OUs, and delete all
21261// policies.
21262type OrganizationNotEmptyException struct {
21263	_            struct{}                  `type:"structure"`
21264	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21265
21266	Message_ *string `locationName:"Message" type:"string"`
21267}
21268
21269// String returns the string representation
21270func (s OrganizationNotEmptyException) String() string {
21271	return awsutil.Prettify(s)
21272}
21273
21274// GoString returns the string representation
21275func (s OrganizationNotEmptyException) GoString() string {
21276	return s.String()
21277}
21278
21279func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error {
21280	return &OrganizationNotEmptyException{
21281		RespMetadata: v,
21282	}
21283}
21284
21285// Code returns the exception type name.
21286func (s *OrganizationNotEmptyException) Code() string {
21287	return "OrganizationNotEmptyException"
21288}
21289
21290// Message returns the exception's message.
21291func (s *OrganizationNotEmptyException) Message() string {
21292	if s.Message_ != nil {
21293		return *s.Message_
21294	}
21295	return ""
21296}
21297
21298// OrigErr always returns nil, satisfies awserr.Error interface.
21299func (s *OrganizationNotEmptyException) OrigErr() error {
21300	return nil
21301}
21302
21303func (s *OrganizationNotEmptyException) Error() string {
21304	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21305}
21306
21307// Status code returns the HTTP status code for the request's response error.
21308func (s *OrganizationNotEmptyException) StatusCode() int {
21309	return s.RespMetadata.StatusCode
21310}
21311
21312// RequestID returns the service's response RequestID for request.
21313func (s *OrganizationNotEmptyException) RequestID() string {
21314	return s.RespMetadata.RequestID
21315}
21316
21317// Contains details about an organizational unit (OU). An OU is a container
21318// of AWS accounts within a root of an organization. Policies that are attached
21319// to an OU apply to all accounts contained in that OU and in any child OUs.
21320type OrganizationalUnit struct {
21321	_ struct{} `type:"structure"`
21322
21323	// The Amazon Resource Name (ARN) of this OU.
21324	//
21325	// For more information about ARNs in Organizations, see ARN Formats Supported
21326	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
21327	// in the AWS Service Authorization Reference.
21328	Arn *string `type:"string"`
21329
21330	// The unique identifier (ID) associated with this OU.
21331	//
21332	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
21333	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
21334	// or digits (the ID of the root that contains the OU). This string is followed
21335	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
21336	Id *string `type:"string"`
21337
21338	// The friendly name of this OU.
21339	//
21340	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21341	// this parameter is a string of any of the characters in the ASCII character
21342	// range.
21343	Name *string `min:"1" type:"string"`
21344}
21345
21346// String returns the string representation
21347func (s OrganizationalUnit) String() string {
21348	return awsutil.Prettify(s)
21349}
21350
21351// GoString returns the string representation
21352func (s OrganizationalUnit) GoString() string {
21353	return s.String()
21354}
21355
21356// SetArn sets the Arn field's value.
21357func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit {
21358	s.Arn = &v
21359	return s
21360}
21361
21362// SetId sets the Id field's value.
21363func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit {
21364	s.Id = &v
21365	return s
21366}
21367
21368// SetName sets the Name field's value.
21369func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit {
21370	s.Name = &v
21371	return s
21372}
21373
21374// The specified OU is not empty. Move all accounts to another root or to other
21375// OUs, remove all child OUs, and try the operation again.
21376type OrganizationalUnitNotEmptyException struct {
21377	_            struct{}                  `type:"structure"`
21378	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21379
21380	Message_ *string `locationName:"Message" type:"string"`
21381}
21382
21383// String returns the string representation
21384func (s OrganizationalUnitNotEmptyException) String() string {
21385	return awsutil.Prettify(s)
21386}
21387
21388// GoString returns the string representation
21389func (s OrganizationalUnitNotEmptyException) GoString() string {
21390	return s.String()
21391}
21392
21393func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error {
21394	return &OrganizationalUnitNotEmptyException{
21395		RespMetadata: v,
21396	}
21397}
21398
21399// Code returns the exception type name.
21400func (s *OrganizationalUnitNotEmptyException) Code() string {
21401	return "OrganizationalUnitNotEmptyException"
21402}
21403
21404// Message returns the exception's message.
21405func (s *OrganizationalUnitNotEmptyException) Message() string {
21406	if s.Message_ != nil {
21407		return *s.Message_
21408	}
21409	return ""
21410}
21411
21412// OrigErr always returns nil, satisfies awserr.Error interface.
21413func (s *OrganizationalUnitNotEmptyException) OrigErr() error {
21414	return nil
21415}
21416
21417func (s *OrganizationalUnitNotEmptyException) Error() string {
21418	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21419}
21420
21421// Status code returns the HTTP status code for the request's response error.
21422func (s *OrganizationalUnitNotEmptyException) StatusCode() int {
21423	return s.RespMetadata.StatusCode
21424}
21425
21426// RequestID returns the service's response RequestID for request.
21427func (s *OrganizationalUnitNotEmptyException) RequestID() string {
21428	return s.RespMetadata.RequestID
21429}
21430
21431// We can't find an OU with the OrganizationalUnitId that you specified.
21432type OrganizationalUnitNotFoundException struct {
21433	_            struct{}                  `type:"structure"`
21434	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21435
21436	Message_ *string `locationName:"Message" type:"string"`
21437}
21438
21439// String returns the string representation
21440func (s OrganizationalUnitNotFoundException) String() string {
21441	return awsutil.Prettify(s)
21442}
21443
21444// GoString returns the string representation
21445func (s OrganizationalUnitNotFoundException) GoString() string {
21446	return s.String()
21447}
21448
21449func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error {
21450	return &OrganizationalUnitNotFoundException{
21451		RespMetadata: v,
21452	}
21453}
21454
21455// Code returns the exception type name.
21456func (s *OrganizationalUnitNotFoundException) Code() string {
21457	return "OrganizationalUnitNotFoundException"
21458}
21459
21460// Message returns the exception's message.
21461func (s *OrganizationalUnitNotFoundException) Message() string {
21462	if s.Message_ != nil {
21463		return *s.Message_
21464	}
21465	return ""
21466}
21467
21468// OrigErr always returns nil, satisfies awserr.Error interface.
21469func (s *OrganizationalUnitNotFoundException) OrigErr() error {
21470	return nil
21471}
21472
21473func (s *OrganizationalUnitNotFoundException) Error() string {
21474	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21475}
21476
21477// Status code returns the HTTP status code for the request's response error.
21478func (s *OrganizationalUnitNotFoundException) StatusCode() int {
21479	return s.RespMetadata.StatusCode
21480}
21481
21482// RequestID returns the service's response RequestID for request.
21483func (s *OrganizationalUnitNotFoundException) RequestID() string {
21484	return s.RespMetadata.RequestID
21485}
21486
21487// Contains information about either a root or an organizational unit (OU) that
21488// can contain OUs or accounts in an organization.
21489type Parent struct {
21490	_ struct{} `type:"structure"`
21491
21492	// The unique identifier (ID) of the parent entity.
21493	//
21494	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
21495	// requires one of the following:
21496	//
21497	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
21498	//    letters or digits.
21499	//
21500	//    * Organizational unit (OU) - A string that begins with "ou-" followed
21501	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
21502	//    OU is in). This string is followed by a second "-" dash and from 8 to
21503	//    32 additional lowercase letters or digits.
21504	Id *string `type:"string"`
21505
21506	// The type of the parent entity.
21507	Type *string `type:"string" enum:"ParentType"`
21508}
21509
21510// String returns the string representation
21511func (s Parent) String() string {
21512	return awsutil.Prettify(s)
21513}
21514
21515// GoString returns the string representation
21516func (s Parent) GoString() string {
21517	return s.String()
21518}
21519
21520// SetId sets the Id field's value.
21521func (s *Parent) SetId(v string) *Parent {
21522	s.Id = &v
21523	return s
21524}
21525
21526// SetType sets the Type field's value.
21527func (s *Parent) SetType(v string) *Parent {
21528	s.Type = &v
21529	return s
21530}
21531
21532// We can't find a root or OU with the ParentId that you specified.
21533type ParentNotFoundException struct {
21534	_            struct{}                  `type:"structure"`
21535	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21536
21537	Message_ *string `locationName:"Message" type:"string"`
21538}
21539
21540// String returns the string representation
21541func (s ParentNotFoundException) String() string {
21542	return awsutil.Prettify(s)
21543}
21544
21545// GoString returns the string representation
21546func (s ParentNotFoundException) GoString() string {
21547	return s.String()
21548}
21549
21550func newErrorParentNotFoundException(v protocol.ResponseMetadata) error {
21551	return &ParentNotFoundException{
21552		RespMetadata: v,
21553	}
21554}
21555
21556// Code returns the exception type name.
21557func (s *ParentNotFoundException) Code() string {
21558	return "ParentNotFoundException"
21559}
21560
21561// Message returns the exception's message.
21562func (s *ParentNotFoundException) Message() string {
21563	if s.Message_ != nil {
21564		return *s.Message_
21565	}
21566	return ""
21567}
21568
21569// OrigErr always returns nil, satisfies awserr.Error interface.
21570func (s *ParentNotFoundException) OrigErr() error {
21571	return nil
21572}
21573
21574func (s *ParentNotFoundException) Error() string {
21575	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21576}
21577
21578// Status code returns the HTTP status code for the request's response error.
21579func (s *ParentNotFoundException) StatusCode() int {
21580	return s.RespMetadata.StatusCode
21581}
21582
21583// RequestID returns the service's response RequestID for request.
21584func (s *ParentNotFoundException) RequestID() string {
21585	return s.RespMetadata.RequestID
21586}
21587
21588// Contains rules to be applied to the affected accounts. Policies can be attached
21589// directly to accounts, or to roots and OUs to affect all accounts in those
21590// hierarchies.
21591type Policy struct {
21592	_ struct{} `type:"structure"`
21593
21594	// The text content of the policy.
21595	Content *string `min:"1" type:"string"`
21596
21597	// A structure that contains additional details about the policy.
21598	PolicySummary *PolicySummary `type:"structure"`
21599}
21600
21601// String returns the string representation
21602func (s Policy) String() string {
21603	return awsutil.Prettify(s)
21604}
21605
21606// GoString returns the string representation
21607func (s Policy) GoString() string {
21608	return s.String()
21609}
21610
21611// SetContent sets the Content field's value.
21612func (s *Policy) SetContent(v string) *Policy {
21613	s.Content = &v
21614	return s
21615}
21616
21617// SetPolicySummary sets the PolicySummary field's value.
21618func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy {
21619	s.PolicySummary = v
21620	return s
21621}
21622
21623// Changes to the effective policy are in progress, and its contents can't be
21624// returned. Try the operation again later.
21625type PolicyChangesInProgressException struct {
21626	_            struct{}                  `type:"structure"`
21627	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21628
21629	Message_ *string `locationName:"Message" type:"string"`
21630}
21631
21632// String returns the string representation
21633func (s PolicyChangesInProgressException) String() string {
21634	return awsutil.Prettify(s)
21635}
21636
21637// GoString returns the string representation
21638func (s PolicyChangesInProgressException) GoString() string {
21639	return s.String()
21640}
21641
21642func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error {
21643	return &PolicyChangesInProgressException{
21644		RespMetadata: v,
21645	}
21646}
21647
21648// Code returns the exception type name.
21649func (s *PolicyChangesInProgressException) Code() string {
21650	return "PolicyChangesInProgressException"
21651}
21652
21653// Message returns the exception's message.
21654func (s *PolicyChangesInProgressException) Message() string {
21655	if s.Message_ != nil {
21656		return *s.Message_
21657	}
21658	return ""
21659}
21660
21661// OrigErr always returns nil, satisfies awserr.Error interface.
21662func (s *PolicyChangesInProgressException) OrigErr() error {
21663	return nil
21664}
21665
21666func (s *PolicyChangesInProgressException) Error() string {
21667	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21668}
21669
21670// Status code returns the HTTP status code for the request's response error.
21671func (s *PolicyChangesInProgressException) StatusCode() int {
21672	return s.RespMetadata.StatusCode
21673}
21674
21675// RequestID returns the service's response RequestID for request.
21676func (s *PolicyChangesInProgressException) RequestID() string {
21677	return s.RespMetadata.RequestID
21678}
21679
21680// The policy is attached to one or more entities. You must detach it from all
21681// roots, OUs, and accounts before performing this operation.
21682type PolicyInUseException struct {
21683	_            struct{}                  `type:"structure"`
21684	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21685
21686	Message_ *string `locationName:"Message" type:"string"`
21687}
21688
21689// String returns the string representation
21690func (s PolicyInUseException) String() string {
21691	return awsutil.Prettify(s)
21692}
21693
21694// GoString returns the string representation
21695func (s PolicyInUseException) GoString() string {
21696	return s.String()
21697}
21698
21699func newErrorPolicyInUseException(v protocol.ResponseMetadata) error {
21700	return &PolicyInUseException{
21701		RespMetadata: v,
21702	}
21703}
21704
21705// Code returns the exception type name.
21706func (s *PolicyInUseException) Code() string {
21707	return "PolicyInUseException"
21708}
21709
21710// Message returns the exception's message.
21711func (s *PolicyInUseException) Message() string {
21712	if s.Message_ != nil {
21713		return *s.Message_
21714	}
21715	return ""
21716}
21717
21718// OrigErr always returns nil, satisfies awserr.Error interface.
21719func (s *PolicyInUseException) OrigErr() error {
21720	return nil
21721}
21722
21723func (s *PolicyInUseException) Error() string {
21724	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21725}
21726
21727// Status code returns the HTTP status code for the request's response error.
21728func (s *PolicyInUseException) StatusCode() int {
21729	return s.RespMetadata.StatusCode
21730}
21731
21732// RequestID returns the service's response RequestID for request.
21733func (s *PolicyInUseException) RequestID() string {
21734	return s.RespMetadata.RequestID
21735}
21736
21737// The policy isn't attached to the specified target in the specified root.
21738type PolicyNotAttachedException struct {
21739	_            struct{}                  `type:"structure"`
21740	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21741
21742	Message_ *string `locationName:"Message" type:"string"`
21743}
21744
21745// String returns the string representation
21746func (s PolicyNotAttachedException) String() string {
21747	return awsutil.Prettify(s)
21748}
21749
21750// GoString returns the string representation
21751func (s PolicyNotAttachedException) GoString() string {
21752	return s.String()
21753}
21754
21755func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error {
21756	return &PolicyNotAttachedException{
21757		RespMetadata: v,
21758	}
21759}
21760
21761// Code returns the exception type name.
21762func (s *PolicyNotAttachedException) Code() string {
21763	return "PolicyNotAttachedException"
21764}
21765
21766// Message returns the exception's message.
21767func (s *PolicyNotAttachedException) Message() string {
21768	if s.Message_ != nil {
21769		return *s.Message_
21770	}
21771	return ""
21772}
21773
21774// OrigErr always returns nil, satisfies awserr.Error interface.
21775func (s *PolicyNotAttachedException) OrigErr() error {
21776	return nil
21777}
21778
21779func (s *PolicyNotAttachedException) Error() string {
21780	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21781}
21782
21783// Status code returns the HTTP status code for the request's response error.
21784func (s *PolicyNotAttachedException) StatusCode() int {
21785	return s.RespMetadata.StatusCode
21786}
21787
21788// RequestID returns the service's response RequestID for request.
21789func (s *PolicyNotAttachedException) RequestID() string {
21790	return s.RespMetadata.RequestID
21791}
21792
21793// We can't find a policy with the PolicyId that you specified.
21794type PolicyNotFoundException struct {
21795	_            struct{}                  `type:"structure"`
21796	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
21797
21798	Message_ *string `locationName:"Message" type:"string"`
21799}
21800
21801// String returns the string representation
21802func (s PolicyNotFoundException) String() string {
21803	return awsutil.Prettify(s)
21804}
21805
21806// GoString returns the string representation
21807func (s PolicyNotFoundException) GoString() string {
21808	return s.String()
21809}
21810
21811func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error {
21812	return &PolicyNotFoundException{
21813		RespMetadata: v,
21814	}
21815}
21816
21817// Code returns the exception type name.
21818func (s *PolicyNotFoundException) Code() string {
21819	return "PolicyNotFoundException"
21820}
21821
21822// Message returns the exception's message.
21823func (s *PolicyNotFoundException) Message() string {
21824	if s.Message_ != nil {
21825		return *s.Message_
21826	}
21827	return ""
21828}
21829
21830// OrigErr always returns nil, satisfies awserr.Error interface.
21831func (s *PolicyNotFoundException) OrigErr() error {
21832	return nil
21833}
21834
21835func (s *PolicyNotFoundException) Error() string {
21836	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
21837}
21838
21839// Status code returns the HTTP status code for the request's response error.
21840func (s *PolicyNotFoundException) StatusCode() int {
21841	return s.RespMetadata.StatusCode
21842}
21843
21844// RequestID returns the service's response RequestID for request.
21845func (s *PolicyNotFoundException) RequestID() string {
21846	return s.RespMetadata.RequestID
21847}
21848
21849// Contains information about a policy, but does not include the content. To
21850// see the content of a policy, see DescribePolicy.
21851type PolicySummary struct {
21852	_ struct{} `type:"structure"`
21853
21854	// The Amazon Resource Name (ARN) of the policy.
21855	//
21856	// For more information about ARNs in Organizations, see ARN Formats Supported
21857	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
21858	// in the AWS Service Authorization Reference.
21859	Arn *string `type:"string"`
21860
21861	// A boolean value that indicates whether the specified policy is an AWS managed
21862	// policy. If true, then you can attach the policy to roots, OUs, or accounts,
21863	// but you cannot edit it.
21864	AwsManaged *bool `type:"boolean"`
21865
21866	// The description of the policy.
21867	Description *string `type:"string"`
21868
21869	// The unique identifier (ID) of the policy.
21870	//
21871	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
21872	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
21873	// or the underscore character (_).
21874	Id *string `type:"string"`
21875
21876	// The friendly name of the policy.
21877	//
21878	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21879	// this parameter is a string of any of the characters in the ASCII character
21880	// range.
21881	Name *string `min:"1" type:"string"`
21882
21883	// The type of policy.
21884	Type *string `type:"string" enum:"PolicyType"`
21885}
21886
21887// String returns the string representation
21888func (s PolicySummary) String() string {
21889	return awsutil.Prettify(s)
21890}
21891
21892// GoString returns the string representation
21893func (s PolicySummary) GoString() string {
21894	return s.String()
21895}
21896
21897// SetArn sets the Arn field's value.
21898func (s *PolicySummary) SetArn(v string) *PolicySummary {
21899	s.Arn = &v
21900	return s
21901}
21902
21903// SetAwsManaged sets the AwsManaged field's value.
21904func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary {
21905	s.AwsManaged = &v
21906	return s
21907}
21908
21909// SetDescription sets the Description field's value.
21910func (s *PolicySummary) SetDescription(v string) *PolicySummary {
21911	s.Description = &v
21912	return s
21913}
21914
21915// SetId sets the Id field's value.
21916func (s *PolicySummary) SetId(v string) *PolicySummary {
21917	s.Id = &v
21918	return s
21919}
21920
21921// SetName sets the Name field's value.
21922func (s *PolicySummary) SetName(v string) *PolicySummary {
21923	s.Name = &v
21924	return s
21925}
21926
21927// SetType sets the Type field's value.
21928func (s *PolicySummary) SetType(v string) *PolicySummary {
21929	s.Type = &v
21930	return s
21931}
21932
21933// Contains information about a root, OU, or account that a policy is attached
21934// to.
21935type PolicyTargetSummary struct {
21936	_ struct{} `type:"structure"`
21937
21938	// The Amazon Resource Name (ARN) of the policy target.
21939	//
21940	// For more information about ARNs in Organizations, see ARN Formats Supported
21941	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
21942	// in the AWS Service Authorization Reference.
21943	Arn *string `type:"string"`
21944
21945	// The friendly name of the policy target.
21946	//
21947	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
21948	// this parameter is a string of any of the characters in the ASCII character
21949	// range.
21950	Name *string `min:"1" type:"string"`
21951
21952	// The unique identifier (ID) of the policy target.
21953	//
21954	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
21955	// requires one of the following:
21956	//
21957	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
21958	//    letters or digits.
21959	//
21960	//    * Account - A string that consists of exactly 12 digits.
21961	//
21962	//    * Organizational unit (OU) - A string that begins with "ou-" followed
21963	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
21964	//    OU is in). This string is followed by a second "-" dash and from 8 to
21965	//    32 additional lowercase letters or digits.
21966	TargetId *string `type:"string"`
21967
21968	// The type of the policy target.
21969	Type *string `type:"string" enum:"TargetType"`
21970}
21971
21972// String returns the string representation
21973func (s PolicyTargetSummary) String() string {
21974	return awsutil.Prettify(s)
21975}
21976
21977// GoString returns the string representation
21978func (s PolicyTargetSummary) GoString() string {
21979	return s.String()
21980}
21981
21982// SetArn sets the Arn field's value.
21983func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary {
21984	s.Arn = &v
21985	return s
21986}
21987
21988// SetName sets the Name field's value.
21989func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary {
21990	s.Name = &v
21991	return s
21992}
21993
21994// SetTargetId sets the TargetId field's value.
21995func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary {
21996	s.TargetId = &v
21997	return s
21998}
21999
22000// SetType sets the Type field's value.
22001func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary {
22002	s.Type = &v
22003	return s
22004}
22005
22006// The specified policy type is already enabled in the specified root.
22007type PolicyTypeAlreadyEnabledException struct {
22008	_            struct{}                  `type:"structure"`
22009	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22010
22011	Message_ *string `locationName:"Message" type:"string"`
22012}
22013
22014// String returns the string representation
22015func (s PolicyTypeAlreadyEnabledException) String() string {
22016	return awsutil.Prettify(s)
22017}
22018
22019// GoString returns the string representation
22020func (s PolicyTypeAlreadyEnabledException) GoString() string {
22021	return s.String()
22022}
22023
22024func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error {
22025	return &PolicyTypeAlreadyEnabledException{
22026		RespMetadata: v,
22027	}
22028}
22029
22030// Code returns the exception type name.
22031func (s *PolicyTypeAlreadyEnabledException) Code() string {
22032	return "PolicyTypeAlreadyEnabledException"
22033}
22034
22035// Message returns the exception's message.
22036func (s *PolicyTypeAlreadyEnabledException) Message() string {
22037	if s.Message_ != nil {
22038		return *s.Message_
22039	}
22040	return ""
22041}
22042
22043// OrigErr always returns nil, satisfies awserr.Error interface.
22044func (s *PolicyTypeAlreadyEnabledException) OrigErr() error {
22045	return nil
22046}
22047
22048func (s *PolicyTypeAlreadyEnabledException) Error() string {
22049	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22050}
22051
22052// Status code returns the HTTP status code for the request's response error.
22053func (s *PolicyTypeAlreadyEnabledException) StatusCode() int {
22054	return s.RespMetadata.StatusCode
22055}
22056
22057// RequestID returns the service's response RequestID for request.
22058func (s *PolicyTypeAlreadyEnabledException) RequestID() string {
22059	return s.RespMetadata.RequestID
22060}
22061
22062// You can't use the specified policy type with the feature set currently enabled
22063// for this organization. For example, you can enable SCPs only after you enable
22064// all features in the organization. For more information, see Managing AWS
22065// Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
22066// the AWS Organizations User Guide.
22067type PolicyTypeNotAvailableForOrganizationException struct {
22068	_            struct{}                  `type:"structure"`
22069	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22070
22071	Message_ *string `locationName:"Message" type:"string"`
22072}
22073
22074// String returns the string representation
22075func (s PolicyTypeNotAvailableForOrganizationException) String() string {
22076	return awsutil.Prettify(s)
22077}
22078
22079// GoString returns the string representation
22080func (s PolicyTypeNotAvailableForOrganizationException) GoString() string {
22081	return s.String()
22082}
22083
22084func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error {
22085	return &PolicyTypeNotAvailableForOrganizationException{
22086		RespMetadata: v,
22087	}
22088}
22089
22090// Code returns the exception type name.
22091func (s *PolicyTypeNotAvailableForOrganizationException) Code() string {
22092	return "PolicyTypeNotAvailableForOrganizationException"
22093}
22094
22095// Message returns the exception's message.
22096func (s *PolicyTypeNotAvailableForOrganizationException) Message() string {
22097	if s.Message_ != nil {
22098		return *s.Message_
22099	}
22100	return ""
22101}
22102
22103// OrigErr always returns nil, satisfies awserr.Error interface.
22104func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error {
22105	return nil
22106}
22107
22108func (s *PolicyTypeNotAvailableForOrganizationException) Error() string {
22109	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22110}
22111
22112// Status code returns the HTTP status code for the request's response error.
22113func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int {
22114	return s.RespMetadata.StatusCode
22115}
22116
22117// RequestID returns the service's response RequestID for request.
22118func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string {
22119	return s.RespMetadata.RequestID
22120}
22121
22122// The specified policy type isn't currently enabled in this root. You can't
22123// attach policies of the specified type to entities in a root until you enable
22124// that type in the root. For more information, see Enabling All Features in
22125// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
22126// in the AWS Organizations User Guide.
22127type PolicyTypeNotEnabledException struct {
22128	_            struct{}                  `type:"structure"`
22129	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22130
22131	Message_ *string `locationName:"Message" type:"string"`
22132}
22133
22134// String returns the string representation
22135func (s PolicyTypeNotEnabledException) String() string {
22136	return awsutil.Prettify(s)
22137}
22138
22139// GoString returns the string representation
22140func (s PolicyTypeNotEnabledException) GoString() string {
22141	return s.String()
22142}
22143
22144func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error {
22145	return &PolicyTypeNotEnabledException{
22146		RespMetadata: v,
22147	}
22148}
22149
22150// Code returns the exception type name.
22151func (s *PolicyTypeNotEnabledException) Code() string {
22152	return "PolicyTypeNotEnabledException"
22153}
22154
22155// Message returns the exception's message.
22156func (s *PolicyTypeNotEnabledException) Message() string {
22157	if s.Message_ != nil {
22158		return *s.Message_
22159	}
22160	return ""
22161}
22162
22163// OrigErr always returns nil, satisfies awserr.Error interface.
22164func (s *PolicyTypeNotEnabledException) OrigErr() error {
22165	return nil
22166}
22167
22168func (s *PolicyTypeNotEnabledException) Error() string {
22169	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22170}
22171
22172// Status code returns the HTTP status code for the request's response error.
22173func (s *PolicyTypeNotEnabledException) StatusCode() int {
22174	return s.RespMetadata.StatusCode
22175}
22176
22177// RequestID returns the service's response RequestID for request.
22178func (s *PolicyTypeNotEnabledException) RequestID() string {
22179	return s.RespMetadata.RequestID
22180}
22181
22182// Contains information about a policy type and its status in the associated
22183// root.
22184type PolicyTypeSummary struct {
22185	_ struct{} `type:"structure"`
22186
22187	// The status of the policy type as it relates to the associated root. To attach
22188	// a policy of the specified type to a root or to an OU or account in that root,
22189	// it must be available in the organization and enabled for that root.
22190	Status *string `type:"string" enum:"PolicyTypeStatus"`
22191
22192	// The name of the policy type.
22193	Type *string `type:"string" enum:"PolicyType"`
22194}
22195
22196// String returns the string representation
22197func (s PolicyTypeSummary) String() string {
22198	return awsutil.Prettify(s)
22199}
22200
22201// GoString returns the string representation
22202func (s PolicyTypeSummary) GoString() string {
22203	return s.String()
22204}
22205
22206// SetStatus sets the Status field's value.
22207func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary {
22208	s.Status = &v
22209	return s
22210}
22211
22212// SetType sets the Type field's value.
22213func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary {
22214	s.Type = &v
22215	return s
22216}
22217
22218type RegisterDelegatedAdministratorInput struct {
22219	_ struct{} `type:"structure"`
22220
22221	// The account ID number of the member account in the organization to register
22222	// as a delegated administrator.
22223	//
22224	// AccountId is a required field
22225	AccountId *string `type:"string" required:"true"`
22226
22227	// The service principal of the AWS service for which you want to make the member
22228	// account a delegated administrator.
22229	//
22230	// ServicePrincipal is a required field
22231	ServicePrincipal *string `min:"1" type:"string" required:"true"`
22232}
22233
22234// String returns the string representation
22235func (s RegisterDelegatedAdministratorInput) String() string {
22236	return awsutil.Prettify(s)
22237}
22238
22239// GoString returns the string representation
22240func (s RegisterDelegatedAdministratorInput) GoString() string {
22241	return s.String()
22242}
22243
22244// Validate inspects the fields of the type to determine if they are valid.
22245func (s *RegisterDelegatedAdministratorInput) Validate() error {
22246	invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"}
22247	if s.AccountId == nil {
22248		invalidParams.Add(request.NewErrParamRequired("AccountId"))
22249	}
22250	if s.ServicePrincipal == nil {
22251		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
22252	}
22253	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
22254		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
22255	}
22256
22257	if invalidParams.Len() > 0 {
22258		return invalidParams
22259	}
22260	return nil
22261}
22262
22263// SetAccountId sets the AccountId field's value.
22264func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput {
22265	s.AccountId = &v
22266	return s
22267}
22268
22269// SetServicePrincipal sets the ServicePrincipal field's value.
22270func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput {
22271	s.ServicePrincipal = &v
22272	return s
22273}
22274
22275type RegisterDelegatedAdministratorOutput struct {
22276	_ struct{} `type:"structure"`
22277}
22278
22279// String returns the string representation
22280func (s RegisterDelegatedAdministratorOutput) String() string {
22281	return awsutil.Prettify(s)
22282}
22283
22284// GoString returns the string representation
22285func (s RegisterDelegatedAdministratorOutput) GoString() string {
22286	return s.String()
22287}
22288
22289type RemoveAccountFromOrganizationInput struct {
22290	_ struct{} `type:"structure"`
22291
22292	// The unique identifier (ID) of the member account that you want to remove
22293	// from the organization.
22294	//
22295	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
22296	// requires exactly 12 digits.
22297	//
22298	// AccountId is a required field
22299	AccountId *string `type:"string" required:"true"`
22300}
22301
22302// String returns the string representation
22303func (s RemoveAccountFromOrganizationInput) String() string {
22304	return awsutil.Prettify(s)
22305}
22306
22307// GoString returns the string representation
22308func (s RemoveAccountFromOrganizationInput) GoString() string {
22309	return s.String()
22310}
22311
22312// Validate inspects the fields of the type to determine if they are valid.
22313func (s *RemoveAccountFromOrganizationInput) Validate() error {
22314	invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"}
22315	if s.AccountId == nil {
22316		invalidParams.Add(request.NewErrParamRequired("AccountId"))
22317	}
22318
22319	if invalidParams.Len() > 0 {
22320		return invalidParams
22321	}
22322	return nil
22323}
22324
22325// SetAccountId sets the AccountId field's value.
22326func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput {
22327	s.AccountId = &v
22328	return s
22329}
22330
22331type RemoveAccountFromOrganizationOutput struct {
22332	_ struct{} `type:"structure"`
22333}
22334
22335// String returns the string representation
22336func (s RemoveAccountFromOrganizationOutput) String() string {
22337	return awsutil.Prettify(s)
22338}
22339
22340// GoString returns the string representation
22341func (s RemoveAccountFromOrganizationOutput) GoString() string {
22342	return s.String()
22343}
22344
22345// Contains details about a root. A root is a top-level parent node in the hierarchy
22346// of an organization that can contain organizational units (OUs) and accounts.
22347// The root contains every AWS account in the organization.
22348type Root struct {
22349	_ struct{} `type:"structure"`
22350
22351	// The Amazon Resource Name (ARN) of the root.
22352	//
22353	// For more information about ARNs in Organizations, see ARN Formats Supported
22354	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
22355	// in the AWS Service Authorization Reference.
22356	Arn *string `type:"string"`
22357
22358	// The unique identifier (ID) for the root.
22359	//
22360	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
22361	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
22362	Id *string `type:"string"`
22363
22364	// The friendly name of the root.
22365	//
22366	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
22367	// this parameter is a string of any of the characters in the ASCII character
22368	// range.
22369	Name *string `min:"1" type:"string"`
22370
22371	// The types of policies that are currently enabled for the root and therefore
22372	// can be attached to the root or to its OUs or accounts.
22373	//
22374	// Even if a policy type is shown as available in the organization, you can
22375	// separately enable and disable them at the root level by using EnablePolicyType
22376	// and DisablePolicyType. Use DescribeOrganization to see the availability of
22377	// the policy types in that organization.
22378	PolicyTypes []*PolicyTypeSummary `type:"list"`
22379}
22380
22381// String returns the string representation
22382func (s Root) String() string {
22383	return awsutil.Prettify(s)
22384}
22385
22386// GoString returns the string representation
22387func (s Root) GoString() string {
22388	return s.String()
22389}
22390
22391// SetArn sets the Arn field's value.
22392func (s *Root) SetArn(v string) *Root {
22393	s.Arn = &v
22394	return s
22395}
22396
22397// SetId sets the Id field's value.
22398func (s *Root) SetId(v string) *Root {
22399	s.Id = &v
22400	return s
22401}
22402
22403// SetName sets the Name field's value.
22404func (s *Root) SetName(v string) *Root {
22405	s.Name = &v
22406	return s
22407}
22408
22409// SetPolicyTypes sets the PolicyTypes field's value.
22410func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root {
22411	s.PolicyTypes = v
22412	return s
22413}
22414
22415// We can't find a root with the RootId that you specified.
22416type RootNotFoundException struct {
22417	_            struct{}                  `type:"structure"`
22418	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22419
22420	Message_ *string `locationName:"Message" type:"string"`
22421}
22422
22423// String returns the string representation
22424func (s RootNotFoundException) String() string {
22425	return awsutil.Prettify(s)
22426}
22427
22428// GoString returns the string representation
22429func (s RootNotFoundException) GoString() string {
22430	return s.String()
22431}
22432
22433func newErrorRootNotFoundException(v protocol.ResponseMetadata) error {
22434	return &RootNotFoundException{
22435		RespMetadata: v,
22436	}
22437}
22438
22439// Code returns the exception type name.
22440func (s *RootNotFoundException) Code() string {
22441	return "RootNotFoundException"
22442}
22443
22444// Message returns the exception's message.
22445func (s *RootNotFoundException) Message() string {
22446	if s.Message_ != nil {
22447		return *s.Message_
22448	}
22449	return ""
22450}
22451
22452// OrigErr always returns nil, satisfies awserr.Error interface.
22453func (s *RootNotFoundException) OrigErr() error {
22454	return nil
22455}
22456
22457func (s *RootNotFoundException) Error() string {
22458	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22459}
22460
22461// Status code returns the HTTP status code for the request's response error.
22462func (s *RootNotFoundException) StatusCode() int {
22463	return s.RespMetadata.StatusCode
22464}
22465
22466// RequestID returns the service's response RequestID for request.
22467func (s *RootNotFoundException) RequestID() string {
22468	return s.RespMetadata.RequestID
22469}
22470
22471// AWS Organizations can't complete your request because of an internal service
22472// error. Try again later.
22473type ServiceException struct {
22474	_            struct{}                  `type:"structure"`
22475	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22476
22477	Message_ *string `locationName:"Message" type:"string"`
22478}
22479
22480// String returns the string representation
22481func (s ServiceException) String() string {
22482	return awsutil.Prettify(s)
22483}
22484
22485// GoString returns the string representation
22486func (s ServiceException) GoString() string {
22487	return s.String()
22488}
22489
22490func newErrorServiceException(v protocol.ResponseMetadata) error {
22491	return &ServiceException{
22492		RespMetadata: v,
22493	}
22494}
22495
22496// Code returns the exception type name.
22497func (s *ServiceException) Code() string {
22498	return "ServiceException"
22499}
22500
22501// Message returns the exception's message.
22502func (s *ServiceException) Message() string {
22503	if s.Message_ != nil {
22504		return *s.Message_
22505	}
22506	return ""
22507}
22508
22509// OrigErr always returns nil, satisfies awserr.Error interface.
22510func (s *ServiceException) OrigErr() error {
22511	return nil
22512}
22513
22514func (s *ServiceException) Error() string {
22515	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22516}
22517
22518// Status code returns the HTTP status code for the request's response error.
22519func (s *ServiceException) StatusCode() int {
22520	return s.RespMetadata.StatusCode
22521}
22522
22523// RequestID returns the service's response RequestID for request.
22524func (s *ServiceException) RequestID() string {
22525	return s.RespMetadata.RequestID
22526}
22527
22528// We can't find a source root or OU with the ParentId that you specified.
22529type SourceParentNotFoundException struct {
22530	_            struct{}                  `type:"structure"`
22531	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22532
22533	Message_ *string `locationName:"Message" type:"string"`
22534}
22535
22536// String returns the string representation
22537func (s SourceParentNotFoundException) String() string {
22538	return awsutil.Prettify(s)
22539}
22540
22541// GoString returns the string representation
22542func (s SourceParentNotFoundException) GoString() string {
22543	return s.String()
22544}
22545
22546func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error {
22547	return &SourceParentNotFoundException{
22548		RespMetadata: v,
22549	}
22550}
22551
22552// Code returns the exception type name.
22553func (s *SourceParentNotFoundException) Code() string {
22554	return "SourceParentNotFoundException"
22555}
22556
22557// Message returns the exception's message.
22558func (s *SourceParentNotFoundException) Message() string {
22559	if s.Message_ != nil {
22560		return *s.Message_
22561	}
22562	return ""
22563}
22564
22565// OrigErr always returns nil, satisfies awserr.Error interface.
22566func (s *SourceParentNotFoundException) OrigErr() error {
22567	return nil
22568}
22569
22570func (s *SourceParentNotFoundException) Error() string {
22571	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22572}
22573
22574// Status code returns the HTTP status code for the request's response error.
22575func (s *SourceParentNotFoundException) StatusCode() int {
22576	return s.RespMetadata.StatusCode
22577}
22578
22579// RequestID returns the service's response RequestID for request.
22580func (s *SourceParentNotFoundException) RequestID() string {
22581	return s.RespMetadata.RequestID
22582}
22583
22584// A custom key-value pair associated with a resource within your organization.
22585//
22586// You can attach tags to any of the following organization resources.
22587//
22588//    * AWS account
22589//
22590//    * Organizational unit (OU)
22591//
22592//    * Organization root
22593//
22594//    * Policy
22595type Tag struct {
22596	_ struct{} `type:"structure"`
22597
22598	// The key identifier, or name, of the tag.
22599	//
22600	// Key is a required field
22601	Key *string `min:"1" type:"string" required:"true"`
22602
22603	// The string value that's associated with the key of the tag. You can set the
22604	// value of a tag to an empty string, but you can't set the value of a tag to
22605	// null.
22606	//
22607	// Value is a required field
22608	Value *string `type:"string" required:"true"`
22609}
22610
22611// String returns the string representation
22612func (s Tag) String() string {
22613	return awsutil.Prettify(s)
22614}
22615
22616// GoString returns the string representation
22617func (s Tag) GoString() string {
22618	return s.String()
22619}
22620
22621// Validate inspects the fields of the type to determine if they are valid.
22622func (s *Tag) Validate() error {
22623	invalidParams := request.ErrInvalidParams{Context: "Tag"}
22624	if s.Key == nil {
22625		invalidParams.Add(request.NewErrParamRequired("Key"))
22626	}
22627	if s.Key != nil && len(*s.Key) < 1 {
22628		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
22629	}
22630	if s.Value == nil {
22631		invalidParams.Add(request.NewErrParamRequired("Value"))
22632	}
22633
22634	if invalidParams.Len() > 0 {
22635		return invalidParams
22636	}
22637	return nil
22638}
22639
22640// SetKey sets the Key field's value.
22641func (s *Tag) SetKey(v string) *Tag {
22642	s.Key = &v
22643	return s
22644}
22645
22646// SetValue sets the Value field's value.
22647func (s *Tag) SetValue(v string) *Tag {
22648	s.Value = &v
22649	return s
22650}
22651
22652type TagResourceInput struct {
22653	_ struct{} `type:"structure"`
22654
22655	// The ID of the resource to add a tag to.
22656	//
22657	// ResourceId is a required field
22658	ResourceId *string `type:"string" required:"true"`
22659
22660	// A list of tags to add to the specified resource.
22661	//
22662	// You can specify any of the following taggable resources.
22663	//
22664	//    * AWS account – specify the account ID number.
22665	//
22666	//    * Organizational unit – specify the OU ID that begins with ou- and looks
22667	//    similar to: ou-1a2b-34uvwxyz
22668	//
22669	//    * Root – specify the root ID that begins with r- and looks similar to:
22670	//    r-1a2b
22671	//
22672	//    * Policy – specify the policy ID that begins with p- andlooks similar
22673	//    to: p-12abcdefg3
22674	//
22675	// For each tag in the list, you must specify both a tag key and a value. You
22676	// can set the value to an empty string, but you can't set it to null.
22677	//
22678	// If any one of the tags is invalid or if you exceed the allowed number of
22679	// tags for an account user, then the entire request fails and the account is
22680	// not created.
22681	//
22682	// Tags is a required field
22683	Tags []*Tag `type:"list" required:"true"`
22684}
22685
22686// String returns the string representation
22687func (s TagResourceInput) String() string {
22688	return awsutil.Prettify(s)
22689}
22690
22691// GoString returns the string representation
22692func (s TagResourceInput) GoString() string {
22693	return s.String()
22694}
22695
22696// Validate inspects the fields of the type to determine if they are valid.
22697func (s *TagResourceInput) Validate() error {
22698	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
22699	if s.ResourceId == nil {
22700		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
22701	}
22702	if s.Tags == nil {
22703		invalidParams.Add(request.NewErrParamRequired("Tags"))
22704	}
22705	if s.Tags != nil {
22706		for i, v := range s.Tags {
22707			if v == nil {
22708				continue
22709			}
22710			if err := v.Validate(); err != nil {
22711				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
22712			}
22713		}
22714	}
22715
22716	if invalidParams.Len() > 0 {
22717		return invalidParams
22718	}
22719	return nil
22720}
22721
22722// SetResourceId sets the ResourceId field's value.
22723func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput {
22724	s.ResourceId = &v
22725	return s
22726}
22727
22728// SetTags sets the Tags field's value.
22729func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
22730	s.Tags = v
22731	return s
22732}
22733
22734type TagResourceOutput struct {
22735	_ struct{} `type:"structure"`
22736}
22737
22738// String returns the string representation
22739func (s TagResourceOutput) String() string {
22740	return awsutil.Prettify(s)
22741}
22742
22743// GoString returns the string representation
22744func (s TagResourceOutput) GoString() string {
22745	return s.String()
22746}
22747
22748// We can't find a root, OU, account, or policy with the TargetId that you specified.
22749type TargetNotFoundException struct {
22750	_            struct{}                  `type:"structure"`
22751	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22752
22753	Message_ *string `locationName:"Message" type:"string"`
22754}
22755
22756// String returns the string representation
22757func (s TargetNotFoundException) String() string {
22758	return awsutil.Prettify(s)
22759}
22760
22761// GoString returns the string representation
22762func (s TargetNotFoundException) GoString() string {
22763	return s.String()
22764}
22765
22766func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error {
22767	return &TargetNotFoundException{
22768		RespMetadata: v,
22769	}
22770}
22771
22772// Code returns the exception type name.
22773func (s *TargetNotFoundException) Code() string {
22774	return "TargetNotFoundException"
22775}
22776
22777// Message returns the exception's message.
22778func (s *TargetNotFoundException) Message() string {
22779	if s.Message_ != nil {
22780		return *s.Message_
22781	}
22782	return ""
22783}
22784
22785// OrigErr always returns nil, satisfies awserr.Error interface.
22786func (s *TargetNotFoundException) OrigErr() error {
22787	return nil
22788}
22789
22790func (s *TargetNotFoundException) Error() string {
22791	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22792}
22793
22794// Status code returns the HTTP status code for the request's response error.
22795func (s *TargetNotFoundException) StatusCode() int {
22796	return s.RespMetadata.StatusCode
22797}
22798
22799// RequestID returns the service's response RequestID for request.
22800func (s *TargetNotFoundException) RequestID() string {
22801	return s.RespMetadata.RequestID
22802}
22803
22804// You have sent too many requests in too short a period of time. The quota
22805// helps protect against denial-of-service attacks. Try again later.
22806//
22807// For information about quotas that affect AWS Organizations, see Quotas for
22808// AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
22809// the AWS Organizations User Guide.
22810type TooManyRequestsException struct {
22811	_            struct{}                  `type:"structure"`
22812	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22813
22814	Message_ *string `locationName:"Message" type:"string"`
22815
22816	Type *string `type:"string"`
22817}
22818
22819// String returns the string representation
22820func (s TooManyRequestsException) String() string {
22821	return awsutil.Prettify(s)
22822}
22823
22824// GoString returns the string representation
22825func (s TooManyRequestsException) GoString() string {
22826	return s.String()
22827}
22828
22829func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
22830	return &TooManyRequestsException{
22831		RespMetadata: v,
22832	}
22833}
22834
22835// Code returns the exception type name.
22836func (s *TooManyRequestsException) Code() string {
22837	return "TooManyRequestsException"
22838}
22839
22840// Message returns the exception's message.
22841func (s *TooManyRequestsException) Message() string {
22842	if s.Message_ != nil {
22843		return *s.Message_
22844	}
22845	return ""
22846}
22847
22848// OrigErr always returns nil, satisfies awserr.Error interface.
22849func (s *TooManyRequestsException) OrigErr() error {
22850	return nil
22851}
22852
22853func (s *TooManyRequestsException) Error() string {
22854	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
22855}
22856
22857// Status code returns the HTTP status code for the request's response error.
22858func (s *TooManyRequestsException) StatusCode() int {
22859	return s.RespMetadata.StatusCode
22860}
22861
22862// RequestID returns the service's response RequestID for request.
22863func (s *TooManyRequestsException) RequestID() string {
22864	return s.RespMetadata.RequestID
22865}
22866
22867// This action isn't available in the current AWS Region.
22868type UnsupportedAPIEndpointException struct {
22869	_            struct{}                  `type:"structure"`
22870	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
22871
22872	Message_ *string `locationName:"Message" type:"string"`
22873}
22874
22875// String returns the string representation
22876func (s UnsupportedAPIEndpointException) String() string {
22877	return awsutil.Prettify(s)
22878}
22879
22880// GoString returns the string representation
22881func (s UnsupportedAPIEndpointException) GoString() string {
22882	return s.String()
22883}
22884
22885func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error {
22886	return &UnsupportedAPIEndpointException{
22887		RespMetadata: v,
22888	}
22889}
22890
22891// Code returns the exception type name.
22892func (s *UnsupportedAPIEndpointException) Code() string {
22893	return "UnsupportedAPIEndpointException"
22894}
22895
22896// Message returns the exception's message.
22897func (s *UnsupportedAPIEndpointException) Message() string {
22898	if s.Message_ != nil {
22899		return *s.Message_
22900	}
22901	return ""
22902}
22903
22904// OrigErr always returns nil, satisfies awserr.Error interface.
22905func (s *UnsupportedAPIEndpointException) OrigErr() error {
22906	return nil
22907}
22908
22909func (s *UnsupportedAPIEndpointException) Error() string {
22910	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
22911}
22912
22913// Status code returns the HTTP status code for the request's response error.
22914func (s *UnsupportedAPIEndpointException) StatusCode() int {
22915	return s.RespMetadata.StatusCode
22916}
22917
22918// RequestID returns the service's response RequestID for request.
22919func (s *UnsupportedAPIEndpointException) RequestID() string {
22920	return s.RespMetadata.RequestID
22921}
22922
22923type UntagResourceInput struct {
22924	_ struct{} `type:"structure"`
22925
22926	// The ID of the resource to remove a tag from.
22927	//
22928	// You can specify any of the following taggable resources.
22929	//
22930	//    * AWS account – specify the account ID number.
22931	//
22932	//    * Organizational unit – specify the OU ID that begins with ou- and looks
22933	//    similar to: ou-1a2b-34uvwxyz
22934	//
22935	//    * Root – specify the root ID that begins with r- and looks similar to:
22936	//    r-1a2b
22937	//
22938	//    * Policy – specify the policy ID that begins with p- andlooks similar
22939	//    to: p-12abcdefg3
22940	//
22941	// ResourceId is a required field
22942	ResourceId *string `type:"string" required:"true"`
22943
22944	// The list of keys for tags to remove from the specified resource.
22945	//
22946	// TagKeys is a required field
22947	TagKeys []*string `type:"list" required:"true"`
22948}
22949
22950// String returns the string representation
22951func (s UntagResourceInput) String() string {
22952	return awsutil.Prettify(s)
22953}
22954
22955// GoString returns the string representation
22956func (s UntagResourceInput) GoString() string {
22957	return s.String()
22958}
22959
22960// Validate inspects the fields of the type to determine if they are valid.
22961func (s *UntagResourceInput) Validate() error {
22962	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
22963	if s.ResourceId == nil {
22964		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
22965	}
22966	if s.TagKeys == nil {
22967		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
22968	}
22969
22970	if invalidParams.Len() > 0 {
22971		return invalidParams
22972	}
22973	return nil
22974}
22975
22976// SetResourceId sets the ResourceId field's value.
22977func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput {
22978	s.ResourceId = &v
22979	return s
22980}
22981
22982// SetTagKeys sets the TagKeys field's value.
22983func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
22984	s.TagKeys = v
22985	return s
22986}
22987
22988type UntagResourceOutput struct {
22989	_ struct{} `type:"structure"`
22990}
22991
22992// String returns the string representation
22993func (s UntagResourceOutput) String() string {
22994	return awsutil.Prettify(s)
22995}
22996
22997// GoString returns the string representation
22998func (s UntagResourceOutput) GoString() string {
22999	return s.String()
23000}
23001
23002type UpdateOrganizationalUnitInput struct {
23003	_ struct{} `type:"structure"`
23004
23005	// The new name that you want to assign to the OU.
23006	//
23007	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
23008	// this parameter is a string of any of the characters in the ASCII character
23009	// range.
23010	Name *string `min:"1" type:"string"`
23011
23012	// The unique identifier (ID) of the OU that you want to rename. You can get
23013	// the ID from the ListOrganizationalUnitsForParent operation.
23014	//
23015	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
23016	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
23017	// or digits (the ID of the root that contains the OU). This string is followed
23018	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
23019	//
23020	// OrganizationalUnitId is a required field
23021	OrganizationalUnitId *string `type:"string" required:"true"`
23022}
23023
23024// String returns the string representation
23025func (s UpdateOrganizationalUnitInput) String() string {
23026	return awsutil.Prettify(s)
23027}
23028
23029// GoString returns the string representation
23030func (s UpdateOrganizationalUnitInput) GoString() string {
23031	return s.String()
23032}
23033
23034// Validate inspects the fields of the type to determine if they are valid.
23035func (s *UpdateOrganizationalUnitInput) Validate() error {
23036	invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"}
23037	if s.Name != nil && len(*s.Name) < 1 {
23038		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
23039	}
23040	if s.OrganizationalUnitId == nil {
23041		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
23042	}
23043
23044	if invalidParams.Len() > 0 {
23045		return invalidParams
23046	}
23047	return nil
23048}
23049
23050// SetName sets the Name field's value.
23051func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput {
23052	s.Name = &v
23053	return s
23054}
23055
23056// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
23057func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput {
23058	s.OrganizationalUnitId = &v
23059	return s
23060}
23061
23062type UpdateOrganizationalUnitOutput struct {
23063	_ struct{} `type:"structure"`
23064
23065	// A structure that contains the details about the specified OU, including its
23066	// new name.
23067	OrganizationalUnit *OrganizationalUnit `type:"structure"`
23068}
23069
23070// String returns the string representation
23071func (s UpdateOrganizationalUnitOutput) String() string {
23072	return awsutil.Prettify(s)
23073}
23074
23075// GoString returns the string representation
23076func (s UpdateOrganizationalUnitOutput) GoString() string {
23077	return s.String()
23078}
23079
23080// SetOrganizationalUnit sets the OrganizationalUnit field's value.
23081func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput {
23082	s.OrganizationalUnit = v
23083	return s
23084}
23085
23086type UpdatePolicyInput struct {
23087	_ struct{} `type:"structure"`
23088
23089	// If provided, the new content for the policy. The text must be correctly formatted
23090	// JSON that complies with the syntax for the policy's type. For more information,
23091	// see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
23092	// in the AWS Organizations User Guide.
23093	Content *string `min:"1" type:"string"`
23094
23095	// If provided, the new description for the policy.
23096	Description *string `type:"string"`
23097
23098	// If provided, the new name for the policy.
23099	//
23100	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
23101	// this parameter is a string of any of the characters in the ASCII character
23102	// range.
23103	Name *string `min:"1" type:"string"`
23104
23105	// The unique identifier (ID) of the policy that you want to update.
23106	//
23107	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
23108	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
23109	// or the underscore character (_).
23110	//
23111	// PolicyId is a required field
23112	PolicyId *string `type:"string" required:"true"`
23113}
23114
23115// String returns the string representation
23116func (s UpdatePolicyInput) String() string {
23117	return awsutil.Prettify(s)
23118}
23119
23120// GoString returns the string representation
23121func (s UpdatePolicyInput) GoString() string {
23122	return s.String()
23123}
23124
23125// Validate inspects the fields of the type to determine if they are valid.
23126func (s *UpdatePolicyInput) Validate() error {
23127	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
23128	if s.Content != nil && len(*s.Content) < 1 {
23129		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
23130	}
23131	if s.Name != nil && len(*s.Name) < 1 {
23132		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
23133	}
23134	if s.PolicyId == nil {
23135		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
23136	}
23137
23138	if invalidParams.Len() > 0 {
23139		return invalidParams
23140	}
23141	return nil
23142}
23143
23144// SetContent sets the Content field's value.
23145func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput {
23146	s.Content = &v
23147	return s
23148}
23149
23150// SetDescription sets the Description field's value.
23151func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput {
23152	s.Description = &v
23153	return s
23154}
23155
23156// SetName sets the Name field's value.
23157func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput {
23158	s.Name = &v
23159	return s
23160}
23161
23162// SetPolicyId sets the PolicyId field's value.
23163func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
23164	s.PolicyId = &v
23165	return s
23166}
23167
23168type UpdatePolicyOutput struct {
23169	_ struct{} `type:"structure"`
23170
23171	// A structure that contains details about the updated policy, showing the requested
23172	// changes.
23173	Policy *Policy `type:"structure"`
23174}
23175
23176// String returns the string representation
23177func (s UpdatePolicyOutput) String() string {
23178	return awsutil.Prettify(s)
23179}
23180
23181// GoString returns the string representation
23182func (s UpdatePolicyOutput) GoString() string {
23183	return s.String()
23184}
23185
23186// SetPolicy sets the Policy field's value.
23187func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput {
23188	s.Policy = v
23189	return s
23190}
23191
23192const (
23193	// AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value
23194	AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
23195)
23196
23197// AccessDeniedForDependencyExceptionReason_Values returns all elements of the AccessDeniedForDependencyExceptionReason enum
23198func AccessDeniedForDependencyExceptionReason_Values() []string {
23199	return []string{
23200		AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole,
23201	}
23202}
23203
23204const (
23205	// AccountJoinedMethodInvited is a AccountJoinedMethod enum value
23206	AccountJoinedMethodInvited = "INVITED"
23207
23208	// AccountJoinedMethodCreated is a AccountJoinedMethod enum value
23209	AccountJoinedMethodCreated = "CREATED"
23210)
23211
23212// AccountJoinedMethod_Values returns all elements of the AccountJoinedMethod enum
23213func AccountJoinedMethod_Values() []string {
23214	return []string{
23215		AccountJoinedMethodInvited,
23216		AccountJoinedMethodCreated,
23217	}
23218}
23219
23220const (
23221	// AccountStatusActive is a AccountStatus enum value
23222	AccountStatusActive = "ACTIVE"
23223
23224	// AccountStatusSuspended is a AccountStatus enum value
23225	AccountStatusSuspended = "SUSPENDED"
23226)
23227
23228// AccountStatus_Values returns all elements of the AccountStatus enum
23229func AccountStatus_Values() []string {
23230	return []string{
23231		AccountStatusActive,
23232		AccountStatusSuspended,
23233	}
23234}
23235
23236const (
23237	// ActionTypeInvite is a ActionType enum value
23238	ActionTypeInvite = "INVITE"
23239
23240	// ActionTypeEnableAllFeatures is a ActionType enum value
23241	ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES"
23242
23243	// ActionTypeApproveAllFeatures is a ActionType enum value
23244	ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES"
23245
23246	// ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value
23247	ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
23248)
23249
23250// ActionType_Values returns all elements of the ActionType enum
23251func ActionType_Values() []string {
23252	return []string{
23253		ActionTypeInvite,
23254		ActionTypeEnableAllFeatures,
23255		ActionTypeApproveAllFeatures,
23256		ActionTypeAddOrganizationsServiceLinkedRole,
23257	}
23258}
23259
23260const (
23261	// ChildTypeAccount is a ChildType enum value
23262	ChildTypeAccount = "ACCOUNT"
23263
23264	// ChildTypeOrganizationalUnit is a ChildType enum value
23265	ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
23266)
23267
23268// ChildType_Values returns all elements of the ChildType enum
23269func ChildType_Values() []string {
23270	return []string{
23271		ChildTypeAccount,
23272		ChildTypeOrganizationalUnit,
23273	}
23274}
23275
23276const (
23277	// ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
23278	ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
23279
23280	// ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value
23281	ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
23282
23283	// ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
23284	ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
23285
23286	// ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value
23287	ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
23288
23289	// ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
23290	ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
23291
23292	// ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value
23293	ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
23294
23295	// ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
23296	ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
23297
23298	// ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
23299	ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
23300
23301	// ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value
23302	ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
23303
23304	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value
23305	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
23306
23307	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value
23308	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
23309
23310	// ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
23311	ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
23312
23313	// ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
23314	ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
23315
23316	// ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value
23317	ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
23318
23319	// ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value
23320	ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
23321
23322	// ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value
23323	ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
23324
23325	// ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value
23326	ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
23327
23328	// ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value
23329	ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
23330
23331	// ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value
23332	ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
23333
23334	// ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value
23335	ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
23336
23337	// ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value
23338	ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE"
23339
23340	// ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value
23341	ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
23342
23343	// ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value
23344	ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION"
23345
23346	// ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value
23347	ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED"
23348
23349	// ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value
23350	ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR"
23351
23352	// ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value
23353	ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG"
23354
23355	// ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value
23356	ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE"
23357
23358	// ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value
23359	ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE"
23360)
23361
23362// ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum
23363func ConstraintViolationExceptionReason_Values() []string {
23364	return []string{
23365		ConstraintViolationExceptionReasonAccountNumberLimitExceeded,
23366		ConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
23367		ConstraintViolationExceptionReasonOuNumberLimitExceeded,
23368		ConstraintViolationExceptionReasonOuDepthLimitExceeded,
23369		ConstraintViolationExceptionReasonPolicyNumberLimitExceeded,
23370		ConstraintViolationExceptionReasonPolicyContentLimitExceeded,
23371		ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded,
23372		ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded,
23373		ConstraintViolationExceptionReasonAccountCannotLeaveOrganization,
23374		ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula,
23375		ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification,
23376		ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired,
23377		ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired,
23378		ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded,
23379		ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace,
23380		ConstraintViolationExceptionReasonMasterAccountMissingContactInfo,
23381		ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled,
23382		ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode,
23383		ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion,
23384		ConstraintViolationExceptionReasonEmailVerificationCodeExpired,
23385		ConstraintViolationExceptionReasonWaitPeriodActive,
23386		ConstraintViolationExceptionReasonMaxTagLimitExceeded,
23387		ConstraintViolationExceptionReasonTagPolicyViolation,
23388		ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded,
23389		ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator,
23390		ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg,
23391		ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService,
23392		ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense,
23393	}
23394}
23395
23396const (
23397	// CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value
23398	CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
23399
23400	// CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value
23401	CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS"
23402
23403	// CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value
23404	CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS"
23405
23406	// CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value
23407	CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL"
23408
23409	// CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value
23410	CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
23411
23412	// CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value
23413	CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE"
23414
23415	// CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value
23416	CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
23417
23418	// CreateAccountFailureReasonMissingBusinessValidation is a CreateAccountFailureReason enum value
23419	CreateAccountFailureReasonMissingBusinessValidation = "MISSING_BUSINESS_VALIDATION"
23420
23421	// CreateAccountFailureReasonFailedBusinessValidation is a CreateAccountFailureReason enum value
23422	CreateAccountFailureReasonFailedBusinessValidation = "FAILED_BUSINESS_VALIDATION"
23423
23424	// CreateAccountFailureReasonPendingBusinessValidation is a CreateAccountFailureReason enum value
23425	CreateAccountFailureReasonPendingBusinessValidation = "PENDING_BUSINESS_VALIDATION"
23426
23427	// CreateAccountFailureReasonInvalidIdentityForBusinessValidation is a CreateAccountFailureReason enum value
23428	CreateAccountFailureReasonInvalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION"
23429
23430	// CreateAccountFailureReasonUnknownBusinessValidation is a CreateAccountFailureReason enum value
23431	CreateAccountFailureReasonUnknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION"
23432
23433	// CreateAccountFailureReasonMissingPaymentInstrument is a CreateAccountFailureReason enum value
23434	CreateAccountFailureReasonMissingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT"
23435)
23436
23437// CreateAccountFailureReason_Values returns all elements of the CreateAccountFailureReason enum
23438func CreateAccountFailureReason_Values() []string {
23439	return []string{
23440		CreateAccountFailureReasonAccountLimitExceeded,
23441		CreateAccountFailureReasonEmailAlreadyExists,
23442		CreateAccountFailureReasonInvalidAddress,
23443		CreateAccountFailureReasonInvalidEmail,
23444		CreateAccountFailureReasonConcurrentAccountModification,
23445		CreateAccountFailureReasonInternalFailure,
23446		CreateAccountFailureReasonGovcloudAccountAlreadyExists,
23447		CreateAccountFailureReasonMissingBusinessValidation,
23448		CreateAccountFailureReasonFailedBusinessValidation,
23449		CreateAccountFailureReasonPendingBusinessValidation,
23450		CreateAccountFailureReasonInvalidIdentityForBusinessValidation,
23451		CreateAccountFailureReasonUnknownBusinessValidation,
23452		CreateAccountFailureReasonMissingPaymentInstrument,
23453	}
23454}
23455
23456const (
23457	// CreateAccountStateInProgress is a CreateAccountState enum value
23458	CreateAccountStateInProgress = "IN_PROGRESS"
23459
23460	// CreateAccountStateSucceeded is a CreateAccountState enum value
23461	CreateAccountStateSucceeded = "SUCCEEDED"
23462
23463	// CreateAccountStateFailed is a CreateAccountState enum value
23464	CreateAccountStateFailed = "FAILED"
23465)
23466
23467// CreateAccountState_Values returns all elements of the CreateAccountState enum
23468func CreateAccountState_Values() []string {
23469	return []string{
23470		CreateAccountStateInProgress,
23471		CreateAccountStateSucceeded,
23472		CreateAccountStateFailed,
23473	}
23474}
23475
23476const (
23477	// EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value
23478	EffectivePolicyTypeTagPolicy = "TAG_POLICY"
23479
23480	// EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value
23481	EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY"
23482
23483	// EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value
23484	EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
23485)
23486
23487// EffectivePolicyType_Values returns all elements of the EffectivePolicyType enum
23488func EffectivePolicyType_Values() []string {
23489	return []string{
23490		EffectivePolicyTypeTagPolicy,
23491		EffectivePolicyTypeBackupPolicy,
23492		EffectivePolicyTypeAiservicesOptOutPolicy,
23493	}
23494}
23495
23496const (
23497	// HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
23498	HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
23499
23500	// HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
23501	HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
23502
23503	// HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value
23504	HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
23505
23506	// HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
23507	HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
23508
23509	// HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration is a HandshakeConstraintViolationExceptionReason enum value
23510	HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION"
23511
23512	// HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
23513	HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
23514
23515	// HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value
23516	HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
23517
23518	// HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value
23519	HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
23520
23521	// HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
23522	HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
23523)
23524
23525// HandshakeConstraintViolationExceptionReason_Values returns all elements of the HandshakeConstraintViolationExceptionReason enum
23526func HandshakeConstraintViolationExceptionReason_Values() []string {
23527	return []string{
23528		HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded,
23529		HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
23530		HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization,
23531		HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures,
23532		HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration,
23533		HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures,
23534		HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired,
23535		HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord,
23536		HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded,
23537	}
23538}
23539
23540const (
23541	// HandshakePartyTypeAccount is a HandshakePartyType enum value
23542	HandshakePartyTypeAccount = "ACCOUNT"
23543
23544	// HandshakePartyTypeOrganization is a HandshakePartyType enum value
23545	HandshakePartyTypeOrganization = "ORGANIZATION"
23546
23547	// HandshakePartyTypeEmail is a HandshakePartyType enum value
23548	HandshakePartyTypeEmail = "EMAIL"
23549)
23550
23551// HandshakePartyType_Values returns all elements of the HandshakePartyType enum
23552func HandshakePartyType_Values() []string {
23553	return []string{
23554		HandshakePartyTypeAccount,
23555		HandshakePartyTypeOrganization,
23556		HandshakePartyTypeEmail,
23557	}
23558}
23559
23560const (
23561	// HandshakeResourceTypeAccount is a HandshakeResourceType enum value
23562	HandshakeResourceTypeAccount = "ACCOUNT"
23563
23564	// HandshakeResourceTypeOrganization is a HandshakeResourceType enum value
23565	HandshakeResourceTypeOrganization = "ORGANIZATION"
23566
23567	// HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value
23568	HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET"
23569
23570	// HandshakeResourceTypeEmail is a HandshakeResourceType enum value
23571	HandshakeResourceTypeEmail = "EMAIL"
23572
23573	// HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value
23574	HandshakeResourceTypeMasterEmail = "MASTER_EMAIL"
23575
23576	// HandshakeResourceTypeMasterName is a HandshakeResourceType enum value
23577	HandshakeResourceTypeMasterName = "MASTER_NAME"
23578
23579	// HandshakeResourceTypeNotes is a HandshakeResourceType enum value
23580	HandshakeResourceTypeNotes = "NOTES"
23581
23582	// HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value
23583	HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE"
23584)
23585
23586// HandshakeResourceType_Values returns all elements of the HandshakeResourceType enum
23587func HandshakeResourceType_Values() []string {
23588	return []string{
23589		HandshakeResourceTypeAccount,
23590		HandshakeResourceTypeOrganization,
23591		HandshakeResourceTypeOrganizationFeatureSet,
23592		HandshakeResourceTypeEmail,
23593		HandshakeResourceTypeMasterEmail,
23594		HandshakeResourceTypeMasterName,
23595		HandshakeResourceTypeNotes,
23596		HandshakeResourceTypeParentHandshake,
23597	}
23598}
23599
23600const (
23601	// HandshakeStateRequested is a HandshakeState enum value
23602	HandshakeStateRequested = "REQUESTED"
23603
23604	// HandshakeStateOpen is a HandshakeState enum value
23605	HandshakeStateOpen = "OPEN"
23606
23607	// HandshakeStateCanceled is a HandshakeState enum value
23608	HandshakeStateCanceled = "CANCELED"
23609
23610	// HandshakeStateAccepted is a HandshakeState enum value
23611	HandshakeStateAccepted = "ACCEPTED"
23612
23613	// HandshakeStateDeclined is a HandshakeState enum value
23614	HandshakeStateDeclined = "DECLINED"
23615
23616	// HandshakeStateExpired is a HandshakeState enum value
23617	HandshakeStateExpired = "EXPIRED"
23618)
23619
23620// HandshakeState_Values returns all elements of the HandshakeState enum
23621func HandshakeState_Values() []string {
23622	return []string{
23623		HandshakeStateRequested,
23624		HandshakeStateOpen,
23625		HandshakeStateCanceled,
23626		HandshakeStateAccepted,
23627		HandshakeStateDeclined,
23628		HandshakeStateExpired,
23629	}
23630}
23631
23632const (
23633	// IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value
23634	IAMUserAccessToBillingAllow = "ALLOW"
23635
23636	// IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value
23637	IAMUserAccessToBillingDeny = "DENY"
23638)
23639
23640// IAMUserAccessToBilling_Values returns all elements of the IAMUserAccessToBilling enum
23641func IAMUserAccessToBilling_Values() []string {
23642	return []string{
23643		IAMUserAccessToBillingAllow,
23644		IAMUserAccessToBillingDeny,
23645	}
23646}
23647
23648const (
23649	// InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value
23650	InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
23651
23652	// InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value
23653	InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN"
23654
23655	// InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value
23656	InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID"
23657
23658	// InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value
23659	InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM"
23660
23661	// InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value
23662	InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
23663
23664	// InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value
23665	InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER"
23666
23667	// InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value
23668	InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED"
23669
23670	// InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value
23671	InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED"
23672
23673	// InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value
23674	InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED"
23675
23676	// InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value
23677	InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED"
23678
23679	// InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value
23680	InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY"
23681
23682	// InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value
23683	InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN"
23684
23685	// InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value
23686	InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
23687
23688	// InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value
23689	InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED"
23690
23691	// InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value
23692	InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN"
23693
23694	// InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value
23695	InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER"
23696
23697	// InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value
23698	InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
23699
23700	// InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value
23701	InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
23702
23703	// InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value
23704	InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
23705
23706	// InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value
23707	InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME"
23708
23709	// InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value
23710	InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
23711
23712	// InvalidInputExceptionReasonDuplicateTagKey is a InvalidInputExceptionReason enum value
23713	InvalidInputExceptionReasonDuplicateTagKey = "DUPLICATE_TAG_KEY"
23714
23715	// InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value
23716	InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED"
23717
23718	// InvalidInputExceptionReasonInvalidEmailAddressTarget is a InvalidInputExceptionReason enum value
23719	InvalidInputExceptionReasonInvalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET"
23720)
23721
23722// InvalidInputExceptionReason_Values returns all elements of the InvalidInputExceptionReason enum
23723func InvalidInputExceptionReason_Values() []string {
23724	return []string{
23725		InvalidInputExceptionReasonInvalidPartyTypeTarget,
23726		InvalidInputExceptionReasonInvalidSyntaxOrganizationArn,
23727		InvalidInputExceptionReasonInvalidSyntaxPolicyId,
23728		InvalidInputExceptionReasonInvalidEnum,
23729		InvalidInputExceptionReasonInvalidEnumPolicyType,
23730		InvalidInputExceptionReasonInvalidListMember,
23731		InvalidInputExceptionReasonMaxLengthExceeded,
23732		InvalidInputExceptionReasonMaxValueExceeded,
23733		InvalidInputExceptionReasonMinLengthExceeded,
23734		InvalidInputExceptionReasonMinValueExceeded,
23735		InvalidInputExceptionReasonImmutablePolicy,
23736		InvalidInputExceptionReasonInvalidPattern,
23737		InvalidInputExceptionReasonInvalidPatternTargetId,
23738		InvalidInputExceptionReasonInputRequired,
23739		InvalidInputExceptionReasonInvalidNextToken,
23740		InvalidInputExceptionReasonMaxLimitExceededFilter,
23741		InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots,
23742		InvalidInputExceptionReasonInvalidFullNameTarget,
23743		InvalidInputExceptionReasonUnrecognizedServicePrincipal,
23744		InvalidInputExceptionReasonInvalidRoleName,
23745		InvalidInputExceptionReasonInvalidSystemTagsParameter,
23746		InvalidInputExceptionReasonDuplicateTagKey,
23747		InvalidInputExceptionReasonTargetNotSupported,
23748		InvalidInputExceptionReasonInvalidEmailAddressTarget,
23749	}
23750}
23751
23752const (
23753	// OrganizationFeatureSetAll is a OrganizationFeatureSet enum value
23754	OrganizationFeatureSetAll = "ALL"
23755
23756	// OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value
23757	OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING"
23758)
23759
23760// OrganizationFeatureSet_Values returns all elements of the OrganizationFeatureSet enum
23761func OrganizationFeatureSet_Values() []string {
23762	return []string{
23763		OrganizationFeatureSetAll,
23764		OrganizationFeatureSetConsolidatedBilling,
23765	}
23766}
23767
23768const (
23769	// ParentTypeRoot is a ParentType enum value
23770	ParentTypeRoot = "ROOT"
23771
23772	// ParentTypeOrganizationalUnit is a ParentType enum value
23773	ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
23774)
23775
23776// ParentType_Values returns all elements of the ParentType enum
23777func ParentType_Values() []string {
23778	return []string{
23779		ParentTypeRoot,
23780		ParentTypeOrganizationalUnit,
23781	}
23782}
23783
23784const (
23785	// PolicyTypeServiceControlPolicy is a PolicyType enum value
23786	PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY"
23787
23788	// PolicyTypeTagPolicy is a PolicyType enum value
23789	PolicyTypeTagPolicy = "TAG_POLICY"
23790
23791	// PolicyTypeBackupPolicy is a PolicyType enum value
23792	PolicyTypeBackupPolicy = "BACKUP_POLICY"
23793
23794	// PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value
23795	PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
23796)
23797
23798// PolicyType_Values returns all elements of the PolicyType enum
23799func PolicyType_Values() []string {
23800	return []string{
23801		PolicyTypeServiceControlPolicy,
23802		PolicyTypeTagPolicy,
23803		PolicyTypeBackupPolicy,
23804		PolicyTypeAiservicesOptOutPolicy,
23805	}
23806}
23807
23808const (
23809	// PolicyTypeStatusEnabled is a PolicyTypeStatus enum value
23810	PolicyTypeStatusEnabled = "ENABLED"
23811
23812	// PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value
23813	PolicyTypeStatusPendingEnable = "PENDING_ENABLE"
23814
23815	// PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value
23816	PolicyTypeStatusPendingDisable = "PENDING_DISABLE"
23817)
23818
23819// PolicyTypeStatus_Values returns all elements of the PolicyTypeStatus enum
23820func PolicyTypeStatus_Values() []string {
23821	return []string{
23822		PolicyTypeStatusEnabled,
23823		PolicyTypeStatusPendingEnable,
23824		PolicyTypeStatusPendingDisable,
23825	}
23826}
23827
23828const (
23829	// TargetTypeAccount is a TargetType enum value
23830	TargetTypeAccount = "ACCOUNT"
23831
23832	// TargetTypeOrganizationalUnit is a TargetType enum value
23833	TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
23834
23835	// TargetTypeRoot is a TargetType enum value
23836	TargetTypeRoot = "ROOT"
23837)
23838
23839// TargetType_Values returns all elements of the TargetType enum
23840func TargetType_Values() []string {
23841	return []string{
23842		TargetTypeAccount,
23843		TargetTypeOrganizationalUnit,
23844		TargetTypeRoot,
23845	}
23846}
23847