1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
2
3package organizations
4
5import (
6	"fmt"
7	"time"
8
9	"github.com/aws/aws-sdk-go/aws"
10	"github.com/aws/aws-sdk-go/aws/awsutil"
11	"github.com/aws/aws-sdk-go/aws/request"
12	"github.com/aws/aws-sdk-go/private/protocol"
13	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
14)
15
16const opAcceptHandshake = "AcceptHandshake"
17
18// AcceptHandshakeRequest generates a "aws/request.Request" representing the
19// client's request for the AcceptHandshake operation. The "output" return
20// value will be populated with the request's response once the request completes
21// successfully.
22//
23// Use "Send" method on the returned Request to send the API call to the service.
24// the "output" return value is not valid until after Send returns without error.
25//
26// See AcceptHandshake for more information on using the AcceptHandshake
27// API call, and error handling.
28//
29// This method is useful when you want to inject custom logic or configuration
30// into the SDK's request lifecycle. Such as custom headers, or retry logic.
31//
32//
33//    // Example sending a request using the AcceptHandshakeRequest method.
34//    req, resp := client.AcceptHandshakeRequest(params)
35//
36//    err := req.Send()
37//    if err == nil { // resp is now filled
38//        fmt.Println(resp)
39//    }
40//
41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
43	op := &request.Operation{
44		Name:       opAcceptHandshake,
45		HTTPMethod: "POST",
46		HTTPPath:   "/",
47	}
48
49	if input == nil {
50		input = &AcceptHandshakeInput{}
51	}
52
53	output = &AcceptHandshakeOutput{}
54	req = c.newRequest(op, input, output)
55	return
56}
57
58// AcceptHandshake API operation for AWS Organizations.
59//
60// Sends a response to the originator of a handshake agreeing to the action
61// proposed by the handshake request.
62//
63// This operation can be called only by the following principals when they also
64// have the relevant IAM permissions:
65//
66//    * Invitation to join or Approve all features request handshakes: only
67//    a principal from the member account. The user who calls the API for an
68//    invitation to join must have the organizations:AcceptHandshake permission.
69//    If you enabled all features in the organization, the user must also have
70//    the iam:CreateServiceLinkedRole permission so that AWS Organizations can
71//    create the required service-linked role named AWSServiceRoleForOrganizations.
72//    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles)
73//    in the AWS Organizations User Guide.
74//
75//    * Enable all features final confirmation handshake: only a principal from
76//    the master account. For more information about invitations, see Inviting
77//    an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
78//    in the AWS Organizations User Guide. For more information about requests
79//    to enable all features in the organization, see Enabling All Features
80//    in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
81//    in the AWS Organizations User Guide.
82//
83// After you accept a handshake, it continues to appear in the results of relevant
84// APIs for only 30 days. After that, it's deleted.
85//
86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
87// with awserr.Error's Code and Message methods to get detailed information about
88// the error.
89//
90// See the AWS API reference guide for AWS Organizations's
91// API operation AcceptHandshake for usage and error information.
92//
93// Returned Error Codes:
94//   * ErrCodeAccessDeniedException "AccessDeniedException"
95//   You don't have permissions to perform the requested operation. The user or
96//   role that is making the request must have at least one IAM permissions policy
97//   attached that grants the required permissions. For more information, see
98//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
99//   in the IAM User Guide.
100//
101//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
102//   Your account isn't a member of an organization. To make this request, you
103//   must use the credentials of an account that belongs to an organization.
104//
105//   * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException"
106//   The requested operation would violate the constraint identified in the reason
107//   code.
108//
109//   Some of the reasons in the following list might not be applicable to this
110//   specific API or operation:
111//
112//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
113//      the number of accounts in an organization. Note that deleted and closed
114//      accounts still count toward your limit. If you get this exception immediately
115//      after creating the organization, wait one hour and try again. If after
116//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
117//
118//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
119//      the invited account is already a member of an organization.
120//
121//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
122//      handshakes that you can send in one day.
123//
124//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
125//      to join an organization while it's in the process of enabling all features.
126//      You can resume inviting accounts after you finalize the process when all
127//      accounts have agreed to the change.
128//
129//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
130//      because the organization has already enabled all features.
131//
132//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
133//      the account is from a different marketplace than the accounts in the organization.
134//      For example, accounts with India addresses must be associated with the
135//      AISPL marketplace. All accounts in an organization must be from the same
136//      marketplace.
137//
138//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
139//      change the membership of an account too quickly after its previous change.
140//
141//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
142//      account that doesn't have a payment instrument, such as a credit card,
143//      associated with it.
144//
145//   * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
146//   We can't find a handshake with the HandshakeId that you specified.
147//
148//   * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
149//   You can't perform the operation on the handshake in its current state. For
150//   example, you can't cancel a handshake that was already accepted or accept
151//   a handshake that was already declined.
152//
153//   * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
154//   The specified handshake is already in the requested state. For example, you
155//   can't accept a handshake that was already accepted.
156//
157//   * ErrCodeInvalidInputException "InvalidInputException"
158//   The requested operation failed because you provided invalid values for one
159//   or more of the request parameters. This exception includes a reason that
160//   contains additional information about the violated limit:
161//
162//   Some of the reasons in the following list might not be applicable to this
163//   specific API or operation:
164//
165//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
166//      can't be modified.
167//
168//      * INPUT_REQUIRED: You must include a value for all required parameters.
169//
170//      * INVALID_ENUM: You specified an invalid value.
171//
172//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
173//
174//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
175//      characters.
176//
177//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
178//      at least one invalid value.
179//
180//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
181//      from the response to a previous call of the operation.
182//
183//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
184//      organization, or email) as a party.
185//
186//      * INVALID_PATTERN: You provided a value that doesn't match the required
187//      pattern.
188//
189//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
190//      match the required pattern.
191//
192//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
193//      name can't begin with the reserved prefix AWSServiceRoleFor.
194//
195//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
196//      Name (ARN) for the organization.
197//
198//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
199//
200//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
201//      tag. You can’t add, edit, or delete system tag keys because they're
202//      reserved for AWS use. System tags don’t count against your tags per
203//      resource limit.
204//
205//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
206//      for the operation.
207//
208//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
209//      than allowed.
210//
211//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
212//      value than allowed.
213//
214//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
215//      than allowed.
216//
217//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
218//      value than allowed.
219//
220//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
221//      between entities in the same root.
222//
223//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
224//   The target of the operation is currently being modified by a different request.
225//   Try again later.
226//
227//   * ErrCodeServiceException "ServiceException"
228//   AWS Organizations can't complete your request because of an internal service
229//   error. Try again later.
230//
231//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
232//   You have sent too many requests in too short a period of time. The limit
233//   helps protect against denial-of-service attacks. Try again later.
234//
235//   For information on limits that affect AWS Organizations, see Limits of AWS
236//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
237//   in the AWS Organizations User Guide.
238//
239//   * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException"
240//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
241//   for organizations.amazonaws.com permission so that AWS Organizations can
242//   create the required service-linked role. You don't have that permission.
243//
244// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
245func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
246	req, out := c.AcceptHandshakeRequest(input)
247	return out, req.Send()
248}
249
250// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
251// the ability to pass a context and additional request options.
252//
253// See AcceptHandshake for details on how to use this API operation.
254//
255// The context must be non-nil and will be used for request cancellation. If
256// the context is nil a panic will occur. In the future the SDK may create
257// sub-contexts for http.Requests. See https://golang.org/pkg/context/
258// for more information on using Contexts.
259func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
260	req, out := c.AcceptHandshakeRequest(input)
261	req.SetContext(ctx)
262	req.ApplyOptions(opts...)
263	return out, req.Send()
264}
265
266const opAttachPolicy = "AttachPolicy"
267
268// AttachPolicyRequest generates a "aws/request.Request" representing the
269// client's request for the AttachPolicy operation. The "output" return
270// value will be populated with the request's response once the request completes
271// successfully.
272//
273// Use "Send" method on the returned Request to send the API call to the service.
274// the "output" return value is not valid until after Send returns without error.
275//
276// See AttachPolicy for more information on using the AttachPolicy
277// API call, and error handling.
278//
279// This method is useful when you want to inject custom logic or configuration
280// into the SDK's request lifecycle. Such as custom headers, or retry logic.
281//
282//
283//    // Example sending a request using the AttachPolicyRequest method.
284//    req, resp := client.AttachPolicyRequest(params)
285//
286//    err := req.Send()
287//    if err == nil { // resp is now filled
288//        fmt.Println(resp)
289//    }
290//
291// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
292func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
293	op := &request.Operation{
294		Name:       opAttachPolicy,
295		HTTPMethod: "POST",
296		HTTPPath:   "/",
297	}
298
299	if input == nil {
300		input = &AttachPolicyInput{}
301	}
302
303	output = &AttachPolicyOutput{}
304	req = c.newRequest(op, input, output)
305	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
306	return
307}
308
309// AttachPolicy API operation for AWS Organizations.
310//
311// Attaches a policy to a root, an organizational unit (OU), or an individual
312// account.
313//
314// How the policy affects accounts depends on the type of policy:
315//
316//    * For more information about attaching SCPs, see How SCPs Work (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html)
317//    in the AWS Organizations User Guide.
318//
319//    * For information about attaching tag policies, see How Policy Inheritance
320//    Works (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html)
321//    in the AWS Organizations User Guide.
322//
323// This operation can be called only from the organization's master account.
324//
325// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
326// with awserr.Error's Code and Message methods to get detailed information about
327// the error.
328//
329// See the AWS API reference guide for AWS Organizations's
330// API operation AttachPolicy for usage and error information.
331//
332// Returned Error Codes:
333//   * ErrCodeAccessDeniedException "AccessDeniedException"
334//   You don't have permissions to perform the requested operation. The user or
335//   role that is making the request must have at least one IAM permissions policy
336//   attached that grants the required permissions. For more information, see
337//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
338//   in the IAM User Guide.
339//
340//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
341//   Your account isn't a member of an organization. To make this request, you
342//   must use the credentials of an account that belongs to an organization.
343//
344//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
345//   The target of the operation is currently being modified by a different request.
346//   Try again later.
347//
348//   * ErrCodeConstraintViolationException "ConstraintViolationException"
349//   Performing this operation violates a minimum or maximum value limit. Examples
350//   include attempting to remove the last service control policy (SCP) from an
351//   OU or root, or attaching too many policies to an account, OU, or root. This
352//   exception includes a reason that contains additional information about the
353//   violated limit.
354//
355//   Some of the reasons in the following list might not be applicable to this
356//   specific API or operation:
357//
358//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
359//      from the organization that doesn't yet have enough information to exist
360//      as a standalone account. This account requires you to first agree to the
361//      AWS Customer Agreement. Follow the steps at To leave an organization when
362//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
363//      in the AWS Organizations User Guide.
364//
365//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
366//      an account from the organization that doesn't yet have enough information
367//      to exist as a standalone account. This account requires you to first complete
368//      phone verification. Follow the steps at To leave an organization when
369//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
370//      in the AWS Organizations User Guide.
371//
372//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
373//      of accounts that you can create in one day.
374//
375//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
376//      the number of accounts in an organization. If you need more accounts,
377//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
378//      request an increase in your limit. Or the number of invitations that you
379//      tried to send would cause you to exceed the limit of accounts in your
380//      organization. Send fewer invitations or contact AWS Support to request
381//      an increase in the number of accounts. Deleted and closed accounts still
382//      count toward your limit. If you get receive this exception when running
383//      a command immediately after creating the organization, wait one hour and
384//      try again. If after an hour it continues to fail with this error, contact
385//      AWS Support (https://console.aws.amazon.com/support/home#/).
386//
387//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
388//      handshakes that you can send in one day.
389//
390//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
391//      in this organization, you first must migrate the organization's master
392//      account to the marketplace that corresponds to the master account's address.
393//      For example, accounts with India addresses must be associated with the
394//      AISPL marketplace. All accounts in an organization must be associated
395//      with the same marketplace.
396//
397//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
398//      must first provide contact a valid address and phone number for the master
399//      account. Then try the operation again.
400//
401//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
402//      master account must have an associated account in the AWS GovCloud (US-West)
403//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
404//      in the AWS GovCloud User Guide.
405//
406//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
407//      with this master account, you first must associate a valid payment instrument,
408//      such as a credit card, with the account. Follow the steps at To leave
409//      an organization when all required account information has not yet been
410//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
411//      in the AWS Organizations User Guide.
412//
413//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
414//      number of policies of a certain type that can be attached to an entity
415//      at one time.
416//
417//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
418//      on this resource.
419//
420//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
421//      with this member account, you first must associate a valid payment instrument,
422//      such as a credit card, with the account. Follow the steps at To leave
423//      an organization when all required account information has not yet been
424//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
425//      in the AWS Organizations User Guide.
426//
427//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
428//      policy from an entity, which would cause the entity to have fewer than
429//      the minimum number of policies of the required type.
430//
431//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
432//      too many levels deep.
433//
434//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
435//      that requires the organization to be configured to support all features.
436//      An organization that supports only consolidated billing features can't
437//      perform this operation.
438//
439//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
440//      that you can have in an organization.
441//
442//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
443//      policies that you can have in an organization.
444//
445//   * ErrCodeDuplicatePolicyAttachmentException "DuplicatePolicyAttachmentException"
446//   The selected policy is already attached to the specified target.
447//
448//   * ErrCodeInvalidInputException "InvalidInputException"
449//   The requested operation failed because you provided invalid values for one
450//   or more of the request parameters. This exception includes a reason that
451//   contains additional information about the violated limit:
452//
453//   Some of the reasons in the following list might not be applicable to this
454//   specific API or operation:
455//
456//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
457//      can't be modified.
458//
459//      * INPUT_REQUIRED: You must include a value for all required parameters.
460//
461//      * INVALID_ENUM: You specified an invalid value.
462//
463//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
464//
465//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
466//      characters.
467//
468//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
469//      at least one invalid value.
470//
471//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
472//      from the response to a previous call of the operation.
473//
474//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
475//      organization, or email) as a party.
476//
477//      * INVALID_PATTERN: You provided a value that doesn't match the required
478//      pattern.
479//
480//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
481//      match the required pattern.
482//
483//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
484//      name can't begin with the reserved prefix AWSServiceRoleFor.
485//
486//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
487//      Name (ARN) for the organization.
488//
489//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
490//
491//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
492//      tag. You can’t add, edit, or delete system tag keys because they're
493//      reserved for AWS use. System tags don’t count against your tags per
494//      resource limit.
495//
496//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
497//      for the operation.
498//
499//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
500//      than allowed.
501//
502//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
503//      value than allowed.
504//
505//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
506//      than allowed.
507//
508//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
509//      value than allowed.
510//
511//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
512//      between entities in the same root.
513//
514//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
515//   We can't find a policy with the PolicyId that you specified.
516//
517//   * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException"
518//   The specified policy type isn't currently enabled in this root. You can't
519//   attach policies of the specified type to entities in a root until you enable
520//   that type in the root. For more information, see Enabling All Features in
521//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
522//   in the AWS Organizations User Guide.
523//
524//   * ErrCodeServiceException "ServiceException"
525//   AWS Organizations can't complete your request because of an internal service
526//   error. Try again later.
527//
528//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
529//   We can't find a root, OU, or account with the TargetId that you specified.
530//
531//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
532//   You have sent too many requests in too short a period of time. The limit
533//   helps protect against denial-of-service attacks. Try again later.
534//
535//   For information on limits that affect AWS Organizations, see Limits of AWS
536//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
537//   in the AWS Organizations User Guide.
538//
539//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
540//   This action isn't available in the current Region.
541//
542//   * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException"
543//   Changes to the effective policy are in progress, and its contents can't be
544//   returned. Try the operation again later.
545//
546// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
547func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
548	req, out := c.AttachPolicyRequest(input)
549	return out, req.Send()
550}
551
552// AttachPolicyWithContext is the same as AttachPolicy with the addition of
553// the ability to pass a context and additional request options.
554//
555// See AttachPolicy for details on how to use this API operation.
556//
557// The context must be non-nil and will be used for request cancellation. If
558// the context is nil a panic will occur. In the future the SDK may create
559// sub-contexts for http.Requests. See https://golang.org/pkg/context/
560// for more information on using Contexts.
561func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
562	req, out := c.AttachPolicyRequest(input)
563	req.SetContext(ctx)
564	req.ApplyOptions(opts...)
565	return out, req.Send()
566}
567
568const opCancelHandshake = "CancelHandshake"
569
570// CancelHandshakeRequest generates a "aws/request.Request" representing the
571// client's request for the CancelHandshake operation. The "output" return
572// value will be populated with the request's response once the request completes
573// successfully.
574//
575// Use "Send" method on the returned Request to send the API call to the service.
576// the "output" return value is not valid until after Send returns without error.
577//
578// See CancelHandshake for more information on using the CancelHandshake
579// API call, and error handling.
580//
581// This method is useful when you want to inject custom logic or configuration
582// into the SDK's request lifecycle. Such as custom headers, or retry logic.
583//
584//
585//    // Example sending a request using the CancelHandshakeRequest method.
586//    req, resp := client.CancelHandshakeRequest(params)
587//
588//    err := req.Send()
589//    if err == nil { // resp is now filled
590//        fmt.Println(resp)
591//    }
592//
593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
594func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
595	op := &request.Operation{
596		Name:       opCancelHandshake,
597		HTTPMethod: "POST",
598		HTTPPath:   "/",
599	}
600
601	if input == nil {
602		input = &CancelHandshakeInput{}
603	}
604
605	output = &CancelHandshakeOutput{}
606	req = c.newRequest(op, input, output)
607	return
608}
609
610// CancelHandshake API operation for AWS Organizations.
611//
612// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
613//
614// This operation can be called only from the account that originated the handshake.
615// The recipient of the handshake can't cancel it, but can use DeclineHandshake
616// instead. After a handshake is canceled, the recipient can no longer respond
617// to that handshake.
618//
619// After you cancel a handshake, it continues to appear in the results of relevant
620// APIs for only 30 days. After that, it's deleted.
621//
622// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
623// with awserr.Error's Code and Message methods to get detailed information about
624// the error.
625//
626// See the AWS API reference guide for AWS Organizations's
627// API operation CancelHandshake for usage and error information.
628//
629// Returned Error Codes:
630//   * ErrCodeAccessDeniedException "AccessDeniedException"
631//   You don't have permissions to perform the requested operation. The user or
632//   role that is making the request must have at least one IAM permissions policy
633//   attached that grants the required permissions. For more information, see
634//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
635//   in the IAM User Guide.
636//
637//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
638//   The target of the operation is currently being modified by a different request.
639//   Try again later.
640//
641//   * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
642//   We can't find a handshake with the HandshakeId that you specified.
643//
644//   * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
645//   You can't perform the operation on the handshake in its current state. For
646//   example, you can't cancel a handshake that was already accepted or accept
647//   a handshake that was already declined.
648//
649//   * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
650//   The specified handshake is already in the requested state. For example, you
651//   can't accept a handshake that was already accepted.
652//
653//   * ErrCodeInvalidInputException "InvalidInputException"
654//   The requested operation failed because you provided invalid values for one
655//   or more of the request parameters. This exception includes a reason that
656//   contains additional information about the violated limit:
657//
658//   Some of the reasons in the following list might not be applicable to this
659//   specific API or operation:
660//
661//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
662//      can't be modified.
663//
664//      * INPUT_REQUIRED: You must include a value for all required parameters.
665//
666//      * INVALID_ENUM: You specified an invalid value.
667//
668//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
669//
670//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
671//      characters.
672//
673//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
674//      at least one invalid value.
675//
676//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
677//      from the response to a previous call of the operation.
678//
679//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
680//      organization, or email) as a party.
681//
682//      * INVALID_PATTERN: You provided a value that doesn't match the required
683//      pattern.
684//
685//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
686//      match the required pattern.
687//
688//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
689//      name can't begin with the reserved prefix AWSServiceRoleFor.
690//
691//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
692//      Name (ARN) for the organization.
693//
694//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
695//
696//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
697//      tag. You can’t add, edit, or delete system tag keys because they're
698//      reserved for AWS use. System tags don’t count against your tags per
699//      resource limit.
700//
701//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
702//      for the operation.
703//
704//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
705//      than allowed.
706//
707//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
708//      value than allowed.
709//
710//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
711//      than allowed.
712//
713//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
714//      value than allowed.
715//
716//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
717//      between entities in the same root.
718//
719//   * ErrCodeServiceException "ServiceException"
720//   AWS Organizations can't complete your request because of an internal service
721//   error. Try again later.
722//
723//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
724//   You have sent too many requests in too short a period of time. The limit
725//   helps protect against denial-of-service attacks. Try again later.
726//
727//   For information on limits that affect AWS Organizations, see Limits of AWS
728//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
729//   in the AWS Organizations User Guide.
730//
731// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
732func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
733	req, out := c.CancelHandshakeRequest(input)
734	return out, req.Send()
735}
736
737// CancelHandshakeWithContext is the same as CancelHandshake with the addition of
738// the ability to pass a context and additional request options.
739//
740// See CancelHandshake for details on how to use this API operation.
741//
742// The context must be non-nil and will be used for request cancellation. If
743// the context is nil a panic will occur. In the future the SDK may create
744// sub-contexts for http.Requests. See https://golang.org/pkg/context/
745// for more information on using Contexts.
746func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
747	req, out := c.CancelHandshakeRequest(input)
748	req.SetContext(ctx)
749	req.ApplyOptions(opts...)
750	return out, req.Send()
751}
752
753const opCreateAccount = "CreateAccount"
754
755// CreateAccountRequest generates a "aws/request.Request" representing the
756// client's request for the CreateAccount operation. The "output" return
757// value will be populated with the request's response once the request completes
758// successfully.
759//
760// Use "Send" method on the returned Request to send the API call to the service.
761// the "output" return value is not valid until after Send returns without error.
762//
763// See CreateAccount for more information on using the CreateAccount
764// API call, and error handling.
765//
766// This method is useful when you want to inject custom logic or configuration
767// into the SDK's request lifecycle. Such as custom headers, or retry logic.
768//
769//
770//    // Example sending a request using the CreateAccountRequest method.
771//    req, resp := client.CreateAccountRequest(params)
772//
773//    err := req.Send()
774//    if err == nil { // resp is now filled
775//        fmt.Println(resp)
776//    }
777//
778// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
779func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
780	op := &request.Operation{
781		Name:       opCreateAccount,
782		HTTPMethod: "POST",
783		HTTPPath:   "/",
784	}
785
786	if input == nil {
787		input = &CreateAccountInput{}
788	}
789
790	output = &CreateAccountOutput{}
791	req = c.newRequest(op, input, output)
792	return
793}
794
795// CreateAccount API operation for AWS Organizations.
796//
797// Creates an AWS account that is automatically a member of the organization
798// whose credentials made the request. This is an asynchronous request that
799// AWS performs in the background. Because CreateAccount operates asynchronously,
800// it can return a successful completion message even though account initialization
801// might still be in progress. You might need to wait a few minutes before you
802// can successfully access the account. To check the status of the request,
803// do one of the following:
804//
805//    * Use the OperationId response element from this operation to provide
806//    as a parameter to the DescribeCreateAccountStatus operation.
807//
808//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
809//    information on using AWS CloudTrail with AWS Organizations, see Monitoring
810//    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
811//    in the AWS Organizations User Guide.
812//
813// The user who calls the API to create an account must have the organizations:CreateAccount
814// permission. If you enabled all features in the organization, AWS Organizations
815// creates the required service-linked role named AWSServiceRoleForOrganizations.
816// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
817// in the AWS Organizations User Guide.
818//
819// AWS Organizations preconfigures the new member account with a role (named
820// OrganizationAccountAccessRole by default) that grants users in the master
821// account administrator permissions in the new member account. Principals in
822// the master account can assume the role. AWS Organizations clones the company
823// name and address information for the new account from the organization's
824// master account.
825//
826// This operation can be called only from the organization's master account.
827//
828// For more information about creating accounts, see Creating an AWS Account
829// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
830// in the AWS Organizations User Guide.
831//
832//    * When you create an account in an organization, the information required
833//    for the account to operate as a standalone account is not automatically
834//    collected. For example, information about the payment method and signing
835//    the end user license agreement (EULA) is not collected. If you must remove
836//    an account from your organization later, you can do so only after you
837//    provide the missing information. Follow the steps at To leave an organization
838//    as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
839//    in the AWS Organizations User Guide.
840//
841//    * If you get an exception that indicates that you exceeded your account
842//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
843//
844//    * If you get an exception that indicates that the operation failed because
845//    your organization is still initializing, wait one hour and then try again.
846//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
847//
848//    * Using CreateAccount to create multiple temporary accounts isn't recommended.
849//    You can only close an account from the Billing and Cost Management Console,
850//    and you must be signed in as the root user. For information on the requirements
851//    and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
852//    in the AWS Organizations User Guide.
853//
854// When you create a member account with this operation, you can choose whether
855// to create the account with the IAM User and Role Access to Billing Information
856// switch enabled. If you enable it, IAM users and roles that have appropriate
857// permissions can view billing information for the account. If you disable
858// it, only the account root user can access billing information. For information
859// about how to disable this switch for an account, see Granting Access to Your
860// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
861//
862// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
863// with awserr.Error's Code and Message methods to get detailed information about
864// the error.
865//
866// See the AWS API reference guide for AWS Organizations's
867// API operation CreateAccount for usage and error information.
868//
869// Returned Error Codes:
870//   * ErrCodeAccessDeniedException "AccessDeniedException"
871//   You don't have permissions to perform the requested operation. The user or
872//   role that is making the request must have at least one IAM permissions policy
873//   attached that grants the required permissions. For more information, see
874//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
875//   in the IAM User Guide.
876//
877//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
878//   Your account isn't a member of an organization. To make this request, you
879//   must use the credentials of an account that belongs to an organization.
880//
881//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
882//   The target of the operation is currently being modified by a different request.
883//   Try again later.
884//
885//   * ErrCodeConstraintViolationException "ConstraintViolationException"
886//   Performing this operation violates a minimum or maximum value limit. Examples
887//   include attempting to remove the last service control policy (SCP) from an
888//   OU or root, or attaching too many policies to an account, OU, or root. This
889//   exception includes a reason that contains additional information about the
890//   violated limit.
891//
892//   Some of the reasons in the following list might not be applicable to this
893//   specific API or operation:
894//
895//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
896//      from the organization that doesn't yet have enough information to exist
897//      as a standalone account. This account requires you to first agree to the
898//      AWS Customer Agreement. Follow the steps at To leave an organization when
899//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
900//      in the AWS Organizations User Guide.
901//
902//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
903//      an account from the organization that doesn't yet have enough information
904//      to exist as a standalone account. This account requires you to first complete
905//      phone verification. Follow the steps at To leave an organization when
906//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
907//      in the AWS Organizations User Guide.
908//
909//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
910//      of accounts that you can create in one day.
911//
912//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
913//      the number of accounts in an organization. If you need more accounts,
914//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
915//      request an increase in your limit. Or the number of invitations that you
916//      tried to send would cause you to exceed the limit of accounts in your
917//      organization. Send fewer invitations or contact AWS Support to request
918//      an increase in the number of accounts. Deleted and closed accounts still
919//      count toward your limit. If you get receive this exception when running
920//      a command immediately after creating the organization, wait one hour and
921//      try again. If after an hour it continues to fail with this error, contact
922//      AWS Support (https://console.aws.amazon.com/support/home#/).
923//
924//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
925//      handshakes that you can send in one day.
926//
927//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
928//      in this organization, you first must migrate the organization's master
929//      account to the marketplace that corresponds to the master account's address.
930//      For example, accounts with India addresses must be associated with the
931//      AISPL marketplace. All accounts in an organization must be associated
932//      with the same marketplace.
933//
934//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
935//      must first provide contact a valid address and phone number for the master
936//      account. Then try the operation again.
937//
938//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
939//      master account must have an associated account in the AWS GovCloud (US-West)
940//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
941//      in the AWS GovCloud User Guide.
942//
943//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
944//      with this master account, you first must associate a valid payment instrument,
945//      such as a credit card, with the account. Follow the steps at To leave
946//      an organization when all required account information has not yet been
947//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
948//      in the AWS Organizations User Guide.
949//
950//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
951//      number of policies of a certain type that can be attached to an entity
952//      at one time.
953//
954//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
955//      on this resource.
956//
957//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
958//      with this member account, you first must associate a valid payment instrument,
959//      such as a credit card, with the account. Follow the steps at To leave
960//      an organization when all required account information has not yet been
961//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
962//      in the AWS Organizations User Guide.
963//
964//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
965//      policy from an entity, which would cause the entity to have fewer than
966//      the minimum number of policies of the required type.
967//
968//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
969//      too many levels deep.
970//
971//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
972//      that requires the organization to be configured to support all features.
973//      An organization that supports only consolidated billing features can't
974//      perform this operation.
975//
976//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
977//      that you can have in an organization.
978//
979//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
980//      policies that you can have in an organization.
981//
982//   * ErrCodeInvalidInputException "InvalidInputException"
983//   The requested operation failed because you provided invalid values for one
984//   or more of the request parameters. This exception includes a reason that
985//   contains additional information about the violated limit:
986//
987//   Some of the reasons in the following list might not be applicable to this
988//   specific API or operation:
989//
990//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
991//      can't be modified.
992//
993//      * INPUT_REQUIRED: You must include a value for all required parameters.
994//
995//      * INVALID_ENUM: You specified an invalid value.
996//
997//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
998//
999//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1000//      characters.
1001//
1002//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1003//      at least one invalid value.
1004//
1005//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1006//      from the response to a previous call of the operation.
1007//
1008//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1009//      organization, or email) as a party.
1010//
1011//      * INVALID_PATTERN: You provided a value that doesn't match the required
1012//      pattern.
1013//
1014//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1015//      match the required pattern.
1016//
1017//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1018//      name can't begin with the reserved prefix AWSServiceRoleFor.
1019//
1020//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1021//      Name (ARN) for the organization.
1022//
1023//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1024//
1025//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1026//      tag. You can’t add, edit, or delete system tag keys because they're
1027//      reserved for AWS use. System tags don’t count against your tags per
1028//      resource limit.
1029//
1030//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1031//      for the operation.
1032//
1033//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1034//      than allowed.
1035//
1036//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1037//      value than allowed.
1038//
1039//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1040//      than allowed.
1041//
1042//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1043//      value than allowed.
1044//
1045//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1046//      between entities in the same root.
1047//
1048//   * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException"
1049//   AWS Organizations couldn't perform the operation because your organization
1050//   hasn't finished initializing. This can take up to an hour. Try again later.
1051//   If after one hour you continue to receive this error, contact AWS Support
1052//   (https://console.aws.amazon.com/support/home#/).
1053//
1054//   * ErrCodeServiceException "ServiceException"
1055//   AWS Organizations can't complete your request because of an internal service
1056//   error. Try again later.
1057//
1058//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
1059//   You have sent too many requests in too short a period of time. The limit
1060//   helps protect against denial-of-service attacks. Try again later.
1061//
1062//   For information on limits that affect AWS Organizations, see Limits of AWS
1063//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
1064//   in the AWS Organizations User Guide.
1065//
1066//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
1067//   This action isn't available in the current Region.
1068//
1069// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
1070func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
1071	req, out := c.CreateAccountRequest(input)
1072	return out, req.Send()
1073}
1074
1075// CreateAccountWithContext is the same as CreateAccount with the addition of
1076// the ability to pass a context and additional request options.
1077//
1078// See CreateAccount for details on how to use this API operation.
1079//
1080// The context must be non-nil and will be used for request cancellation. If
1081// the context is nil a panic will occur. In the future the SDK may create
1082// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1083// for more information on using Contexts.
1084func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
1085	req, out := c.CreateAccountRequest(input)
1086	req.SetContext(ctx)
1087	req.ApplyOptions(opts...)
1088	return out, req.Send()
1089}
1090
1091const opCreateGovCloudAccount = "CreateGovCloudAccount"
1092
1093// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the
1094// client's request for the CreateGovCloudAccount operation. The "output" return
1095// value will be populated with the request's response once the request completes
1096// successfully.
1097//
1098// Use "Send" method on the returned Request to send the API call to the service.
1099// the "output" return value is not valid until after Send returns without error.
1100//
1101// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount
1102// API call, and error handling.
1103//
1104// This method is useful when you want to inject custom logic or configuration
1105// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1106//
1107//
1108//    // Example sending a request using the CreateGovCloudAccountRequest method.
1109//    req, resp := client.CreateGovCloudAccountRequest(params)
1110//
1111//    err := req.Send()
1112//    if err == nil { // resp is now filled
1113//        fmt.Println(resp)
1114//    }
1115//
1116// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1117func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) {
1118	op := &request.Operation{
1119		Name:       opCreateGovCloudAccount,
1120		HTTPMethod: "POST",
1121		HTTPPath:   "/",
1122	}
1123
1124	if input == nil {
1125		input = &CreateGovCloudAccountInput{}
1126	}
1127
1128	output = &CreateGovCloudAccountOutput{}
1129	req = c.newRequest(op, input, output)
1130	return
1131}
1132
1133// CreateGovCloudAccount API operation for AWS Organizations.
1134//
1135// This action is available if all of the following are true:
1136//
1137//    * You're authorized to create accounts in the AWS GovCloud (US) Region.
1138//    For more information on the AWS GovCloud (US) Region, see the AWS GovCloud
1139//    User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
1140//
1141//    * You already have an account in the AWS GovCloud (US) Region that is
1142//    associated with your master account in the commercial Region.
1143//
1144//    * You call this action from the master account of your organization in
1145//    the commercial Region.
1146//
1147//    * You have the organizations:CreateGovCloudAccount permission. AWS Organizations
1148//    creates the required service-linked role named AWSServiceRoleForOrganizations.
1149//    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
1150//    in the AWS Organizations User Guide.
1151//
1152// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts,
1153// but you should also do the following:
1154//
1155//    * Verify that AWS CloudTrail is enabled to store logs.
1156//
1157//    * Create an S3 bucket for AWS CloudTrail log storage. For more information,
1158//    see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html)
1159//    in the AWS GovCloud User Guide.
1160//
1161// You call this action from the master account of your organization in the
1162// commercial Region to create a standalone AWS account in the AWS GovCloud
1163// (US) Region. After the account is created, the master account of an organization
1164// in the AWS GovCloud (US) Region can invite it to that organization. For more
1165// information on inviting standalone accounts in the AWS GovCloud (US) to join
1166// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1167// in the AWS GovCloud User Guide.
1168//
1169// Calling CreateGovCloudAccount is an asynchronous request that AWS performs
1170// in the background. Because CreateGovCloudAccount operates asynchronously,
1171// it can return a successful completion message even though account initialization
1172// might still be in progress. You might need to wait a few minutes before you
1173// can successfully access the account. To check the status of the request,
1174// do one of the following:
1175//
1176//    * Use the OperationId response element from this operation to provide
1177//    as a parameter to the DescribeCreateAccountStatus operation.
1178//
1179//    * Check the AWS CloudTrail log for the CreateAccountResult event. For
1180//    information on using AWS CloudTrail with Organizations, see Monitoring
1181//    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
1182//    in the AWS Organizations User Guide.
1183//
1184// When you call the CreateGovCloudAccount action, you create two accounts:
1185// a standalone account in the AWS GovCloud (US) Region and an associated account
1186// in the commercial Region for billing and support purposes. The account in
1187// the commercial Region is automatically a member of the organization whose
1188// credentials made the request. Both accounts are associated with the same
1189// email address.
1190//
1191// A role is created in the new account in the commercial Region that allows
1192// the master account in the organization in the commercial Region to assume
1193// it. An AWS GovCloud (US) account is then created and associated with the
1194// commercial account that you just created. A role is created in the new AWS
1195// GovCloud (US) account. This role can be assumed by the AWS GovCloud (US)
1196// account that is associated with the master account of the commercial organization.
1197// For more information and to view a diagram that explains how account access
1198// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1199// in the AWS GovCloud User Guide.
1200//
1201// For more information about creating accounts, see Creating an AWS Account
1202// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
1203// in the AWS Organizations User Guide.
1204//
1205//    * You can create an account in an organization using the AWS Organizations
1206//    console, API, or CLI commands. When you do, the information required for
1207//    the account to operate as a standalone account, such as a payment method,
1208//    is not automatically collected. If you must remove an account from your
1209//    organization later, you can do so only after you provide the missing information.
1210//    Follow the steps at To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1211//    in the AWS Organizations User Guide.
1212//
1213//    * If you get an exception that indicates that you exceeded your account
1214//    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1215//
1216//    * If you get an exception that indicates that the operation failed because
1217//    your organization is still initializing, wait one hour and then try again.
1218//    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
1219//
1220//    * Using CreateGovCloudAccount to create multiple temporary accounts isn't
1221//    recommended. You can only close an account from the AWS Billing and Cost
1222//    Management console, and you must be signed in as the root user. For information
1223//    on the requirements and process for closing an account, see Closing an
1224//    AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
1225//    in the AWS Organizations User Guide.
1226//
1227// When you create a member account with this operation, you can choose whether
1228// to create the account with the IAM User and Role Access to Billing Information
1229// switch enabled. If you enable it, IAM users and roles that have appropriate
1230// permissions can view billing information for the account. If you disable
1231// it, only the account root user can access billing information. For information
1232// about how to disable this switch for an account, see Granting Access to Your
1233// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
1234//
1235// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1236// with awserr.Error's Code and Message methods to get detailed information about
1237// the error.
1238//
1239// See the AWS API reference guide for AWS Organizations's
1240// API operation CreateGovCloudAccount for usage and error information.
1241//
1242// Returned Error Codes:
1243//   * ErrCodeAccessDeniedException "AccessDeniedException"
1244//   You don't have permissions to perform the requested operation. The user or
1245//   role that is making the request must have at least one IAM permissions policy
1246//   attached that grants the required permissions. For more information, see
1247//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1248//   in the IAM User Guide.
1249//
1250//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
1251//   Your account isn't a member of an organization. To make this request, you
1252//   must use the credentials of an account that belongs to an organization.
1253//
1254//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
1255//   The target of the operation is currently being modified by a different request.
1256//   Try again later.
1257//
1258//   * ErrCodeConstraintViolationException "ConstraintViolationException"
1259//   Performing this operation violates a minimum or maximum value limit. Examples
1260//   include attempting to remove the last service control policy (SCP) from an
1261//   OU or root, or attaching too many policies to an account, OU, or root. This
1262//   exception includes a reason that contains additional information about the
1263//   violated limit.
1264//
1265//   Some of the reasons in the following list might not be applicable to this
1266//   specific API or operation:
1267//
1268//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1269//      from the organization that doesn't yet have enough information to exist
1270//      as a standalone account. This account requires you to first agree to the
1271//      AWS Customer Agreement. Follow the steps at To leave an organization when
1272//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1273//      in the AWS Organizations User Guide.
1274//
1275//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1276//      an account from the organization that doesn't yet have enough information
1277//      to exist as a standalone account. This account requires you to first complete
1278//      phone verification. Follow the steps at To leave an organization when
1279//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1280//      in the AWS Organizations User Guide.
1281//
1282//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1283//      of accounts that you can create in one day.
1284//
1285//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1286//      the number of accounts in an organization. If you need more accounts,
1287//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1288//      request an increase in your limit. Or the number of invitations that you
1289//      tried to send would cause you to exceed the limit of accounts in your
1290//      organization. Send fewer invitations or contact AWS Support to request
1291//      an increase in the number of accounts. Deleted and closed accounts still
1292//      count toward your limit. If you get receive this exception when running
1293//      a command immediately after creating the organization, wait one hour and
1294//      try again. If after an hour it continues to fail with this error, contact
1295//      AWS Support (https://console.aws.amazon.com/support/home#/).
1296//
1297//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1298//      handshakes that you can send in one day.
1299//
1300//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1301//      in this organization, you first must migrate the organization's master
1302//      account to the marketplace that corresponds to the master account's address.
1303//      For example, accounts with India addresses must be associated with the
1304//      AISPL marketplace. All accounts in an organization must be associated
1305//      with the same marketplace.
1306//
1307//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1308//      must first provide contact a valid address and phone number for the master
1309//      account. Then try the operation again.
1310//
1311//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1312//      master account must have an associated account in the AWS GovCloud (US-West)
1313//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1314//      in the AWS GovCloud User Guide.
1315//
1316//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1317//      with this master account, you first must associate a valid payment instrument,
1318//      such as a credit card, with the account. Follow the steps at To leave
1319//      an organization when all required account information has not yet been
1320//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1321//      in the AWS Organizations User Guide.
1322//
1323//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1324//      number of policies of a certain type that can be attached to an entity
1325//      at one time.
1326//
1327//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1328//      on this resource.
1329//
1330//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1331//      with this member account, you first must associate a valid payment instrument,
1332//      such as a credit card, with the account. Follow the steps at To leave
1333//      an organization when all required account information has not yet been
1334//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1335//      in the AWS Organizations User Guide.
1336//
1337//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1338//      policy from an entity, which would cause the entity to have fewer than
1339//      the minimum number of policies of the required type.
1340//
1341//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1342//      too many levels deep.
1343//
1344//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1345//      that requires the organization to be configured to support all features.
1346//      An organization that supports only consolidated billing features can't
1347//      perform this operation.
1348//
1349//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1350//      that you can have in an organization.
1351//
1352//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
1353//      policies that you can have in an organization.
1354//
1355//   * ErrCodeInvalidInputException "InvalidInputException"
1356//   The requested operation failed because you provided invalid values for one
1357//   or more of the request parameters. This exception includes a reason that
1358//   contains additional information about the violated limit:
1359//
1360//   Some of the reasons in the following list might not be applicable to this
1361//   specific API or operation:
1362//
1363//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1364//      can't be modified.
1365//
1366//      * INPUT_REQUIRED: You must include a value for all required parameters.
1367//
1368//      * INVALID_ENUM: You specified an invalid value.
1369//
1370//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
1371//
1372//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1373//      characters.
1374//
1375//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1376//      at least one invalid value.
1377//
1378//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1379//      from the response to a previous call of the operation.
1380//
1381//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1382//      organization, or email) as a party.
1383//
1384//      * INVALID_PATTERN: You provided a value that doesn't match the required
1385//      pattern.
1386//
1387//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1388//      match the required pattern.
1389//
1390//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1391//      name can't begin with the reserved prefix AWSServiceRoleFor.
1392//
1393//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1394//      Name (ARN) for the organization.
1395//
1396//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1397//
1398//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1399//      tag. You can’t add, edit, or delete system tag keys because they're
1400//      reserved for AWS use. System tags don’t count against your tags per
1401//      resource limit.
1402//
1403//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1404//      for the operation.
1405//
1406//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1407//      than allowed.
1408//
1409//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1410//      value than allowed.
1411//
1412//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1413//      than allowed.
1414//
1415//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1416//      value than allowed.
1417//
1418//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1419//      between entities in the same root.
1420//
1421//   * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException"
1422//   AWS Organizations couldn't perform the operation because your organization
1423//   hasn't finished initializing. This can take up to an hour. Try again later.
1424//   If after one hour you continue to receive this error, contact AWS Support
1425//   (https://console.aws.amazon.com/support/home#/).
1426//
1427//   * ErrCodeServiceException "ServiceException"
1428//   AWS Organizations can't complete your request because of an internal service
1429//   error. Try again later.
1430//
1431//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
1432//   You have sent too many requests in too short a period of time. The limit
1433//   helps protect against denial-of-service attacks. Try again later.
1434//
1435//   For information on limits that affect AWS Organizations, see Limits of AWS
1436//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
1437//   in the AWS Organizations User Guide.
1438//
1439//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
1440//   This action isn't available in the current Region.
1441//
1442// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
1443func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) {
1444	req, out := c.CreateGovCloudAccountRequest(input)
1445	return out, req.Send()
1446}
1447
1448// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of
1449// the ability to pass a context and additional request options.
1450//
1451// See CreateGovCloudAccount for details on how to use this API operation.
1452//
1453// The context must be non-nil and will be used for request cancellation. If
1454// the context is nil a panic will occur. In the future the SDK may create
1455// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1456// for more information on using Contexts.
1457func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) {
1458	req, out := c.CreateGovCloudAccountRequest(input)
1459	req.SetContext(ctx)
1460	req.ApplyOptions(opts...)
1461	return out, req.Send()
1462}
1463
1464const opCreateOrganization = "CreateOrganization"
1465
1466// CreateOrganizationRequest generates a "aws/request.Request" representing the
1467// client's request for the CreateOrganization operation. The "output" return
1468// value will be populated with the request's response once the request completes
1469// successfully.
1470//
1471// Use "Send" method on the returned Request to send the API call to the service.
1472// the "output" return value is not valid until after Send returns without error.
1473//
1474// See CreateOrganization for more information on using the CreateOrganization
1475// API call, and error handling.
1476//
1477// This method is useful when you want to inject custom logic or configuration
1478// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1479//
1480//
1481//    // Example sending a request using the CreateOrganizationRequest method.
1482//    req, resp := client.CreateOrganizationRequest(params)
1483//
1484//    err := req.Send()
1485//    if err == nil { // resp is now filled
1486//        fmt.Println(resp)
1487//    }
1488//
1489// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1490func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
1491	op := &request.Operation{
1492		Name:       opCreateOrganization,
1493		HTTPMethod: "POST",
1494		HTTPPath:   "/",
1495	}
1496
1497	if input == nil {
1498		input = &CreateOrganizationInput{}
1499	}
1500
1501	output = &CreateOrganizationOutput{}
1502	req = c.newRequest(op, input, output)
1503	return
1504}
1505
1506// CreateOrganization API operation for AWS Organizations.
1507//
1508// Creates an AWS organization. The account whose user is calling the CreateOrganization
1509// operation automatically becomes the master account (https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account)
1510// of the new organization.
1511//
1512// This operation must be called using credentials from the account that is
1513// to become the new organization's master account. The principal must also
1514// have the relevant IAM permissions.
1515//
1516// By default (or if you set the FeatureSet parameter to ALL), the new organization
1517// is created with all features enabled. In addition, service control policies
1518// are automatically enabled in the root. If you instead create the organization
1519// supporting only the consolidated billing features, no policy types are enabled
1520// by default, and you can't use organization policies.
1521//
1522// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1523// with awserr.Error's Code and Message methods to get detailed information about
1524// the error.
1525//
1526// See the AWS API reference guide for AWS Organizations's
1527// API operation CreateOrganization for usage and error information.
1528//
1529// Returned Error Codes:
1530//   * ErrCodeAccessDeniedException "AccessDeniedException"
1531//   You don't have permissions to perform the requested operation. The user or
1532//   role that is making the request must have at least one IAM permissions policy
1533//   attached that grants the required permissions. For more information, see
1534//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1535//   in the IAM User Guide.
1536//
1537//   * ErrCodeAlreadyInOrganizationException "AlreadyInOrganizationException"
1538//   This account is already a member of an organization. An account can belong
1539//   to only one organization at a time.
1540//
1541//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
1542//   The target of the operation is currently being modified by a different request.
1543//   Try again later.
1544//
1545//   * ErrCodeConstraintViolationException "ConstraintViolationException"
1546//   Performing this operation violates a minimum or maximum value limit. Examples
1547//   include attempting to remove the last service control policy (SCP) from an
1548//   OU or root, or attaching too many policies to an account, OU, or root. This
1549//   exception includes a reason that contains additional information about the
1550//   violated limit.
1551//
1552//   Some of the reasons in the following list might not be applicable to this
1553//   specific API or operation:
1554//
1555//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1556//      from the organization that doesn't yet have enough information to exist
1557//      as a standalone account. This account requires you to first agree to the
1558//      AWS Customer Agreement. Follow the steps at To leave an organization when
1559//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1560//      in the AWS Organizations User Guide.
1561//
1562//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1563//      an account from the organization that doesn't yet have enough information
1564//      to exist as a standalone account. This account requires you to first complete
1565//      phone verification. Follow the steps at To leave an organization when
1566//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1567//      in the AWS Organizations User Guide.
1568//
1569//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1570//      of accounts that you can create in one day.
1571//
1572//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1573//      the number of accounts in an organization. If you need more accounts,
1574//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1575//      request an increase in your limit. Or the number of invitations that you
1576//      tried to send would cause you to exceed the limit of accounts in your
1577//      organization. Send fewer invitations or contact AWS Support to request
1578//      an increase in the number of accounts. Deleted and closed accounts still
1579//      count toward your limit. If you get receive this exception when running
1580//      a command immediately after creating the organization, wait one hour and
1581//      try again. If after an hour it continues to fail with this error, contact
1582//      AWS Support (https://console.aws.amazon.com/support/home#/).
1583//
1584//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1585//      handshakes that you can send in one day.
1586//
1587//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1588//      in this organization, you first must migrate the organization's master
1589//      account to the marketplace that corresponds to the master account's address.
1590//      For example, accounts with India addresses must be associated with the
1591//      AISPL marketplace. All accounts in an organization must be associated
1592//      with the same marketplace.
1593//
1594//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1595//      must first provide contact a valid address and phone number for the master
1596//      account. Then try the operation again.
1597//
1598//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1599//      master account must have an associated account in the AWS GovCloud (US-West)
1600//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1601//      in the AWS GovCloud User Guide.
1602//
1603//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1604//      with this master account, you first must associate a valid payment instrument,
1605//      such as a credit card, with the account. Follow the steps at To leave
1606//      an organization when all required account information has not yet been
1607//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1608//      in the AWS Organizations User Guide.
1609//
1610//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1611//      number of policies of a certain type that can be attached to an entity
1612//      at one time.
1613//
1614//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1615//      on this resource.
1616//
1617//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1618//      with this member account, you first must associate a valid payment instrument,
1619//      such as a credit card, with the account. Follow the steps at To leave
1620//      an organization when all required account information has not yet been
1621//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1622//      in the AWS Organizations User Guide.
1623//
1624//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1625//      policy from an entity, which would cause the entity to have fewer than
1626//      the minimum number of policies of the required type.
1627//
1628//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1629//      too many levels deep.
1630//
1631//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1632//      that requires the organization to be configured to support all features.
1633//      An organization that supports only consolidated billing features can't
1634//      perform this operation.
1635//
1636//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1637//      that you can have in an organization.
1638//
1639//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
1640//      policies that you can have in an organization.
1641//
1642//   * ErrCodeInvalidInputException "InvalidInputException"
1643//   The requested operation failed because you provided invalid values for one
1644//   or more of the request parameters. This exception includes a reason that
1645//   contains additional information about the violated limit:
1646//
1647//   Some of the reasons in the following list might not be applicable to this
1648//   specific API or operation:
1649//
1650//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1651//      can't be modified.
1652//
1653//      * INPUT_REQUIRED: You must include a value for all required parameters.
1654//
1655//      * INVALID_ENUM: You specified an invalid value.
1656//
1657//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
1658//
1659//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1660//      characters.
1661//
1662//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1663//      at least one invalid value.
1664//
1665//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1666//      from the response to a previous call of the operation.
1667//
1668//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1669//      organization, or email) as a party.
1670//
1671//      * INVALID_PATTERN: You provided a value that doesn't match the required
1672//      pattern.
1673//
1674//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1675//      match the required pattern.
1676//
1677//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1678//      name can't begin with the reserved prefix AWSServiceRoleFor.
1679//
1680//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1681//      Name (ARN) for the organization.
1682//
1683//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1684//
1685//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1686//      tag. You can’t add, edit, or delete system tag keys because they're
1687//      reserved for AWS use. System tags don’t count against your tags per
1688//      resource limit.
1689//
1690//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1691//      for the operation.
1692//
1693//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1694//      than allowed.
1695//
1696//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1697//      value than allowed.
1698//
1699//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1700//      than allowed.
1701//
1702//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1703//      value than allowed.
1704//
1705//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1706//      between entities in the same root.
1707//
1708//   * ErrCodeServiceException "ServiceException"
1709//   AWS Organizations can't complete your request because of an internal service
1710//   error. Try again later.
1711//
1712//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
1713//   You have sent too many requests in too short a period of time. The limit
1714//   helps protect against denial-of-service attacks. Try again later.
1715//
1716//   For information on limits that affect AWS Organizations, see Limits of AWS
1717//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
1718//   in the AWS Organizations User Guide.
1719//
1720//   * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException"
1721//   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
1722//   for organizations.amazonaws.com permission so that AWS Organizations can
1723//   create the required service-linked role. You don't have that permission.
1724//
1725// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
1726func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
1727	req, out := c.CreateOrganizationRequest(input)
1728	return out, req.Send()
1729}
1730
1731// CreateOrganizationWithContext is the same as CreateOrganization with the addition of
1732// the ability to pass a context and additional request options.
1733//
1734// See CreateOrganization for details on how to use this API operation.
1735//
1736// The context must be non-nil and will be used for request cancellation. If
1737// the context is nil a panic will occur. In the future the SDK may create
1738// sub-contexts for http.Requests. See https://golang.org/pkg/context/
1739// for more information on using Contexts.
1740func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
1741	req, out := c.CreateOrganizationRequest(input)
1742	req.SetContext(ctx)
1743	req.ApplyOptions(opts...)
1744	return out, req.Send()
1745}
1746
1747const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
1748
1749// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
1750// client's request for the CreateOrganizationalUnit operation. The "output" return
1751// value will be populated with the request's response once the request completes
1752// successfully.
1753//
1754// Use "Send" method on the returned Request to send the API call to the service.
1755// the "output" return value is not valid until after Send returns without error.
1756//
1757// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
1758// API call, and error handling.
1759//
1760// This method is useful when you want to inject custom logic or configuration
1761// into the SDK's request lifecycle. Such as custom headers, or retry logic.
1762//
1763//
1764//    // Example sending a request using the CreateOrganizationalUnitRequest method.
1765//    req, resp := client.CreateOrganizationalUnitRequest(params)
1766//
1767//    err := req.Send()
1768//    if err == nil { // resp is now filled
1769//        fmt.Println(resp)
1770//    }
1771//
1772// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
1773func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
1774	op := &request.Operation{
1775		Name:       opCreateOrganizationalUnit,
1776		HTTPMethod: "POST",
1777		HTTPPath:   "/",
1778	}
1779
1780	if input == nil {
1781		input = &CreateOrganizationalUnitInput{}
1782	}
1783
1784	output = &CreateOrganizationalUnitOutput{}
1785	req = c.newRequest(op, input, output)
1786	return
1787}
1788
1789// CreateOrganizationalUnit API operation for AWS Organizations.
1790//
1791// Creates an organizational unit (OU) within a root or parent OU. An OU is
1792// a container for accounts that enables you to organize your accounts to apply
1793// policies according to your business requirements. The number of levels deep
1794// that you can nest OUs is dependent upon the policy types enabled for that
1795// root. For service control policies, the limit is five.
1796//
1797// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
1798// in the AWS Organizations User Guide.
1799//
1800// This operation can be called only from the organization's master account.
1801//
1802// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
1803// with awserr.Error's Code and Message methods to get detailed information about
1804// the error.
1805//
1806// See the AWS API reference guide for AWS Organizations's
1807// API operation CreateOrganizationalUnit for usage and error information.
1808//
1809// Returned Error Codes:
1810//   * ErrCodeAccessDeniedException "AccessDeniedException"
1811//   You don't have permissions to perform the requested operation. The user or
1812//   role that is making the request must have at least one IAM permissions policy
1813//   attached that grants the required permissions. For more information, see
1814//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
1815//   in the IAM User Guide.
1816//
1817//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
1818//   Your account isn't a member of an organization. To make this request, you
1819//   must use the credentials of an account that belongs to an organization.
1820//
1821//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
1822//   The target of the operation is currently being modified by a different request.
1823//   Try again later.
1824//
1825//   * ErrCodeConstraintViolationException "ConstraintViolationException"
1826//   Performing this operation violates a minimum or maximum value limit. Examples
1827//   include attempting to remove the last service control policy (SCP) from an
1828//   OU or root, or attaching too many policies to an account, OU, or root. This
1829//   exception includes a reason that contains additional information about the
1830//   violated limit.
1831//
1832//   Some of the reasons in the following list might not be applicable to this
1833//   specific API or operation:
1834//
1835//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
1836//      from the organization that doesn't yet have enough information to exist
1837//      as a standalone account. This account requires you to first agree to the
1838//      AWS Customer Agreement. Follow the steps at To leave an organization when
1839//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1840//      in the AWS Organizations User Guide.
1841//
1842//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
1843//      an account from the organization that doesn't yet have enough information
1844//      to exist as a standalone account. This account requires you to first complete
1845//      phone verification. Follow the steps at To leave an organization when
1846//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1847//      in the AWS Organizations User Guide.
1848//
1849//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
1850//      of accounts that you can create in one day.
1851//
1852//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
1853//      the number of accounts in an organization. If you need more accounts,
1854//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
1855//      request an increase in your limit. Or the number of invitations that you
1856//      tried to send would cause you to exceed the limit of accounts in your
1857//      organization. Send fewer invitations or contact AWS Support to request
1858//      an increase in the number of accounts. Deleted and closed accounts still
1859//      count toward your limit. If you get receive this exception when running
1860//      a command immediately after creating the organization, wait one hour and
1861//      try again. If after an hour it continues to fail with this error, contact
1862//      AWS Support (https://console.aws.amazon.com/support/home#/).
1863//
1864//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
1865//      handshakes that you can send in one day.
1866//
1867//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
1868//      in this organization, you first must migrate the organization's master
1869//      account to the marketplace that corresponds to the master account's address.
1870//      For example, accounts with India addresses must be associated with the
1871//      AISPL marketplace. All accounts in an organization must be associated
1872//      with the same marketplace.
1873//
1874//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
1875//      must first provide contact a valid address and phone number for the master
1876//      account. Then try the operation again.
1877//
1878//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
1879//      master account must have an associated account in the AWS GovCloud (US-West)
1880//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
1881//      in the AWS GovCloud User Guide.
1882//
1883//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
1884//      with this master account, you first must associate a valid payment instrument,
1885//      such as a credit card, with the account. Follow the steps at To leave
1886//      an organization when all required account information has not yet been
1887//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1888//      in the AWS Organizations User Guide.
1889//
1890//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
1891//      number of policies of a certain type that can be attached to an entity
1892//      at one time.
1893//
1894//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
1895//      on this resource.
1896//
1897//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
1898//      with this member account, you first must associate a valid payment instrument,
1899//      such as a credit card, with the account. Follow the steps at To leave
1900//      an organization when all required account information has not yet been
1901//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
1902//      in the AWS Organizations User Guide.
1903//
1904//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
1905//      policy from an entity, which would cause the entity to have fewer than
1906//      the minimum number of policies of the required type.
1907//
1908//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
1909//      too many levels deep.
1910//
1911//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
1912//      that requires the organization to be configured to support all features.
1913//      An organization that supports only consolidated billing features can't
1914//      perform this operation.
1915//
1916//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
1917//      that you can have in an organization.
1918//
1919//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
1920//      policies that you can have in an organization.
1921//
1922//   * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException"
1923//   An OU with the same name already exists.
1924//
1925//   * ErrCodeInvalidInputException "InvalidInputException"
1926//   The requested operation failed because you provided invalid values for one
1927//   or more of the request parameters. This exception includes a reason that
1928//   contains additional information about the violated limit:
1929//
1930//   Some of the reasons in the following list might not be applicable to this
1931//   specific API or operation:
1932//
1933//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
1934//      can't be modified.
1935//
1936//      * INPUT_REQUIRED: You must include a value for all required parameters.
1937//
1938//      * INVALID_ENUM: You specified an invalid value.
1939//
1940//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
1941//
1942//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
1943//      characters.
1944//
1945//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
1946//      at least one invalid value.
1947//
1948//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
1949//      from the response to a previous call of the operation.
1950//
1951//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
1952//      organization, or email) as a party.
1953//
1954//      * INVALID_PATTERN: You provided a value that doesn't match the required
1955//      pattern.
1956//
1957//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
1958//      match the required pattern.
1959//
1960//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
1961//      name can't begin with the reserved prefix AWSServiceRoleFor.
1962//
1963//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
1964//      Name (ARN) for the organization.
1965//
1966//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
1967//
1968//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
1969//      tag. You can’t add, edit, or delete system tag keys because they're
1970//      reserved for AWS use. System tags don’t count against your tags per
1971//      resource limit.
1972//
1973//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
1974//      for the operation.
1975//
1976//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
1977//      than allowed.
1978//
1979//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
1980//      value than allowed.
1981//
1982//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
1983//      than allowed.
1984//
1985//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
1986//      value than allowed.
1987//
1988//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
1989//      between entities in the same root.
1990//
1991//   * ErrCodeParentNotFoundException "ParentNotFoundException"
1992//   We can't find a root or OU with the ParentId that you specified.
1993//
1994//   * ErrCodeServiceException "ServiceException"
1995//   AWS Organizations can't complete your request because of an internal service
1996//   error. Try again later.
1997//
1998//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
1999//   You have sent too many requests in too short a period of time. The limit
2000//   helps protect against denial-of-service attacks. Try again later.
2001//
2002//   For information on limits that affect AWS Organizations, see Limits of AWS
2003//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
2004//   in the AWS Organizations User Guide.
2005//
2006// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
2007func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
2008	req, out := c.CreateOrganizationalUnitRequest(input)
2009	return out, req.Send()
2010}
2011
2012// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
2013// the ability to pass a context and additional request options.
2014//
2015// See CreateOrganizationalUnit for details on how to use this API operation.
2016//
2017// The context must be non-nil and will be used for request cancellation. If
2018// the context is nil a panic will occur. In the future the SDK may create
2019// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2020// for more information on using Contexts.
2021func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
2022	req, out := c.CreateOrganizationalUnitRequest(input)
2023	req.SetContext(ctx)
2024	req.ApplyOptions(opts...)
2025	return out, req.Send()
2026}
2027
2028const opCreatePolicy = "CreatePolicy"
2029
2030// CreatePolicyRequest generates a "aws/request.Request" representing the
2031// client's request for the CreatePolicy operation. The "output" return
2032// value will be populated with the request's response once the request completes
2033// successfully.
2034//
2035// Use "Send" method on the returned Request to send the API call to the service.
2036// the "output" return value is not valid until after Send returns without error.
2037//
2038// See CreatePolicy for more information on using the CreatePolicy
2039// API call, and error handling.
2040//
2041// This method is useful when you want to inject custom logic or configuration
2042// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2043//
2044//
2045//    // Example sending a request using the CreatePolicyRequest method.
2046//    req, resp := client.CreatePolicyRequest(params)
2047//
2048//    err := req.Send()
2049//    if err == nil { // resp is now filled
2050//        fmt.Println(resp)
2051//    }
2052//
2053// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2054func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
2055	op := &request.Operation{
2056		Name:       opCreatePolicy,
2057		HTTPMethod: "POST",
2058		HTTPPath:   "/",
2059	}
2060
2061	if input == nil {
2062		input = &CreatePolicyInput{}
2063	}
2064
2065	output = &CreatePolicyOutput{}
2066	req = c.newRequest(op, input, output)
2067	return
2068}
2069
2070// CreatePolicy API operation for AWS Organizations.
2071//
2072// Creates a policy of a specified type that you can attach to a root, an organizational
2073// unit (OU), or an individual AWS account.
2074//
2075// For more information about policies and their use, see Managing Organization
2076// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
2077//
2078// This operation can be called only from the organization's master account.
2079//
2080// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2081// with awserr.Error's Code and Message methods to get detailed information about
2082// the error.
2083//
2084// See the AWS API reference guide for AWS Organizations's
2085// API operation CreatePolicy for usage and error information.
2086//
2087// Returned Error Codes:
2088//   * ErrCodeAccessDeniedException "AccessDeniedException"
2089//   You don't have permissions to perform the requested operation. The user or
2090//   role that is making the request must have at least one IAM permissions policy
2091//   attached that grants the required permissions. For more information, see
2092//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2093//   in the IAM User Guide.
2094//
2095//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
2096//   Your account isn't a member of an organization. To make this request, you
2097//   must use the credentials of an account that belongs to an organization.
2098//
2099//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
2100//   The target of the operation is currently being modified by a different request.
2101//   Try again later.
2102//
2103//   * ErrCodeConstraintViolationException "ConstraintViolationException"
2104//   Performing this operation violates a minimum or maximum value limit. Examples
2105//   include attempting to remove the last service control policy (SCP) from an
2106//   OU or root, or attaching too many policies to an account, OU, or root. This
2107//   exception includes a reason that contains additional information about the
2108//   violated limit.
2109//
2110//   Some of the reasons in the following list might not be applicable to this
2111//   specific API or operation:
2112//
2113//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
2114//      from the organization that doesn't yet have enough information to exist
2115//      as a standalone account. This account requires you to first agree to the
2116//      AWS Customer Agreement. Follow the steps at To leave an organization when
2117//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2118//      in the AWS Organizations User Guide.
2119//
2120//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
2121//      an account from the organization that doesn't yet have enough information
2122//      to exist as a standalone account. This account requires you to first complete
2123//      phone verification. Follow the steps at To leave an organization when
2124//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2125//      in the AWS Organizations User Guide.
2126//
2127//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
2128//      of accounts that you can create in one day.
2129//
2130//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
2131//      the number of accounts in an organization. If you need more accounts,
2132//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
2133//      request an increase in your limit. Or the number of invitations that you
2134//      tried to send would cause you to exceed the limit of accounts in your
2135//      organization. Send fewer invitations or contact AWS Support to request
2136//      an increase in the number of accounts. Deleted and closed accounts still
2137//      count toward your limit. If you get receive this exception when running
2138//      a command immediately after creating the organization, wait one hour and
2139//      try again. If after an hour it continues to fail with this error, contact
2140//      AWS Support (https://console.aws.amazon.com/support/home#/).
2141//
2142//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
2143//      handshakes that you can send in one day.
2144//
2145//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
2146//      in this organization, you first must migrate the organization's master
2147//      account to the marketplace that corresponds to the master account's address.
2148//      For example, accounts with India addresses must be associated with the
2149//      AISPL marketplace. All accounts in an organization must be associated
2150//      with the same marketplace.
2151//
2152//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
2153//      must first provide contact a valid address and phone number for the master
2154//      account. Then try the operation again.
2155//
2156//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
2157//      master account must have an associated account in the AWS GovCloud (US-West)
2158//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
2159//      in the AWS GovCloud User Guide.
2160//
2161//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
2162//      with this master account, you first must associate a valid payment instrument,
2163//      such as a credit card, with the account. Follow the steps at To leave
2164//      an organization when all required account information has not yet been
2165//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2166//      in the AWS Organizations User Guide.
2167//
2168//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
2169//      number of policies of a certain type that can be attached to an entity
2170//      at one time.
2171//
2172//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
2173//      on this resource.
2174//
2175//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
2176//      with this member account, you first must associate a valid payment instrument,
2177//      such as a credit card, with the account. Follow the steps at To leave
2178//      an organization when all required account information has not yet been
2179//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
2180//      in the AWS Organizations User Guide.
2181//
2182//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
2183//      policy from an entity, which would cause the entity to have fewer than
2184//      the minimum number of policies of the required type.
2185//
2186//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
2187//      too many levels deep.
2188//
2189//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
2190//      that requires the organization to be configured to support all features.
2191//      An organization that supports only consolidated billing features can't
2192//      perform this operation.
2193//
2194//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
2195//      that you can have in an organization.
2196//
2197//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
2198//      policies that you can have in an organization.
2199//
2200//   * ErrCodeDuplicatePolicyException "DuplicatePolicyException"
2201//   A policy with the same name already exists.
2202//
2203//   * ErrCodeInvalidInputException "InvalidInputException"
2204//   The requested operation failed because you provided invalid values for one
2205//   or more of the request parameters. This exception includes a reason that
2206//   contains additional information about the violated limit:
2207//
2208//   Some of the reasons in the following list might not be applicable to this
2209//   specific API or operation:
2210//
2211//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2212//      can't be modified.
2213//
2214//      * INPUT_REQUIRED: You must include a value for all required parameters.
2215//
2216//      * INVALID_ENUM: You specified an invalid value.
2217//
2218//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
2219//
2220//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2221//      characters.
2222//
2223//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2224//      at least one invalid value.
2225//
2226//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2227//      from the response to a previous call of the operation.
2228//
2229//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2230//      organization, or email) as a party.
2231//
2232//      * INVALID_PATTERN: You provided a value that doesn't match the required
2233//      pattern.
2234//
2235//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2236//      match the required pattern.
2237//
2238//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2239//      name can't begin with the reserved prefix AWSServiceRoleFor.
2240//
2241//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2242//      Name (ARN) for the organization.
2243//
2244//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2245//
2246//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2247//      tag. You can’t add, edit, or delete system tag keys because they're
2248//      reserved for AWS use. System tags don’t count against your tags per
2249//      resource limit.
2250//
2251//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2252//      for the operation.
2253//
2254//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2255//      than allowed.
2256//
2257//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2258//      value than allowed.
2259//
2260//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2261//      than allowed.
2262//
2263//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2264//      value than allowed.
2265//
2266//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2267//      between entities in the same root.
2268//
2269//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
2270//   The provided policy document doesn't meet the requirements of the specified
2271//   policy type. For example, the syntax might be incorrect. For details about
2272//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
2273//   in the AWS Organizations User Guide.
2274//
2275//   * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException"
2276//   You can't use the specified policy type with the feature set currently enabled
2277//   for this organization. For example, you can enable SCPs only after you enable
2278//   all features in the organization. For more information, see Enabling and
2279//   Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)
2280//   in the AWS Organizations User Guide.
2281//
2282//   * ErrCodeServiceException "ServiceException"
2283//   AWS Organizations can't complete your request because of an internal service
2284//   error. Try again later.
2285//
2286//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
2287//   You have sent too many requests in too short a period of time. The limit
2288//   helps protect against denial-of-service attacks. Try again later.
2289//
2290//   For information on limits that affect AWS Organizations, see Limits of AWS
2291//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
2292//   in the AWS Organizations User Guide.
2293//
2294//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
2295//   This action isn't available in the current Region.
2296//
2297// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
2298func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
2299	req, out := c.CreatePolicyRequest(input)
2300	return out, req.Send()
2301}
2302
2303// CreatePolicyWithContext is the same as CreatePolicy with the addition of
2304// the ability to pass a context and additional request options.
2305//
2306// See CreatePolicy for details on how to use this API operation.
2307//
2308// The context must be non-nil and will be used for request cancellation. If
2309// the context is nil a panic will occur. In the future the SDK may create
2310// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2311// for more information on using Contexts.
2312func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
2313	req, out := c.CreatePolicyRequest(input)
2314	req.SetContext(ctx)
2315	req.ApplyOptions(opts...)
2316	return out, req.Send()
2317}
2318
2319const opDeclineHandshake = "DeclineHandshake"
2320
2321// DeclineHandshakeRequest generates a "aws/request.Request" representing the
2322// client's request for the DeclineHandshake operation. The "output" return
2323// value will be populated with the request's response once the request completes
2324// successfully.
2325//
2326// Use "Send" method on the returned Request to send the API call to the service.
2327// the "output" return value is not valid until after Send returns without error.
2328//
2329// See DeclineHandshake for more information on using the DeclineHandshake
2330// API call, and error handling.
2331//
2332// This method is useful when you want to inject custom logic or configuration
2333// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2334//
2335//
2336//    // Example sending a request using the DeclineHandshakeRequest method.
2337//    req, resp := client.DeclineHandshakeRequest(params)
2338//
2339//    err := req.Send()
2340//    if err == nil { // resp is now filled
2341//        fmt.Println(resp)
2342//    }
2343//
2344// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2345func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
2346	op := &request.Operation{
2347		Name:       opDeclineHandshake,
2348		HTTPMethod: "POST",
2349		HTTPPath:   "/",
2350	}
2351
2352	if input == nil {
2353		input = &DeclineHandshakeInput{}
2354	}
2355
2356	output = &DeclineHandshakeOutput{}
2357	req = c.newRequest(op, input, output)
2358	return
2359}
2360
2361// DeclineHandshake API operation for AWS Organizations.
2362//
2363// Declines a handshake request. This sets the handshake state to DECLINED and
2364// effectively deactivates the request.
2365//
2366// This operation can be called only from the account that received the handshake.
2367// The originator of the handshake can use CancelHandshake instead. The originator
2368// can't reactivate a declined request, but can reinitiate the process with
2369// a new handshake request.
2370//
2371// After you decline a handshake, it continues to appear in the results of relevant
2372// API operations for only 30 days. After that, it's deleted.
2373//
2374// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2375// with awserr.Error's Code and Message methods to get detailed information about
2376// the error.
2377//
2378// See the AWS API reference guide for AWS Organizations's
2379// API operation DeclineHandshake for usage and error information.
2380//
2381// Returned Error Codes:
2382//   * ErrCodeAccessDeniedException "AccessDeniedException"
2383//   You don't have permissions to perform the requested operation. The user or
2384//   role that is making the request must have at least one IAM permissions policy
2385//   attached that grants the required permissions. For more information, see
2386//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2387//   in the IAM User Guide.
2388//
2389//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
2390//   The target of the operation is currently being modified by a different request.
2391//   Try again later.
2392//
2393//   * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
2394//   We can't find a handshake with the HandshakeId that you specified.
2395//
2396//   * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
2397//   You can't perform the operation on the handshake in its current state. For
2398//   example, you can't cancel a handshake that was already accepted or accept
2399//   a handshake that was already declined.
2400//
2401//   * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
2402//   The specified handshake is already in the requested state. For example, you
2403//   can't accept a handshake that was already accepted.
2404//
2405//   * ErrCodeInvalidInputException "InvalidInputException"
2406//   The requested operation failed because you provided invalid values for one
2407//   or more of the request parameters. This exception includes a reason that
2408//   contains additional information about the violated limit:
2409//
2410//   Some of the reasons in the following list might not be applicable to this
2411//   specific API or operation:
2412//
2413//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2414//      can't be modified.
2415//
2416//      * INPUT_REQUIRED: You must include a value for all required parameters.
2417//
2418//      * INVALID_ENUM: You specified an invalid value.
2419//
2420//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
2421//
2422//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2423//      characters.
2424//
2425//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2426//      at least one invalid value.
2427//
2428//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2429//      from the response to a previous call of the operation.
2430//
2431//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2432//      organization, or email) as a party.
2433//
2434//      * INVALID_PATTERN: You provided a value that doesn't match the required
2435//      pattern.
2436//
2437//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2438//      match the required pattern.
2439//
2440//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2441//      name can't begin with the reserved prefix AWSServiceRoleFor.
2442//
2443//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2444//      Name (ARN) for the organization.
2445//
2446//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2447//
2448//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2449//      tag. You can’t add, edit, or delete system tag keys because they're
2450//      reserved for AWS use. System tags don’t count against your tags per
2451//      resource limit.
2452//
2453//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2454//      for the operation.
2455//
2456//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2457//      than allowed.
2458//
2459//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2460//      value than allowed.
2461//
2462//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2463//      than allowed.
2464//
2465//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2466//      value than allowed.
2467//
2468//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2469//      between entities in the same root.
2470//
2471//   * ErrCodeServiceException "ServiceException"
2472//   AWS Organizations can't complete your request because of an internal service
2473//   error. Try again later.
2474//
2475//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
2476//   You have sent too many requests in too short a period of time. The limit
2477//   helps protect against denial-of-service attacks. Try again later.
2478//
2479//   For information on limits that affect AWS Organizations, see Limits of AWS
2480//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
2481//   in the AWS Organizations User Guide.
2482//
2483// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
2484func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
2485	req, out := c.DeclineHandshakeRequest(input)
2486	return out, req.Send()
2487}
2488
2489// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
2490// the ability to pass a context and additional request options.
2491//
2492// See DeclineHandshake for details on how to use this API operation.
2493//
2494// The context must be non-nil and will be used for request cancellation. If
2495// the context is nil a panic will occur. In the future the SDK may create
2496// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2497// for more information on using Contexts.
2498func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
2499	req, out := c.DeclineHandshakeRequest(input)
2500	req.SetContext(ctx)
2501	req.ApplyOptions(opts...)
2502	return out, req.Send()
2503}
2504
2505const opDeleteOrganization = "DeleteOrganization"
2506
2507// DeleteOrganizationRequest generates a "aws/request.Request" representing the
2508// client's request for the DeleteOrganization operation. The "output" return
2509// value will be populated with the request's response once the request completes
2510// successfully.
2511//
2512// Use "Send" method on the returned Request to send the API call to the service.
2513// the "output" return value is not valid until after Send returns without error.
2514//
2515// See DeleteOrganization for more information on using the DeleteOrganization
2516// API call, and error handling.
2517//
2518// This method is useful when you want to inject custom logic or configuration
2519// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2520//
2521//
2522//    // Example sending a request using the DeleteOrganizationRequest method.
2523//    req, resp := client.DeleteOrganizationRequest(params)
2524//
2525//    err := req.Send()
2526//    if err == nil { // resp is now filled
2527//        fmt.Println(resp)
2528//    }
2529//
2530// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
2531func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
2532	op := &request.Operation{
2533		Name:       opDeleteOrganization,
2534		HTTPMethod: "POST",
2535		HTTPPath:   "/",
2536	}
2537
2538	if input == nil {
2539		input = &DeleteOrganizationInput{}
2540	}
2541
2542	output = &DeleteOrganizationOutput{}
2543	req = c.newRequest(op, input, output)
2544	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2545	return
2546}
2547
2548// DeleteOrganization API operation for AWS Organizations.
2549//
2550// Deletes the organization. You can delete an organization only by using credentials
2551// from the master account. The organization must be empty of member accounts.
2552//
2553// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2554// with awserr.Error's Code and Message methods to get detailed information about
2555// the error.
2556//
2557// See the AWS API reference guide for AWS Organizations's
2558// API operation DeleteOrganization for usage and error information.
2559//
2560// Returned Error Codes:
2561//   * ErrCodeAccessDeniedException "AccessDeniedException"
2562//   You don't have permissions to perform the requested operation. The user or
2563//   role that is making the request must have at least one IAM permissions policy
2564//   attached that grants the required permissions. For more information, see
2565//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2566//   in the IAM User Guide.
2567//
2568//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
2569//   Your account isn't a member of an organization. To make this request, you
2570//   must use the credentials of an account that belongs to an organization.
2571//
2572//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
2573//   The target of the operation is currently being modified by a different request.
2574//   Try again later.
2575//
2576//   * ErrCodeInvalidInputException "InvalidInputException"
2577//   The requested operation failed because you provided invalid values for one
2578//   or more of the request parameters. This exception includes a reason that
2579//   contains additional information about the violated limit:
2580//
2581//   Some of the reasons in the following list might not be applicable to this
2582//   specific API or operation:
2583//
2584//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2585//      can't be modified.
2586//
2587//      * INPUT_REQUIRED: You must include a value for all required parameters.
2588//
2589//      * INVALID_ENUM: You specified an invalid value.
2590//
2591//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
2592//
2593//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2594//      characters.
2595//
2596//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2597//      at least one invalid value.
2598//
2599//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2600//      from the response to a previous call of the operation.
2601//
2602//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2603//      organization, or email) as a party.
2604//
2605//      * INVALID_PATTERN: You provided a value that doesn't match the required
2606//      pattern.
2607//
2608//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2609//      match the required pattern.
2610//
2611//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2612//      name can't begin with the reserved prefix AWSServiceRoleFor.
2613//
2614//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2615//      Name (ARN) for the organization.
2616//
2617//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2618//
2619//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2620//      tag. You can’t add, edit, or delete system tag keys because they're
2621//      reserved for AWS use. System tags don’t count against your tags per
2622//      resource limit.
2623//
2624//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2625//      for the operation.
2626//
2627//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2628//      than allowed.
2629//
2630//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2631//      value than allowed.
2632//
2633//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2634//      than allowed.
2635//
2636//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2637//      value than allowed.
2638//
2639//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2640//      between entities in the same root.
2641//
2642//   * ErrCodeOrganizationNotEmptyException "OrganizationNotEmptyException"
2643//   The organization isn't empty. To delete an organization, you must first remove
2644//   all accounts except the master account, delete all OUs, and delete all policies.
2645//
2646//   * ErrCodeServiceException "ServiceException"
2647//   AWS Organizations can't complete your request because of an internal service
2648//   error. Try again later.
2649//
2650//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
2651//   You have sent too many requests in too short a period of time. The limit
2652//   helps protect against denial-of-service attacks. Try again later.
2653//
2654//   For information on limits that affect AWS Organizations, see Limits of AWS
2655//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
2656//   in the AWS Organizations User Guide.
2657//
2658// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
2659func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
2660	req, out := c.DeleteOrganizationRequest(input)
2661	return out, req.Send()
2662}
2663
2664// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
2665// the ability to pass a context and additional request options.
2666//
2667// See DeleteOrganization for details on how to use this API operation.
2668//
2669// The context must be non-nil and will be used for request cancellation. If
2670// the context is nil a panic will occur. In the future the SDK may create
2671// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2672// for more information on using Contexts.
2673func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
2674	req, out := c.DeleteOrganizationRequest(input)
2675	req.SetContext(ctx)
2676	req.ApplyOptions(opts...)
2677	return out, req.Send()
2678}
2679
2680const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
2681
2682// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
2683// client's request for the DeleteOrganizationalUnit operation. The "output" return
2684// value will be populated with the request's response once the request completes
2685// successfully.
2686//
2687// Use "Send" method on the returned Request to send the API call to the service.
2688// the "output" return value is not valid until after Send returns without error.
2689//
2690// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
2691// API call, and error handling.
2692//
2693// This method is useful when you want to inject custom logic or configuration
2694// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2695//
2696//
2697//    // Example sending a request using the DeleteOrganizationalUnitRequest method.
2698//    req, resp := client.DeleteOrganizationalUnitRequest(params)
2699//
2700//    err := req.Send()
2701//    if err == nil { // resp is now filled
2702//        fmt.Println(resp)
2703//    }
2704//
2705// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
2706func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
2707	op := &request.Operation{
2708		Name:       opDeleteOrganizationalUnit,
2709		HTTPMethod: "POST",
2710		HTTPPath:   "/",
2711	}
2712
2713	if input == nil {
2714		input = &DeleteOrganizationalUnitInput{}
2715	}
2716
2717	output = &DeleteOrganizationalUnitOutput{}
2718	req = c.newRequest(op, input, output)
2719	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2720	return
2721}
2722
2723// DeleteOrganizationalUnit API operation for AWS Organizations.
2724//
2725// Deletes an organizational unit (OU) from a root or another OU. You must first
2726// remove all accounts and child OUs from the OU that you want to delete.
2727//
2728// This operation can be called only from the organization's master account.
2729//
2730// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2731// with awserr.Error's Code and Message methods to get detailed information about
2732// the error.
2733//
2734// See the AWS API reference guide for AWS Organizations's
2735// API operation DeleteOrganizationalUnit for usage and error information.
2736//
2737// Returned Error Codes:
2738//   * ErrCodeAccessDeniedException "AccessDeniedException"
2739//   You don't have permissions to perform the requested operation. The user or
2740//   role that is making the request must have at least one IAM permissions policy
2741//   attached that grants the required permissions. For more information, see
2742//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2743//   in the IAM User Guide.
2744//
2745//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
2746//   Your account isn't a member of an organization. To make this request, you
2747//   must use the credentials of an account that belongs to an organization.
2748//
2749//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
2750//   The target of the operation is currently being modified by a different request.
2751//   Try again later.
2752//
2753//   * ErrCodeInvalidInputException "InvalidInputException"
2754//   The requested operation failed because you provided invalid values for one
2755//   or more of the request parameters. This exception includes a reason that
2756//   contains additional information about the violated limit:
2757//
2758//   Some of the reasons in the following list might not be applicable to this
2759//   specific API or operation:
2760//
2761//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2762//      can't be modified.
2763//
2764//      * INPUT_REQUIRED: You must include a value for all required parameters.
2765//
2766//      * INVALID_ENUM: You specified an invalid value.
2767//
2768//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
2769//
2770//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2771//      characters.
2772//
2773//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2774//      at least one invalid value.
2775//
2776//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2777//      from the response to a previous call of the operation.
2778//
2779//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2780//      organization, or email) as a party.
2781//
2782//      * INVALID_PATTERN: You provided a value that doesn't match the required
2783//      pattern.
2784//
2785//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2786//      match the required pattern.
2787//
2788//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2789//      name can't begin with the reserved prefix AWSServiceRoleFor.
2790//
2791//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2792//      Name (ARN) for the organization.
2793//
2794//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2795//
2796//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2797//      tag. You can’t add, edit, or delete system tag keys because they're
2798//      reserved for AWS use. System tags don’t count against your tags per
2799//      resource limit.
2800//
2801//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2802//      for the operation.
2803//
2804//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2805//      than allowed.
2806//
2807//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2808//      value than allowed.
2809//
2810//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2811//      than allowed.
2812//
2813//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2814//      value than allowed.
2815//
2816//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2817//      between entities in the same root.
2818//
2819//   * ErrCodeOrganizationalUnitNotEmptyException "OrganizationalUnitNotEmptyException"
2820//   The specified OU is not empty. Move all accounts to another root or to other
2821//   OUs, remove all child OUs, and try the operation again.
2822//
2823//   * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException"
2824//   We can't find an OU with the OrganizationalUnitId that you specified.
2825//
2826//   * ErrCodeServiceException "ServiceException"
2827//   AWS Organizations can't complete your request because of an internal service
2828//   error. Try again later.
2829//
2830//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
2831//   You have sent too many requests in too short a period of time. The limit
2832//   helps protect against denial-of-service attacks. Try again later.
2833//
2834//   For information on limits that affect AWS Organizations, see Limits of AWS
2835//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
2836//   in the AWS Organizations User Guide.
2837//
2838// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
2839func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
2840	req, out := c.DeleteOrganizationalUnitRequest(input)
2841	return out, req.Send()
2842}
2843
2844// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
2845// the ability to pass a context and additional request options.
2846//
2847// See DeleteOrganizationalUnit for details on how to use this API operation.
2848//
2849// The context must be non-nil and will be used for request cancellation. If
2850// the context is nil a panic will occur. In the future the SDK may create
2851// sub-contexts for http.Requests. See https://golang.org/pkg/context/
2852// for more information on using Contexts.
2853func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
2854	req, out := c.DeleteOrganizationalUnitRequest(input)
2855	req.SetContext(ctx)
2856	req.ApplyOptions(opts...)
2857	return out, req.Send()
2858}
2859
2860const opDeletePolicy = "DeletePolicy"
2861
2862// DeletePolicyRequest generates a "aws/request.Request" representing the
2863// client's request for the DeletePolicy operation. The "output" return
2864// value will be populated with the request's response once the request completes
2865// successfully.
2866//
2867// Use "Send" method on the returned Request to send the API call to the service.
2868// the "output" return value is not valid until after Send returns without error.
2869//
2870// See DeletePolicy for more information on using the DeletePolicy
2871// API call, and error handling.
2872//
2873// This method is useful when you want to inject custom logic or configuration
2874// into the SDK's request lifecycle. Such as custom headers, or retry logic.
2875//
2876//
2877//    // Example sending a request using the DeletePolicyRequest method.
2878//    req, resp := client.DeletePolicyRequest(params)
2879//
2880//    err := req.Send()
2881//    if err == nil { // resp is now filled
2882//        fmt.Println(resp)
2883//    }
2884//
2885// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
2886func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
2887	op := &request.Operation{
2888		Name:       opDeletePolicy,
2889		HTTPMethod: "POST",
2890		HTTPPath:   "/",
2891	}
2892
2893	if input == nil {
2894		input = &DeletePolicyInput{}
2895	}
2896
2897	output = &DeletePolicyOutput{}
2898	req = c.newRequest(op, input, output)
2899	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
2900	return
2901}
2902
2903// DeletePolicy API operation for AWS Organizations.
2904//
2905// Deletes the specified policy from your organization. Before you perform this
2906// operation, you must first detach the policy from all organizational units
2907// (OUs), roots, and accounts.
2908//
2909// This operation can be called only from the organization's master account.
2910//
2911// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
2912// with awserr.Error's Code and Message methods to get detailed information about
2913// the error.
2914//
2915// See the AWS API reference guide for AWS Organizations's
2916// API operation DeletePolicy for usage and error information.
2917//
2918// Returned Error Codes:
2919//   * ErrCodeAccessDeniedException "AccessDeniedException"
2920//   You don't have permissions to perform the requested operation. The user or
2921//   role that is making the request must have at least one IAM permissions policy
2922//   attached that grants the required permissions. For more information, see
2923//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
2924//   in the IAM User Guide.
2925//
2926//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
2927//   Your account isn't a member of an organization. To make this request, you
2928//   must use the credentials of an account that belongs to an organization.
2929//
2930//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
2931//   The target of the operation is currently being modified by a different request.
2932//   Try again later.
2933//
2934//   * ErrCodeInvalidInputException "InvalidInputException"
2935//   The requested operation failed because you provided invalid values for one
2936//   or more of the request parameters. This exception includes a reason that
2937//   contains additional information about the violated limit:
2938//
2939//   Some of the reasons in the following list might not be applicable to this
2940//   specific API or operation:
2941//
2942//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
2943//      can't be modified.
2944//
2945//      * INPUT_REQUIRED: You must include a value for all required parameters.
2946//
2947//      * INVALID_ENUM: You specified an invalid value.
2948//
2949//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
2950//
2951//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
2952//      characters.
2953//
2954//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
2955//      at least one invalid value.
2956//
2957//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
2958//      from the response to a previous call of the operation.
2959//
2960//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
2961//      organization, or email) as a party.
2962//
2963//      * INVALID_PATTERN: You provided a value that doesn't match the required
2964//      pattern.
2965//
2966//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
2967//      match the required pattern.
2968//
2969//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
2970//      name can't begin with the reserved prefix AWSServiceRoleFor.
2971//
2972//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
2973//      Name (ARN) for the organization.
2974//
2975//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
2976//
2977//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
2978//      tag. You can’t add, edit, or delete system tag keys because they're
2979//      reserved for AWS use. System tags don’t count against your tags per
2980//      resource limit.
2981//
2982//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
2983//      for the operation.
2984//
2985//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
2986//      than allowed.
2987//
2988//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
2989//      value than allowed.
2990//
2991//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
2992//      than allowed.
2993//
2994//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
2995//      value than allowed.
2996//
2997//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
2998//      between entities in the same root.
2999//
3000//   * ErrCodePolicyInUseException "PolicyInUseException"
3001//   The policy is attached to one or more entities. You must detach it from all
3002//   roots, OUs, and accounts before performing this operation.
3003//
3004//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
3005//   We can't find a policy with the PolicyId that you specified.
3006//
3007//   * ErrCodeServiceException "ServiceException"
3008//   AWS Organizations can't complete your request because of an internal service
3009//   error. Try again later.
3010//
3011//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3012//   You have sent too many requests in too short a period of time. The limit
3013//   helps protect against denial-of-service attacks. Try again later.
3014//
3015//   For information on limits that affect AWS Organizations, see Limits of AWS
3016//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3017//   in the AWS Organizations User Guide.
3018//
3019//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
3020//   This action isn't available in the current Region.
3021//
3022// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
3023func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
3024	req, out := c.DeletePolicyRequest(input)
3025	return out, req.Send()
3026}
3027
3028// DeletePolicyWithContext is the same as DeletePolicy with the addition of
3029// the ability to pass a context and additional request options.
3030//
3031// See DeletePolicy for details on how to use this API operation.
3032//
3033// The context must be non-nil and will be used for request cancellation. If
3034// the context is nil a panic will occur. In the future the SDK may create
3035// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3036// for more information on using Contexts.
3037func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
3038	req, out := c.DeletePolicyRequest(input)
3039	req.SetContext(ctx)
3040	req.ApplyOptions(opts...)
3041	return out, req.Send()
3042}
3043
3044const opDescribeAccount = "DescribeAccount"
3045
3046// DescribeAccountRequest generates a "aws/request.Request" representing the
3047// client's request for the DescribeAccount operation. The "output" return
3048// value will be populated with the request's response once the request completes
3049// successfully.
3050//
3051// Use "Send" method on the returned Request to send the API call to the service.
3052// the "output" return value is not valid until after Send returns without error.
3053//
3054// See DescribeAccount for more information on using the DescribeAccount
3055// API call, and error handling.
3056//
3057// This method is useful when you want to inject custom logic or configuration
3058// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3059//
3060//
3061//    // Example sending a request using the DescribeAccountRequest method.
3062//    req, resp := client.DescribeAccountRequest(params)
3063//
3064//    err := req.Send()
3065//    if err == nil { // resp is now filled
3066//        fmt.Println(resp)
3067//    }
3068//
3069// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3070func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
3071	op := &request.Operation{
3072		Name:       opDescribeAccount,
3073		HTTPMethod: "POST",
3074		HTTPPath:   "/",
3075	}
3076
3077	if input == nil {
3078		input = &DescribeAccountInput{}
3079	}
3080
3081	output = &DescribeAccountOutput{}
3082	req = c.newRequest(op, input, output)
3083	return
3084}
3085
3086// DescribeAccount API operation for AWS Organizations.
3087//
3088// Retrieves AWS Organizations related information about the specified account.
3089//
3090// This operation can be called only from the organization's master account.
3091//
3092// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3093// with awserr.Error's Code and Message methods to get detailed information about
3094// the error.
3095//
3096// See the AWS API reference guide for AWS Organizations's
3097// API operation DescribeAccount for usage and error information.
3098//
3099// Returned Error Codes:
3100//   * ErrCodeAccessDeniedException "AccessDeniedException"
3101//   You don't have permissions to perform the requested operation. The user or
3102//   role that is making the request must have at least one IAM permissions policy
3103//   attached that grants the required permissions. For more information, see
3104//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3105//   in the IAM User Guide.
3106//
3107//   * ErrCodeAccountNotFoundException "AccountNotFoundException"
3108//   We can't find an AWS account with the AccountId that you specified. Or the
3109//   account whose credentials you used to make this request isn't a member of
3110//   an organization.
3111//
3112//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
3113//   Your account isn't a member of an organization. To make this request, you
3114//   must use the credentials of an account that belongs to an organization.
3115//
3116//   * ErrCodeInvalidInputException "InvalidInputException"
3117//   The requested operation failed because you provided invalid values for one
3118//   or more of the request parameters. This exception includes a reason that
3119//   contains additional information about the violated limit:
3120//
3121//   Some of the reasons in the following list might not be applicable to this
3122//   specific API or operation:
3123//
3124//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3125//      can't be modified.
3126//
3127//      * INPUT_REQUIRED: You must include a value for all required parameters.
3128//
3129//      * INVALID_ENUM: You specified an invalid value.
3130//
3131//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
3132//
3133//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3134//      characters.
3135//
3136//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3137//      at least one invalid value.
3138//
3139//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3140//      from the response to a previous call of the operation.
3141//
3142//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3143//      organization, or email) as a party.
3144//
3145//      * INVALID_PATTERN: You provided a value that doesn't match the required
3146//      pattern.
3147//
3148//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3149//      match the required pattern.
3150//
3151//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3152//      name can't begin with the reserved prefix AWSServiceRoleFor.
3153//
3154//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3155//      Name (ARN) for the organization.
3156//
3157//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3158//
3159//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3160//      tag. You can’t add, edit, or delete system tag keys because they're
3161//      reserved for AWS use. System tags don’t count against your tags per
3162//      resource limit.
3163//
3164//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3165//      for the operation.
3166//
3167//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3168//      than allowed.
3169//
3170//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3171//      value than allowed.
3172//
3173//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3174//      than allowed.
3175//
3176//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3177//      value than allowed.
3178//
3179//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3180//      between entities in the same root.
3181//
3182//   * ErrCodeServiceException "ServiceException"
3183//   AWS Organizations can't complete your request because of an internal service
3184//   error. Try again later.
3185//
3186//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3187//   You have sent too many requests in too short a period of time. The limit
3188//   helps protect against denial-of-service attacks. Try again later.
3189//
3190//   For information on limits that affect AWS Organizations, see Limits of AWS
3191//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3192//   in the AWS Organizations User Guide.
3193//
3194// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
3195func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
3196	req, out := c.DescribeAccountRequest(input)
3197	return out, req.Send()
3198}
3199
3200// DescribeAccountWithContext is the same as DescribeAccount with the addition of
3201// the ability to pass a context and additional request options.
3202//
3203// See DescribeAccount for details on how to use this API operation.
3204//
3205// The context must be non-nil and will be used for request cancellation. If
3206// the context is nil a panic will occur. In the future the SDK may create
3207// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3208// for more information on using Contexts.
3209func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
3210	req, out := c.DescribeAccountRequest(input)
3211	req.SetContext(ctx)
3212	req.ApplyOptions(opts...)
3213	return out, req.Send()
3214}
3215
3216const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
3217
3218// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
3219// client's request for the DescribeCreateAccountStatus operation. The "output" return
3220// value will be populated with the request's response once the request completes
3221// successfully.
3222//
3223// Use "Send" method on the returned Request to send the API call to the service.
3224// the "output" return value is not valid until after Send returns without error.
3225//
3226// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
3227// API call, and error handling.
3228//
3229// This method is useful when you want to inject custom logic or configuration
3230// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3231//
3232//
3233//    // Example sending a request using the DescribeCreateAccountStatusRequest method.
3234//    req, resp := client.DescribeCreateAccountStatusRequest(params)
3235//
3236//    err := req.Send()
3237//    if err == nil { // resp is now filled
3238//        fmt.Println(resp)
3239//    }
3240//
3241// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
3242func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
3243	op := &request.Operation{
3244		Name:       opDescribeCreateAccountStatus,
3245		HTTPMethod: "POST",
3246		HTTPPath:   "/",
3247	}
3248
3249	if input == nil {
3250		input = &DescribeCreateAccountStatusInput{}
3251	}
3252
3253	output = &DescribeCreateAccountStatusOutput{}
3254	req = c.newRequest(op, input, output)
3255	return
3256}
3257
3258// DescribeCreateAccountStatus API operation for AWS Organizations.
3259//
3260// Retrieves the current status of an asynchronous request to create an account.
3261//
3262// This operation can be called only from the organization's master account.
3263//
3264// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3265// with awserr.Error's Code and Message methods to get detailed information about
3266// the error.
3267//
3268// See the AWS API reference guide for AWS Organizations's
3269// API operation DescribeCreateAccountStatus for usage and error information.
3270//
3271// Returned Error Codes:
3272//   * ErrCodeAccessDeniedException "AccessDeniedException"
3273//   You don't have permissions to perform the requested operation. The user or
3274//   role that is making the request must have at least one IAM permissions policy
3275//   attached that grants the required permissions. For more information, see
3276//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3277//   in the IAM User Guide.
3278//
3279//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
3280//   Your account isn't a member of an organization. To make this request, you
3281//   must use the credentials of an account that belongs to an organization.
3282//
3283//   * ErrCodeCreateAccountStatusNotFoundException "CreateAccountStatusNotFoundException"
3284//   We can't find a create account request with the CreateAccountRequestId that
3285//   you specified.
3286//
3287//   * ErrCodeInvalidInputException "InvalidInputException"
3288//   The requested operation failed because you provided invalid values for one
3289//   or more of the request parameters. This exception includes a reason that
3290//   contains additional information about the violated limit:
3291//
3292//   Some of the reasons in the following list might not be applicable to this
3293//   specific API or operation:
3294//
3295//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3296//      can't be modified.
3297//
3298//      * INPUT_REQUIRED: You must include a value for all required parameters.
3299//
3300//      * INVALID_ENUM: You specified an invalid value.
3301//
3302//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
3303//
3304//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3305//      characters.
3306//
3307//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3308//      at least one invalid value.
3309//
3310//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3311//      from the response to a previous call of the operation.
3312//
3313//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3314//      organization, or email) as a party.
3315//
3316//      * INVALID_PATTERN: You provided a value that doesn't match the required
3317//      pattern.
3318//
3319//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3320//      match the required pattern.
3321//
3322//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3323//      name can't begin with the reserved prefix AWSServiceRoleFor.
3324//
3325//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3326//      Name (ARN) for the organization.
3327//
3328//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3329//
3330//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3331//      tag. You can’t add, edit, or delete system tag keys because they're
3332//      reserved for AWS use. System tags don’t count against your tags per
3333//      resource limit.
3334//
3335//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3336//      for the operation.
3337//
3338//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3339//      than allowed.
3340//
3341//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3342//      value than allowed.
3343//
3344//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3345//      than allowed.
3346//
3347//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3348//      value than allowed.
3349//
3350//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3351//      between entities in the same root.
3352//
3353//   * ErrCodeServiceException "ServiceException"
3354//   AWS Organizations can't complete your request because of an internal service
3355//   error. Try again later.
3356//
3357//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3358//   You have sent too many requests in too short a period of time. The limit
3359//   helps protect against denial-of-service attacks. Try again later.
3360//
3361//   For information on limits that affect AWS Organizations, see Limits of AWS
3362//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3363//   in the AWS Organizations User Guide.
3364//
3365//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
3366//   This action isn't available in the current Region.
3367//
3368// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
3369func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
3370	req, out := c.DescribeCreateAccountStatusRequest(input)
3371	return out, req.Send()
3372}
3373
3374// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
3375// the ability to pass a context and additional request options.
3376//
3377// See DescribeCreateAccountStatus for details on how to use this API operation.
3378//
3379// The context must be non-nil and will be used for request cancellation. If
3380// the context is nil a panic will occur. In the future the SDK may create
3381// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3382// for more information on using Contexts.
3383func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
3384	req, out := c.DescribeCreateAccountStatusRequest(input)
3385	req.SetContext(ctx)
3386	req.ApplyOptions(opts...)
3387	return out, req.Send()
3388}
3389
3390const opDescribeEffectivePolicy = "DescribeEffectivePolicy"
3391
3392// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the
3393// client's request for the DescribeEffectivePolicy operation. The "output" return
3394// value will be populated with the request's response once the request completes
3395// successfully.
3396//
3397// Use "Send" method on the returned Request to send the API call to the service.
3398// the "output" return value is not valid until after Send returns without error.
3399//
3400// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy
3401// API call, and error handling.
3402//
3403// This method is useful when you want to inject custom logic or configuration
3404// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3405//
3406//
3407//    // Example sending a request using the DescribeEffectivePolicyRequest method.
3408//    req, resp := client.DescribeEffectivePolicyRequest(params)
3409//
3410//    err := req.Send()
3411//    if err == nil { // resp is now filled
3412//        fmt.Println(resp)
3413//    }
3414//
3415// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
3416func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) {
3417	op := &request.Operation{
3418		Name:       opDescribeEffectivePolicy,
3419		HTTPMethod: "POST",
3420		HTTPPath:   "/",
3421	}
3422
3423	if input == nil {
3424		input = &DescribeEffectivePolicyInput{}
3425	}
3426
3427	output = &DescribeEffectivePolicyOutput{}
3428	req = c.newRequest(op, input, output)
3429	return
3430}
3431
3432// DescribeEffectivePolicy API operation for AWS Organizations.
3433//
3434// Returns the contents of the effective tag policy for the account. The effective
3435// tag policy is the aggregation of any tag policies the account inherits, plus
3436// any policy directly that is attached to the account.
3437//
3438// This action returns information on tag policies only.
3439//
3440// For more information on policy inheritance, see How Policy Inheritance Works
3441// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html)
3442// in the AWS Organizations User Guide.
3443//
3444// This operation can be called from any account in the organization.
3445//
3446// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3447// with awserr.Error's Code and Message methods to get detailed information about
3448// the error.
3449//
3450// See the AWS API reference guide for AWS Organizations's
3451// API operation DescribeEffectivePolicy for usage and error information.
3452//
3453// Returned Error Codes:
3454//   * ErrCodeAccessDeniedException "AccessDeniedException"
3455//   You don't have permissions to perform the requested operation. The user or
3456//   role that is making the request must have at least one IAM permissions policy
3457//   attached that grants the required permissions. For more information, see
3458//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3459//   in the IAM User Guide.
3460//
3461//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
3462//   Your account isn't a member of an organization. To make this request, you
3463//   must use the credentials of an account that belongs to an organization.
3464//
3465//   * ErrCodeConstraintViolationException "ConstraintViolationException"
3466//   Performing this operation violates a minimum or maximum value limit. Examples
3467//   include attempting to remove the last service control policy (SCP) from an
3468//   OU or root, or attaching too many policies to an account, OU, or root. This
3469//   exception includes a reason that contains additional information about the
3470//   violated limit.
3471//
3472//   Some of the reasons in the following list might not be applicable to this
3473//   specific API or operation:
3474//
3475//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
3476//      from the organization that doesn't yet have enough information to exist
3477//      as a standalone account. This account requires you to first agree to the
3478//      AWS Customer Agreement. Follow the steps at To leave an organization when
3479//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3480//      in the AWS Organizations User Guide.
3481//
3482//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
3483//      an account from the organization that doesn't yet have enough information
3484//      to exist as a standalone account. This account requires you to first complete
3485//      phone verification. Follow the steps at To leave an organization when
3486//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3487//      in the AWS Organizations User Guide.
3488//
3489//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
3490//      of accounts that you can create in one day.
3491//
3492//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
3493//      the number of accounts in an organization. If you need more accounts,
3494//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
3495//      request an increase in your limit. Or the number of invitations that you
3496//      tried to send would cause you to exceed the limit of accounts in your
3497//      organization. Send fewer invitations or contact AWS Support to request
3498//      an increase in the number of accounts. Deleted and closed accounts still
3499//      count toward your limit. If you get receive this exception when running
3500//      a command immediately after creating the organization, wait one hour and
3501//      try again. If after an hour it continues to fail with this error, contact
3502//      AWS Support (https://console.aws.amazon.com/support/home#/).
3503//
3504//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
3505//      handshakes that you can send in one day.
3506//
3507//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
3508//      in this organization, you first must migrate the organization's master
3509//      account to the marketplace that corresponds to the master account's address.
3510//      For example, accounts with India addresses must be associated with the
3511//      AISPL marketplace. All accounts in an organization must be associated
3512//      with the same marketplace.
3513//
3514//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
3515//      must first provide contact a valid address and phone number for the master
3516//      account. Then try the operation again.
3517//
3518//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
3519//      master account must have an associated account in the AWS GovCloud (US-West)
3520//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
3521//      in the AWS GovCloud User Guide.
3522//
3523//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
3524//      with this master account, you first must associate a valid payment instrument,
3525//      such as a credit card, with the account. Follow the steps at To leave
3526//      an organization when all required account information has not yet been
3527//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3528//      in the AWS Organizations User Guide.
3529//
3530//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
3531//      number of policies of a certain type that can be attached to an entity
3532//      at one time.
3533//
3534//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
3535//      on this resource.
3536//
3537//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
3538//      with this member account, you first must associate a valid payment instrument,
3539//      such as a credit card, with the account. Follow the steps at To leave
3540//      an organization when all required account information has not yet been
3541//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
3542//      in the AWS Organizations User Guide.
3543//
3544//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
3545//      policy from an entity, which would cause the entity to have fewer than
3546//      the minimum number of policies of the required type.
3547//
3548//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
3549//      too many levels deep.
3550//
3551//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
3552//      that requires the organization to be configured to support all features.
3553//      An organization that supports only consolidated billing features can't
3554//      perform this operation.
3555//
3556//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
3557//      that you can have in an organization.
3558//
3559//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
3560//      policies that you can have in an organization.
3561//
3562//   * ErrCodeServiceException "ServiceException"
3563//   AWS Organizations can't complete your request because of an internal service
3564//   error. Try again later.
3565//
3566//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3567//   You have sent too many requests in too short a period of time. The limit
3568//   helps protect against denial-of-service attacks. Try again later.
3569//
3570//   For information on limits that affect AWS Organizations, see Limits of AWS
3571//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3572//   in the AWS Organizations User Guide.
3573//
3574//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
3575//   We can't find a root, OU, or account with the TargetId that you specified.
3576//
3577//   * ErrCodeEffectivePolicyNotFoundException "EffectivePolicyNotFoundException"
3578//   If you ran this action on the master account, this policy type is not enabled.
3579//   If you ran the action on a member account, the account doesn't have an effective
3580//   policy of this type. Contact the administrator of your organization about
3581//   attaching a policy of this type to the account.
3582//
3583//   * ErrCodeInvalidInputException "InvalidInputException"
3584//   The requested operation failed because you provided invalid values for one
3585//   or more of the request parameters. This exception includes a reason that
3586//   contains additional information about the violated limit:
3587//
3588//   Some of the reasons in the following list might not be applicable to this
3589//   specific API or operation:
3590//
3591//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3592//      can't be modified.
3593//
3594//      * INPUT_REQUIRED: You must include a value for all required parameters.
3595//
3596//      * INVALID_ENUM: You specified an invalid value.
3597//
3598//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
3599//
3600//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3601//      characters.
3602//
3603//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3604//      at least one invalid value.
3605//
3606//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3607//      from the response to a previous call of the operation.
3608//
3609//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3610//      organization, or email) as a party.
3611//
3612//      * INVALID_PATTERN: You provided a value that doesn't match the required
3613//      pattern.
3614//
3615//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3616//      match the required pattern.
3617//
3618//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3619//      name can't begin with the reserved prefix AWSServiceRoleFor.
3620//
3621//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3622//      Name (ARN) for the organization.
3623//
3624//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3625//
3626//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3627//      tag. You can’t add, edit, or delete system tag keys because they're
3628//      reserved for AWS use. System tags don’t count against your tags per
3629//      resource limit.
3630//
3631//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3632//      for the operation.
3633//
3634//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3635//      than allowed.
3636//
3637//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3638//      value than allowed.
3639//
3640//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3641//      than allowed.
3642//
3643//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3644//      value than allowed.
3645//
3646//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3647//      between entities in the same root.
3648//
3649//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
3650//   This action isn't available in the current Region.
3651//
3652// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
3653func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) {
3654	req, out := c.DescribeEffectivePolicyRequest(input)
3655	return out, req.Send()
3656}
3657
3658// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of
3659// the ability to pass a context and additional request options.
3660//
3661// See DescribeEffectivePolicy for details on how to use this API operation.
3662//
3663// The context must be non-nil and will be used for request cancellation. If
3664// the context is nil a panic will occur. In the future the SDK may create
3665// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3666// for more information on using Contexts.
3667func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) {
3668	req, out := c.DescribeEffectivePolicyRequest(input)
3669	req.SetContext(ctx)
3670	req.ApplyOptions(opts...)
3671	return out, req.Send()
3672}
3673
3674const opDescribeHandshake = "DescribeHandshake"
3675
3676// DescribeHandshakeRequest generates a "aws/request.Request" representing the
3677// client's request for the DescribeHandshake operation. The "output" return
3678// value will be populated with the request's response once the request completes
3679// successfully.
3680//
3681// Use "Send" method on the returned Request to send the API call to the service.
3682// the "output" return value is not valid until after Send returns without error.
3683//
3684// See DescribeHandshake for more information on using the DescribeHandshake
3685// API call, and error handling.
3686//
3687// This method is useful when you want to inject custom logic or configuration
3688// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3689//
3690//
3691//    // Example sending a request using the DescribeHandshakeRequest method.
3692//    req, resp := client.DescribeHandshakeRequest(params)
3693//
3694//    err := req.Send()
3695//    if err == nil { // resp is now filled
3696//        fmt.Println(resp)
3697//    }
3698//
3699// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
3700func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
3701	op := &request.Operation{
3702		Name:       opDescribeHandshake,
3703		HTTPMethod: "POST",
3704		HTTPPath:   "/",
3705	}
3706
3707	if input == nil {
3708		input = &DescribeHandshakeInput{}
3709	}
3710
3711	output = &DescribeHandshakeOutput{}
3712	req = c.newRequest(op, input, output)
3713	return
3714}
3715
3716// DescribeHandshake API operation for AWS Organizations.
3717//
3718// Retrieves information about a previously requested handshake. The handshake
3719// ID comes from the response to the original InviteAccountToOrganization operation
3720// that generated the handshake.
3721//
3722// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
3723// 30 days after they change to that state. They're then deleted and no longer
3724// accessible.
3725//
3726// This operation can be called from any account in the organization.
3727//
3728// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3729// with awserr.Error's Code and Message methods to get detailed information about
3730// the error.
3731//
3732// See the AWS API reference guide for AWS Organizations's
3733// API operation DescribeHandshake for usage and error information.
3734//
3735// Returned Error Codes:
3736//   * ErrCodeAccessDeniedException "AccessDeniedException"
3737//   You don't have permissions to perform the requested operation. The user or
3738//   role that is making the request must have at least one IAM permissions policy
3739//   attached that grants the required permissions. For more information, see
3740//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3741//   in the IAM User Guide.
3742//
3743//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
3744//   The target of the operation is currently being modified by a different request.
3745//   Try again later.
3746//
3747//   * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
3748//   We can't find a handshake with the HandshakeId that you specified.
3749//
3750//   * ErrCodeInvalidInputException "InvalidInputException"
3751//   The requested operation failed because you provided invalid values for one
3752//   or more of the request parameters. This exception includes a reason that
3753//   contains additional information about the violated limit:
3754//
3755//   Some of the reasons in the following list might not be applicable to this
3756//   specific API or operation:
3757//
3758//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
3759//      can't be modified.
3760//
3761//      * INPUT_REQUIRED: You must include a value for all required parameters.
3762//
3763//      * INVALID_ENUM: You specified an invalid value.
3764//
3765//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
3766//
3767//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
3768//      characters.
3769//
3770//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
3771//      at least one invalid value.
3772//
3773//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
3774//      from the response to a previous call of the operation.
3775//
3776//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
3777//      organization, or email) as a party.
3778//
3779//      * INVALID_PATTERN: You provided a value that doesn't match the required
3780//      pattern.
3781//
3782//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
3783//      match the required pattern.
3784//
3785//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
3786//      name can't begin with the reserved prefix AWSServiceRoleFor.
3787//
3788//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
3789//      Name (ARN) for the organization.
3790//
3791//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
3792//
3793//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
3794//      tag. You can’t add, edit, or delete system tag keys because they're
3795//      reserved for AWS use. System tags don’t count against your tags per
3796//      resource limit.
3797//
3798//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
3799//      for the operation.
3800//
3801//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
3802//      than allowed.
3803//
3804//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
3805//      value than allowed.
3806//
3807//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
3808//      than allowed.
3809//
3810//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
3811//      value than allowed.
3812//
3813//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
3814//      between entities in the same root.
3815//
3816//   * ErrCodeServiceException "ServiceException"
3817//   AWS Organizations can't complete your request because of an internal service
3818//   error. Try again later.
3819//
3820//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3821//   You have sent too many requests in too short a period of time. The limit
3822//   helps protect against denial-of-service attacks. Try again later.
3823//
3824//   For information on limits that affect AWS Organizations, see Limits of AWS
3825//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3826//   in the AWS Organizations User Guide.
3827//
3828// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
3829func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
3830	req, out := c.DescribeHandshakeRequest(input)
3831	return out, req.Send()
3832}
3833
3834// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
3835// the ability to pass a context and additional request options.
3836//
3837// See DescribeHandshake for details on how to use this API operation.
3838//
3839// The context must be non-nil and will be used for request cancellation. If
3840// the context is nil a panic will occur. In the future the SDK may create
3841// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3842// for more information on using Contexts.
3843func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
3844	req, out := c.DescribeHandshakeRequest(input)
3845	req.SetContext(ctx)
3846	req.ApplyOptions(opts...)
3847	return out, req.Send()
3848}
3849
3850const opDescribeOrganization = "DescribeOrganization"
3851
3852// DescribeOrganizationRequest generates a "aws/request.Request" representing the
3853// client's request for the DescribeOrganization operation. The "output" return
3854// value will be populated with the request's response once the request completes
3855// successfully.
3856//
3857// Use "Send" method on the returned Request to send the API call to the service.
3858// the "output" return value is not valid until after Send returns without error.
3859//
3860// See DescribeOrganization for more information on using the DescribeOrganization
3861// API call, and error handling.
3862//
3863// This method is useful when you want to inject custom logic or configuration
3864// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3865//
3866//
3867//    // Example sending a request using the DescribeOrganizationRequest method.
3868//    req, resp := client.DescribeOrganizationRequest(params)
3869//
3870//    err := req.Send()
3871//    if err == nil { // resp is now filled
3872//        fmt.Println(resp)
3873//    }
3874//
3875// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
3876func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
3877	op := &request.Operation{
3878		Name:       opDescribeOrganization,
3879		HTTPMethod: "POST",
3880		HTTPPath:   "/",
3881	}
3882
3883	if input == nil {
3884		input = &DescribeOrganizationInput{}
3885	}
3886
3887	output = &DescribeOrganizationOutput{}
3888	req = c.newRequest(op, input, output)
3889	return
3890}
3891
3892// DescribeOrganization API operation for AWS Organizations.
3893//
3894// Retrieves information about the organization that the user's account belongs
3895// to.
3896//
3897// This operation can be called from any account in the organization.
3898//
3899// Even if a policy type is shown as available in the organization, you can
3900// disable it separately at the root level with DisablePolicyType. Use ListRoots
3901// to see the status of policy types for a specified root.
3902//
3903// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
3904// with awserr.Error's Code and Message methods to get detailed information about
3905// the error.
3906//
3907// See the AWS API reference guide for AWS Organizations's
3908// API operation DescribeOrganization for usage and error information.
3909//
3910// Returned Error Codes:
3911//   * ErrCodeAccessDeniedException "AccessDeniedException"
3912//   You don't have permissions to perform the requested operation. The user or
3913//   role that is making the request must have at least one IAM permissions policy
3914//   attached that grants the required permissions. For more information, see
3915//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
3916//   in the IAM User Guide.
3917//
3918//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
3919//   Your account isn't a member of an organization. To make this request, you
3920//   must use the credentials of an account that belongs to an organization.
3921//
3922//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
3923//   The target of the operation is currently being modified by a different request.
3924//   Try again later.
3925//
3926//   * ErrCodeServiceException "ServiceException"
3927//   AWS Organizations can't complete your request because of an internal service
3928//   error. Try again later.
3929//
3930//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
3931//   You have sent too many requests in too short a period of time. The limit
3932//   helps protect against denial-of-service attacks. Try again later.
3933//
3934//   For information on limits that affect AWS Organizations, see Limits of AWS
3935//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
3936//   in the AWS Organizations User Guide.
3937//
3938// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
3939func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
3940	req, out := c.DescribeOrganizationRequest(input)
3941	return out, req.Send()
3942}
3943
3944// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
3945// the ability to pass a context and additional request options.
3946//
3947// See DescribeOrganization for details on how to use this API operation.
3948//
3949// The context must be non-nil and will be used for request cancellation. If
3950// the context is nil a panic will occur. In the future the SDK may create
3951// sub-contexts for http.Requests. See https://golang.org/pkg/context/
3952// for more information on using Contexts.
3953func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
3954	req, out := c.DescribeOrganizationRequest(input)
3955	req.SetContext(ctx)
3956	req.ApplyOptions(opts...)
3957	return out, req.Send()
3958}
3959
3960const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
3961
3962// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
3963// client's request for the DescribeOrganizationalUnit operation. The "output" return
3964// value will be populated with the request's response once the request completes
3965// successfully.
3966//
3967// Use "Send" method on the returned Request to send the API call to the service.
3968// the "output" return value is not valid until after Send returns without error.
3969//
3970// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
3971// API call, and error handling.
3972//
3973// This method is useful when you want to inject custom logic or configuration
3974// into the SDK's request lifecycle. Such as custom headers, or retry logic.
3975//
3976//
3977//    // Example sending a request using the DescribeOrganizationalUnitRequest method.
3978//    req, resp := client.DescribeOrganizationalUnitRequest(params)
3979//
3980//    err := req.Send()
3981//    if err == nil { // resp is now filled
3982//        fmt.Println(resp)
3983//    }
3984//
3985// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
3986func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
3987	op := &request.Operation{
3988		Name:       opDescribeOrganizationalUnit,
3989		HTTPMethod: "POST",
3990		HTTPPath:   "/",
3991	}
3992
3993	if input == nil {
3994		input = &DescribeOrganizationalUnitInput{}
3995	}
3996
3997	output = &DescribeOrganizationalUnitOutput{}
3998	req = c.newRequest(op, input, output)
3999	return
4000}
4001
4002// DescribeOrganizationalUnit API operation for AWS Organizations.
4003//
4004// Retrieves information about an organizational unit (OU).
4005//
4006// This operation can be called only from the organization's master account.
4007//
4008// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4009// with awserr.Error's Code and Message methods to get detailed information about
4010// the error.
4011//
4012// See the AWS API reference guide for AWS Organizations's
4013// API operation DescribeOrganizationalUnit for usage and error information.
4014//
4015// Returned Error Codes:
4016//   * ErrCodeAccessDeniedException "AccessDeniedException"
4017//   You don't have permissions to perform the requested operation. The user or
4018//   role that is making the request must have at least one IAM permissions policy
4019//   attached that grants the required permissions. For more information, see
4020//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4021//   in the IAM User Guide.
4022//
4023//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
4024//   Your account isn't a member of an organization. To make this request, you
4025//   must use the credentials of an account that belongs to an organization.
4026//
4027//   * ErrCodeInvalidInputException "InvalidInputException"
4028//   The requested operation failed because you provided invalid values for one
4029//   or more of the request parameters. This exception includes a reason that
4030//   contains additional information about the violated limit:
4031//
4032//   Some of the reasons in the following list might not be applicable to this
4033//   specific API or operation:
4034//
4035//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4036//      can't be modified.
4037//
4038//      * INPUT_REQUIRED: You must include a value for all required parameters.
4039//
4040//      * INVALID_ENUM: You specified an invalid value.
4041//
4042//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
4043//
4044//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4045//      characters.
4046//
4047//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4048//      at least one invalid value.
4049//
4050//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4051//      from the response to a previous call of the operation.
4052//
4053//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4054//      organization, or email) as a party.
4055//
4056//      * INVALID_PATTERN: You provided a value that doesn't match the required
4057//      pattern.
4058//
4059//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4060//      match the required pattern.
4061//
4062//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4063//      name can't begin with the reserved prefix AWSServiceRoleFor.
4064//
4065//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4066//      Name (ARN) for the organization.
4067//
4068//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4069//
4070//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4071//      tag. You can’t add, edit, or delete system tag keys because they're
4072//      reserved for AWS use. System tags don’t count against your tags per
4073//      resource limit.
4074//
4075//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4076//      for the operation.
4077//
4078//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4079//      than allowed.
4080//
4081//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4082//      value than allowed.
4083//
4084//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4085//      than allowed.
4086//
4087//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4088//      value than allowed.
4089//
4090//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4091//      between entities in the same root.
4092//
4093//   * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException"
4094//   We can't find an OU with the OrganizationalUnitId that you specified.
4095//
4096//   * ErrCodeServiceException "ServiceException"
4097//   AWS Organizations can't complete your request because of an internal service
4098//   error. Try again later.
4099//
4100//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
4101//   You have sent too many requests in too short a period of time. The limit
4102//   helps protect against denial-of-service attacks. Try again later.
4103//
4104//   For information on limits that affect AWS Organizations, see Limits of AWS
4105//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
4106//   in the AWS Organizations User Guide.
4107//
4108// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
4109func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
4110	req, out := c.DescribeOrganizationalUnitRequest(input)
4111	return out, req.Send()
4112}
4113
4114// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
4115// the ability to pass a context and additional request options.
4116//
4117// See DescribeOrganizationalUnit for details on how to use this API operation.
4118//
4119// The context must be non-nil and will be used for request cancellation. If
4120// the context is nil a panic will occur. In the future the SDK may create
4121// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4122// for more information on using Contexts.
4123func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
4124	req, out := c.DescribeOrganizationalUnitRequest(input)
4125	req.SetContext(ctx)
4126	req.ApplyOptions(opts...)
4127	return out, req.Send()
4128}
4129
4130const opDescribePolicy = "DescribePolicy"
4131
4132// DescribePolicyRequest generates a "aws/request.Request" representing the
4133// client's request for the DescribePolicy operation. The "output" return
4134// value will be populated with the request's response once the request completes
4135// successfully.
4136//
4137// Use "Send" method on the returned Request to send the API call to the service.
4138// the "output" return value is not valid until after Send returns without error.
4139//
4140// See DescribePolicy for more information on using the DescribePolicy
4141// API call, and error handling.
4142//
4143// This method is useful when you want to inject custom logic or configuration
4144// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4145//
4146//
4147//    // Example sending a request using the DescribePolicyRequest method.
4148//    req, resp := client.DescribePolicyRequest(params)
4149//
4150//    err := req.Send()
4151//    if err == nil { // resp is now filled
4152//        fmt.Println(resp)
4153//    }
4154//
4155// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
4156func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
4157	op := &request.Operation{
4158		Name:       opDescribePolicy,
4159		HTTPMethod: "POST",
4160		HTTPPath:   "/",
4161	}
4162
4163	if input == nil {
4164		input = &DescribePolicyInput{}
4165	}
4166
4167	output = &DescribePolicyOutput{}
4168	req = c.newRequest(op, input, output)
4169	return
4170}
4171
4172// DescribePolicy API operation for AWS Organizations.
4173//
4174// Retrieves information about a policy.
4175//
4176// This operation can be called only from the organization's master account.
4177//
4178// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4179// with awserr.Error's Code and Message methods to get detailed information about
4180// the error.
4181//
4182// See the AWS API reference guide for AWS Organizations's
4183// API operation DescribePolicy for usage and error information.
4184//
4185// Returned Error Codes:
4186//   * ErrCodeAccessDeniedException "AccessDeniedException"
4187//   You don't have permissions to perform the requested operation. The user or
4188//   role that is making the request must have at least one IAM permissions policy
4189//   attached that grants the required permissions. For more information, see
4190//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4191//   in the IAM User Guide.
4192//
4193//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
4194//   Your account isn't a member of an organization. To make this request, you
4195//   must use the credentials of an account that belongs to an organization.
4196//
4197//   * ErrCodeInvalidInputException "InvalidInputException"
4198//   The requested operation failed because you provided invalid values for one
4199//   or more of the request parameters. This exception includes a reason that
4200//   contains additional information about the violated limit:
4201//
4202//   Some of the reasons in the following list might not be applicable to this
4203//   specific API or operation:
4204//
4205//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4206//      can't be modified.
4207//
4208//      * INPUT_REQUIRED: You must include a value for all required parameters.
4209//
4210//      * INVALID_ENUM: You specified an invalid value.
4211//
4212//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
4213//
4214//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4215//      characters.
4216//
4217//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4218//      at least one invalid value.
4219//
4220//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4221//      from the response to a previous call of the operation.
4222//
4223//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4224//      organization, or email) as a party.
4225//
4226//      * INVALID_PATTERN: You provided a value that doesn't match the required
4227//      pattern.
4228//
4229//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4230//      match the required pattern.
4231//
4232//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4233//      name can't begin with the reserved prefix AWSServiceRoleFor.
4234//
4235//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4236//      Name (ARN) for the organization.
4237//
4238//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4239//
4240//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4241//      tag. You can’t add, edit, or delete system tag keys because they're
4242//      reserved for AWS use. System tags don’t count against your tags per
4243//      resource limit.
4244//
4245//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4246//      for the operation.
4247//
4248//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4249//      than allowed.
4250//
4251//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4252//      value than allowed.
4253//
4254//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4255//      than allowed.
4256//
4257//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4258//      value than allowed.
4259//
4260//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4261//      between entities in the same root.
4262//
4263//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
4264//   We can't find a policy with the PolicyId that you specified.
4265//
4266//   * ErrCodeServiceException "ServiceException"
4267//   AWS Organizations can't complete your request because of an internal service
4268//   error. Try again later.
4269//
4270//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
4271//   You have sent too many requests in too short a period of time. The limit
4272//   helps protect against denial-of-service attacks. Try again later.
4273//
4274//   For information on limits that affect AWS Organizations, see Limits of AWS
4275//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
4276//   in the AWS Organizations User Guide.
4277//
4278//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
4279//   This action isn't available in the current Region.
4280//
4281// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
4282func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) {
4283	req, out := c.DescribePolicyRequest(input)
4284	return out, req.Send()
4285}
4286
4287// DescribePolicyWithContext is the same as DescribePolicy with the addition of
4288// the ability to pass a context and additional request options.
4289//
4290// See DescribePolicy for details on how to use this API operation.
4291//
4292// The context must be non-nil and will be used for request cancellation. If
4293// the context is nil a panic will occur. In the future the SDK may create
4294// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4295// for more information on using Contexts.
4296func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) {
4297	req, out := c.DescribePolicyRequest(input)
4298	req.SetContext(ctx)
4299	req.ApplyOptions(opts...)
4300	return out, req.Send()
4301}
4302
4303const opDetachPolicy = "DetachPolicy"
4304
4305// DetachPolicyRequest generates a "aws/request.Request" representing the
4306// client's request for the DetachPolicy operation. The "output" return
4307// value will be populated with the request's response once the request completes
4308// successfully.
4309//
4310// Use "Send" method on the returned Request to send the API call to the service.
4311// the "output" return value is not valid until after Send returns without error.
4312//
4313// See DetachPolicy for more information on using the DetachPolicy
4314// API call, and error handling.
4315//
4316// This method is useful when you want to inject custom logic or configuration
4317// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4318//
4319//
4320//    // Example sending a request using the DetachPolicyRequest method.
4321//    req, resp := client.DetachPolicyRequest(params)
4322//
4323//    err := req.Send()
4324//    if err == nil { // resp is now filled
4325//        fmt.Println(resp)
4326//    }
4327//
4328// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
4329func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) {
4330	op := &request.Operation{
4331		Name:       opDetachPolicy,
4332		HTTPMethod: "POST",
4333		HTTPPath:   "/",
4334	}
4335
4336	if input == nil {
4337		input = &DetachPolicyInput{}
4338	}
4339
4340	output = &DetachPolicyOutput{}
4341	req = c.newRequest(op, input, output)
4342	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
4343	return
4344}
4345
4346// DetachPolicy API operation for AWS Organizations.
4347//
4348// Detaches a policy from a target root, organizational unit (OU), or account.
4349// If the policy being detached is a service control policy (SCP), the changes
4350// to permissions for IAM users and roles in affected accounts are immediate.
4351//
4352// Note: Every root, OU, and account must have at least one SCP attached. You
4353// can replace the default FullAWSAccess policy with one that limits the permissions
4354// that can be delegated. To do that, you must attach the replacement policy
4355// before you can remove the default one. This is the authorization strategy
4356// of using an allow list (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist).
4357// You could instead attach a second SCP and leave the FullAWSAccess SCP still
4358// attached. You could then specify "Effect": "Deny" in the second SCP to override
4359// the "Effect": "Allow" in the FullAWSAccess policy (or any other attached
4360// SCP). If you take these steps, you're using the authorization strategy of
4361// a deny list (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist).
4362//
4363// This operation can be called only from the organization's master account.
4364//
4365// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4366// with awserr.Error's Code and Message methods to get detailed information about
4367// the error.
4368//
4369// See the AWS API reference guide for AWS Organizations's
4370// API operation DetachPolicy for usage and error information.
4371//
4372// Returned Error Codes:
4373//   * ErrCodeAccessDeniedException "AccessDeniedException"
4374//   You don't have permissions to perform the requested operation. The user or
4375//   role that is making the request must have at least one IAM permissions policy
4376//   attached that grants the required permissions. For more information, see
4377//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4378//   in the IAM User Guide.
4379//
4380//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
4381//   Your account isn't a member of an organization. To make this request, you
4382//   must use the credentials of an account that belongs to an organization.
4383//
4384//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
4385//   The target of the operation is currently being modified by a different request.
4386//   Try again later.
4387//
4388//   * ErrCodeConstraintViolationException "ConstraintViolationException"
4389//   Performing this operation violates a minimum or maximum value limit. Examples
4390//   include attempting to remove the last service control policy (SCP) from an
4391//   OU or root, or attaching too many policies to an account, OU, or root. This
4392//   exception includes a reason that contains additional information about the
4393//   violated limit.
4394//
4395//   Some of the reasons in the following list might not be applicable to this
4396//   specific API or operation:
4397//
4398//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
4399//      from the organization that doesn't yet have enough information to exist
4400//      as a standalone account. This account requires you to first agree to the
4401//      AWS Customer Agreement. Follow the steps at To leave an organization when
4402//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4403//      in the AWS Organizations User Guide.
4404//
4405//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
4406//      an account from the organization that doesn't yet have enough information
4407//      to exist as a standalone account. This account requires you to first complete
4408//      phone verification. Follow the steps at To leave an organization when
4409//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4410//      in the AWS Organizations User Guide.
4411//
4412//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
4413//      of accounts that you can create in one day.
4414//
4415//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
4416//      the number of accounts in an organization. If you need more accounts,
4417//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
4418//      request an increase in your limit. Or the number of invitations that you
4419//      tried to send would cause you to exceed the limit of accounts in your
4420//      organization. Send fewer invitations or contact AWS Support to request
4421//      an increase in the number of accounts. Deleted and closed accounts still
4422//      count toward your limit. If you get receive this exception when running
4423//      a command immediately after creating the organization, wait one hour and
4424//      try again. If after an hour it continues to fail with this error, contact
4425//      AWS Support (https://console.aws.amazon.com/support/home#/).
4426//
4427//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
4428//      handshakes that you can send in one day.
4429//
4430//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
4431//      in this organization, you first must migrate the organization's master
4432//      account to the marketplace that corresponds to the master account's address.
4433//      For example, accounts with India addresses must be associated with the
4434//      AISPL marketplace. All accounts in an organization must be associated
4435//      with the same marketplace.
4436//
4437//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
4438//      must first provide contact a valid address and phone number for the master
4439//      account. Then try the operation again.
4440//
4441//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
4442//      master account must have an associated account in the AWS GovCloud (US-West)
4443//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
4444//      in the AWS GovCloud User Guide.
4445//
4446//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
4447//      with this master account, you first must associate a valid payment instrument,
4448//      such as a credit card, with the account. Follow the steps at To leave
4449//      an organization when all required account information has not yet been
4450//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4451//      in the AWS Organizations User Guide.
4452//
4453//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
4454//      number of policies of a certain type that can be attached to an entity
4455//      at one time.
4456//
4457//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
4458//      on this resource.
4459//
4460//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
4461//      with this member account, you first must associate a valid payment instrument,
4462//      such as a credit card, with the account. Follow the steps at To leave
4463//      an organization when all required account information has not yet been
4464//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4465//      in the AWS Organizations User Guide.
4466//
4467//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
4468//      policy from an entity, which would cause the entity to have fewer than
4469//      the minimum number of policies of the required type.
4470//
4471//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
4472//      too many levels deep.
4473//
4474//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
4475//      that requires the organization to be configured to support all features.
4476//      An organization that supports only consolidated billing features can't
4477//      perform this operation.
4478//
4479//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
4480//      that you can have in an organization.
4481//
4482//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
4483//      policies that you can have in an organization.
4484//
4485//   * ErrCodeInvalidInputException "InvalidInputException"
4486//   The requested operation failed because you provided invalid values for one
4487//   or more of the request parameters. This exception includes a reason that
4488//   contains additional information about the violated limit:
4489//
4490//   Some of the reasons in the following list might not be applicable to this
4491//   specific API or operation:
4492//
4493//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4494//      can't be modified.
4495//
4496//      * INPUT_REQUIRED: You must include a value for all required parameters.
4497//
4498//      * INVALID_ENUM: You specified an invalid value.
4499//
4500//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
4501//
4502//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4503//      characters.
4504//
4505//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4506//      at least one invalid value.
4507//
4508//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4509//      from the response to a previous call of the operation.
4510//
4511//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4512//      organization, or email) as a party.
4513//
4514//      * INVALID_PATTERN: You provided a value that doesn't match the required
4515//      pattern.
4516//
4517//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4518//      match the required pattern.
4519//
4520//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4521//      name can't begin with the reserved prefix AWSServiceRoleFor.
4522//
4523//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4524//      Name (ARN) for the organization.
4525//
4526//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4527//
4528//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4529//      tag. You can’t add, edit, or delete system tag keys because they're
4530//      reserved for AWS use. System tags don’t count against your tags per
4531//      resource limit.
4532//
4533//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4534//      for the operation.
4535//
4536//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4537//      than allowed.
4538//
4539//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4540//      value than allowed.
4541//
4542//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4543//      than allowed.
4544//
4545//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4546//      value than allowed.
4547//
4548//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4549//      between entities in the same root.
4550//
4551//   * ErrCodePolicyNotAttachedException "PolicyNotAttachedException"
4552//   The policy isn't attached to the specified target in the specified root.
4553//
4554//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
4555//   We can't find a policy with the PolicyId that you specified.
4556//
4557//   * ErrCodeServiceException "ServiceException"
4558//   AWS Organizations can't complete your request because of an internal service
4559//   error. Try again later.
4560//
4561//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
4562//   We can't find a root, OU, or account with the TargetId that you specified.
4563//
4564//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
4565//   You have sent too many requests in too short a period of time. The limit
4566//   helps protect against denial-of-service attacks. Try again later.
4567//
4568//   For information on limits that affect AWS Organizations, see Limits of AWS
4569//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
4570//   in the AWS Organizations User Guide.
4571//
4572//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
4573//   This action isn't available in the current Region.
4574//
4575//   * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException"
4576//   Changes to the effective policy are in progress, and its contents can't be
4577//   returned. Try the operation again later.
4578//
4579// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
4580func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) {
4581	req, out := c.DetachPolicyRequest(input)
4582	return out, req.Send()
4583}
4584
4585// DetachPolicyWithContext is the same as DetachPolicy with the addition of
4586// the ability to pass a context and additional request options.
4587//
4588// See DetachPolicy for details on how to use this API operation.
4589//
4590// The context must be non-nil and will be used for request cancellation. If
4591// the context is nil a panic will occur. In the future the SDK may create
4592// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4593// for more information on using Contexts.
4594func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) {
4595	req, out := c.DetachPolicyRequest(input)
4596	req.SetContext(ctx)
4597	req.ApplyOptions(opts...)
4598	return out, req.Send()
4599}
4600
4601const opDisableAWSServiceAccess = "DisableAWSServiceAccess"
4602
4603// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the
4604// client's request for the DisableAWSServiceAccess operation. The "output" return
4605// value will be populated with the request's response once the request completes
4606// successfully.
4607//
4608// Use "Send" method on the returned Request to send the API call to the service.
4609// the "output" return value is not valid until after Send returns without error.
4610//
4611// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess
4612// API call, and error handling.
4613//
4614// This method is useful when you want to inject custom logic or configuration
4615// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4616//
4617//
4618//    // Example sending a request using the DisableAWSServiceAccessRequest method.
4619//    req, resp := client.DisableAWSServiceAccessRequest(params)
4620//
4621//    err := req.Send()
4622//    if err == nil { // resp is now filled
4623//        fmt.Println(resp)
4624//    }
4625//
4626// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
4627func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) {
4628	op := &request.Operation{
4629		Name:       opDisableAWSServiceAccess,
4630		HTTPMethod: "POST",
4631		HTTPPath:   "/",
4632	}
4633
4634	if input == nil {
4635		input = &DisableAWSServiceAccessInput{}
4636	}
4637
4638	output = &DisableAWSServiceAccessOutput{}
4639	req = c.newRequest(op, input, output)
4640	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
4641	return
4642}
4643
4644// DisableAWSServiceAccess API operation for AWS Organizations.
4645//
4646// Disables the integration of an AWS service (the service that is specified
4647// by ServicePrincipal) with AWS Organizations. When you disable integration,
4648// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
4649// in new accounts in your organization. This means the service can't perform
4650// operations on your behalf on any new accounts in your organization. The service
4651// can still perform operations in older accounts until the service completes
4652// its clean-up from AWS Organizations.
4653//
4654// We recommend that you disable integration between AWS Organizations and the
4655// specified AWS service by using the console or commands that are provided
4656// by the specified service. Doing so ensures that the other service is aware
4657// that it can clean up any resources that are required only for the integration.
4658// How the service cleans up its resources in the organization's accounts depends
4659// on that service. For more information, see the documentation for the other
4660// AWS service.
4661//
4662// After you perform the DisableAWSServiceAccess operation, the specified service
4663// can no longer perform operations in your organization's accounts. The only
4664// exception is when the operations are explicitly permitted by IAM policies
4665// that are attached to your roles.
4666//
4667// For more information about integrating other services with AWS Organizations,
4668// including the list of services that work with Organizations, see Integrating
4669// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
4670// in the AWS Organizations User Guide.
4671//
4672// This operation can be called only from the organization's master account.
4673//
4674// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4675// with awserr.Error's Code and Message methods to get detailed information about
4676// the error.
4677//
4678// See the AWS API reference guide for AWS Organizations's
4679// API operation DisableAWSServiceAccess for usage and error information.
4680//
4681// Returned Error Codes:
4682//   * ErrCodeAccessDeniedException "AccessDeniedException"
4683//   You don't have permissions to perform the requested operation. The user or
4684//   role that is making the request must have at least one IAM permissions policy
4685//   attached that grants the required permissions. For more information, see
4686//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4687//   in the IAM User Guide.
4688//
4689//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
4690//   Your account isn't a member of an organization. To make this request, you
4691//   must use the credentials of an account that belongs to an organization.
4692//
4693//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
4694//   The target of the operation is currently being modified by a different request.
4695//   Try again later.
4696//
4697//   * ErrCodeConstraintViolationException "ConstraintViolationException"
4698//   Performing this operation violates a minimum or maximum value limit. Examples
4699//   include attempting to remove the last service control policy (SCP) from an
4700//   OU or root, or attaching too many policies to an account, OU, or root. This
4701//   exception includes a reason that contains additional information about the
4702//   violated limit.
4703//
4704//   Some of the reasons in the following list might not be applicable to this
4705//   specific API or operation:
4706//
4707//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
4708//      from the organization that doesn't yet have enough information to exist
4709//      as a standalone account. This account requires you to first agree to the
4710//      AWS Customer Agreement. Follow the steps at To leave an organization when
4711//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4712//      in the AWS Organizations User Guide.
4713//
4714//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
4715//      an account from the organization that doesn't yet have enough information
4716//      to exist as a standalone account. This account requires you to first complete
4717//      phone verification. Follow the steps at To leave an organization when
4718//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4719//      in the AWS Organizations User Guide.
4720//
4721//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
4722//      of accounts that you can create in one day.
4723//
4724//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
4725//      the number of accounts in an organization. If you need more accounts,
4726//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
4727//      request an increase in your limit. Or the number of invitations that you
4728//      tried to send would cause you to exceed the limit of accounts in your
4729//      organization. Send fewer invitations or contact AWS Support to request
4730//      an increase in the number of accounts. Deleted and closed accounts still
4731//      count toward your limit. If you get receive this exception when running
4732//      a command immediately after creating the organization, wait one hour and
4733//      try again. If after an hour it continues to fail with this error, contact
4734//      AWS Support (https://console.aws.amazon.com/support/home#/).
4735//
4736//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
4737//      handshakes that you can send in one day.
4738//
4739//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
4740//      in this organization, you first must migrate the organization's master
4741//      account to the marketplace that corresponds to the master account's address.
4742//      For example, accounts with India addresses must be associated with the
4743//      AISPL marketplace. All accounts in an organization must be associated
4744//      with the same marketplace.
4745//
4746//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
4747//      must first provide contact a valid address and phone number for the master
4748//      account. Then try the operation again.
4749//
4750//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
4751//      master account must have an associated account in the AWS GovCloud (US-West)
4752//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
4753//      in the AWS GovCloud User Guide.
4754//
4755//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
4756//      with this master account, you first must associate a valid payment instrument,
4757//      such as a credit card, with the account. Follow the steps at To leave
4758//      an organization when all required account information has not yet been
4759//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4760//      in the AWS Organizations User Guide.
4761//
4762//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
4763//      number of policies of a certain type that can be attached to an entity
4764//      at one time.
4765//
4766//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
4767//      on this resource.
4768//
4769//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
4770//      with this member account, you first must associate a valid payment instrument,
4771//      such as a credit card, with the account. Follow the steps at To leave
4772//      an organization when all required account information has not yet been
4773//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4774//      in the AWS Organizations User Guide.
4775//
4776//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
4777//      policy from an entity, which would cause the entity to have fewer than
4778//      the minimum number of policies of the required type.
4779//
4780//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
4781//      too many levels deep.
4782//
4783//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
4784//      that requires the organization to be configured to support all features.
4785//      An organization that supports only consolidated billing features can't
4786//      perform this operation.
4787//
4788//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
4789//      that you can have in an organization.
4790//
4791//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
4792//      policies that you can have in an organization.
4793//
4794//   * ErrCodeInvalidInputException "InvalidInputException"
4795//   The requested operation failed because you provided invalid values for one
4796//   or more of the request parameters. This exception includes a reason that
4797//   contains additional information about the violated limit:
4798//
4799//   Some of the reasons in the following list might not be applicable to this
4800//   specific API or operation:
4801//
4802//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
4803//      can't be modified.
4804//
4805//      * INPUT_REQUIRED: You must include a value for all required parameters.
4806//
4807//      * INVALID_ENUM: You specified an invalid value.
4808//
4809//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
4810//
4811//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
4812//      characters.
4813//
4814//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
4815//      at least one invalid value.
4816//
4817//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
4818//      from the response to a previous call of the operation.
4819//
4820//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
4821//      organization, or email) as a party.
4822//
4823//      * INVALID_PATTERN: You provided a value that doesn't match the required
4824//      pattern.
4825//
4826//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
4827//      match the required pattern.
4828//
4829//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
4830//      name can't begin with the reserved prefix AWSServiceRoleFor.
4831//
4832//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
4833//      Name (ARN) for the organization.
4834//
4835//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
4836//
4837//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
4838//      tag. You can’t add, edit, or delete system tag keys because they're
4839//      reserved for AWS use. System tags don’t count against your tags per
4840//      resource limit.
4841//
4842//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
4843//      for the operation.
4844//
4845//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
4846//      than allowed.
4847//
4848//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
4849//      value than allowed.
4850//
4851//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
4852//      than allowed.
4853//
4854//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
4855//      value than allowed.
4856//
4857//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
4858//      between entities in the same root.
4859//
4860//   * ErrCodeServiceException "ServiceException"
4861//   AWS Organizations can't complete your request because of an internal service
4862//   error. Try again later.
4863//
4864//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
4865//   You have sent too many requests in too short a period of time. The limit
4866//   helps protect against denial-of-service attacks. Try again later.
4867//
4868//   For information on limits that affect AWS Organizations, see Limits of AWS
4869//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
4870//   in the AWS Organizations User Guide.
4871//
4872// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
4873func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) {
4874	req, out := c.DisableAWSServiceAccessRequest(input)
4875	return out, req.Send()
4876}
4877
4878// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of
4879// the ability to pass a context and additional request options.
4880//
4881// See DisableAWSServiceAccess for details on how to use this API operation.
4882//
4883// The context must be non-nil and will be used for request cancellation. If
4884// the context is nil a panic will occur. In the future the SDK may create
4885// sub-contexts for http.Requests. See https://golang.org/pkg/context/
4886// for more information on using Contexts.
4887func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) {
4888	req, out := c.DisableAWSServiceAccessRequest(input)
4889	req.SetContext(ctx)
4890	req.ApplyOptions(opts...)
4891	return out, req.Send()
4892}
4893
4894const opDisablePolicyType = "DisablePolicyType"
4895
4896// DisablePolicyTypeRequest generates a "aws/request.Request" representing the
4897// client's request for the DisablePolicyType operation. The "output" return
4898// value will be populated with the request's response once the request completes
4899// successfully.
4900//
4901// Use "Send" method on the returned Request to send the API call to the service.
4902// the "output" return value is not valid until after Send returns without error.
4903//
4904// See DisablePolicyType for more information on using the DisablePolicyType
4905// API call, and error handling.
4906//
4907// This method is useful when you want to inject custom logic or configuration
4908// into the SDK's request lifecycle. Such as custom headers, or retry logic.
4909//
4910//
4911//    // Example sending a request using the DisablePolicyTypeRequest method.
4912//    req, resp := client.DisablePolicyTypeRequest(params)
4913//
4914//    err := req.Send()
4915//    if err == nil { // resp is now filled
4916//        fmt.Println(resp)
4917//    }
4918//
4919// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
4920func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) {
4921	op := &request.Operation{
4922		Name:       opDisablePolicyType,
4923		HTTPMethod: "POST",
4924		HTTPPath:   "/",
4925	}
4926
4927	if input == nil {
4928		input = &DisablePolicyTypeInput{}
4929	}
4930
4931	output = &DisablePolicyTypeOutput{}
4932	req = c.newRequest(op, input, output)
4933	return
4934}
4935
4936// DisablePolicyType API operation for AWS Organizations.
4937//
4938// Disables an organizational control policy type in a root and detaches all
4939// policies of that type from the organization root, OUs, and accounts. A policy
4940// of a certain type can be attached to entities in a root only if that type
4941// is enabled in the root. After you perform this operation, you no longer can
4942// attach policies of the specified type to that root or to any organizational
4943// unit (OU) or account in that root. You can undo this by using the EnablePolicyType
4944// operation.
4945//
4946// This is an asynchronous request that AWS performs in the background. If you
4947// disable a policy for a root, it still appears enabled for the organization
4948// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
4949// are enabled for the organization. AWS recommends that you first use ListRoots
4950// to see the status of policy types for a specified root, and then use this
4951// operation.
4952//
4953// This operation can be called only from the organization's master account.
4954//
4955// To view the status of available policy types in the organization, use DescribeOrganization.
4956//
4957// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
4958// with awserr.Error's Code and Message methods to get detailed information about
4959// the error.
4960//
4961// See the AWS API reference guide for AWS Organizations's
4962// API operation DisablePolicyType for usage and error information.
4963//
4964// Returned Error Codes:
4965//   * ErrCodeAccessDeniedException "AccessDeniedException"
4966//   You don't have permissions to perform the requested operation. The user or
4967//   role that is making the request must have at least one IAM permissions policy
4968//   attached that grants the required permissions. For more information, see
4969//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
4970//   in the IAM User Guide.
4971//
4972//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
4973//   Your account isn't a member of an organization. To make this request, you
4974//   must use the credentials of an account that belongs to an organization.
4975//
4976//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
4977//   The target of the operation is currently being modified by a different request.
4978//   Try again later.
4979//
4980//   * ErrCodeConstraintViolationException "ConstraintViolationException"
4981//   Performing this operation violates a minimum or maximum value limit. Examples
4982//   include attempting to remove the last service control policy (SCP) from an
4983//   OU or root, or attaching too many policies to an account, OU, or root. This
4984//   exception includes a reason that contains additional information about the
4985//   violated limit.
4986//
4987//   Some of the reasons in the following list might not be applicable to this
4988//   specific API or operation:
4989//
4990//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
4991//      from the organization that doesn't yet have enough information to exist
4992//      as a standalone account. This account requires you to first agree to the
4993//      AWS Customer Agreement. Follow the steps at To leave an organization when
4994//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
4995//      in the AWS Organizations User Guide.
4996//
4997//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
4998//      an account from the organization that doesn't yet have enough information
4999//      to exist as a standalone account. This account requires you to first complete
5000//      phone verification. Follow the steps at To leave an organization when
5001//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5002//      in the AWS Organizations User Guide.
5003//
5004//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5005//      of accounts that you can create in one day.
5006//
5007//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5008//      the number of accounts in an organization. If you need more accounts,
5009//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5010//      request an increase in your limit. Or the number of invitations that you
5011//      tried to send would cause you to exceed the limit of accounts in your
5012//      organization. Send fewer invitations or contact AWS Support to request
5013//      an increase in the number of accounts. Deleted and closed accounts still
5014//      count toward your limit. If you get receive this exception when running
5015//      a command immediately after creating the organization, wait one hour and
5016//      try again. If after an hour it continues to fail with this error, contact
5017//      AWS Support (https://console.aws.amazon.com/support/home#/).
5018//
5019//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5020//      handshakes that you can send in one day.
5021//
5022//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5023//      in this organization, you first must migrate the organization's master
5024//      account to the marketplace that corresponds to the master account's address.
5025//      For example, accounts with India addresses must be associated with the
5026//      AISPL marketplace. All accounts in an organization must be associated
5027//      with the same marketplace.
5028//
5029//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5030//      must first provide contact a valid address and phone number for the master
5031//      account. Then try the operation again.
5032//
5033//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5034//      master account must have an associated account in the AWS GovCloud (US-West)
5035//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5036//      in the AWS GovCloud User Guide.
5037//
5038//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5039//      with this master account, you first must associate a valid payment instrument,
5040//      such as a credit card, with the account. Follow the steps at To leave
5041//      an organization when all required account information has not yet been
5042//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5043//      in the AWS Organizations User Guide.
5044//
5045//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5046//      number of policies of a certain type that can be attached to an entity
5047//      at one time.
5048//
5049//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5050//      on this resource.
5051//
5052//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5053//      with this member account, you first must associate a valid payment instrument,
5054//      such as a credit card, with the account. Follow the steps at To leave
5055//      an organization when all required account information has not yet been
5056//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5057//      in the AWS Organizations User Guide.
5058//
5059//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5060//      policy from an entity, which would cause the entity to have fewer than
5061//      the minimum number of policies of the required type.
5062//
5063//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5064//      too many levels deep.
5065//
5066//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5067//      that requires the organization to be configured to support all features.
5068//      An organization that supports only consolidated billing features can't
5069//      perform this operation.
5070//
5071//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5072//      that you can have in an organization.
5073//
5074//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
5075//      policies that you can have in an organization.
5076//
5077//   * ErrCodeInvalidInputException "InvalidInputException"
5078//   The requested operation failed because you provided invalid values for one
5079//   or more of the request parameters. This exception includes a reason that
5080//   contains additional information about the violated limit:
5081//
5082//   Some of the reasons in the following list might not be applicable to this
5083//   specific API or operation:
5084//
5085//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5086//      can't be modified.
5087//
5088//      * INPUT_REQUIRED: You must include a value for all required parameters.
5089//
5090//      * INVALID_ENUM: You specified an invalid value.
5091//
5092//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
5093//
5094//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5095//      characters.
5096//
5097//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5098//      at least one invalid value.
5099//
5100//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5101//      from the response to a previous call of the operation.
5102//
5103//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5104//      organization, or email) as a party.
5105//
5106//      * INVALID_PATTERN: You provided a value that doesn't match the required
5107//      pattern.
5108//
5109//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5110//      match the required pattern.
5111//
5112//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5113//      name can't begin with the reserved prefix AWSServiceRoleFor.
5114//
5115//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5116//      Name (ARN) for the organization.
5117//
5118//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5119//
5120//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5121//      tag. You can’t add, edit, or delete system tag keys because they're
5122//      reserved for AWS use. System tags don’t count against your tags per
5123//      resource limit.
5124//
5125//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5126//      for the operation.
5127//
5128//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5129//      than allowed.
5130//
5131//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5132//      value than allowed.
5133//
5134//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5135//      than allowed.
5136//
5137//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5138//      value than allowed.
5139//
5140//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5141//      between entities in the same root.
5142//
5143//   * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException"
5144//   The specified policy type isn't currently enabled in this root. You can't
5145//   attach policies of the specified type to entities in a root until you enable
5146//   that type in the root. For more information, see Enabling All Features in
5147//   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
5148//   in the AWS Organizations User Guide.
5149//
5150//   * ErrCodeRootNotFoundException "RootNotFoundException"
5151//   We can't find a root with the RootId that you specified.
5152//
5153//   * ErrCodeServiceException "ServiceException"
5154//   AWS Organizations can't complete your request because of an internal service
5155//   error. Try again later.
5156//
5157//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
5158//   You have sent too many requests in too short a period of time. The limit
5159//   helps protect against denial-of-service attacks. Try again later.
5160//
5161//   For information on limits that affect AWS Organizations, see Limits of AWS
5162//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
5163//   in the AWS Organizations User Guide.
5164//
5165//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
5166//   This action isn't available in the current Region.
5167//
5168//   * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException"
5169//   Changes to the effective policy are in progress, and its contents can't be
5170//   returned. Try the operation again later.
5171//
5172// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
5173func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) {
5174	req, out := c.DisablePolicyTypeRequest(input)
5175	return out, req.Send()
5176}
5177
5178// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of
5179// the ability to pass a context and additional request options.
5180//
5181// See DisablePolicyType for details on how to use this API operation.
5182//
5183// The context must be non-nil and will be used for request cancellation. If
5184// the context is nil a panic will occur. In the future the SDK may create
5185// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5186// for more information on using Contexts.
5187func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) {
5188	req, out := c.DisablePolicyTypeRequest(input)
5189	req.SetContext(ctx)
5190	req.ApplyOptions(opts...)
5191	return out, req.Send()
5192}
5193
5194const opEnableAWSServiceAccess = "EnableAWSServiceAccess"
5195
5196// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the
5197// client's request for the EnableAWSServiceAccess operation. The "output" return
5198// value will be populated with the request's response once the request completes
5199// successfully.
5200//
5201// Use "Send" method on the returned Request to send the API call to the service.
5202// the "output" return value is not valid until after Send returns without error.
5203//
5204// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess
5205// API call, and error handling.
5206//
5207// This method is useful when you want to inject custom logic or configuration
5208// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5209//
5210//
5211//    // Example sending a request using the EnableAWSServiceAccessRequest method.
5212//    req, resp := client.EnableAWSServiceAccessRequest(params)
5213//
5214//    err := req.Send()
5215//    if err == nil { // resp is now filled
5216//        fmt.Println(resp)
5217//    }
5218//
5219// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
5220func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) {
5221	op := &request.Operation{
5222		Name:       opEnableAWSServiceAccess,
5223		HTTPMethod: "POST",
5224		HTTPPath:   "/",
5225	}
5226
5227	if input == nil {
5228		input = &EnableAWSServiceAccessInput{}
5229	}
5230
5231	output = &EnableAWSServiceAccessOutput{}
5232	req = c.newRequest(op, input, output)
5233	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
5234	return
5235}
5236
5237// EnableAWSServiceAccess API operation for AWS Organizations.
5238//
5239// Enables the integration of an AWS service (the service that is specified
5240// by ServicePrincipal) with AWS Organizations. When you enable integration,
5241// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
5242// in all the accounts in your organization. This allows the service to perform
5243// operations on your behalf in your organization and its accounts.
5244//
5245// We recommend that you enable integration between AWS Organizations and the
5246// specified AWS service by using the console or commands that are provided
5247// by the specified service. Doing so ensures that the service is aware that
5248// it can create the resources that are required for the integration. How the
5249// service creates those resources in the organization's accounts depends on
5250// that service. For more information, see the documentation for the other AWS
5251// service.
5252//
5253// For more information about enabling services to integrate with AWS Organizations,
5254// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
5255// in the AWS Organizations User Guide.
5256//
5257// This operation can be called only from the organization's master account
5258// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
5259//
5260// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5261// with awserr.Error's Code and Message methods to get detailed information about
5262// the error.
5263//
5264// See the AWS API reference guide for AWS Organizations's
5265// API operation EnableAWSServiceAccess for usage and error information.
5266//
5267// Returned Error Codes:
5268//   * ErrCodeAccessDeniedException "AccessDeniedException"
5269//   You don't have permissions to perform the requested operation. The user or
5270//   role that is making the request must have at least one IAM permissions policy
5271//   attached that grants the required permissions. For more information, see
5272//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5273//   in the IAM User Guide.
5274//
5275//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
5276//   Your account isn't a member of an organization. To make this request, you
5277//   must use the credentials of an account that belongs to an organization.
5278//
5279//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
5280//   The target of the operation is currently being modified by a different request.
5281//   Try again later.
5282//
5283//   * ErrCodeConstraintViolationException "ConstraintViolationException"
5284//   Performing this operation violates a minimum or maximum value limit. Examples
5285//   include attempting to remove the last service control policy (SCP) from an
5286//   OU or root, or attaching too many policies to an account, OU, or root. This
5287//   exception includes a reason that contains additional information about the
5288//   violated limit.
5289//
5290//   Some of the reasons in the following list might not be applicable to this
5291//   specific API or operation:
5292//
5293//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5294//      from the organization that doesn't yet have enough information to exist
5295//      as a standalone account. This account requires you to first agree to the
5296//      AWS Customer Agreement. Follow the steps at To leave an organization when
5297//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5298//      in the AWS Organizations User Guide.
5299//
5300//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5301//      an account from the organization that doesn't yet have enough information
5302//      to exist as a standalone account. This account requires you to first complete
5303//      phone verification. Follow the steps at To leave an organization when
5304//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5305//      in the AWS Organizations User Guide.
5306//
5307//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5308//      of accounts that you can create in one day.
5309//
5310//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5311//      the number of accounts in an organization. If you need more accounts,
5312//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5313//      request an increase in your limit. Or the number of invitations that you
5314//      tried to send would cause you to exceed the limit of accounts in your
5315//      organization. Send fewer invitations or contact AWS Support to request
5316//      an increase in the number of accounts. Deleted and closed accounts still
5317//      count toward your limit. If you get receive this exception when running
5318//      a command immediately after creating the organization, wait one hour and
5319//      try again. If after an hour it continues to fail with this error, contact
5320//      AWS Support (https://console.aws.amazon.com/support/home#/).
5321//
5322//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5323//      handshakes that you can send in one day.
5324//
5325//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5326//      in this organization, you first must migrate the organization's master
5327//      account to the marketplace that corresponds to the master account's address.
5328//      For example, accounts with India addresses must be associated with the
5329//      AISPL marketplace. All accounts in an organization must be associated
5330//      with the same marketplace.
5331//
5332//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5333//      must first provide contact a valid address and phone number for the master
5334//      account. Then try the operation again.
5335//
5336//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5337//      master account must have an associated account in the AWS GovCloud (US-West)
5338//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5339//      in the AWS GovCloud User Guide.
5340//
5341//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5342//      with this master account, you first must associate a valid payment instrument,
5343//      such as a credit card, with the account. Follow the steps at To leave
5344//      an organization when all required account information has not yet been
5345//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5346//      in the AWS Organizations User Guide.
5347//
5348//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5349//      number of policies of a certain type that can be attached to an entity
5350//      at one time.
5351//
5352//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5353//      on this resource.
5354//
5355//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5356//      with this member account, you first must associate a valid payment instrument,
5357//      such as a credit card, with the account. Follow the steps at To leave
5358//      an organization when all required account information has not yet been
5359//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5360//      in the AWS Organizations User Guide.
5361//
5362//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5363//      policy from an entity, which would cause the entity to have fewer than
5364//      the minimum number of policies of the required type.
5365//
5366//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5367//      too many levels deep.
5368//
5369//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5370//      that requires the organization to be configured to support all features.
5371//      An organization that supports only consolidated billing features can't
5372//      perform this operation.
5373//
5374//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5375//      that you can have in an organization.
5376//
5377//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
5378//      policies that you can have in an organization.
5379//
5380//   * ErrCodeInvalidInputException "InvalidInputException"
5381//   The requested operation failed because you provided invalid values for one
5382//   or more of the request parameters. This exception includes a reason that
5383//   contains additional information about the violated limit:
5384//
5385//   Some of the reasons in the following list might not be applicable to this
5386//   specific API or operation:
5387//
5388//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5389//      can't be modified.
5390//
5391//      * INPUT_REQUIRED: You must include a value for all required parameters.
5392//
5393//      * INVALID_ENUM: You specified an invalid value.
5394//
5395//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
5396//
5397//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5398//      characters.
5399//
5400//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5401//      at least one invalid value.
5402//
5403//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5404//      from the response to a previous call of the operation.
5405//
5406//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5407//      organization, or email) as a party.
5408//
5409//      * INVALID_PATTERN: You provided a value that doesn't match the required
5410//      pattern.
5411//
5412//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5413//      match the required pattern.
5414//
5415//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5416//      name can't begin with the reserved prefix AWSServiceRoleFor.
5417//
5418//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5419//      Name (ARN) for the organization.
5420//
5421//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5422//
5423//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5424//      tag. You can’t add, edit, or delete system tag keys because they're
5425//      reserved for AWS use. System tags don’t count against your tags per
5426//      resource limit.
5427//
5428//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5429//      for the operation.
5430//
5431//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5432//      than allowed.
5433//
5434//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5435//      value than allowed.
5436//
5437//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5438//      than allowed.
5439//
5440//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5441//      value than allowed.
5442//
5443//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5444//      between entities in the same root.
5445//
5446//   * ErrCodeServiceException "ServiceException"
5447//   AWS Organizations can't complete your request because of an internal service
5448//   error. Try again later.
5449//
5450//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
5451//   You have sent too many requests in too short a period of time. The limit
5452//   helps protect against denial-of-service attacks. Try again later.
5453//
5454//   For information on limits that affect AWS Organizations, see Limits of AWS
5455//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
5456//   in the AWS Organizations User Guide.
5457//
5458// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
5459func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) {
5460	req, out := c.EnableAWSServiceAccessRequest(input)
5461	return out, req.Send()
5462}
5463
5464// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of
5465// the ability to pass a context and additional request options.
5466//
5467// See EnableAWSServiceAccess for details on how to use this API operation.
5468//
5469// The context must be non-nil and will be used for request cancellation. If
5470// the context is nil a panic will occur. In the future the SDK may create
5471// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5472// for more information on using Contexts.
5473func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) {
5474	req, out := c.EnableAWSServiceAccessRequest(input)
5475	req.SetContext(ctx)
5476	req.ApplyOptions(opts...)
5477	return out, req.Send()
5478}
5479
5480const opEnableAllFeatures = "EnableAllFeatures"
5481
5482// EnableAllFeaturesRequest generates a "aws/request.Request" representing the
5483// client's request for the EnableAllFeatures operation. The "output" return
5484// value will be populated with the request's response once the request completes
5485// successfully.
5486//
5487// Use "Send" method on the returned Request to send the API call to the service.
5488// the "output" return value is not valid until after Send returns without error.
5489//
5490// See EnableAllFeatures for more information on using the EnableAllFeatures
5491// API call, and error handling.
5492//
5493// This method is useful when you want to inject custom logic or configuration
5494// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5495//
5496//
5497//    // Example sending a request using the EnableAllFeaturesRequest method.
5498//    req, resp := client.EnableAllFeaturesRequest(params)
5499//
5500//    err := req.Send()
5501//    if err == nil { // resp is now filled
5502//        fmt.Println(resp)
5503//    }
5504//
5505// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
5506func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) {
5507	op := &request.Operation{
5508		Name:       opEnableAllFeatures,
5509		HTTPMethod: "POST",
5510		HTTPPath:   "/",
5511	}
5512
5513	if input == nil {
5514		input = &EnableAllFeaturesInput{}
5515	}
5516
5517	output = &EnableAllFeaturesOutput{}
5518	req = c.newRequest(op, input, output)
5519	return
5520}
5521
5522// EnableAllFeatures API operation for AWS Organizations.
5523//
5524// Enables all features in an organization. This enables the use of organization
5525// policies that can restrict the services and actions that can be called in
5526// each account. Until you enable all features, you have access only to consolidated
5527// billing. You can't use any of the advanced account administration features
5528// that AWS Organizations supports. For more information, see Enabling All Features
5529// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
5530// in the AWS Organizations User Guide.
5531//
5532// This operation is required only for organizations that were created explicitly
5533// with only the consolidated billing features enabled. Calling this operation
5534// sends a handshake to every invited account in the organization. The feature
5535// set change can be finalized and the additional features enabled only after
5536// all administrators in the invited accounts approve the change. Accepting
5537// the handshake approves the change.
5538//
5539// After you enable all features, you can separately enable or disable individual
5540// policy types in a root using EnablePolicyType and DisablePolicyType. To see
5541// the status of policy types in a root, use ListRoots.
5542//
5543// After all invited member accounts accept the handshake, you finalize the
5544// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
5545// This completes the change.
5546//
5547// After you enable all features in your organization, the master account in
5548// the organization can apply policies on all member accounts. These policies
5549// can restrict what users and even administrators in those accounts can do.
5550// The master account can apply policies that prevent accounts from leaving
5551// the organization. Ensure that your account administrators are aware of this.
5552//
5553// This operation can be called only from the organization's master account.
5554//
5555// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5556// with awserr.Error's Code and Message methods to get detailed information about
5557// the error.
5558//
5559// See the AWS API reference guide for AWS Organizations's
5560// API operation EnableAllFeatures for usage and error information.
5561//
5562// Returned Error Codes:
5563//   * ErrCodeAccessDeniedException "AccessDeniedException"
5564//   You don't have permissions to perform the requested operation. The user or
5565//   role that is making the request must have at least one IAM permissions policy
5566//   attached that grants the required permissions. For more information, see
5567//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5568//   in the IAM User Guide.
5569//
5570//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
5571//   Your account isn't a member of an organization. To make this request, you
5572//   must use the credentials of an account that belongs to an organization.
5573//
5574//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
5575//   The target of the operation is currently being modified by a different request.
5576//   Try again later.
5577//
5578//   * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException"
5579//   The requested operation would violate the constraint identified in the reason
5580//   code.
5581//
5582//   Some of the reasons in the following list might not be applicable to this
5583//   specific API or operation:
5584//
5585//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5586//      the number of accounts in an organization. Note that deleted and closed
5587//      accounts still count toward your limit. If you get this exception immediately
5588//      after creating the organization, wait one hour and try again. If after
5589//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
5590//
5591//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
5592//      the invited account is already a member of an organization.
5593//
5594//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5595//      handshakes that you can send in one day.
5596//
5597//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
5598//      to join an organization while it's in the process of enabling all features.
5599//      You can resume inviting accounts after you finalize the process when all
5600//      accounts have agreed to the change.
5601//
5602//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
5603//      because the organization has already enabled all features.
5604//
5605//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
5606//      the account is from a different marketplace than the accounts in the organization.
5607//      For example, accounts with India addresses must be associated with the
5608//      AISPL marketplace. All accounts in an organization must be from the same
5609//      marketplace.
5610//
5611//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
5612//      change the membership of an account too quickly after its previous change.
5613//
5614//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
5615//      account that doesn't have a payment instrument, such as a credit card,
5616//      associated with it.
5617//
5618//   * ErrCodeInvalidInputException "InvalidInputException"
5619//   The requested operation failed because you provided invalid values for one
5620//   or more of the request parameters. This exception includes a reason that
5621//   contains additional information about the violated limit:
5622//
5623//   Some of the reasons in the following list might not be applicable to this
5624//   specific API or operation:
5625//
5626//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5627//      can't be modified.
5628//
5629//      * INPUT_REQUIRED: You must include a value for all required parameters.
5630//
5631//      * INVALID_ENUM: You specified an invalid value.
5632//
5633//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
5634//
5635//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5636//      characters.
5637//
5638//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5639//      at least one invalid value.
5640//
5641//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5642//      from the response to a previous call of the operation.
5643//
5644//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5645//      organization, or email) as a party.
5646//
5647//      * INVALID_PATTERN: You provided a value that doesn't match the required
5648//      pattern.
5649//
5650//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5651//      match the required pattern.
5652//
5653//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5654//      name can't begin with the reserved prefix AWSServiceRoleFor.
5655//
5656//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5657//      Name (ARN) for the organization.
5658//
5659//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5660//
5661//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5662//      tag. You can’t add, edit, or delete system tag keys because they're
5663//      reserved for AWS use. System tags don’t count against your tags per
5664//      resource limit.
5665//
5666//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5667//      for the operation.
5668//
5669//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5670//      than allowed.
5671//
5672//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5673//      value than allowed.
5674//
5675//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5676//      than allowed.
5677//
5678//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5679//      value than allowed.
5680//
5681//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5682//      between entities in the same root.
5683//
5684//   * ErrCodeServiceException "ServiceException"
5685//   AWS Organizations can't complete your request because of an internal service
5686//   error. Try again later.
5687//
5688//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
5689//   You have sent too many requests in too short a period of time. The limit
5690//   helps protect against denial-of-service attacks. Try again later.
5691//
5692//   For information on limits that affect AWS Organizations, see Limits of AWS
5693//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
5694//   in the AWS Organizations User Guide.
5695//
5696// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
5697func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) {
5698	req, out := c.EnableAllFeaturesRequest(input)
5699	return out, req.Send()
5700}
5701
5702// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of
5703// the ability to pass a context and additional request options.
5704//
5705// See EnableAllFeatures for details on how to use this API operation.
5706//
5707// The context must be non-nil and will be used for request cancellation. If
5708// the context is nil a panic will occur. In the future the SDK may create
5709// sub-contexts for http.Requests. See https://golang.org/pkg/context/
5710// for more information on using Contexts.
5711func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) {
5712	req, out := c.EnableAllFeaturesRequest(input)
5713	req.SetContext(ctx)
5714	req.ApplyOptions(opts...)
5715	return out, req.Send()
5716}
5717
5718const opEnablePolicyType = "EnablePolicyType"
5719
5720// EnablePolicyTypeRequest generates a "aws/request.Request" representing the
5721// client's request for the EnablePolicyType operation. The "output" return
5722// value will be populated with the request's response once the request completes
5723// successfully.
5724//
5725// Use "Send" method on the returned Request to send the API call to the service.
5726// the "output" return value is not valid until after Send returns without error.
5727//
5728// See EnablePolicyType for more information on using the EnablePolicyType
5729// API call, and error handling.
5730//
5731// This method is useful when you want to inject custom logic or configuration
5732// into the SDK's request lifecycle. Such as custom headers, or retry logic.
5733//
5734//
5735//    // Example sending a request using the EnablePolicyTypeRequest method.
5736//    req, resp := client.EnablePolicyTypeRequest(params)
5737//
5738//    err := req.Send()
5739//    if err == nil { // resp is now filled
5740//        fmt.Println(resp)
5741//    }
5742//
5743// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
5744func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) {
5745	op := &request.Operation{
5746		Name:       opEnablePolicyType,
5747		HTTPMethod: "POST",
5748		HTTPPath:   "/",
5749	}
5750
5751	if input == nil {
5752		input = &EnablePolicyTypeInput{}
5753	}
5754
5755	output = &EnablePolicyTypeOutput{}
5756	req = c.newRequest(op, input, output)
5757	return
5758}
5759
5760// EnablePolicyType API operation for AWS Organizations.
5761//
5762// Enables a policy type in a root. After you enable a policy type in a root,
5763// you can attach policies of that type to the root, any organizational unit
5764// (OU), or account in that root. You can undo this by using the DisablePolicyType
5765// operation.
5766//
5767// This is an asynchronous request that AWS performs in the background. AWS
5768// recommends that you first use ListRoots to see the status of policy types
5769// for a specified root, and then use this operation.
5770//
5771// This operation can be called only from the organization's master account.
5772//
5773// You can enable a policy type in a root only if that policy type is available
5774// in the organization. To view the status of available policy types in the
5775// organization, use DescribeOrganization.
5776//
5777// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5778// with awserr.Error's Code and Message methods to get detailed information about
5779// the error.
5780//
5781// See the AWS API reference guide for AWS Organizations's
5782// API operation EnablePolicyType for usage and error information.
5783//
5784// Returned Error Codes:
5785//   * ErrCodeAccessDeniedException "AccessDeniedException"
5786//   You don't have permissions to perform the requested operation. The user or
5787//   role that is making the request must have at least one IAM permissions policy
5788//   attached that grants the required permissions. For more information, see
5789//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
5790//   in the IAM User Guide.
5791//
5792//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
5793//   Your account isn't a member of an organization. To make this request, you
5794//   must use the credentials of an account that belongs to an organization.
5795//
5796//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
5797//   The target of the operation is currently being modified by a different request.
5798//   Try again later.
5799//
5800//   * ErrCodeConstraintViolationException "ConstraintViolationException"
5801//   Performing this operation violates a minimum or maximum value limit. Examples
5802//   include attempting to remove the last service control policy (SCP) from an
5803//   OU or root, or attaching too many policies to an account, OU, or root. This
5804//   exception includes a reason that contains additional information about the
5805//   violated limit.
5806//
5807//   Some of the reasons in the following list might not be applicable to this
5808//   specific API or operation:
5809//
5810//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
5811//      from the organization that doesn't yet have enough information to exist
5812//      as a standalone account. This account requires you to first agree to the
5813//      AWS Customer Agreement. Follow the steps at To leave an organization when
5814//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5815//      in the AWS Organizations User Guide.
5816//
5817//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
5818//      an account from the organization that doesn't yet have enough information
5819//      to exist as a standalone account. This account requires you to first complete
5820//      phone verification. Follow the steps at To leave an organization when
5821//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5822//      in the AWS Organizations User Guide.
5823//
5824//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
5825//      of accounts that you can create in one day.
5826//
5827//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
5828//      the number of accounts in an organization. If you need more accounts,
5829//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
5830//      request an increase in your limit. Or the number of invitations that you
5831//      tried to send would cause you to exceed the limit of accounts in your
5832//      organization. Send fewer invitations or contact AWS Support to request
5833//      an increase in the number of accounts. Deleted and closed accounts still
5834//      count toward your limit. If you get receive this exception when running
5835//      a command immediately after creating the organization, wait one hour and
5836//      try again. If after an hour it continues to fail with this error, contact
5837//      AWS Support (https://console.aws.amazon.com/support/home#/).
5838//
5839//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
5840//      handshakes that you can send in one day.
5841//
5842//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
5843//      in this organization, you first must migrate the organization's master
5844//      account to the marketplace that corresponds to the master account's address.
5845//      For example, accounts with India addresses must be associated with the
5846//      AISPL marketplace. All accounts in an organization must be associated
5847//      with the same marketplace.
5848//
5849//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
5850//      must first provide contact a valid address and phone number for the master
5851//      account. Then try the operation again.
5852//
5853//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
5854//      master account must have an associated account in the AWS GovCloud (US-West)
5855//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
5856//      in the AWS GovCloud User Guide.
5857//
5858//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
5859//      with this master account, you first must associate a valid payment instrument,
5860//      such as a credit card, with the account. Follow the steps at To leave
5861//      an organization when all required account information has not yet been
5862//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5863//      in the AWS Organizations User Guide.
5864//
5865//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
5866//      number of policies of a certain type that can be attached to an entity
5867//      at one time.
5868//
5869//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
5870//      on this resource.
5871//
5872//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
5873//      with this member account, you first must associate a valid payment instrument,
5874//      such as a credit card, with the account. Follow the steps at To leave
5875//      an organization when all required account information has not yet been
5876//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
5877//      in the AWS Organizations User Guide.
5878//
5879//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
5880//      policy from an entity, which would cause the entity to have fewer than
5881//      the minimum number of policies of the required type.
5882//
5883//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
5884//      too many levels deep.
5885//
5886//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
5887//      that requires the organization to be configured to support all features.
5888//      An organization that supports only consolidated billing features can't
5889//      perform this operation.
5890//
5891//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
5892//      that you can have in an organization.
5893//
5894//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
5895//      policies that you can have in an organization.
5896//
5897//   * ErrCodeInvalidInputException "InvalidInputException"
5898//   The requested operation failed because you provided invalid values for one
5899//   or more of the request parameters. This exception includes a reason that
5900//   contains additional information about the violated limit:
5901//
5902//   Some of the reasons in the following list might not be applicable to this
5903//   specific API or operation:
5904//
5905//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
5906//      can't be modified.
5907//
5908//      * INPUT_REQUIRED: You must include a value for all required parameters.
5909//
5910//      * INVALID_ENUM: You specified an invalid value.
5911//
5912//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
5913//
5914//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
5915//      characters.
5916//
5917//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
5918//      at least one invalid value.
5919//
5920//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
5921//      from the response to a previous call of the operation.
5922//
5923//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
5924//      organization, or email) as a party.
5925//
5926//      * INVALID_PATTERN: You provided a value that doesn't match the required
5927//      pattern.
5928//
5929//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
5930//      match the required pattern.
5931//
5932//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
5933//      name can't begin with the reserved prefix AWSServiceRoleFor.
5934//
5935//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
5936//      Name (ARN) for the organization.
5937//
5938//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
5939//
5940//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
5941//      tag. You can’t add, edit, or delete system tag keys because they're
5942//      reserved for AWS use. System tags don’t count against your tags per
5943//      resource limit.
5944//
5945//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
5946//      for the operation.
5947//
5948//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
5949//      than allowed.
5950//
5951//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
5952//      value than allowed.
5953//
5954//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
5955//      than allowed.
5956//
5957//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
5958//      value than allowed.
5959//
5960//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
5961//      between entities in the same root.
5962//
5963//   * ErrCodePolicyTypeAlreadyEnabledException "PolicyTypeAlreadyEnabledException"
5964//   The specified policy type is already enabled in the specified root.
5965//
5966//   * ErrCodeRootNotFoundException "RootNotFoundException"
5967//   We can't find a root with the RootId that you specified.
5968//
5969//   * ErrCodeServiceException "ServiceException"
5970//   AWS Organizations can't complete your request because of an internal service
5971//   error. Try again later.
5972//
5973//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
5974//   You have sent too many requests in too short a period of time. The limit
5975//   helps protect against denial-of-service attacks. Try again later.
5976//
5977//   For information on limits that affect AWS Organizations, see Limits of AWS
5978//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
5979//   in the AWS Organizations User Guide.
5980//
5981//   * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException"
5982//   You can't use the specified policy type with the feature set currently enabled
5983//   for this organization. For example, you can enable SCPs only after you enable
5984//   all features in the organization. For more information, see Enabling and
5985//   Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)
5986//   in the AWS Organizations User Guide.
5987//
5988//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
5989//   This action isn't available in the current Region.
5990//
5991//   * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException"
5992//   Changes to the effective policy are in progress, and its contents can't be
5993//   returned. Try the operation again later.
5994//
5995// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
5996func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) {
5997	req, out := c.EnablePolicyTypeRequest(input)
5998	return out, req.Send()
5999}
6000
6001// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of
6002// the ability to pass a context and additional request options.
6003//
6004// See EnablePolicyType for details on how to use this API operation.
6005//
6006// The context must be non-nil and will be used for request cancellation. If
6007// the context is nil a panic will occur. In the future the SDK may create
6008// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6009// for more information on using Contexts.
6010func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) {
6011	req, out := c.EnablePolicyTypeRequest(input)
6012	req.SetContext(ctx)
6013	req.ApplyOptions(opts...)
6014	return out, req.Send()
6015}
6016
6017const opInviteAccountToOrganization = "InviteAccountToOrganization"
6018
6019// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the
6020// client's request for the InviteAccountToOrganization operation. The "output" return
6021// value will be populated with the request's response once the request completes
6022// successfully.
6023//
6024// Use "Send" method on the returned Request to send the API call to the service.
6025// the "output" return value is not valid until after Send returns without error.
6026//
6027// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization
6028// API call, and error handling.
6029//
6030// This method is useful when you want to inject custom logic or configuration
6031// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6032//
6033//
6034//    // Example sending a request using the InviteAccountToOrganizationRequest method.
6035//    req, resp := client.InviteAccountToOrganizationRequest(params)
6036//
6037//    err := req.Send()
6038//    if err == nil { // resp is now filled
6039//        fmt.Println(resp)
6040//    }
6041//
6042// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
6043func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) {
6044	op := &request.Operation{
6045		Name:       opInviteAccountToOrganization,
6046		HTTPMethod: "POST",
6047		HTTPPath:   "/",
6048	}
6049
6050	if input == nil {
6051		input = &InviteAccountToOrganizationInput{}
6052	}
6053
6054	output = &InviteAccountToOrganizationOutput{}
6055	req = c.newRequest(op, input, output)
6056	return
6057}
6058
6059// InviteAccountToOrganization API operation for AWS Organizations.
6060//
6061// Sends an invitation to another account to join your organization as a member
6062// account. AWS Organizations sends email on your behalf to the email address
6063// that is associated with the other account's owner. The invitation is implemented
6064// as a Handshake whose details are in the response.
6065//
6066//    * You can invite AWS accounts only from the same seller as the master
6067//    account. For example, assume that your organization's master account was
6068//    created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in
6069//    India. You can invite only other AISPL accounts to your organization.
6070//    You can't combine accounts from AISPL and AWS or from any other AWS seller.
6071//    For more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html).
6072//
6073//    * You might receive an exception that indicates that you exceeded your
6074//    account limits for the organization or that the operation failed because
6075//    your organization is still initializing. If so, wait one hour and then
6076//    try again. If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6077//
6078// This operation can be called only from the organization's master account.
6079//
6080// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6081// with awserr.Error's Code and Message methods to get detailed information about
6082// the error.
6083//
6084// See the AWS API reference guide for AWS Organizations's
6085// API operation InviteAccountToOrganization for usage and error information.
6086//
6087// Returned Error Codes:
6088//   * ErrCodeAccessDeniedException "AccessDeniedException"
6089//   You don't have permissions to perform the requested operation. The user or
6090//   role that is making the request must have at least one IAM permissions policy
6091//   attached that grants the required permissions. For more information, see
6092//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6093//   in the IAM User Guide.
6094//
6095//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
6096//   Your account isn't a member of an organization. To make this request, you
6097//   must use the credentials of an account that belongs to an organization.
6098//
6099//   * ErrCodeAccountOwnerNotVerifiedException "AccountOwnerNotVerifiedException"
6100//   You can't invite an existing account to your organization until you verify
6101//   that you own the email address associated with the master account. For more
6102//   information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
6103//   in the AWS Organizations User Guide.
6104//
6105//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
6106//   The target of the operation is currently being modified by a different request.
6107//   Try again later.
6108//
6109//   * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException"
6110//   The requested operation would violate the constraint identified in the reason
6111//   code.
6112//
6113//   Some of the reasons in the following list might not be applicable to this
6114//   specific API or operation:
6115//
6116//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6117//      the number of accounts in an organization. Note that deleted and closed
6118//      accounts still count toward your limit. If you get this exception immediately
6119//      after creating the organization, wait one hour and try again. If after
6120//      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
6121//
6122//      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
6123//      the invited account is already a member of an organization.
6124//
6125//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6126//      handshakes that you can send in one day.
6127//
6128//      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
6129//      to join an organization while it's in the process of enabling all features.
6130//      You can resume inviting accounts after you finalize the process when all
6131//      accounts have agreed to the change.
6132//
6133//      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
6134//      because the organization has already enabled all features.
6135//
6136//      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
6137//      the account is from a different marketplace than the accounts in the organization.
6138//      For example, accounts with India addresses must be associated with the
6139//      AISPL marketplace. All accounts in an organization must be from the same
6140//      marketplace.
6141//
6142//      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
6143//      change the membership of an account too quickly after its previous change.
6144//
6145//      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
6146//      account that doesn't have a payment instrument, such as a credit card,
6147//      associated with it.
6148//
6149//   * ErrCodeDuplicateHandshakeException "DuplicateHandshakeException"
6150//   A handshake with the same action and target already exists. For example,
6151//   if you invited an account to join your organization, the invited account
6152//   might already have a pending invitation from this organization. If you intend
6153//   to resend an invitation to an account, ensure that existing handshakes that
6154//   might be considered duplicates are canceled or declined.
6155//
6156//   * ErrCodeInvalidInputException "InvalidInputException"
6157//   The requested operation failed because you provided invalid values for one
6158//   or more of the request parameters. This exception includes a reason that
6159//   contains additional information about the violated limit:
6160//
6161//   Some of the reasons in the following list might not be applicable to this
6162//   specific API or operation:
6163//
6164//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6165//      can't be modified.
6166//
6167//      * INPUT_REQUIRED: You must include a value for all required parameters.
6168//
6169//      * INVALID_ENUM: You specified an invalid value.
6170//
6171//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
6172//
6173//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6174//      characters.
6175//
6176//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6177//      at least one invalid value.
6178//
6179//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6180//      from the response to a previous call of the operation.
6181//
6182//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6183//      organization, or email) as a party.
6184//
6185//      * INVALID_PATTERN: You provided a value that doesn't match the required
6186//      pattern.
6187//
6188//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6189//      match the required pattern.
6190//
6191//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6192//      name can't begin with the reserved prefix AWSServiceRoleFor.
6193//
6194//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6195//      Name (ARN) for the organization.
6196//
6197//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6198//
6199//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6200//      tag. You can’t add, edit, or delete system tag keys because they're
6201//      reserved for AWS use. System tags don’t count against your tags per
6202//      resource limit.
6203//
6204//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6205//      for the operation.
6206//
6207//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6208//      than allowed.
6209//
6210//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6211//      value than allowed.
6212//
6213//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6214//      than allowed.
6215//
6216//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6217//      value than allowed.
6218//
6219//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6220//      between entities in the same root.
6221//
6222//   * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException"
6223//   AWS Organizations couldn't perform the operation because your organization
6224//   hasn't finished initializing. This can take up to an hour. Try again later.
6225//   If after one hour you continue to receive this error, contact AWS Support
6226//   (https://console.aws.amazon.com/support/home#/).
6227//
6228//   * ErrCodeServiceException "ServiceException"
6229//   AWS Organizations can't complete your request because of an internal service
6230//   error. Try again later.
6231//
6232//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
6233//   You have sent too many requests in too short a period of time. The limit
6234//   helps protect against denial-of-service attacks. Try again later.
6235//
6236//   For information on limits that affect AWS Organizations, see Limits of AWS
6237//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
6238//   in the AWS Organizations User Guide.
6239//
6240// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
6241func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) {
6242	req, out := c.InviteAccountToOrganizationRequest(input)
6243	return out, req.Send()
6244}
6245
6246// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of
6247// the ability to pass a context and additional request options.
6248//
6249// See InviteAccountToOrganization for details on how to use this API operation.
6250//
6251// The context must be non-nil and will be used for request cancellation. If
6252// the context is nil a panic will occur. In the future the SDK may create
6253// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6254// for more information on using Contexts.
6255func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) {
6256	req, out := c.InviteAccountToOrganizationRequest(input)
6257	req.SetContext(ctx)
6258	req.ApplyOptions(opts...)
6259	return out, req.Send()
6260}
6261
6262const opLeaveOrganization = "LeaveOrganization"
6263
6264// LeaveOrganizationRequest generates a "aws/request.Request" representing the
6265// client's request for the LeaveOrganization operation. The "output" return
6266// value will be populated with the request's response once the request completes
6267// successfully.
6268//
6269// Use "Send" method on the returned Request to send the API call to the service.
6270// the "output" return value is not valid until after Send returns without error.
6271//
6272// See LeaveOrganization for more information on using the LeaveOrganization
6273// API call, and error handling.
6274//
6275// This method is useful when you want to inject custom logic or configuration
6276// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6277//
6278//
6279//    // Example sending a request using the LeaveOrganizationRequest method.
6280//    req, resp := client.LeaveOrganizationRequest(params)
6281//
6282//    err := req.Send()
6283//    if err == nil { // resp is now filled
6284//        fmt.Println(resp)
6285//    }
6286//
6287// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
6288func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) {
6289	op := &request.Operation{
6290		Name:       opLeaveOrganization,
6291		HTTPMethod: "POST",
6292		HTTPPath:   "/",
6293	}
6294
6295	if input == nil {
6296		input = &LeaveOrganizationInput{}
6297	}
6298
6299	output = &LeaveOrganizationOutput{}
6300	req = c.newRequest(op, input, output)
6301	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
6302	return
6303}
6304
6305// LeaveOrganization API operation for AWS Organizations.
6306//
6307// Removes a member account from its parent organization. This version of the
6308// operation is performed by the account that wants to leave. To remove a member
6309// account as a user in the master account, use RemoveAccountFromOrganization
6310// instead.
6311//
6312// This operation can be called only from a member account in the organization.
6313//
6314//    * The master account in an organization with all features enabled can
6315//    set service control policies (SCPs) that can restrict what administrators
6316//    of member accounts can do. These restrictions can include preventing member
6317//    accounts from successfully calling LeaveOrganization.
6318//
6319//    * You can leave an organization as a member account only if the account
6320//    is configured with the information required to operate as a standalone
6321//    account. When you create an account in an organization using the AWS Organizations
6322//    console, API, or CLI, the information required of standalone accounts
6323//    is not automatically collected. For each account that you want to make
6324//    standalone, you must accept the end user license agreement (EULA). You
6325//    must also choose a support plan, provide and verify the required contact
6326//    information, and provide a current payment method. AWS uses the payment
6327//    method to charge for any billable (not free tier) AWS activity that occurs
6328//    while the account isn't attached to an organization. Follow the steps
6329//    at To leave an organization when all required account information has
6330//    not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6331//    in the AWS Organizations User Guide.
6332//
6333//    * You can leave an organization only after you enable IAM user access
6334//    to billing in your account. For more information, see Activating Access
6335//    to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
6336//    in the AWS Billing and Cost Management User Guide.
6337//
6338// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6339// with awserr.Error's Code and Message methods to get detailed information about
6340// the error.
6341//
6342// See the AWS API reference guide for AWS Organizations's
6343// API operation LeaveOrganization for usage and error information.
6344//
6345// Returned Error Codes:
6346//   * ErrCodeAccessDeniedException "AccessDeniedException"
6347//   You don't have permissions to perform the requested operation. The user or
6348//   role that is making the request must have at least one IAM permissions policy
6349//   attached that grants the required permissions. For more information, see
6350//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6351//   in the IAM User Guide.
6352//
6353//   * ErrCodeAccountNotFoundException "AccountNotFoundException"
6354//   We can't find an AWS account with the AccountId that you specified. Or the
6355//   account whose credentials you used to make this request isn't a member of
6356//   an organization.
6357//
6358//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
6359//   Your account isn't a member of an organization. To make this request, you
6360//   must use the credentials of an account that belongs to an organization.
6361//
6362//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
6363//   The target of the operation is currently being modified by a different request.
6364//   Try again later.
6365//
6366//   * ErrCodeConstraintViolationException "ConstraintViolationException"
6367//   Performing this operation violates a minimum or maximum value limit. Examples
6368//   include attempting to remove the last service control policy (SCP) from an
6369//   OU or root, or attaching too many policies to an account, OU, or root. This
6370//   exception includes a reason that contains additional information about the
6371//   violated limit.
6372//
6373//   Some of the reasons in the following list might not be applicable to this
6374//   specific API or operation:
6375//
6376//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6377//      from the organization that doesn't yet have enough information to exist
6378//      as a standalone account. This account requires you to first agree to the
6379//      AWS Customer Agreement. Follow the steps at To leave an organization when
6380//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6381//      in the AWS Organizations User Guide.
6382//
6383//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6384//      an account from the organization that doesn't yet have enough information
6385//      to exist as a standalone account. This account requires you to first complete
6386//      phone verification. Follow the steps at To leave an organization when
6387//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6388//      in the AWS Organizations User Guide.
6389//
6390//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6391//      of accounts that you can create in one day.
6392//
6393//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6394//      the number of accounts in an organization. If you need more accounts,
6395//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6396//      request an increase in your limit. Or the number of invitations that you
6397//      tried to send would cause you to exceed the limit of accounts in your
6398//      organization. Send fewer invitations or contact AWS Support to request
6399//      an increase in the number of accounts. Deleted and closed accounts still
6400//      count toward your limit. If you get receive this exception when running
6401//      a command immediately after creating the organization, wait one hour and
6402//      try again. If after an hour it continues to fail with this error, contact
6403//      AWS Support (https://console.aws.amazon.com/support/home#/).
6404//
6405//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6406//      handshakes that you can send in one day.
6407//
6408//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6409//      in this organization, you first must migrate the organization's master
6410//      account to the marketplace that corresponds to the master account's address.
6411//      For example, accounts with India addresses must be associated with the
6412//      AISPL marketplace. All accounts in an organization must be associated
6413//      with the same marketplace.
6414//
6415//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6416//      must first provide contact a valid address and phone number for the master
6417//      account. Then try the operation again.
6418//
6419//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6420//      master account must have an associated account in the AWS GovCloud (US-West)
6421//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6422//      in the AWS GovCloud User Guide.
6423//
6424//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6425//      with this master account, you first must associate a valid payment instrument,
6426//      such as a credit card, with the account. Follow the steps at To leave
6427//      an organization when all required account information has not yet been
6428//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6429//      in the AWS Organizations User Guide.
6430//
6431//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6432//      number of policies of a certain type that can be attached to an entity
6433//      at one time.
6434//
6435//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6436//      on this resource.
6437//
6438//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6439//      with this member account, you first must associate a valid payment instrument,
6440//      such as a credit card, with the account. Follow the steps at To leave
6441//      an organization when all required account information has not yet been
6442//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6443//      in the AWS Organizations User Guide.
6444//
6445//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6446//      policy from an entity, which would cause the entity to have fewer than
6447//      the minimum number of policies of the required type.
6448//
6449//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6450//      too many levels deep.
6451//
6452//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6453//      that requires the organization to be configured to support all features.
6454//      An organization that supports only consolidated billing features can't
6455//      perform this operation.
6456//
6457//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6458//      that you can have in an organization.
6459//
6460//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
6461//      policies that you can have in an organization.
6462//
6463//   * ErrCodeInvalidInputException "InvalidInputException"
6464//   The requested operation failed because you provided invalid values for one
6465//   or more of the request parameters. This exception includes a reason that
6466//   contains additional information about the violated limit:
6467//
6468//   Some of the reasons in the following list might not be applicable to this
6469//   specific API or operation:
6470//
6471//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6472//      can't be modified.
6473//
6474//      * INPUT_REQUIRED: You must include a value for all required parameters.
6475//
6476//      * INVALID_ENUM: You specified an invalid value.
6477//
6478//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
6479//
6480//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6481//      characters.
6482//
6483//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6484//      at least one invalid value.
6485//
6486//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6487//      from the response to a previous call of the operation.
6488//
6489//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6490//      organization, or email) as a party.
6491//
6492//      * INVALID_PATTERN: You provided a value that doesn't match the required
6493//      pattern.
6494//
6495//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6496//      match the required pattern.
6497//
6498//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6499//      name can't begin with the reserved prefix AWSServiceRoleFor.
6500//
6501//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6502//      Name (ARN) for the organization.
6503//
6504//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6505//
6506//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6507//      tag. You can’t add, edit, or delete system tag keys because they're
6508//      reserved for AWS use. System tags don’t count against your tags per
6509//      resource limit.
6510//
6511//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6512//      for the operation.
6513//
6514//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6515//      than allowed.
6516//
6517//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6518//      value than allowed.
6519//
6520//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6521//      than allowed.
6522//
6523//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6524//      value than allowed.
6525//
6526//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6527//      between entities in the same root.
6528//
6529//   * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException"
6530//   You can't remove a master account from an organization. If you want the master
6531//   account to become a member account in another organization, you must first
6532//   delete the current organization of the master account.
6533//
6534//   * ErrCodeServiceException "ServiceException"
6535//   AWS Organizations can't complete your request because of an internal service
6536//   error. Try again later.
6537//
6538//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
6539//   You have sent too many requests in too short a period of time. The limit
6540//   helps protect against denial-of-service attacks. Try again later.
6541//
6542//   For information on limits that affect AWS Organizations, see Limits of AWS
6543//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
6544//   in the AWS Organizations User Guide.
6545//
6546// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
6547func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) {
6548	req, out := c.LeaveOrganizationRequest(input)
6549	return out, req.Send()
6550}
6551
6552// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of
6553// the ability to pass a context and additional request options.
6554//
6555// See LeaveOrganization for details on how to use this API operation.
6556//
6557// The context must be non-nil and will be used for request cancellation. If
6558// the context is nil a panic will occur. In the future the SDK may create
6559// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6560// for more information on using Contexts.
6561func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) {
6562	req, out := c.LeaveOrganizationRequest(input)
6563	req.SetContext(ctx)
6564	req.ApplyOptions(opts...)
6565	return out, req.Send()
6566}
6567
6568const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization"
6569
6570// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the
6571// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return
6572// value will be populated with the request's response once the request completes
6573// successfully.
6574//
6575// Use "Send" method on the returned Request to send the API call to the service.
6576// the "output" return value is not valid until after Send returns without error.
6577//
6578// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization
6579// API call, and error handling.
6580//
6581// This method is useful when you want to inject custom logic or configuration
6582// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6583//
6584//
6585//    // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method.
6586//    req, resp := client.ListAWSServiceAccessForOrganizationRequest(params)
6587//
6588//    err := req.Send()
6589//    if err == nil { // resp is now filled
6590//        fmt.Println(resp)
6591//    }
6592//
6593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
6594func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) {
6595	op := &request.Operation{
6596		Name:       opListAWSServiceAccessForOrganization,
6597		HTTPMethod: "POST",
6598		HTTPPath:   "/",
6599		Paginator: &request.Paginator{
6600			InputTokens:     []string{"NextToken"},
6601			OutputTokens:    []string{"NextToken"},
6602			LimitToken:      "MaxResults",
6603			TruncationToken: "",
6604		},
6605	}
6606
6607	if input == nil {
6608		input = &ListAWSServiceAccessForOrganizationInput{}
6609	}
6610
6611	output = &ListAWSServiceAccessForOrganizationOutput{}
6612	req = c.newRequest(op, input, output)
6613	return
6614}
6615
6616// ListAWSServiceAccessForOrganization API operation for AWS Organizations.
6617//
6618// Returns a list of the AWS services that you enabled to integrate with your
6619// organization. After a service on this list creates the resources that it
6620// requires for the integration, it can perform operations on your organization
6621// and its accounts.
6622//
6623// For more information about integrating other services with AWS Organizations,
6624// including the list of services that currently work with Organizations, see
6625// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
6626// in the AWS Organizations User Guide.
6627//
6628// This operation can be called only from the organization's master account.
6629//
6630// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6631// with awserr.Error's Code and Message methods to get detailed information about
6632// the error.
6633//
6634// See the AWS API reference guide for AWS Organizations's
6635// API operation ListAWSServiceAccessForOrganization for usage and error information.
6636//
6637// Returned Error Codes:
6638//   * ErrCodeAccessDeniedException "AccessDeniedException"
6639//   You don't have permissions to perform the requested operation. The user or
6640//   role that is making the request must have at least one IAM permissions policy
6641//   attached that grants the required permissions. For more information, see
6642//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6643//   in the IAM User Guide.
6644//
6645//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
6646//   Your account isn't a member of an organization. To make this request, you
6647//   must use the credentials of an account that belongs to an organization.
6648//
6649//   * ErrCodeConstraintViolationException "ConstraintViolationException"
6650//   Performing this operation violates a minimum or maximum value limit. Examples
6651//   include attempting to remove the last service control policy (SCP) from an
6652//   OU or root, or attaching too many policies to an account, OU, or root. This
6653//   exception includes a reason that contains additional information about the
6654//   violated limit.
6655//
6656//   Some of the reasons in the following list might not be applicable to this
6657//   specific API or operation:
6658//
6659//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
6660//      from the organization that doesn't yet have enough information to exist
6661//      as a standalone account. This account requires you to first agree to the
6662//      AWS Customer Agreement. Follow the steps at To leave an organization when
6663//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6664//      in the AWS Organizations User Guide.
6665//
6666//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
6667//      an account from the organization that doesn't yet have enough information
6668//      to exist as a standalone account. This account requires you to first complete
6669//      phone verification. Follow the steps at To leave an organization when
6670//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6671//      in the AWS Organizations User Guide.
6672//
6673//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
6674//      of accounts that you can create in one day.
6675//
6676//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
6677//      the number of accounts in an organization. If you need more accounts,
6678//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
6679//      request an increase in your limit. Or the number of invitations that you
6680//      tried to send would cause you to exceed the limit of accounts in your
6681//      organization. Send fewer invitations or contact AWS Support to request
6682//      an increase in the number of accounts. Deleted and closed accounts still
6683//      count toward your limit. If you get receive this exception when running
6684//      a command immediately after creating the organization, wait one hour and
6685//      try again. If after an hour it continues to fail with this error, contact
6686//      AWS Support (https://console.aws.amazon.com/support/home#/).
6687//
6688//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
6689//      handshakes that you can send in one day.
6690//
6691//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
6692//      in this organization, you first must migrate the organization's master
6693//      account to the marketplace that corresponds to the master account's address.
6694//      For example, accounts with India addresses must be associated with the
6695//      AISPL marketplace. All accounts in an organization must be associated
6696//      with the same marketplace.
6697//
6698//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
6699//      must first provide contact a valid address and phone number for the master
6700//      account. Then try the operation again.
6701//
6702//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
6703//      master account must have an associated account in the AWS GovCloud (US-West)
6704//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
6705//      in the AWS GovCloud User Guide.
6706//
6707//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
6708//      with this master account, you first must associate a valid payment instrument,
6709//      such as a credit card, with the account. Follow the steps at To leave
6710//      an organization when all required account information has not yet been
6711//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6712//      in the AWS Organizations User Guide.
6713//
6714//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
6715//      number of policies of a certain type that can be attached to an entity
6716//      at one time.
6717//
6718//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
6719//      on this resource.
6720//
6721//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
6722//      with this member account, you first must associate a valid payment instrument,
6723//      such as a credit card, with the account. Follow the steps at To leave
6724//      an organization when all required account information has not yet been
6725//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
6726//      in the AWS Organizations User Guide.
6727//
6728//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
6729//      policy from an entity, which would cause the entity to have fewer than
6730//      the minimum number of policies of the required type.
6731//
6732//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
6733//      too many levels deep.
6734//
6735//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
6736//      that requires the organization to be configured to support all features.
6737//      An organization that supports only consolidated billing features can't
6738//      perform this operation.
6739//
6740//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
6741//      that you can have in an organization.
6742//
6743//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
6744//      policies that you can have in an organization.
6745//
6746//   * ErrCodeInvalidInputException "InvalidInputException"
6747//   The requested operation failed because you provided invalid values for one
6748//   or more of the request parameters. This exception includes a reason that
6749//   contains additional information about the violated limit:
6750//
6751//   Some of the reasons in the following list might not be applicable to this
6752//   specific API or operation:
6753//
6754//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6755//      can't be modified.
6756//
6757//      * INPUT_REQUIRED: You must include a value for all required parameters.
6758//
6759//      * INVALID_ENUM: You specified an invalid value.
6760//
6761//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
6762//
6763//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6764//      characters.
6765//
6766//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6767//      at least one invalid value.
6768//
6769//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
6770//      from the response to a previous call of the operation.
6771//
6772//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
6773//      organization, or email) as a party.
6774//
6775//      * INVALID_PATTERN: You provided a value that doesn't match the required
6776//      pattern.
6777//
6778//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
6779//      match the required pattern.
6780//
6781//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
6782//      name can't begin with the reserved prefix AWSServiceRoleFor.
6783//
6784//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
6785//      Name (ARN) for the organization.
6786//
6787//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
6788//
6789//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
6790//      tag. You can’t add, edit, or delete system tag keys because they're
6791//      reserved for AWS use. System tags don’t count against your tags per
6792//      resource limit.
6793//
6794//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
6795//      for the operation.
6796//
6797//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
6798//      than allowed.
6799//
6800//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
6801//      value than allowed.
6802//
6803//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
6804//      than allowed.
6805//
6806//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
6807//      value than allowed.
6808//
6809//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
6810//      between entities in the same root.
6811//
6812//   * ErrCodeServiceException "ServiceException"
6813//   AWS Organizations can't complete your request because of an internal service
6814//   error. Try again later.
6815//
6816//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
6817//   You have sent too many requests in too short a period of time. The limit
6818//   helps protect against denial-of-service attacks. Try again later.
6819//
6820//   For information on limits that affect AWS Organizations, see Limits of AWS
6821//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
6822//   in the AWS Organizations User Guide.
6823//
6824// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
6825func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) {
6826	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
6827	return out, req.Send()
6828}
6829
6830// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of
6831// the ability to pass a context and additional request options.
6832//
6833// See ListAWSServiceAccessForOrganization for details on how to use this API operation.
6834//
6835// The context must be non-nil and will be used for request cancellation. If
6836// the context is nil a panic will occur. In the future the SDK may create
6837// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6838// for more information on using Contexts.
6839func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) {
6840	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
6841	req.SetContext(ctx)
6842	req.ApplyOptions(opts...)
6843	return out, req.Send()
6844}
6845
6846// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation,
6847// calling the "fn" function with the response data for each page. To stop
6848// iterating, return false from the fn function.
6849//
6850// See ListAWSServiceAccessForOrganization method for more information on how to use this operation.
6851//
6852// Note: This operation can generate multiple requests to a service.
6853//
6854//    // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation.
6855//    pageNum := 0
6856//    err := client.ListAWSServiceAccessForOrganizationPages(params,
6857//        func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool {
6858//            pageNum++
6859//            fmt.Println(page)
6860//            return pageNum <= 3
6861//        })
6862//
6863func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error {
6864	return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
6865}
6866
6867// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except
6868// it takes a Context and allows setting request options on the pages.
6869//
6870// The context must be non-nil and will be used for request cancellation. If
6871// the context is nil a panic will occur. In the future the SDK may create
6872// sub-contexts for http.Requests. See https://golang.org/pkg/context/
6873// for more information on using Contexts.
6874func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error {
6875	p := request.Pagination{
6876		NewRequest: func() (*request.Request, error) {
6877			var inCpy *ListAWSServiceAccessForOrganizationInput
6878			if input != nil {
6879				tmp := *input
6880				inCpy = &tmp
6881			}
6882			req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy)
6883			req.SetContext(ctx)
6884			req.ApplyOptions(opts...)
6885			return req, nil
6886		},
6887	}
6888
6889	for p.Next() {
6890		if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) {
6891			break
6892		}
6893	}
6894
6895	return p.Err()
6896}
6897
6898const opListAccounts = "ListAccounts"
6899
6900// ListAccountsRequest generates a "aws/request.Request" representing the
6901// client's request for the ListAccounts operation. The "output" return
6902// value will be populated with the request's response once the request completes
6903// successfully.
6904//
6905// Use "Send" method on the returned Request to send the API call to the service.
6906// the "output" return value is not valid until after Send returns without error.
6907//
6908// See ListAccounts for more information on using the ListAccounts
6909// API call, and error handling.
6910//
6911// This method is useful when you want to inject custom logic or configuration
6912// into the SDK's request lifecycle. Such as custom headers, or retry logic.
6913//
6914//
6915//    // Example sending a request using the ListAccountsRequest method.
6916//    req, resp := client.ListAccountsRequest(params)
6917//
6918//    err := req.Send()
6919//    if err == nil { // resp is now filled
6920//        fmt.Println(resp)
6921//    }
6922//
6923// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
6924func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
6925	op := &request.Operation{
6926		Name:       opListAccounts,
6927		HTTPMethod: "POST",
6928		HTTPPath:   "/",
6929		Paginator: &request.Paginator{
6930			InputTokens:     []string{"NextToken"},
6931			OutputTokens:    []string{"NextToken"},
6932			LimitToken:      "MaxResults",
6933			TruncationToken: "",
6934		},
6935	}
6936
6937	if input == nil {
6938		input = &ListAccountsInput{}
6939	}
6940
6941	output = &ListAccountsOutput{}
6942	req = c.newRequest(op, input, output)
6943	return
6944}
6945
6946// ListAccounts API operation for AWS Organizations.
6947//
6948// Lists all the accounts in the organization. To request only the accounts
6949// in a specified root or organizational unit (OU), use the ListAccountsForParent
6950// operation instead.
6951//
6952// Always check the NextToken response parameter for a null value when calling
6953// a List* operation. These operations can occasionally return an empty set
6954// of results even when there are more results available. The NextToken response
6955// parameter value is null only when there are no more results to display.
6956//
6957// This operation can be called only from the organization's master account.
6958//
6959// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
6960// with awserr.Error's Code and Message methods to get detailed information about
6961// the error.
6962//
6963// See the AWS API reference guide for AWS Organizations's
6964// API operation ListAccounts for usage and error information.
6965//
6966// Returned Error Codes:
6967//   * ErrCodeAccessDeniedException "AccessDeniedException"
6968//   You don't have permissions to perform the requested operation. The user or
6969//   role that is making the request must have at least one IAM permissions policy
6970//   attached that grants the required permissions. For more information, see
6971//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
6972//   in the IAM User Guide.
6973//
6974//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
6975//   Your account isn't a member of an organization. To make this request, you
6976//   must use the credentials of an account that belongs to an organization.
6977//
6978//   * ErrCodeInvalidInputException "InvalidInputException"
6979//   The requested operation failed because you provided invalid values for one
6980//   or more of the request parameters. This exception includes a reason that
6981//   contains additional information about the violated limit:
6982//
6983//   Some of the reasons in the following list might not be applicable to this
6984//   specific API or operation:
6985//
6986//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
6987//      can't be modified.
6988//
6989//      * INPUT_REQUIRED: You must include a value for all required parameters.
6990//
6991//      * INVALID_ENUM: You specified an invalid value.
6992//
6993//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
6994//
6995//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
6996//      characters.
6997//
6998//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
6999//      at least one invalid value.
7000//
7001//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7002//      from the response to a previous call of the operation.
7003//
7004//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7005//      organization, or email) as a party.
7006//
7007//      * INVALID_PATTERN: You provided a value that doesn't match the required
7008//      pattern.
7009//
7010//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7011//      match the required pattern.
7012//
7013//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7014//      name can't begin with the reserved prefix AWSServiceRoleFor.
7015//
7016//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7017//      Name (ARN) for the organization.
7018//
7019//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7020//
7021//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7022//      tag. You can’t add, edit, or delete system tag keys because they're
7023//      reserved for AWS use. System tags don’t count against your tags per
7024//      resource limit.
7025//
7026//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7027//      for the operation.
7028//
7029//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7030//      than allowed.
7031//
7032//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7033//      value than allowed.
7034//
7035//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7036//      than allowed.
7037//
7038//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7039//      value than allowed.
7040//
7041//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7042//      between entities in the same root.
7043//
7044//   * ErrCodeServiceException "ServiceException"
7045//   AWS Organizations can't complete your request because of an internal service
7046//   error. Try again later.
7047//
7048//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
7049//   You have sent too many requests in too short a period of time. The limit
7050//   helps protect against denial-of-service attacks. Try again later.
7051//
7052//   For information on limits that affect AWS Organizations, see Limits of AWS
7053//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
7054//   in the AWS Organizations User Guide.
7055//
7056// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
7057func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
7058	req, out := c.ListAccountsRequest(input)
7059	return out, req.Send()
7060}
7061
7062// ListAccountsWithContext is the same as ListAccounts with the addition of
7063// the ability to pass a context and additional request options.
7064//
7065// See ListAccounts for details on how to use this API operation.
7066//
7067// The context must be non-nil and will be used for request cancellation. If
7068// the context is nil a panic will occur. In the future the SDK may create
7069// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7070// for more information on using Contexts.
7071func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
7072	req, out := c.ListAccountsRequest(input)
7073	req.SetContext(ctx)
7074	req.ApplyOptions(opts...)
7075	return out, req.Send()
7076}
7077
7078// ListAccountsPages iterates over the pages of a ListAccounts operation,
7079// calling the "fn" function with the response data for each page. To stop
7080// iterating, return false from the fn function.
7081//
7082// See ListAccounts method for more information on how to use this operation.
7083//
7084// Note: This operation can generate multiple requests to a service.
7085//
7086//    // Example iterating over at most 3 pages of a ListAccounts operation.
7087//    pageNum := 0
7088//    err := client.ListAccountsPages(params,
7089//        func(page *organizations.ListAccountsOutput, lastPage bool) bool {
7090//            pageNum++
7091//            fmt.Println(page)
7092//            return pageNum <= 3
7093//        })
7094//
7095func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
7096	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
7097}
7098
7099// ListAccountsPagesWithContext same as ListAccountsPages except
7100// it takes a Context and allows setting request options on the pages.
7101//
7102// The context must be non-nil and will be used for request cancellation. If
7103// the context is nil a panic will occur. In the future the SDK may create
7104// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7105// for more information on using Contexts.
7106func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
7107	p := request.Pagination{
7108		NewRequest: func() (*request.Request, error) {
7109			var inCpy *ListAccountsInput
7110			if input != nil {
7111				tmp := *input
7112				inCpy = &tmp
7113			}
7114			req, _ := c.ListAccountsRequest(inCpy)
7115			req.SetContext(ctx)
7116			req.ApplyOptions(opts...)
7117			return req, nil
7118		},
7119	}
7120
7121	for p.Next() {
7122		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
7123			break
7124		}
7125	}
7126
7127	return p.Err()
7128}
7129
7130const opListAccountsForParent = "ListAccountsForParent"
7131
7132// ListAccountsForParentRequest generates a "aws/request.Request" representing the
7133// client's request for the ListAccountsForParent operation. The "output" return
7134// value will be populated with the request's response once the request completes
7135// successfully.
7136//
7137// Use "Send" method on the returned Request to send the API call to the service.
7138// the "output" return value is not valid until after Send returns without error.
7139//
7140// See ListAccountsForParent for more information on using the ListAccountsForParent
7141// API call, and error handling.
7142//
7143// This method is useful when you want to inject custom logic or configuration
7144// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7145//
7146//
7147//    // Example sending a request using the ListAccountsForParentRequest method.
7148//    req, resp := client.ListAccountsForParentRequest(params)
7149//
7150//    err := req.Send()
7151//    if err == nil { // resp is now filled
7152//        fmt.Println(resp)
7153//    }
7154//
7155// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
7156func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) {
7157	op := &request.Operation{
7158		Name:       opListAccountsForParent,
7159		HTTPMethod: "POST",
7160		HTTPPath:   "/",
7161		Paginator: &request.Paginator{
7162			InputTokens:     []string{"NextToken"},
7163			OutputTokens:    []string{"NextToken"},
7164			LimitToken:      "MaxResults",
7165			TruncationToken: "",
7166		},
7167	}
7168
7169	if input == nil {
7170		input = &ListAccountsForParentInput{}
7171	}
7172
7173	output = &ListAccountsForParentOutput{}
7174	req = c.newRequest(op, input, output)
7175	return
7176}
7177
7178// ListAccountsForParent API operation for AWS Organizations.
7179//
7180// Lists the accounts in an organization that are contained by the specified
7181// target root or organizational unit (OU). If you specify the root, you get
7182// a list of all the accounts that aren't in any OU. If you specify an OU, you
7183// get a list of all the accounts in only that OU and not in any child OUs.
7184// To get a list of all accounts in the organization, use the ListAccounts operation.
7185//
7186// Always check the NextToken response parameter for a null value when calling
7187// a List* operation. These operations can occasionally return an empty set
7188// of results even when there are more results available. The NextToken response
7189// parameter value is null only when there are no more results to display.
7190//
7191// This operation can be called only from the organization's master account.
7192//
7193// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7194// with awserr.Error's Code and Message methods to get detailed information about
7195// the error.
7196//
7197// See the AWS API reference guide for AWS Organizations's
7198// API operation ListAccountsForParent for usage and error information.
7199//
7200// Returned Error Codes:
7201//   * ErrCodeAccessDeniedException "AccessDeniedException"
7202//   You don't have permissions to perform the requested operation. The user or
7203//   role that is making the request must have at least one IAM permissions policy
7204//   attached that grants the required permissions. For more information, see
7205//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7206//   in the IAM User Guide.
7207//
7208//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
7209//   Your account isn't a member of an organization. To make this request, you
7210//   must use the credentials of an account that belongs to an organization.
7211//
7212//   * ErrCodeInvalidInputException "InvalidInputException"
7213//   The requested operation failed because you provided invalid values for one
7214//   or more of the request parameters. This exception includes a reason that
7215//   contains additional information about the violated limit:
7216//
7217//   Some of the reasons in the following list might not be applicable to this
7218//   specific API or operation:
7219//
7220//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7221//      can't be modified.
7222//
7223//      * INPUT_REQUIRED: You must include a value for all required parameters.
7224//
7225//      * INVALID_ENUM: You specified an invalid value.
7226//
7227//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
7228//
7229//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7230//      characters.
7231//
7232//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7233//      at least one invalid value.
7234//
7235//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7236//      from the response to a previous call of the operation.
7237//
7238//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7239//      organization, or email) as a party.
7240//
7241//      * INVALID_PATTERN: You provided a value that doesn't match the required
7242//      pattern.
7243//
7244//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7245//      match the required pattern.
7246//
7247//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7248//      name can't begin with the reserved prefix AWSServiceRoleFor.
7249//
7250//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7251//      Name (ARN) for the organization.
7252//
7253//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7254//
7255//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7256//      tag. You can’t add, edit, or delete system tag keys because they're
7257//      reserved for AWS use. System tags don’t count against your tags per
7258//      resource limit.
7259//
7260//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7261//      for the operation.
7262//
7263//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7264//      than allowed.
7265//
7266//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7267//      value than allowed.
7268//
7269//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7270//      than allowed.
7271//
7272//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7273//      value than allowed.
7274//
7275//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7276//      between entities in the same root.
7277//
7278//   * ErrCodeParentNotFoundException "ParentNotFoundException"
7279//   We can't find a root or OU with the ParentId that you specified.
7280//
7281//   * ErrCodeServiceException "ServiceException"
7282//   AWS Organizations can't complete your request because of an internal service
7283//   error. Try again later.
7284//
7285//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
7286//   You have sent too many requests in too short a period of time. The limit
7287//   helps protect against denial-of-service attacks. Try again later.
7288//
7289//   For information on limits that affect AWS Organizations, see Limits of AWS
7290//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
7291//   in the AWS Organizations User Guide.
7292//
7293// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
7294func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) {
7295	req, out := c.ListAccountsForParentRequest(input)
7296	return out, req.Send()
7297}
7298
7299// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of
7300// the ability to pass a context and additional request options.
7301//
7302// See ListAccountsForParent for details on how to use this API operation.
7303//
7304// The context must be non-nil and will be used for request cancellation. If
7305// the context is nil a panic will occur. In the future the SDK may create
7306// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7307// for more information on using Contexts.
7308func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) {
7309	req, out := c.ListAccountsForParentRequest(input)
7310	req.SetContext(ctx)
7311	req.ApplyOptions(opts...)
7312	return out, req.Send()
7313}
7314
7315// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation,
7316// calling the "fn" function with the response data for each page. To stop
7317// iterating, return false from the fn function.
7318//
7319// See ListAccountsForParent method for more information on how to use this operation.
7320//
7321// Note: This operation can generate multiple requests to a service.
7322//
7323//    // Example iterating over at most 3 pages of a ListAccountsForParent operation.
7324//    pageNum := 0
7325//    err := client.ListAccountsForParentPages(params,
7326//        func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
7327//            pageNum++
7328//            fmt.Println(page)
7329//            return pageNum <= 3
7330//        })
7331//
7332func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error {
7333	return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
7334}
7335
7336// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except
7337// it takes a Context and allows setting request options on the pages.
7338//
7339// The context must be non-nil and will be used for request cancellation. If
7340// the context is nil a panic will occur. In the future the SDK may create
7341// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7342// for more information on using Contexts.
7343func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error {
7344	p := request.Pagination{
7345		NewRequest: func() (*request.Request, error) {
7346			var inCpy *ListAccountsForParentInput
7347			if input != nil {
7348				tmp := *input
7349				inCpy = &tmp
7350			}
7351			req, _ := c.ListAccountsForParentRequest(inCpy)
7352			req.SetContext(ctx)
7353			req.ApplyOptions(opts...)
7354			return req, nil
7355		},
7356	}
7357
7358	for p.Next() {
7359		if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) {
7360			break
7361		}
7362	}
7363
7364	return p.Err()
7365}
7366
7367const opListChildren = "ListChildren"
7368
7369// ListChildrenRequest generates a "aws/request.Request" representing the
7370// client's request for the ListChildren operation. The "output" return
7371// value will be populated with the request's response once the request completes
7372// successfully.
7373//
7374// Use "Send" method on the returned Request to send the API call to the service.
7375// the "output" return value is not valid until after Send returns without error.
7376//
7377// See ListChildren for more information on using the ListChildren
7378// API call, and error handling.
7379//
7380// This method is useful when you want to inject custom logic or configuration
7381// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7382//
7383//
7384//    // Example sending a request using the ListChildrenRequest method.
7385//    req, resp := client.ListChildrenRequest(params)
7386//
7387//    err := req.Send()
7388//    if err == nil { // resp is now filled
7389//        fmt.Println(resp)
7390//    }
7391//
7392// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
7393func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) {
7394	op := &request.Operation{
7395		Name:       opListChildren,
7396		HTTPMethod: "POST",
7397		HTTPPath:   "/",
7398		Paginator: &request.Paginator{
7399			InputTokens:     []string{"NextToken"},
7400			OutputTokens:    []string{"NextToken"},
7401			LimitToken:      "MaxResults",
7402			TruncationToken: "",
7403		},
7404	}
7405
7406	if input == nil {
7407		input = &ListChildrenInput{}
7408	}
7409
7410	output = &ListChildrenOutput{}
7411	req = c.newRequest(op, input, output)
7412	return
7413}
7414
7415// ListChildren API operation for AWS Organizations.
7416//
7417// Lists all of the organizational units (OUs) or accounts that are contained
7418// in the specified parent OU or root. This operation, along with ListParents
7419// enables you to traverse the tree structure that makes up this root.
7420//
7421// Always check the NextToken response parameter for a null value when calling
7422// a List* operation. These operations can occasionally return an empty set
7423// of results even when there are more results available. The NextToken response
7424// parameter value is null only when there are no more results to display.
7425//
7426// This operation can be called only from the organization's master account.
7427//
7428// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7429// with awserr.Error's Code and Message methods to get detailed information about
7430// the error.
7431//
7432// See the AWS API reference guide for AWS Organizations's
7433// API operation ListChildren for usage and error information.
7434//
7435// Returned Error Codes:
7436//   * ErrCodeAccessDeniedException "AccessDeniedException"
7437//   You don't have permissions to perform the requested operation. The user or
7438//   role that is making the request must have at least one IAM permissions policy
7439//   attached that grants the required permissions. For more information, see
7440//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7441//   in the IAM User Guide.
7442//
7443//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
7444//   Your account isn't a member of an organization. To make this request, you
7445//   must use the credentials of an account that belongs to an organization.
7446//
7447//   * ErrCodeInvalidInputException "InvalidInputException"
7448//   The requested operation failed because you provided invalid values for one
7449//   or more of the request parameters. This exception includes a reason that
7450//   contains additional information about the violated limit:
7451//
7452//   Some of the reasons in the following list might not be applicable to this
7453//   specific API or operation:
7454//
7455//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7456//      can't be modified.
7457//
7458//      * INPUT_REQUIRED: You must include a value for all required parameters.
7459//
7460//      * INVALID_ENUM: You specified an invalid value.
7461//
7462//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
7463//
7464//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7465//      characters.
7466//
7467//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7468//      at least one invalid value.
7469//
7470//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7471//      from the response to a previous call of the operation.
7472//
7473//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7474//      organization, or email) as a party.
7475//
7476//      * INVALID_PATTERN: You provided a value that doesn't match the required
7477//      pattern.
7478//
7479//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7480//      match the required pattern.
7481//
7482//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7483//      name can't begin with the reserved prefix AWSServiceRoleFor.
7484//
7485//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7486//      Name (ARN) for the organization.
7487//
7488//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7489//
7490//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7491//      tag. You can’t add, edit, or delete system tag keys because they're
7492//      reserved for AWS use. System tags don’t count against your tags per
7493//      resource limit.
7494//
7495//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7496//      for the operation.
7497//
7498//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7499//      than allowed.
7500//
7501//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7502//      value than allowed.
7503//
7504//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7505//      than allowed.
7506//
7507//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7508//      value than allowed.
7509//
7510//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7511//      between entities in the same root.
7512//
7513//   * ErrCodeParentNotFoundException "ParentNotFoundException"
7514//   We can't find a root or OU with the ParentId that you specified.
7515//
7516//   * ErrCodeServiceException "ServiceException"
7517//   AWS Organizations can't complete your request because of an internal service
7518//   error. Try again later.
7519//
7520//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
7521//   You have sent too many requests in too short a period of time. The limit
7522//   helps protect against denial-of-service attacks. Try again later.
7523//
7524//   For information on limits that affect AWS Organizations, see Limits of AWS
7525//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
7526//   in the AWS Organizations User Guide.
7527//
7528// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
7529func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) {
7530	req, out := c.ListChildrenRequest(input)
7531	return out, req.Send()
7532}
7533
7534// ListChildrenWithContext is the same as ListChildren with the addition of
7535// the ability to pass a context and additional request options.
7536//
7537// See ListChildren for details on how to use this API operation.
7538//
7539// The context must be non-nil and will be used for request cancellation. If
7540// the context is nil a panic will occur. In the future the SDK may create
7541// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7542// for more information on using Contexts.
7543func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) {
7544	req, out := c.ListChildrenRequest(input)
7545	req.SetContext(ctx)
7546	req.ApplyOptions(opts...)
7547	return out, req.Send()
7548}
7549
7550// ListChildrenPages iterates over the pages of a ListChildren operation,
7551// calling the "fn" function with the response data for each page. To stop
7552// iterating, return false from the fn function.
7553//
7554// See ListChildren method for more information on how to use this operation.
7555//
7556// Note: This operation can generate multiple requests to a service.
7557//
7558//    // Example iterating over at most 3 pages of a ListChildren operation.
7559//    pageNum := 0
7560//    err := client.ListChildrenPages(params,
7561//        func(page *organizations.ListChildrenOutput, lastPage bool) bool {
7562//            pageNum++
7563//            fmt.Println(page)
7564//            return pageNum <= 3
7565//        })
7566//
7567func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error {
7568	return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn)
7569}
7570
7571// ListChildrenPagesWithContext same as ListChildrenPages except
7572// it takes a Context and allows setting request options on the pages.
7573//
7574// The context must be non-nil and will be used for request cancellation. If
7575// the context is nil a panic will occur. In the future the SDK may create
7576// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7577// for more information on using Contexts.
7578func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error {
7579	p := request.Pagination{
7580		NewRequest: func() (*request.Request, error) {
7581			var inCpy *ListChildrenInput
7582			if input != nil {
7583				tmp := *input
7584				inCpy = &tmp
7585			}
7586			req, _ := c.ListChildrenRequest(inCpy)
7587			req.SetContext(ctx)
7588			req.ApplyOptions(opts...)
7589			return req, nil
7590		},
7591	}
7592
7593	for p.Next() {
7594		if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) {
7595			break
7596		}
7597	}
7598
7599	return p.Err()
7600}
7601
7602const opListCreateAccountStatus = "ListCreateAccountStatus"
7603
7604// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the
7605// client's request for the ListCreateAccountStatus operation. The "output" return
7606// value will be populated with the request's response once the request completes
7607// successfully.
7608//
7609// Use "Send" method on the returned Request to send the API call to the service.
7610// the "output" return value is not valid until after Send returns without error.
7611//
7612// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus
7613// API call, and error handling.
7614//
7615// This method is useful when you want to inject custom logic or configuration
7616// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7617//
7618//
7619//    // Example sending a request using the ListCreateAccountStatusRequest method.
7620//    req, resp := client.ListCreateAccountStatusRequest(params)
7621//
7622//    err := req.Send()
7623//    if err == nil { // resp is now filled
7624//        fmt.Println(resp)
7625//    }
7626//
7627// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
7628func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) {
7629	op := &request.Operation{
7630		Name:       opListCreateAccountStatus,
7631		HTTPMethod: "POST",
7632		HTTPPath:   "/",
7633		Paginator: &request.Paginator{
7634			InputTokens:     []string{"NextToken"},
7635			OutputTokens:    []string{"NextToken"},
7636			LimitToken:      "MaxResults",
7637			TruncationToken: "",
7638		},
7639	}
7640
7641	if input == nil {
7642		input = &ListCreateAccountStatusInput{}
7643	}
7644
7645	output = &ListCreateAccountStatusOutput{}
7646	req = c.newRequest(op, input, output)
7647	return
7648}
7649
7650// ListCreateAccountStatus API operation for AWS Organizations.
7651//
7652// Lists the account creation requests that match the specified status that
7653// is currently being tracked for the organization.
7654//
7655// Always check the NextToken response parameter for a null value when calling
7656// a List* operation. These operations can occasionally return an empty set
7657// of results even when there are more results available. The NextToken response
7658// parameter value is null only when there are no more results to display.
7659//
7660// This operation can be called only from the organization's master account.
7661//
7662// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7663// with awserr.Error's Code and Message methods to get detailed information about
7664// the error.
7665//
7666// See the AWS API reference guide for AWS Organizations's
7667// API operation ListCreateAccountStatus for usage and error information.
7668//
7669// Returned Error Codes:
7670//   * ErrCodeAccessDeniedException "AccessDeniedException"
7671//   You don't have permissions to perform the requested operation. The user or
7672//   role that is making the request must have at least one IAM permissions policy
7673//   attached that grants the required permissions. For more information, see
7674//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7675//   in the IAM User Guide.
7676//
7677//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
7678//   Your account isn't a member of an organization. To make this request, you
7679//   must use the credentials of an account that belongs to an organization.
7680//
7681//   * ErrCodeInvalidInputException "InvalidInputException"
7682//   The requested operation failed because you provided invalid values for one
7683//   or more of the request parameters. This exception includes a reason that
7684//   contains additional information about the violated limit:
7685//
7686//   Some of the reasons in the following list might not be applicable to this
7687//   specific API or operation:
7688//
7689//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7690//      can't be modified.
7691//
7692//      * INPUT_REQUIRED: You must include a value for all required parameters.
7693//
7694//      * INVALID_ENUM: You specified an invalid value.
7695//
7696//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
7697//
7698//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7699//      characters.
7700//
7701//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7702//      at least one invalid value.
7703//
7704//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7705//      from the response to a previous call of the operation.
7706//
7707//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7708//      organization, or email) as a party.
7709//
7710//      * INVALID_PATTERN: You provided a value that doesn't match the required
7711//      pattern.
7712//
7713//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7714//      match the required pattern.
7715//
7716//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7717//      name can't begin with the reserved prefix AWSServiceRoleFor.
7718//
7719//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7720//      Name (ARN) for the organization.
7721//
7722//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7723//
7724//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7725//      tag. You can’t add, edit, or delete system tag keys because they're
7726//      reserved for AWS use. System tags don’t count against your tags per
7727//      resource limit.
7728//
7729//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7730//      for the operation.
7731//
7732//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7733//      than allowed.
7734//
7735//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7736//      value than allowed.
7737//
7738//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7739//      than allowed.
7740//
7741//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7742//      value than allowed.
7743//
7744//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7745//      between entities in the same root.
7746//
7747//   * ErrCodeServiceException "ServiceException"
7748//   AWS Organizations can't complete your request because of an internal service
7749//   error. Try again later.
7750//
7751//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
7752//   You have sent too many requests in too short a period of time. The limit
7753//   helps protect against denial-of-service attacks. Try again later.
7754//
7755//   For information on limits that affect AWS Organizations, see Limits of AWS
7756//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
7757//   in the AWS Organizations User Guide.
7758//
7759//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
7760//   This action isn't available in the current Region.
7761//
7762// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
7763func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) {
7764	req, out := c.ListCreateAccountStatusRequest(input)
7765	return out, req.Send()
7766}
7767
7768// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of
7769// the ability to pass a context and additional request options.
7770//
7771// See ListCreateAccountStatus for details on how to use this API operation.
7772//
7773// The context must be non-nil and will be used for request cancellation. If
7774// the context is nil a panic will occur. In the future the SDK may create
7775// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7776// for more information on using Contexts.
7777func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) {
7778	req, out := c.ListCreateAccountStatusRequest(input)
7779	req.SetContext(ctx)
7780	req.ApplyOptions(opts...)
7781	return out, req.Send()
7782}
7783
7784// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation,
7785// calling the "fn" function with the response data for each page. To stop
7786// iterating, return false from the fn function.
7787//
7788// See ListCreateAccountStatus method for more information on how to use this operation.
7789//
7790// Note: This operation can generate multiple requests to a service.
7791//
7792//    // Example iterating over at most 3 pages of a ListCreateAccountStatus operation.
7793//    pageNum := 0
7794//    err := client.ListCreateAccountStatusPages(params,
7795//        func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool {
7796//            pageNum++
7797//            fmt.Println(page)
7798//            return pageNum <= 3
7799//        })
7800//
7801func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error {
7802	return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn)
7803}
7804
7805// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except
7806// it takes a Context and allows setting request options on the pages.
7807//
7808// The context must be non-nil and will be used for request cancellation. If
7809// the context is nil a panic will occur. In the future the SDK may create
7810// sub-contexts for http.Requests. See https://golang.org/pkg/context/
7811// for more information on using Contexts.
7812func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error {
7813	p := request.Pagination{
7814		NewRequest: func() (*request.Request, error) {
7815			var inCpy *ListCreateAccountStatusInput
7816			if input != nil {
7817				tmp := *input
7818				inCpy = &tmp
7819			}
7820			req, _ := c.ListCreateAccountStatusRequest(inCpy)
7821			req.SetContext(ctx)
7822			req.ApplyOptions(opts...)
7823			return req, nil
7824		},
7825	}
7826
7827	for p.Next() {
7828		if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) {
7829			break
7830		}
7831	}
7832
7833	return p.Err()
7834}
7835
7836const opListHandshakesForAccount = "ListHandshakesForAccount"
7837
7838// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the
7839// client's request for the ListHandshakesForAccount operation. The "output" return
7840// value will be populated with the request's response once the request completes
7841// successfully.
7842//
7843// Use "Send" method on the returned Request to send the API call to the service.
7844// the "output" return value is not valid until after Send returns without error.
7845//
7846// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount
7847// API call, and error handling.
7848//
7849// This method is useful when you want to inject custom logic or configuration
7850// into the SDK's request lifecycle. Such as custom headers, or retry logic.
7851//
7852//
7853//    // Example sending a request using the ListHandshakesForAccountRequest method.
7854//    req, resp := client.ListHandshakesForAccountRequest(params)
7855//
7856//    err := req.Send()
7857//    if err == nil { // resp is now filled
7858//        fmt.Println(resp)
7859//    }
7860//
7861// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
7862func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) {
7863	op := &request.Operation{
7864		Name:       opListHandshakesForAccount,
7865		HTTPMethod: "POST",
7866		HTTPPath:   "/",
7867		Paginator: &request.Paginator{
7868			InputTokens:     []string{"NextToken"},
7869			OutputTokens:    []string{"NextToken"},
7870			LimitToken:      "MaxResults",
7871			TruncationToken: "",
7872		},
7873	}
7874
7875	if input == nil {
7876		input = &ListHandshakesForAccountInput{}
7877	}
7878
7879	output = &ListHandshakesForAccountOutput{}
7880	req = c.newRequest(op, input, output)
7881	return
7882}
7883
7884// ListHandshakesForAccount API operation for AWS Organizations.
7885//
7886// Lists the current handshakes that are associated with the account of the
7887// requesting user.
7888//
7889// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
7890// of this API for only 30 days after changing to that state. After that, they're
7891// deleted and no longer accessible.
7892//
7893// Always check the NextToken response parameter for a null value when calling
7894// a List* operation. These operations can occasionally return an empty set
7895// of results even when there are more results available. The NextToken response
7896// parameter value is null only when there are no more results to display.
7897//
7898// This operation can be called from any account in the organization.
7899//
7900// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
7901// with awserr.Error's Code and Message methods to get detailed information about
7902// the error.
7903//
7904// See the AWS API reference guide for AWS Organizations's
7905// API operation ListHandshakesForAccount for usage and error information.
7906//
7907// Returned Error Codes:
7908//   * ErrCodeAccessDeniedException "AccessDeniedException"
7909//   You don't have permissions to perform the requested operation. The user or
7910//   role that is making the request must have at least one IAM permissions policy
7911//   attached that grants the required permissions. For more information, see
7912//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
7913//   in the IAM User Guide.
7914//
7915//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
7916//   The target of the operation is currently being modified by a different request.
7917//   Try again later.
7918//
7919//   * ErrCodeInvalidInputException "InvalidInputException"
7920//   The requested operation failed because you provided invalid values for one
7921//   or more of the request parameters. This exception includes a reason that
7922//   contains additional information about the violated limit:
7923//
7924//   Some of the reasons in the following list might not be applicable to this
7925//   specific API or operation:
7926//
7927//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
7928//      can't be modified.
7929//
7930//      * INPUT_REQUIRED: You must include a value for all required parameters.
7931//
7932//      * INVALID_ENUM: You specified an invalid value.
7933//
7934//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
7935//
7936//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
7937//      characters.
7938//
7939//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
7940//      at least one invalid value.
7941//
7942//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
7943//      from the response to a previous call of the operation.
7944//
7945//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
7946//      organization, or email) as a party.
7947//
7948//      * INVALID_PATTERN: You provided a value that doesn't match the required
7949//      pattern.
7950//
7951//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
7952//      match the required pattern.
7953//
7954//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
7955//      name can't begin with the reserved prefix AWSServiceRoleFor.
7956//
7957//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
7958//      Name (ARN) for the organization.
7959//
7960//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
7961//
7962//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
7963//      tag. You can’t add, edit, or delete system tag keys because they're
7964//      reserved for AWS use. System tags don’t count against your tags per
7965//      resource limit.
7966//
7967//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
7968//      for the operation.
7969//
7970//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
7971//      than allowed.
7972//
7973//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
7974//      value than allowed.
7975//
7976//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
7977//      than allowed.
7978//
7979//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
7980//      value than allowed.
7981//
7982//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
7983//      between entities in the same root.
7984//
7985//   * ErrCodeServiceException "ServiceException"
7986//   AWS Organizations can't complete your request because of an internal service
7987//   error. Try again later.
7988//
7989//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
7990//   You have sent too many requests in too short a period of time. The limit
7991//   helps protect against denial-of-service attacks. Try again later.
7992//
7993//   For information on limits that affect AWS Organizations, see Limits of AWS
7994//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
7995//   in the AWS Organizations User Guide.
7996//
7997// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
7998func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) {
7999	req, out := c.ListHandshakesForAccountRequest(input)
8000	return out, req.Send()
8001}
8002
8003// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of
8004// the ability to pass a context and additional request options.
8005//
8006// See ListHandshakesForAccount for details on how to use this API operation.
8007//
8008// The context must be non-nil and will be used for request cancellation. If
8009// the context is nil a panic will occur. In the future the SDK may create
8010// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8011// for more information on using Contexts.
8012func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) {
8013	req, out := c.ListHandshakesForAccountRequest(input)
8014	req.SetContext(ctx)
8015	req.ApplyOptions(opts...)
8016	return out, req.Send()
8017}
8018
8019// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation,
8020// calling the "fn" function with the response data for each page. To stop
8021// iterating, return false from the fn function.
8022//
8023// See ListHandshakesForAccount method for more information on how to use this operation.
8024//
8025// Note: This operation can generate multiple requests to a service.
8026//
8027//    // Example iterating over at most 3 pages of a ListHandshakesForAccount operation.
8028//    pageNum := 0
8029//    err := client.ListHandshakesForAccountPages(params,
8030//        func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool {
8031//            pageNum++
8032//            fmt.Println(page)
8033//            return pageNum <= 3
8034//        })
8035//
8036func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error {
8037	return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
8038}
8039
8040// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except
8041// it takes a Context and allows setting request options on the pages.
8042//
8043// The context must be non-nil and will be used for request cancellation. If
8044// the context is nil a panic will occur. In the future the SDK may create
8045// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8046// for more information on using Contexts.
8047func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error {
8048	p := request.Pagination{
8049		NewRequest: func() (*request.Request, error) {
8050			var inCpy *ListHandshakesForAccountInput
8051			if input != nil {
8052				tmp := *input
8053				inCpy = &tmp
8054			}
8055			req, _ := c.ListHandshakesForAccountRequest(inCpy)
8056			req.SetContext(ctx)
8057			req.ApplyOptions(opts...)
8058			return req, nil
8059		},
8060	}
8061
8062	for p.Next() {
8063		if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) {
8064			break
8065		}
8066	}
8067
8068	return p.Err()
8069}
8070
8071const opListHandshakesForOrganization = "ListHandshakesForOrganization"
8072
8073// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the
8074// client's request for the ListHandshakesForOrganization operation. The "output" return
8075// value will be populated with the request's response once the request completes
8076// successfully.
8077//
8078// Use "Send" method on the returned Request to send the API call to the service.
8079// the "output" return value is not valid until after Send returns without error.
8080//
8081// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization
8082// API call, and error handling.
8083//
8084// This method is useful when you want to inject custom logic or configuration
8085// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8086//
8087//
8088//    // Example sending a request using the ListHandshakesForOrganizationRequest method.
8089//    req, resp := client.ListHandshakesForOrganizationRequest(params)
8090//
8091//    err := req.Send()
8092//    if err == nil { // resp is now filled
8093//        fmt.Println(resp)
8094//    }
8095//
8096// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
8097func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) {
8098	op := &request.Operation{
8099		Name:       opListHandshakesForOrganization,
8100		HTTPMethod: "POST",
8101		HTTPPath:   "/",
8102		Paginator: &request.Paginator{
8103			InputTokens:     []string{"NextToken"},
8104			OutputTokens:    []string{"NextToken"},
8105			LimitToken:      "MaxResults",
8106			TruncationToken: "",
8107		},
8108	}
8109
8110	if input == nil {
8111		input = &ListHandshakesForOrganizationInput{}
8112	}
8113
8114	output = &ListHandshakesForOrganizationOutput{}
8115	req = c.newRequest(op, input, output)
8116	return
8117}
8118
8119// ListHandshakesForOrganization API operation for AWS Organizations.
8120//
8121// Lists the handshakes that are associated with the organization that the requesting
8122// user is part of. The ListHandshakesForOrganization operation returns a list
8123// of handshake structures. Each structure contains details and status about
8124// a handshake.
8125//
8126// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
8127// of this API for only 30 days after changing to that state. After that, they're
8128// deleted and no longer accessible.
8129//
8130// Always check the NextToken response parameter for a null value when calling
8131// a List* operation. These operations can occasionally return an empty set
8132// of results even when there are more results available. The NextToken response
8133// parameter value is null only when there are no more results to display.
8134//
8135// This operation can be called only from the organization's master account.
8136//
8137// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8138// with awserr.Error's Code and Message methods to get detailed information about
8139// the error.
8140//
8141// See the AWS API reference guide for AWS Organizations's
8142// API operation ListHandshakesForOrganization for usage and error information.
8143//
8144// Returned Error Codes:
8145//   * ErrCodeAccessDeniedException "AccessDeniedException"
8146//   You don't have permissions to perform the requested operation. The user or
8147//   role that is making the request must have at least one IAM permissions policy
8148//   attached that grants the required permissions. For more information, see
8149//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8150//   in the IAM User Guide.
8151//
8152//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
8153//   Your account isn't a member of an organization. To make this request, you
8154//   must use the credentials of an account that belongs to an organization.
8155//
8156//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
8157//   The target of the operation is currently being modified by a different request.
8158//   Try again later.
8159//
8160//   * ErrCodeInvalidInputException "InvalidInputException"
8161//   The requested operation failed because you provided invalid values for one
8162//   or more of the request parameters. This exception includes a reason that
8163//   contains additional information about the violated limit:
8164//
8165//   Some of the reasons in the following list might not be applicable to this
8166//   specific API or operation:
8167//
8168//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8169//      can't be modified.
8170//
8171//      * INPUT_REQUIRED: You must include a value for all required parameters.
8172//
8173//      * INVALID_ENUM: You specified an invalid value.
8174//
8175//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
8176//
8177//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8178//      characters.
8179//
8180//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8181//      at least one invalid value.
8182//
8183//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8184//      from the response to a previous call of the operation.
8185//
8186//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8187//      organization, or email) as a party.
8188//
8189//      * INVALID_PATTERN: You provided a value that doesn't match the required
8190//      pattern.
8191//
8192//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8193//      match the required pattern.
8194//
8195//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8196//      name can't begin with the reserved prefix AWSServiceRoleFor.
8197//
8198//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8199//      Name (ARN) for the organization.
8200//
8201//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8202//
8203//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8204//      tag. You can’t add, edit, or delete system tag keys because they're
8205//      reserved for AWS use. System tags don’t count against your tags per
8206//      resource limit.
8207//
8208//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8209//      for the operation.
8210//
8211//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8212//      than allowed.
8213//
8214//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8215//      value than allowed.
8216//
8217//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8218//      than allowed.
8219//
8220//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8221//      value than allowed.
8222//
8223//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8224//      between entities in the same root.
8225//
8226//   * ErrCodeServiceException "ServiceException"
8227//   AWS Organizations can't complete your request because of an internal service
8228//   error. Try again later.
8229//
8230//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
8231//   You have sent too many requests in too short a period of time. The limit
8232//   helps protect against denial-of-service attacks. Try again later.
8233//
8234//   For information on limits that affect AWS Organizations, see Limits of AWS
8235//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
8236//   in the AWS Organizations User Guide.
8237//
8238// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
8239func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) {
8240	req, out := c.ListHandshakesForOrganizationRequest(input)
8241	return out, req.Send()
8242}
8243
8244// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of
8245// the ability to pass a context and additional request options.
8246//
8247// See ListHandshakesForOrganization for details on how to use this API operation.
8248//
8249// The context must be non-nil and will be used for request cancellation. If
8250// the context is nil a panic will occur. In the future the SDK may create
8251// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8252// for more information on using Contexts.
8253func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) {
8254	req, out := c.ListHandshakesForOrganizationRequest(input)
8255	req.SetContext(ctx)
8256	req.ApplyOptions(opts...)
8257	return out, req.Send()
8258}
8259
8260// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation,
8261// calling the "fn" function with the response data for each page. To stop
8262// iterating, return false from the fn function.
8263//
8264// See ListHandshakesForOrganization method for more information on how to use this operation.
8265//
8266// Note: This operation can generate multiple requests to a service.
8267//
8268//    // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation.
8269//    pageNum := 0
8270//    err := client.ListHandshakesForOrganizationPages(params,
8271//        func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool {
8272//            pageNum++
8273//            fmt.Println(page)
8274//            return pageNum <= 3
8275//        })
8276//
8277func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error {
8278	return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
8279}
8280
8281// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except
8282// it takes a Context and allows setting request options on the pages.
8283//
8284// The context must be non-nil and will be used for request cancellation. If
8285// the context is nil a panic will occur. In the future the SDK may create
8286// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8287// for more information on using Contexts.
8288func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error {
8289	p := request.Pagination{
8290		NewRequest: func() (*request.Request, error) {
8291			var inCpy *ListHandshakesForOrganizationInput
8292			if input != nil {
8293				tmp := *input
8294				inCpy = &tmp
8295			}
8296			req, _ := c.ListHandshakesForOrganizationRequest(inCpy)
8297			req.SetContext(ctx)
8298			req.ApplyOptions(opts...)
8299			return req, nil
8300		},
8301	}
8302
8303	for p.Next() {
8304		if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) {
8305			break
8306		}
8307	}
8308
8309	return p.Err()
8310}
8311
8312const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent"
8313
8314// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the
8315// client's request for the ListOrganizationalUnitsForParent operation. The "output" return
8316// value will be populated with the request's response once the request completes
8317// successfully.
8318//
8319// Use "Send" method on the returned Request to send the API call to the service.
8320// the "output" return value is not valid until after Send returns without error.
8321//
8322// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent
8323// API call, and error handling.
8324//
8325// This method is useful when you want to inject custom logic or configuration
8326// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8327//
8328//
8329//    // Example sending a request using the ListOrganizationalUnitsForParentRequest method.
8330//    req, resp := client.ListOrganizationalUnitsForParentRequest(params)
8331//
8332//    err := req.Send()
8333//    if err == nil { // resp is now filled
8334//        fmt.Println(resp)
8335//    }
8336//
8337// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
8338func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) {
8339	op := &request.Operation{
8340		Name:       opListOrganizationalUnitsForParent,
8341		HTTPMethod: "POST",
8342		HTTPPath:   "/",
8343		Paginator: &request.Paginator{
8344			InputTokens:     []string{"NextToken"},
8345			OutputTokens:    []string{"NextToken"},
8346			LimitToken:      "MaxResults",
8347			TruncationToken: "",
8348		},
8349	}
8350
8351	if input == nil {
8352		input = &ListOrganizationalUnitsForParentInput{}
8353	}
8354
8355	output = &ListOrganizationalUnitsForParentOutput{}
8356	req = c.newRequest(op, input, output)
8357	return
8358}
8359
8360// ListOrganizationalUnitsForParent API operation for AWS Organizations.
8361//
8362// Lists the organizational units (OUs) in a parent organizational unit or root.
8363//
8364// Always check the NextToken response parameter for a null value when calling
8365// a List* operation. These operations can occasionally return an empty set
8366// of results even when there are more results available. The NextToken response
8367// parameter value is null only when there are no more results to display.
8368//
8369// This operation can be called only from the organization's master account.
8370//
8371// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8372// with awserr.Error's Code and Message methods to get detailed information about
8373// the error.
8374//
8375// See the AWS API reference guide for AWS Organizations's
8376// API operation ListOrganizationalUnitsForParent for usage and error information.
8377//
8378// Returned Error Codes:
8379//   * ErrCodeAccessDeniedException "AccessDeniedException"
8380//   You don't have permissions to perform the requested operation. The user or
8381//   role that is making the request must have at least one IAM permissions policy
8382//   attached that grants the required permissions. For more information, see
8383//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8384//   in the IAM User Guide.
8385//
8386//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
8387//   Your account isn't a member of an organization. To make this request, you
8388//   must use the credentials of an account that belongs to an organization.
8389//
8390//   * ErrCodeInvalidInputException "InvalidInputException"
8391//   The requested operation failed because you provided invalid values for one
8392//   or more of the request parameters. This exception includes a reason that
8393//   contains additional information about the violated limit:
8394//
8395//   Some of the reasons in the following list might not be applicable to this
8396//   specific API or operation:
8397//
8398//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8399//      can't be modified.
8400//
8401//      * INPUT_REQUIRED: You must include a value for all required parameters.
8402//
8403//      * INVALID_ENUM: You specified an invalid value.
8404//
8405//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
8406//
8407//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8408//      characters.
8409//
8410//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8411//      at least one invalid value.
8412//
8413//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8414//      from the response to a previous call of the operation.
8415//
8416//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8417//      organization, or email) as a party.
8418//
8419//      * INVALID_PATTERN: You provided a value that doesn't match the required
8420//      pattern.
8421//
8422//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8423//      match the required pattern.
8424//
8425//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8426//      name can't begin with the reserved prefix AWSServiceRoleFor.
8427//
8428//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8429//      Name (ARN) for the organization.
8430//
8431//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8432//
8433//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8434//      tag. You can’t add, edit, or delete system tag keys because they're
8435//      reserved for AWS use. System tags don’t count against your tags per
8436//      resource limit.
8437//
8438//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8439//      for the operation.
8440//
8441//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8442//      than allowed.
8443//
8444//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8445//      value than allowed.
8446//
8447//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8448//      than allowed.
8449//
8450//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8451//      value than allowed.
8452//
8453//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8454//      between entities in the same root.
8455//
8456//   * ErrCodeParentNotFoundException "ParentNotFoundException"
8457//   We can't find a root or OU with the ParentId that you specified.
8458//
8459//   * ErrCodeServiceException "ServiceException"
8460//   AWS Organizations can't complete your request because of an internal service
8461//   error. Try again later.
8462//
8463//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
8464//   You have sent too many requests in too short a period of time. The limit
8465//   helps protect against denial-of-service attacks. Try again later.
8466//
8467//   For information on limits that affect AWS Organizations, see Limits of AWS
8468//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
8469//   in the AWS Organizations User Guide.
8470//
8471// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
8472func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) {
8473	req, out := c.ListOrganizationalUnitsForParentRequest(input)
8474	return out, req.Send()
8475}
8476
8477// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of
8478// the ability to pass a context and additional request options.
8479//
8480// See ListOrganizationalUnitsForParent for details on how to use this API operation.
8481//
8482// The context must be non-nil and will be used for request cancellation. If
8483// the context is nil a panic will occur. In the future the SDK may create
8484// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8485// for more information on using Contexts.
8486func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) {
8487	req, out := c.ListOrganizationalUnitsForParentRequest(input)
8488	req.SetContext(ctx)
8489	req.ApplyOptions(opts...)
8490	return out, req.Send()
8491}
8492
8493// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation,
8494// calling the "fn" function with the response data for each page. To stop
8495// iterating, return false from the fn function.
8496//
8497// See ListOrganizationalUnitsForParent method for more information on how to use this operation.
8498//
8499// Note: This operation can generate multiple requests to a service.
8500//
8501//    // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation.
8502//    pageNum := 0
8503//    err := client.ListOrganizationalUnitsForParentPages(params,
8504//        func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
8505//            pageNum++
8506//            fmt.Println(page)
8507//            return pageNum <= 3
8508//        })
8509//
8510func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error {
8511	return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
8512}
8513
8514// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except
8515// it takes a Context and allows setting request options on the pages.
8516//
8517// The context must be non-nil and will be used for request cancellation. If
8518// the context is nil a panic will occur. In the future the SDK may create
8519// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8520// for more information on using Contexts.
8521func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error {
8522	p := request.Pagination{
8523		NewRequest: func() (*request.Request, error) {
8524			var inCpy *ListOrganizationalUnitsForParentInput
8525			if input != nil {
8526				tmp := *input
8527				inCpy = &tmp
8528			}
8529			req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy)
8530			req.SetContext(ctx)
8531			req.ApplyOptions(opts...)
8532			return req, nil
8533		},
8534	}
8535
8536	for p.Next() {
8537		if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) {
8538			break
8539		}
8540	}
8541
8542	return p.Err()
8543}
8544
8545const opListParents = "ListParents"
8546
8547// ListParentsRequest generates a "aws/request.Request" representing the
8548// client's request for the ListParents operation. The "output" return
8549// value will be populated with the request's response once the request completes
8550// successfully.
8551//
8552// Use "Send" method on the returned Request to send the API call to the service.
8553// the "output" return value is not valid until after Send returns without error.
8554//
8555// See ListParents for more information on using the ListParents
8556// API call, and error handling.
8557//
8558// This method is useful when you want to inject custom logic or configuration
8559// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8560//
8561//
8562//    // Example sending a request using the ListParentsRequest method.
8563//    req, resp := client.ListParentsRequest(params)
8564//
8565//    err := req.Send()
8566//    if err == nil { // resp is now filled
8567//        fmt.Println(resp)
8568//    }
8569//
8570// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
8571func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) {
8572	op := &request.Operation{
8573		Name:       opListParents,
8574		HTTPMethod: "POST",
8575		HTTPPath:   "/",
8576		Paginator: &request.Paginator{
8577			InputTokens:     []string{"NextToken"},
8578			OutputTokens:    []string{"NextToken"},
8579			LimitToken:      "MaxResults",
8580			TruncationToken: "",
8581		},
8582	}
8583
8584	if input == nil {
8585		input = &ListParentsInput{}
8586	}
8587
8588	output = &ListParentsOutput{}
8589	req = c.newRequest(op, input, output)
8590	return
8591}
8592
8593// ListParents API operation for AWS Organizations.
8594//
8595// Lists the root or organizational units (OUs) that serve as the immediate
8596// parent of the specified child OU or account. This operation, along with ListChildren
8597// enables you to traverse the tree structure that makes up this root.
8598//
8599// Always check the NextToken response parameter for a null value when calling
8600// a List* operation. These operations can occasionally return an empty set
8601// of results even when there are more results available. The NextToken response
8602// parameter value is null only when there are no more results to display.
8603//
8604// This operation can be called only from the organization's master account.
8605//
8606// In the current release, a child can have only a single parent.
8607//
8608// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8609// with awserr.Error's Code and Message methods to get detailed information about
8610// the error.
8611//
8612// See the AWS API reference guide for AWS Organizations's
8613// API operation ListParents for usage and error information.
8614//
8615// Returned Error Codes:
8616//   * ErrCodeAccessDeniedException "AccessDeniedException"
8617//   You don't have permissions to perform the requested operation. The user or
8618//   role that is making the request must have at least one IAM permissions policy
8619//   attached that grants the required permissions. For more information, see
8620//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8621//   in the IAM User Guide.
8622//
8623//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
8624//   Your account isn't a member of an organization. To make this request, you
8625//   must use the credentials of an account that belongs to an organization.
8626//
8627//   * ErrCodeChildNotFoundException "ChildNotFoundException"
8628//   We can't find an organizational unit (OU) or AWS account with the ChildId
8629//   that you specified.
8630//
8631//   * ErrCodeInvalidInputException "InvalidInputException"
8632//   The requested operation failed because you provided invalid values for one
8633//   or more of the request parameters. This exception includes a reason that
8634//   contains additional information about the violated limit:
8635//
8636//   Some of the reasons in the following list might not be applicable to this
8637//   specific API or operation:
8638//
8639//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8640//      can't be modified.
8641//
8642//      * INPUT_REQUIRED: You must include a value for all required parameters.
8643//
8644//      * INVALID_ENUM: You specified an invalid value.
8645//
8646//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
8647//
8648//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8649//      characters.
8650//
8651//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8652//      at least one invalid value.
8653//
8654//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8655//      from the response to a previous call of the operation.
8656//
8657//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8658//      organization, or email) as a party.
8659//
8660//      * INVALID_PATTERN: You provided a value that doesn't match the required
8661//      pattern.
8662//
8663//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8664//      match the required pattern.
8665//
8666//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8667//      name can't begin with the reserved prefix AWSServiceRoleFor.
8668//
8669//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8670//      Name (ARN) for the organization.
8671//
8672//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8673//
8674//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8675//      tag. You can’t add, edit, or delete system tag keys because they're
8676//      reserved for AWS use. System tags don’t count against your tags per
8677//      resource limit.
8678//
8679//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8680//      for the operation.
8681//
8682//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8683//      than allowed.
8684//
8685//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8686//      value than allowed.
8687//
8688//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8689//      than allowed.
8690//
8691//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8692//      value than allowed.
8693//
8694//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8695//      between entities in the same root.
8696//
8697//   * ErrCodeServiceException "ServiceException"
8698//   AWS Organizations can't complete your request because of an internal service
8699//   error. Try again later.
8700//
8701//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
8702//   You have sent too many requests in too short a period of time. The limit
8703//   helps protect against denial-of-service attacks. Try again later.
8704//
8705//   For information on limits that affect AWS Organizations, see Limits of AWS
8706//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
8707//   in the AWS Organizations User Guide.
8708//
8709// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
8710func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) {
8711	req, out := c.ListParentsRequest(input)
8712	return out, req.Send()
8713}
8714
8715// ListParentsWithContext is the same as ListParents with the addition of
8716// the ability to pass a context and additional request options.
8717//
8718// See ListParents for details on how to use this API operation.
8719//
8720// The context must be non-nil and will be used for request cancellation. If
8721// the context is nil a panic will occur. In the future the SDK may create
8722// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8723// for more information on using Contexts.
8724func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) {
8725	req, out := c.ListParentsRequest(input)
8726	req.SetContext(ctx)
8727	req.ApplyOptions(opts...)
8728	return out, req.Send()
8729}
8730
8731// ListParentsPages iterates over the pages of a ListParents operation,
8732// calling the "fn" function with the response data for each page. To stop
8733// iterating, return false from the fn function.
8734//
8735// See ListParents method for more information on how to use this operation.
8736//
8737// Note: This operation can generate multiple requests to a service.
8738//
8739//    // Example iterating over at most 3 pages of a ListParents operation.
8740//    pageNum := 0
8741//    err := client.ListParentsPages(params,
8742//        func(page *organizations.ListParentsOutput, lastPage bool) bool {
8743//            pageNum++
8744//            fmt.Println(page)
8745//            return pageNum <= 3
8746//        })
8747//
8748func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error {
8749	return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn)
8750}
8751
8752// ListParentsPagesWithContext same as ListParentsPages except
8753// it takes a Context and allows setting request options on the pages.
8754//
8755// The context must be non-nil and will be used for request cancellation. If
8756// the context is nil a panic will occur. In the future the SDK may create
8757// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8758// for more information on using Contexts.
8759func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error {
8760	p := request.Pagination{
8761		NewRequest: func() (*request.Request, error) {
8762			var inCpy *ListParentsInput
8763			if input != nil {
8764				tmp := *input
8765				inCpy = &tmp
8766			}
8767			req, _ := c.ListParentsRequest(inCpy)
8768			req.SetContext(ctx)
8769			req.ApplyOptions(opts...)
8770			return req, nil
8771		},
8772	}
8773
8774	for p.Next() {
8775		if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) {
8776			break
8777		}
8778	}
8779
8780	return p.Err()
8781}
8782
8783const opListPolicies = "ListPolicies"
8784
8785// ListPoliciesRequest generates a "aws/request.Request" representing the
8786// client's request for the ListPolicies operation. The "output" return
8787// value will be populated with the request's response once the request completes
8788// successfully.
8789//
8790// Use "Send" method on the returned Request to send the API call to the service.
8791// the "output" return value is not valid until after Send returns without error.
8792//
8793// See ListPolicies for more information on using the ListPolicies
8794// API call, and error handling.
8795//
8796// This method is useful when you want to inject custom logic or configuration
8797// into the SDK's request lifecycle. Such as custom headers, or retry logic.
8798//
8799//
8800//    // Example sending a request using the ListPoliciesRequest method.
8801//    req, resp := client.ListPoliciesRequest(params)
8802//
8803//    err := req.Send()
8804//    if err == nil { // resp is now filled
8805//        fmt.Println(resp)
8806//    }
8807//
8808// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
8809func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
8810	op := &request.Operation{
8811		Name:       opListPolicies,
8812		HTTPMethod: "POST",
8813		HTTPPath:   "/",
8814		Paginator: &request.Paginator{
8815			InputTokens:     []string{"NextToken"},
8816			OutputTokens:    []string{"NextToken"},
8817			LimitToken:      "MaxResults",
8818			TruncationToken: "",
8819		},
8820	}
8821
8822	if input == nil {
8823		input = &ListPoliciesInput{}
8824	}
8825
8826	output = &ListPoliciesOutput{}
8827	req = c.newRequest(op, input, output)
8828	return
8829}
8830
8831// ListPolicies API operation for AWS Organizations.
8832//
8833// Retrieves the list of all policies in an organization of a specified type.
8834//
8835// Always check the NextToken response parameter for a null value when calling
8836// a List* operation. These operations can occasionally return an empty set
8837// of results even when there are more results available. The NextToken response
8838// parameter value is null only when there are no more results to display.
8839//
8840// This operation can be called only from the organization's master account.
8841//
8842// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
8843// with awserr.Error's Code and Message methods to get detailed information about
8844// the error.
8845//
8846// See the AWS API reference guide for AWS Organizations's
8847// API operation ListPolicies for usage and error information.
8848//
8849// Returned Error Codes:
8850//   * ErrCodeAccessDeniedException "AccessDeniedException"
8851//   You don't have permissions to perform the requested operation. The user or
8852//   role that is making the request must have at least one IAM permissions policy
8853//   attached that grants the required permissions. For more information, see
8854//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
8855//   in the IAM User Guide.
8856//
8857//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
8858//   Your account isn't a member of an organization. To make this request, you
8859//   must use the credentials of an account that belongs to an organization.
8860//
8861//   * ErrCodeInvalidInputException "InvalidInputException"
8862//   The requested operation failed because you provided invalid values for one
8863//   or more of the request parameters. This exception includes a reason that
8864//   contains additional information about the violated limit:
8865//
8866//   Some of the reasons in the following list might not be applicable to this
8867//   specific API or operation:
8868//
8869//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
8870//      can't be modified.
8871//
8872//      * INPUT_REQUIRED: You must include a value for all required parameters.
8873//
8874//      * INVALID_ENUM: You specified an invalid value.
8875//
8876//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
8877//
8878//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
8879//      characters.
8880//
8881//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
8882//      at least one invalid value.
8883//
8884//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
8885//      from the response to a previous call of the operation.
8886//
8887//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
8888//      organization, or email) as a party.
8889//
8890//      * INVALID_PATTERN: You provided a value that doesn't match the required
8891//      pattern.
8892//
8893//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
8894//      match the required pattern.
8895//
8896//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
8897//      name can't begin with the reserved prefix AWSServiceRoleFor.
8898//
8899//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
8900//      Name (ARN) for the organization.
8901//
8902//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
8903//
8904//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
8905//      tag. You can’t add, edit, or delete system tag keys because they're
8906//      reserved for AWS use. System tags don’t count against your tags per
8907//      resource limit.
8908//
8909//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
8910//      for the operation.
8911//
8912//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
8913//      than allowed.
8914//
8915//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
8916//      value than allowed.
8917//
8918//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
8919//      than allowed.
8920//
8921//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
8922//      value than allowed.
8923//
8924//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
8925//      between entities in the same root.
8926//
8927//   * ErrCodeServiceException "ServiceException"
8928//   AWS Organizations can't complete your request because of an internal service
8929//   error. Try again later.
8930//
8931//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
8932//   You have sent too many requests in too short a period of time. The limit
8933//   helps protect against denial-of-service attacks. Try again later.
8934//
8935//   For information on limits that affect AWS Organizations, see Limits of AWS
8936//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
8937//   in the AWS Organizations User Guide.
8938//
8939//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
8940//   This action isn't available in the current Region.
8941//
8942// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
8943func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
8944	req, out := c.ListPoliciesRequest(input)
8945	return out, req.Send()
8946}
8947
8948// ListPoliciesWithContext is the same as ListPolicies with the addition of
8949// the ability to pass a context and additional request options.
8950//
8951// See ListPolicies for details on how to use this API operation.
8952//
8953// The context must be non-nil and will be used for request cancellation. If
8954// the context is nil a panic will occur. In the future the SDK may create
8955// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8956// for more information on using Contexts.
8957func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
8958	req, out := c.ListPoliciesRequest(input)
8959	req.SetContext(ctx)
8960	req.ApplyOptions(opts...)
8961	return out, req.Send()
8962}
8963
8964// ListPoliciesPages iterates over the pages of a ListPolicies operation,
8965// calling the "fn" function with the response data for each page. To stop
8966// iterating, return false from the fn function.
8967//
8968// See ListPolicies method for more information on how to use this operation.
8969//
8970// Note: This operation can generate multiple requests to a service.
8971//
8972//    // Example iterating over at most 3 pages of a ListPolicies operation.
8973//    pageNum := 0
8974//    err := client.ListPoliciesPages(params,
8975//        func(page *organizations.ListPoliciesOutput, lastPage bool) bool {
8976//            pageNum++
8977//            fmt.Println(page)
8978//            return pageNum <= 3
8979//        })
8980//
8981func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
8982	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
8983}
8984
8985// ListPoliciesPagesWithContext same as ListPoliciesPages except
8986// it takes a Context and allows setting request options on the pages.
8987//
8988// The context must be non-nil and will be used for request cancellation. If
8989// the context is nil a panic will occur. In the future the SDK may create
8990// sub-contexts for http.Requests. See https://golang.org/pkg/context/
8991// for more information on using Contexts.
8992func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
8993	p := request.Pagination{
8994		NewRequest: func() (*request.Request, error) {
8995			var inCpy *ListPoliciesInput
8996			if input != nil {
8997				tmp := *input
8998				inCpy = &tmp
8999			}
9000			req, _ := c.ListPoliciesRequest(inCpy)
9001			req.SetContext(ctx)
9002			req.ApplyOptions(opts...)
9003			return req, nil
9004		},
9005	}
9006
9007	for p.Next() {
9008		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
9009			break
9010		}
9011	}
9012
9013	return p.Err()
9014}
9015
9016const opListPoliciesForTarget = "ListPoliciesForTarget"
9017
9018// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the
9019// client's request for the ListPoliciesForTarget operation. The "output" return
9020// value will be populated with the request's response once the request completes
9021// successfully.
9022//
9023// Use "Send" method on the returned Request to send the API call to the service.
9024// the "output" return value is not valid until after Send returns without error.
9025//
9026// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget
9027// API call, and error handling.
9028//
9029// This method is useful when you want to inject custom logic or configuration
9030// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9031//
9032//
9033//    // Example sending a request using the ListPoliciesForTargetRequest method.
9034//    req, resp := client.ListPoliciesForTargetRequest(params)
9035//
9036//    err := req.Send()
9037//    if err == nil { // resp is now filled
9038//        fmt.Println(resp)
9039//    }
9040//
9041// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
9042func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) {
9043	op := &request.Operation{
9044		Name:       opListPoliciesForTarget,
9045		HTTPMethod: "POST",
9046		HTTPPath:   "/",
9047		Paginator: &request.Paginator{
9048			InputTokens:     []string{"NextToken"},
9049			OutputTokens:    []string{"NextToken"},
9050			LimitToken:      "MaxResults",
9051			TruncationToken: "",
9052		},
9053	}
9054
9055	if input == nil {
9056		input = &ListPoliciesForTargetInput{}
9057	}
9058
9059	output = &ListPoliciesForTargetOutput{}
9060	req = c.newRequest(op, input, output)
9061	return
9062}
9063
9064// ListPoliciesForTarget API operation for AWS Organizations.
9065//
9066// Lists the policies that are directly attached to the specified target root,
9067// organizational unit (OU), or account. You must specify the policy type that
9068// you want included in the returned list.
9069//
9070// Always check the NextToken response parameter for a null value when calling
9071// a List* operation. These operations can occasionally return an empty set
9072// of results even when there are more results available. The NextToken response
9073// parameter value is null only when there are no more results to display.
9074//
9075// This operation can be called only from the organization's master account.
9076//
9077// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9078// with awserr.Error's Code and Message methods to get detailed information about
9079// the error.
9080//
9081// See the AWS API reference guide for AWS Organizations's
9082// API operation ListPoliciesForTarget for usage and error information.
9083//
9084// Returned Error Codes:
9085//   * ErrCodeAccessDeniedException "AccessDeniedException"
9086//   You don't have permissions to perform the requested operation. The user or
9087//   role that is making the request must have at least one IAM permissions policy
9088//   attached that grants the required permissions. For more information, see
9089//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9090//   in the IAM User Guide.
9091//
9092//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
9093//   Your account isn't a member of an organization. To make this request, you
9094//   must use the credentials of an account that belongs to an organization.
9095//
9096//   * ErrCodeInvalidInputException "InvalidInputException"
9097//   The requested operation failed because you provided invalid values for one
9098//   or more of the request parameters. This exception includes a reason that
9099//   contains additional information about the violated limit:
9100//
9101//   Some of the reasons in the following list might not be applicable to this
9102//   specific API or operation:
9103//
9104//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9105//      can't be modified.
9106//
9107//      * INPUT_REQUIRED: You must include a value for all required parameters.
9108//
9109//      * INVALID_ENUM: You specified an invalid value.
9110//
9111//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
9112//
9113//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9114//      characters.
9115//
9116//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9117//      at least one invalid value.
9118//
9119//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9120//      from the response to a previous call of the operation.
9121//
9122//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9123//      organization, or email) as a party.
9124//
9125//      * INVALID_PATTERN: You provided a value that doesn't match the required
9126//      pattern.
9127//
9128//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9129//      match the required pattern.
9130//
9131//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9132//      name can't begin with the reserved prefix AWSServiceRoleFor.
9133//
9134//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9135//      Name (ARN) for the organization.
9136//
9137//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9138//
9139//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9140//      tag. You can’t add, edit, or delete system tag keys because they're
9141//      reserved for AWS use. System tags don’t count against your tags per
9142//      resource limit.
9143//
9144//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9145//      for the operation.
9146//
9147//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9148//      than allowed.
9149//
9150//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9151//      value than allowed.
9152//
9153//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9154//      than allowed.
9155//
9156//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9157//      value than allowed.
9158//
9159//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9160//      between entities in the same root.
9161//
9162//   * ErrCodeServiceException "ServiceException"
9163//   AWS Organizations can't complete your request because of an internal service
9164//   error. Try again later.
9165//
9166//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
9167//   We can't find a root, OU, or account with the TargetId that you specified.
9168//
9169//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
9170//   You have sent too many requests in too short a period of time. The limit
9171//   helps protect against denial-of-service attacks. Try again later.
9172//
9173//   For information on limits that affect AWS Organizations, see Limits of AWS
9174//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
9175//   in the AWS Organizations User Guide.
9176//
9177//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
9178//   This action isn't available in the current Region.
9179//
9180// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
9181func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) {
9182	req, out := c.ListPoliciesForTargetRequest(input)
9183	return out, req.Send()
9184}
9185
9186// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of
9187// the ability to pass a context and additional request options.
9188//
9189// See ListPoliciesForTarget for details on how to use this API operation.
9190//
9191// The context must be non-nil and will be used for request cancellation. If
9192// the context is nil a panic will occur. In the future the SDK may create
9193// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9194// for more information on using Contexts.
9195func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) {
9196	req, out := c.ListPoliciesForTargetRequest(input)
9197	req.SetContext(ctx)
9198	req.ApplyOptions(opts...)
9199	return out, req.Send()
9200}
9201
9202// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation,
9203// calling the "fn" function with the response data for each page. To stop
9204// iterating, return false from the fn function.
9205//
9206// See ListPoliciesForTarget method for more information on how to use this operation.
9207//
9208// Note: This operation can generate multiple requests to a service.
9209//
9210//    // Example iterating over at most 3 pages of a ListPoliciesForTarget operation.
9211//    pageNum := 0
9212//    err := client.ListPoliciesForTargetPages(params,
9213//        func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
9214//            pageNum++
9215//            fmt.Println(page)
9216//            return pageNum <= 3
9217//        })
9218//
9219func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error {
9220	return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn)
9221}
9222
9223// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except
9224// it takes a Context and allows setting request options on the pages.
9225//
9226// The context must be non-nil and will be used for request cancellation. If
9227// the context is nil a panic will occur. In the future the SDK may create
9228// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9229// for more information on using Contexts.
9230func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error {
9231	p := request.Pagination{
9232		NewRequest: func() (*request.Request, error) {
9233			var inCpy *ListPoliciesForTargetInput
9234			if input != nil {
9235				tmp := *input
9236				inCpy = &tmp
9237			}
9238			req, _ := c.ListPoliciesForTargetRequest(inCpy)
9239			req.SetContext(ctx)
9240			req.ApplyOptions(opts...)
9241			return req, nil
9242		},
9243	}
9244
9245	for p.Next() {
9246		if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) {
9247			break
9248		}
9249	}
9250
9251	return p.Err()
9252}
9253
9254const opListRoots = "ListRoots"
9255
9256// ListRootsRequest generates a "aws/request.Request" representing the
9257// client's request for the ListRoots operation. The "output" return
9258// value will be populated with the request's response once the request completes
9259// successfully.
9260//
9261// Use "Send" method on the returned Request to send the API call to the service.
9262// the "output" return value is not valid until after Send returns without error.
9263//
9264// See ListRoots for more information on using the ListRoots
9265// API call, and error handling.
9266//
9267// This method is useful when you want to inject custom logic or configuration
9268// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9269//
9270//
9271//    // Example sending a request using the ListRootsRequest method.
9272//    req, resp := client.ListRootsRequest(params)
9273//
9274//    err := req.Send()
9275//    if err == nil { // resp is now filled
9276//        fmt.Println(resp)
9277//    }
9278//
9279// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
9280func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) {
9281	op := &request.Operation{
9282		Name:       opListRoots,
9283		HTTPMethod: "POST",
9284		HTTPPath:   "/",
9285		Paginator: &request.Paginator{
9286			InputTokens:     []string{"NextToken"},
9287			OutputTokens:    []string{"NextToken"},
9288			LimitToken:      "MaxResults",
9289			TruncationToken: "",
9290		},
9291	}
9292
9293	if input == nil {
9294		input = &ListRootsInput{}
9295	}
9296
9297	output = &ListRootsOutput{}
9298	req = c.newRequest(op, input, output)
9299	return
9300}
9301
9302// ListRoots API operation for AWS Organizations.
9303//
9304// Lists the roots that are defined in the current organization.
9305//
9306// Always check the NextToken response parameter for a null value when calling
9307// a List* operation. These operations can occasionally return an empty set
9308// of results even when there are more results available. The NextToken response
9309// parameter value is null only when there are no more results to display.
9310//
9311// This operation can be called only from the organization's master account.
9312//
9313// Policy types can be enabled and disabled in roots. This is distinct from
9314// whether they're available in the organization. When you enable all features,
9315// you make policy types available for use in that organization. Individual
9316// policy types can then be enabled and disabled in a root. To see the availability
9317// of a policy type in an organization, use DescribeOrganization.
9318//
9319// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9320// with awserr.Error's Code and Message methods to get detailed information about
9321// the error.
9322//
9323// See the AWS API reference guide for AWS Organizations's
9324// API operation ListRoots for usage and error information.
9325//
9326// Returned Error Codes:
9327//   * ErrCodeAccessDeniedException "AccessDeniedException"
9328//   You don't have permissions to perform the requested operation. The user or
9329//   role that is making the request must have at least one IAM permissions policy
9330//   attached that grants the required permissions. For more information, see
9331//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9332//   in the IAM User Guide.
9333//
9334//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
9335//   Your account isn't a member of an organization. To make this request, you
9336//   must use the credentials of an account that belongs to an organization.
9337//
9338//   * ErrCodeInvalidInputException "InvalidInputException"
9339//   The requested operation failed because you provided invalid values for one
9340//   or more of the request parameters. This exception includes a reason that
9341//   contains additional information about the violated limit:
9342//
9343//   Some of the reasons in the following list might not be applicable to this
9344//   specific API or operation:
9345//
9346//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9347//      can't be modified.
9348//
9349//      * INPUT_REQUIRED: You must include a value for all required parameters.
9350//
9351//      * INVALID_ENUM: You specified an invalid value.
9352//
9353//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
9354//
9355//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9356//      characters.
9357//
9358//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9359//      at least one invalid value.
9360//
9361//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9362//      from the response to a previous call of the operation.
9363//
9364//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9365//      organization, or email) as a party.
9366//
9367//      * INVALID_PATTERN: You provided a value that doesn't match the required
9368//      pattern.
9369//
9370//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9371//      match the required pattern.
9372//
9373//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9374//      name can't begin with the reserved prefix AWSServiceRoleFor.
9375//
9376//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9377//      Name (ARN) for the organization.
9378//
9379//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9380//
9381//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9382//      tag. You can’t add, edit, or delete system tag keys because they're
9383//      reserved for AWS use. System tags don’t count against your tags per
9384//      resource limit.
9385//
9386//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9387//      for the operation.
9388//
9389//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9390//      than allowed.
9391//
9392//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9393//      value than allowed.
9394//
9395//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9396//      than allowed.
9397//
9398//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9399//      value than allowed.
9400//
9401//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9402//      between entities in the same root.
9403//
9404//   * ErrCodeServiceException "ServiceException"
9405//   AWS Organizations can't complete your request because of an internal service
9406//   error. Try again later.
9407//
9408//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
9409//   You have sent too many requests in too short a period of time. The limit
9410//   helps protect against denial-of-service attacks. Try again later.
9411//
9412//   For information on limits that affect AWS Organizations, see Limits of AWS
9413//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
9414//   in the AWS Organizations User Guide.
9415//
9416// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
9417func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) {
9418	req, out := c.ListRootsRequest(input)
9419	return out, req.Send()
9420}
9421
9422// ListRootsWithContext is the same as ListRoots with the addition of
9423// the ability to pass a context and additional request options.
9424//
9425// See ListRoots for details on how to use this API operation.
9426//
9427// The context must be non-nil and will be used for request cancellation. If
9428// the context is nil a panic will occur. In the future the SDK may create
9429// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9430// for more information on using Contexts.
9431func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) {
9432	req, out := c.ListRootsRequest(input)
9433	req.SetContext(ctx)
9434	req.ApplyOptions(opts...)
9435	return out, req.Send()
9436}
9437
9438// ListRootsPages iterates over the pages of a ListRoots operation,
9439// calling the "fn" function with the response data for each page. To stop
9440// iterating, return false from the fn function.
9441//
9442// See ListRoots method for more information on how to use this operation.
9443//
9444// Note: This operation can generate multiple requests to a service.
9445//
9446//    // Example iterating over at most 3 pages of a ListRoots operation.
9447//    pageNum := 0
9448//    err := client.ListRootsPages(params,
9449//        func(page *organizations.ListRootsOutput, lastPage bool) bool {
9450//            pageNum++
9451//            fmt.Println(page)
9452//            return pageNum <= 3
9453//        })
9454//
9455func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error {
9456	return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn)
9457}
9458
9459// ListRootsPagesWithContext same as ListRootsPages except
9460// it takes a Context and allows setting request options on the pages.
9461//
9462// The context must be non-nil and will be used for request cancellation. If
9463// the context is nil a panic will occur. In the future the SDK may create
9464// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9465// for more information on using Contexts.
9466func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error {
9467	p := request.Pagination{
9468		NewRequest: func() (*request.Request, error) {
9469			var inCpy *ListRootsInput
9470			if input != nil {
9471				tmp := *input
9472				inCpy = &tmp
9473			}
9474			req, _ := c.ListRootsRequest(inCpy)
9475			req.SetContext(ctx)
9476			req.ApplyOptions(opts...)
9477			return req, nil
9478		},
9479	}
9480
9481	for p.Next() {
9482		if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) {
9483			break
9484		}
9485	}
9486
9487	return p.Err()
9488}
9489
9490const opListTagsForResource = "ListTagsForResource"
9491
9492// ListTagsForResourceRequest generates a "aws/request.Request" representing the
9493// client's request for the ListTagsForResource operation. The "output" return
9494// value will be populated with the request's response once the request completes
9495// successfully.
9496//
9497// Use "Send" method on the returned Request to send the API call to the service.
9498// the "output" return value is not valid until after Send returns without error.
9499//
9500// See ListTagsForResource for more information on using the ListTagsForResource
9501// API call, and error handling.
9502//
9503// This method is useful when you want to inject custom logic or configuration
9504// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9505//
9506//
9507//    // Example sending a request using the ListTagsForResourceRequest method.
9508//    req, resp := client.ListTagsForResourceRequest(params)
9509//
9510//    err := req.Send()
9511//    if err == nil { // resp is now filled
9512//        fmt.Println(resp)
9513//    }
9514//
9515// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
9516func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
9517	op := &request.Operation{
9518		Name:       opListTagsForResource,
9519		HTTPMethod: "POST",
9520		HTTPPath:   "/",
9521		Paginator: &request.Paginator{
9522			InputTokens:     []string{"NextToken"},
9523			OutputTokens:    []string{"NextToken"},
9524			LimitToken:      "",
9525			TruncationToken: "",
9526		},
9527	}
9528
9529	if input == nil {
9530		input = &ListTagsForResourceInput{}
9531	}
9532
9533	output = &ListTagsForResourceOutput{}
9534	req = c.newRequest(op, input, output)
9535	return
9536}
9537
9538// ListTagsForResource API operation for AWS Organizations.
9539//
9540// Lists tags for the specified resource.
9541//
9542// Currently, you can list tags on an account in AWS Organizations.
9543//
9544// This operation can be called only from the organization's master account.
9545//
9546// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9547// with awserr.Error's Code and Message methods to get detailed information about
9548// the error.
9549//
9550// See the AWS API reference guide for AWS Organizations's
9551// API operation ListTagsForResource for usage and error information.
9552//
9553// Returned Error Codes:
9554//   * ErrCodeAccessDeniedException "AccessDeniedException"
9555//   You don't have permissions to perform the requested operation. The user or
9556//   role that is making the request must have at least one IAM permissions policy
9557//   attached that grants the required permissions. For more information, see
9558//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9559//   in the IAM User Guide.
9560//
9561//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
9562//   Your account isn't a member of an organization. To make this request, you
9563//   must use the credentials of an account that belongs to an organization.
9564//
9565//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
9566//   We can't find a root, OU, or account with the TargetId that you specified.
9567//
9568//   * ErrCodeInvalidInputException "InvalidInputException"
9569//   The requested operation failed because you provided invalid values for one
9570//   or more of the request parameters. This exception includes a reason that
9571//   contains additional information about the violated limit:
9572//
9573//   Some of the reasons in the following list might not be applicable to this
9574//   specific API or operation:
9575//
9576//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9577//      can't be modified.
9578//
9579//      * INPUT_REQUIRED: You must include a value for all required parameters.
9580//
9581//      * INVALID_ENUM: You specified an invalid value.
9582//
9583//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
9584//
9585//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9586//      characters.
9587//
9588//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9589//      at least one invalid value.
9590//
9591//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9592//      from the response to a previous call of the operation.
9593//
9594//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9595//      organization, or email) as a party.
9596//
9597//      * INVALID_PATTERN: You provided a value that doesn't match the required
9598//      pattern.
9599//
9600//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9601//      match the required pattern.
9602//
9603//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9604//      name can't begin with the reserved prefix AWSServiceRoleFor.
9605//
9606//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9607//      Name (ARN) for the organization.
9608//
9609//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9610//
9611//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9612//      tag. You can’t add, edit, or delete system tag keys because they're
9613//      reserved for AWS use. System tags don’t count against your tags per
9614//      resource limit.
9615//
9616//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9617//      for the operation.
9618//
9619//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9620//      than allowed.
9621//
9622//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9623//      value than allowed.
9624//
9625//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9626//      than allowed.
9627//
9628//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9629//      value than allowed.
9630//
9631//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9632//      between entities in the same root.
9633//
9634//   * ErrCodeServiceException "ServiceException"
9635//   AWS Organizations can't complete your request because of an internal service
9636//   error. Try again later.
9637//
9638//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
9639//   You have sent too many requests in too short a period of time. The limit
9640//   helps protect against denial-of-service attacks. Try again later.
9641//
9642//   For information on limits that affect AWS Organizations, see Limits of AWS
9643//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
9644//   in the AWS Organizations User Guide.
9645//
9646// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
9647func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
9648	req, out := c.ListTagsForResourceRequest(input)
9649	return out, req.Send()
9650}
9651
9652// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
9653// the ability to pass a context and additional request options.
9654//
9655// See ListTagsForResource for details on how to use this API operation.
9656//
9657// The context must be non-nil and will be used for request cancellation. If
9658// the context is nil a panic will occur. In the future the SDK may create
9659// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9660// for more information on using Contexts.
9661func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
9662	req, out := c.ListTagsForResourceRequest(input)
9663	req.SetContext(ctx)
9664	req.ApplyOptions(opts...)
9665	return out, req.Send()
9666}
9667
9668// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
9669// calling the "fn" function with the response data for each page. To stop
9670// iterating, return false from the fn function.
9671//
9672// See ListTagsForResource method for more information on how to use this operation.
9673//
9674// Note: This operation can generate multiple requests to a service.
9675//
9676//    // Example iterating over at most 3 pages of a ListTagsForResource operation.
9677//    pageNum := 0
9678//    err := client.ListTagsForResourcePages(params,
9679//        func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool {
9680//            pageNum++
9681//            fmt.Println(page)
9682//            return pageNum <= 3
9683//        })
9684//
9685func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
9686	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
9687}
9688
9689// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
9690// it takes a Context and allows setting request options on the pages.
9691//
9692// The context must be non-nil and will be used for request cancellation. If
9693// the context is nil a panic will occur. In the future the SDK may create
9694// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9695// for more information on using Contexts.
9696func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
9697	p := request.Pagination{
9698		NewRequest: func() (*request.Request, error) {
9699			var inCpy *ListTagsForResourceInput
9700			if input != nil {
9701				tmp := *input
9702				inCpy = &tmp
9703			}
9704			req, _ := c.ListTagsForResourceRequest(inCpy)
9705			req.SetContext(ctx)
9706			req.ApplyOptions(opts...)
9707			return req, nil
9708		},
9709	}
9710
9711	for p.Next() {
9712		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
9713			break
9714		}
9715	}
9716
9717	return p.Err()
9718}
9719
9720const opListTargetsForPolicy = "ListTargetsForPolicy"
9721
9722// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the
9723// client's request for the ListTargetsForPolicy operation. The "output" return
9724// value will be populated with the request's response once the request completes
9725// successfully.
9726//
9727// Use "Send" method on the returned Request to send the API call to the service.
9728// the "output" return value is not valid until after Send returns without error.
9729//
9730// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy
9731// API call, and error handling.
9732//
9733// This method is useful when you want to inject custom logic or configuration
9734// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9735//
9736//
9737//    // Example sending a request using the ListTargetsForPolicyRequest method.
9738//    req, resp := client.ListTargetsForPolicyRequest(params)
9739//
9740//    err := req.Send()
9741//    if err == nil { // resp is now filled
9742//        fmt.Println(resp)
9743//    }
9744//
9745// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
9746func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) {
9747	op := &request.Operation{
9748		Name:       opListTargetsForPolicy,
9749		HTTPMethod: "POST",
9750		HTTPPath:   "/",
9751		Paginator: &request.Paginator{
9752			InputTokens:     []string{"NextToken"},
9753			OutputTokens:    []string{"NextToken"},
9754			LimitToken:      "MaxResults",
9755			TruncationToken: "",
9756		},
9757	}
9758
9759	if input == nil {
9760		input = &ListTargetsForPolicyInput{}
9761	}
9762
9763	output = &ListTargetsForPolicyOutput{}
9764	req = c.newRequest(op, input, output)
9765	return
9766}
9767
9768// ListTargetsForPolicy API operation for AWS Organizations.
9769//
9770// Lists all the roots, organizational units (OUs), and accounts that the specified
9771// policy is attached to.
9772//
9773// Always check the NextToken response parameter for a null value when calling
9774// a List* operation. These operations can occasionally return an empty set
9775// of results even when there are more results available. The NextToken response
9776// parameter value is null only when there are no more results to display.
9777//
9778// This operation can be called only from the organization's master account.
9779//
9780// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
9781// with awserr.Error's Code and Message methods to get detailed information about
9782// the error.
9783//
9784// See the AWS API reference guide for AWS Organizations's
9785// API operation ListTargetsForPolicy for usage and error information.
9786//
9787// Returned Error Codes:
9788//   * ErrCodeAccessDeniedException "AccessDeniedException"
9789//   You don't have permissions to perform the requested operation. The user or
9790//   role that is making the request must have at least one IAM permissions policy
9791//   attached that grants the required permissions. For more information, see
9792//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
9793//   in the IAM User Guide.
9794//
9795//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
9796//   Your account isn't a member of an organization. To make this request, you
9797//   must use the credentials of an account that belongs to an organization.
9798//
9799//   * ErrCodeInvalidInputException "InvalidInputException"
9800//   The requested operation failed because you provided invalid values for one
9801//   or more of the request parameters. This exception includes a reason that
9802//   contains additional information about the violated limit:
9803//
9804//   Some of the reasons in the following list might not be applicable to this
9805//   specific API or operation:
9806//
9807//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
9808//      can't be modified.
9809//
9810//      * INPUT_REQUIRED: You must include a value for all required parameters.
9811//
9812//      * INVALID_ENUM: You specified an invalid value.
9813//
9814//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
9815//
9816//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
9817//      characters.
9818//
9819//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
9820//      at least one invalid value.
9821//
9822//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
9823//      from the response to a previous call of the operation.
9824//
9825//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
9826//      organization, or email) as a party.
9827//
9828//      * INVALID_PATTERN: You provided a value that doesn't match the required
9829//      pattern.
9830//
9831//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
9832//      match the required pattern.
9833//
9834//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
9835//      name can't begin with the reserved prefix AWSServiceRoleFor.
9836//
9837//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
9838//      Name (ARN) for the organization.
9839//
9840//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
9841//
9842//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
9843//      tag. You can’t add, edit, or delete system tag keys because they're
9844//      reserved for AWS use. System tags don’t count against your tags per
9845//      resource limit.
9846//
9847//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
9848//      for the operation.
9849//
9850//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
9851//      than allowed.
9852//
9853//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
9854//      value than allowed.
9855//
9856//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
9857//      than allowed.
9858//
9859//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
9860//      value than allowed.
9861//
9862//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
9863//      between entities in the same root.
9864//
9865//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
9866//   We can't find a policy with the PolicyId that you specified.
9867//
9868//   * ErrCodeServiceException "ServiceException"
9869//   AWS Organizations can't complete your request because of an internal service
9870//   error. Try again later.
9871//
9872//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
9873//   You have sent too many requests in too short a period of time. The limit
9874//   helps protect against denial-of-service attacks. Try again later.
9875//
9876//   For information on limits that affect AWS Organizations, see Limits of AWS
9877//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
9878//   in the AWS Organizations User Guide.
9879//
9880//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
9881//   This action isn't available in the current Region.
9882//
9883// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
9884func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) {
9885	req, out := c.ListTargetsForPolicyRequest(input)
9886	return out, req.Send()
9887}
9888
9889// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of
9890// the ability to pass a context and additional request options.
9891//
9892// See ListTargetsForPolicy for details on how to use this API operation.
9893//
9894// The context must be non-nil and will be used for request cancellation. If
9895// the context is nil a panic will occur. In the future the SDK may create
9896// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9897// for more information on using Contexts.
9898func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) {
9899	req, out := c.ListTargetsForPolicyRequest(input)
9900	req.SetContext(ctx)
9901	req.ApplyOptions(opts...)
9902	return out, req.Send()
9903}
9904
9905// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation,
9906// calling the "fn" function with the response data for each page. To stop
9907// iterating, return false from the fn function.
9908//
9909// See ListTargetsForPolicy method for more information on how to use this operation.
9910//
9911// Note: This operation can generate multiple requests to a service.
9912//
9913//    // Example iterating over at most 3 pages of a ListTargetsForPolicy operation.
9914//    pageNum := 0
9915//    err := client.ListTargetsForPolicyPages(params,
9916//        func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool {
9917//            pageNum++
9918//            fmt.Println(page)
9919//            return pageNum <= 3
9920//        })
9921//
9922func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error {
9923	return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
9924}
9925
9926// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except
9927// it takes a Context and allows setting request options on the pages.
9928//
9929// The context must be non-nil and will be used for request cancellation. If
9930// the context is nil a panic will occur. In the future the SDK may create
9931// sub-contexts for http.Requests. See https://golang.org/pkg/context/
9932// for more information on using Contexts.
9933func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error {
9934	p := request.Pagination{
9935		NewRequest: func() (*request.Request, error) {
9936			var inCpy *ListTargetsForPolicyInput
9937			if input != nil {
9938				tmp := *input
9939				inCpy = &tmp
9940			}
9941			req, _ := c.ListTargetsForPolicyRequest(inCpy)
9942			req.SetContext(ctx)
9943			req.ApplyOptions(opts...)
9944			return req, nil
9945		},
9946	}
9947
9948	for p.Next() {
9949		if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) {
9950			break
9951		}
9952	}
9953
9954	return p.Err()
9955}
9956
9957const opMoveAccount = "MoveAccount"
9958
9959// MoveAccountRequest generates a "aws/request.Request" representing the
9960// client's request for the MoveAccount operation. The "output" return
9961// value will be populated with the request's response once the request completes
9962// successfully.
9963//
9964// Use "Send" method on the returned Request to send the API call to the service.
9965// the "output" return value is not valid until after Send returns without error.
9966//
9967// See MoveAccount for more information on using the MoveAccount
9968// API call, and error handling.
9969//
9970// This method is useful when you want to inject custom logic or configuration
9971// into the SDK's request lifecycle. Such as custom headers, or retry logic.
9972//
9973//
9974//    // Example sending a request using the MoveAccountRequest method.
9975//    req, resp := client.MoveAccountRequest(params)
9976//
9977//    err := req.Send()
9978//    if err == nil { // resp is now filled
9979//        fmt.Println(resp)
9980//    }
9981//
9982// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
9983func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) {
9984	op := &request.Operation{
9985		Name:       opMoveAccount,
9986		HTTPMethod: "POST",
9987		HTTPPath:   "/",
9988	}
9989
9990	if input == nil {
9991		input = &MoveAccountInput{}
9992	}
9993
9994	output = &MoveAccountOutput{}
9995	req = c.newRequest(op, input, output)
9996	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
9997	return
9998}
9999
10000// MoveAccount API operation for AWS Organizations.
10001//
10002// Moves an account from its current source parent root or organizational unit
10003// (OU) to the specified destination parent root or OU.
10004//
10005// This operation can be called only from the organization's master account.
10006//
10007// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10008// with awserr.Error's Code and Message methods to get detailed information about
10009// the error.
10010//
10011// See the AWS API reference guide for AWS Organizations's
10012// API operation MoveAccount for usage and error information.
10013//
10014// Returned Error Codes:
10015//   * ErrCodeAccessDeniedException "AccessDeniedException"
10016//   You don't have permissions to perform the requested operation. The user or
10017//   role that is making the request must have at least one IAM permissions policy
10018//   attached that grants the required permissions. For more information, see
10019//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10020//   in the IAM User Guide.
10021//
10022//   * ErrCodeInvalidInputException "InvalidInputException"
10023//   The requested operation failed because you provided invalid values for one
10024//   or more of the request parameters. This exception includes a reason that
10025//   contains additional information about the violated limit:
10026//
10027//   Some of the reasons in the following list might not be applicable to this
10028//   specific API or operation:
10029//
10030//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10031//      can't be modified.
10032//
10033//      * INPUT_REQUIRED: You must include a value for all required parameters.
10034//
10035//      * INVALID_ENUM: You specified an invalid value.
10036//
10037//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
10038//
10039//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10040//      characters.
10041//
10042//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10043//      at least one invalid value.
10044//
10045//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10046//      from the response to a previous call of the operation.
10047//
10048//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10049//      organization, or email) as a party.
10050//
10051//      * INVALID_PATTERN: You provided a value that doesn't match the required
10052//      pattern.
10053//
10054//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10055//      match the required pattern.
10056//
10057//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10058//      name can't begin with the reserved prefix AWSServiceRoleFor.
10059//
10060//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10061//      Name (ARN) for the organization.
10062//
10063//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10064//
10065//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10066//      tag. You can’t add, edit, or delete system tag keys because they're
10067//      reserved for AWS use. System tags don’t count against your tags per
10068//      resource limit.
10069//
10070//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10071//      for the operation.
10072//
10073//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10074//      than allowed.
10075//
10076//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10077//      value than allowed.
10078//
10079//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10080//      than allowed.
10081//
10082//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10083//      value than allowed.
10084//
10085//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10086//      between entities in the same root.
10087//
10088//   * ErrCodeSourceParentNotFoundException "SourceParentNotFoundException"
10089//   We can't find a source root or OU with the ParentId that you specified.
10090//
10091//   * ErrCodeDestinationParentNotFoundException "DestinationParentNotFoundException"
10092//   We can't find the destination container (a root or OU) with the ParentId
10093//   that you specified.
10094//
10095//   * ErrCodeDuplicateAccountException "DuplicateAccountException"
10096//   That account is already present in the specified destination.
10097//
10098//   * ErrCodeAccountNotFoundException "AccountNotFoundException"
10099//   We can't find an AWS account with the AccountId that you specified. Or the
10100//   account whose credentials you used to make this request isn't a member of
10101//   an organization.
10102//
10103//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
10104//   You have sent too many requests in too short a period of time. The limit
10105//   helps protect against denial-of-service attacks. Try again later.
10106//
10107//   For information on limits that affect AWS Organizations, see Limits of AWS
10108//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
10109//   in the AWS Organizations User Guide.
10110//
10111//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
10112//   The target of the operation is currently being modified by a different request.
10113//   Try again later.
10114//
10115//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
10116//   Your account isn't a member of an organization. To make this request, you
10117//   must use the credentials of an account that belongs to an organization.
10118//
10119//   * ErrCodeServiceException "ServiceException"
10120//   AWS Organizations can't complete your request because of an internal service
10121//   error. Try again later.
10122//
10123// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
10124func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) {
10125	req, out := c.MoveAccountRequest(input)
10126	return out, req.Send()
10127}
10128
10129// MoveAccountWithContext is the same as MoveAccount with the addition of
10130// the ability to pass a context and additional request options.
10131//
10132// See MoveAccount for details on how to use this API operation.
10133//
10134// The context must be non-nil and will be used for request cancellation. If
10135// the context is nil a panic will occur. In the future the SDK may create
10136// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10137// for more information on using Contexts.
10138func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) {
10139	req, out := c.MoveAccountRequest(input)
10140	req.SetContext(ctx)
10141	req.ApplyOptions(opts...)
10142	return out, req.Send()
10143}
10144
10145const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization"
10146
10147// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the
10148// client's request for the RemoveAccountFromOrganization operation. The "output" return
10149// value will be populated with the request's response once the request completes
10150// successfully.
10151//
10152// Use "Send" method on the returned Request to send the API call to the service.
10153// the "output" return value is not valid until after Send returns without error.
10154//
10155// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization
10156// API call, and error handling.
10157//
10158// This method is useful when you want to inject custom logic or configuration
10159// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10160//
10161//
10162//    // Example sending a request using the RemoveAccountFromOrganizationRequest method.
10163//    req, resp := client.RemoveAccountFromOrganizationRequest(params)
10164//
10165//    err := req.Send()
10166//    if err == nil { // resp is now filled
10167//        fmt.Println(resp)
10168//    }
10169//
10170// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
10171func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) {
10172	op := &request.Operation{
10173		Name:       opRemoveAccountFromOrganization,
10174		HTTPMethod: "POST",
10175		HTTPPath:   "/",
10176	}
10177
10178	if input == nil {
10179		input = &RemoveAccountFromOrganizationInput{}
10180	}
10181
10182	output = &RemoveAccountFromOrganizationOutput{}
10183	req = c.newRequest(op, input, output)
10184	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
10185	return
10186}
10187
10188// RemoveAccountFromOrganization API operation for AWS Organizations.
10189//
10190// Removes the specified account from the organization.
10191//
10192// The removed account becomes a standalone account that isn't a member of any
10193// organization. It's no longer subject to any policies and is responsible for
10194// its own bill payments. The organization's master account is no longer charged
10195// for any expenses accrued by the member account after it's removed from the
10196// organization.
10197//
10198// This operation can be called only from the organization's master account.
10199// Member accounts can remove themselves with LeaveOrganization instead.
10200//
10201// You can remove an account from your organization only if the account is configured
10202// with the information required to operate as a standalone account. When you
10203// create an account in an organization using the AWS Organizations console,
10204// API, or CLI, the information required of standalone accounts is not automatically
10205// collected. For an account that you want to make standalone, you must accept
10206// the end user license agreement (EULA). You must also choose a support plan,
10207// provide and verify the required contact information, and provide a current
10208// payment method. AWS uses the payment method to charge for any billable (not
10209// free tier) AWS activity that occurs while the account isn't attached to an
10210// organization. To remove an account that doesn't yet have this information,
10211// you must sign in as the member account. Then follow the steps at To leave
10212// an organization when all required account information has not yet been provided
10213// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10214// in the AWS Organizations User Guide.
10215//
10216// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10217// with awserr.Error's Code and Message methods to get detailed information about
10218// the error.
10219//
10220// See the AWS API reference guide for AWS Organizations's
10221// API operation RemoveAccountFromOrganization for usage and error information.
10222//
10223// Returned Error Codes:
10224//   * ErrCodeAccessDeniedException "AccessDeniedException"
10225//   You don't have permissions to perform the requested operation. The user or
10226//   role that is making the request must have at least one IAM permissions policy
10227//   attached that grants the required permissions. For more information, see
10228//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10229//   in the IAM User Guide.
10230//
10231//   * ErrCodeAccountNotFoundException "AccountNotFoundException"
10232//   We can't find an AWS account with the AccountId that you specified. Or the
10233//   account whose credentials you used to make this request isn't a member of
10234//   an organization.
10235//
10236//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
10237//   Your account isn't a member of an organization. To make this request, you
10238//   must use the credentials of an account that belongs to an organization.
10239//
10240//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
10241//   The target of the operation is currently being modified by a different request.
10242//   Try again later.
10243//
10244//   * ErrCodeConstraintViolationException "ConstraintViolationException"
10245//   Performing this operation violates a minimum or maximum value limit. Examples
10246//   include attempting to remove the last service control policy (SCP) from an
10247//   OU or root, or attaching too many policies to an account, OU, or root. This
10248//   exception includes a reason that contains additional information about the
10249//   violated limit.
10250//
10251//   Some of the reasons in the following list might not be applicable to this
10252//   specific API or operation:
10253//
10254//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
10255//      from the organization that doesn't yet have enough information to exist
10256//      as a standalone account. This account requires you to first agree to the
10257//      AWS Customer Agreement. Follow the steps at To leave an organization when
10258//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10259//      in the AWS Organizations User Guide.
10260//
10261//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
10262//      an account from the organization that doesn't yet have enough information
10263//      to exist as a standalone account. This account requires you to first complete
10264//      phone verification. Follow the steps at To leave an organization when
10265//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10266//      in the AWS Organizations User Guide.
10267//
10268//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
10269//      of accounts that you can create in one day.
10270//
10271//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
10272//      the number of accounts in an organization. If you need more accounts,
10273//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
10274//      request an increase in your limit. Or the number of invitations that you
10275//      tried to send would cause you to exceed the limit of accounts in your
10276//      organization. Send fewer invitations or contact AWS Support to request
10277//      an increase in the number of accounts. Deleted and closed accounts still
10278//      count toward your limit. If you get receive this exception when running
10279//      a command immediately after creating the organization, wait one hour and
10280//      try again. If after an hour it continues to fail with this error, contact
10281//      AWS Support (https://console.aws.amazon.com/support/home#/).
10282//
10283//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
10284//      handshakes that you can send in one day.
10285//
10286//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
10287//      in this organization, you first must migrate the organization's master
10288//      account to the marketplace that corresponds to the master account's address.
10289//      For example, accounts with India addresses must be associated with the
10290//      AISPL marketplace. All accounts in an organization must be associated
10291//      with the same marketplace.
10292//
10293//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
10294//      must first provide contact a valid address and phone number for the master
10295//      account. Then try the operation again.
10296//
10297//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
10298//      master account must have an associated account in the AWS GovCloud (US-West)
10299//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
10300//      in the AWS GovCloud User Guide.
10301//
10302//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
10303//      with this master account, you first must associate a valid payment instrument,
10304//      such as a credit card, with the account. Follow the steps at To leave
10305//      an organization when all required account information has not yet been
10306//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10307//      in the AWS Organizations User Guide.
10308//
10309//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
10310//      number of policies of a certain type that can be attached to an entity
10311//      at one time.
10312//
10313//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
10314//      on this resource.
10315//
10316//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
10317//      with this member account, you first must associate a valid payment instrument,
10318//      such as a credit card, with the account. Follow the steps at To leave
10319//      an organization when all required account information has not yet been
10320//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10321//      in the AWS Organizations User Guide.
10322//
10323//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
10324//      policy from an entity, which would cause the entity to have fewer than
10325//      the minimum number of policies of the required type.
10326//
10327//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
10328//      too many levels deep.
10329//
10330//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
10331//      that requires the organization to be configured to support all features.
10332//      An organization that supports only consolidated billing features can't
10333//      perform this operation.
10334//
10335//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
10336//      that you can have in an organization.
10337//
10338//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
10339//      policies that you can have in an organization.
10340//
10341//   * ErrCodeInvalidInputException "InvalidInputException"
10342//   The requested operation failed because you provided invalid values for one
10343//   or more of the request parameters. This exception includes a reason that
10344//   contains additional information about the violated limit:
10345//
10346//   Some of the reasons in the following list might not be applicable to this
10347//   specific API or operation:
10348//
10349//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10350//      can't be modified.
10351//
10352//      * INPUT_REQUIRED: You must include a value for all required parameters.
10353//
10354//      * INVALID_ENUM: You specified an invalid value.
10355//
10356//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
10357//
10358//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10359//      characters.
10360//
10361//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10362//      at least one invalid value.
10363//
10364//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10365//      from the response to a previous call of the operation.
10366//
10367//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10368//      organization, or email) as a party.
10369//
10370//      * INVALID_PATTERN: You provided a value that doesn't match the required
10371//      pattern.
10372//
10373//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10374//      match the required pattern.
10375//
10376//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10377//      name can't begin with the reserved prefix AWSServiceRoleFor.
10378//
10379//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10380//      Name (ARN) for the organization.
10381//
10382//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10383//
10384//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10385//      tag. You can’t add, edit, or delete system tag keys because they're
10386//      reserved for AWS use. System tags don’t count against your tags per
10387//      resource limit.
10388//
10389//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10390//      for the operation.
10391//
10392//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10393//      than allowed.
10394//
10395//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10396//      value than allowed.
10397//
10398//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10399//      than allowed.
10400//
10401//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10402//      value than allowed.
10403//
10404//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10405//      between entities in the same root.
10406//
10407//   * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException"
10408//   You can't remove a master account from an organization. If you want the master
10409//   account to become a member account in another organization, you must first
10410//   delete the current organization of the master account.
10411//
10412//   * ErrCodeServiceException "ServiceException"
10413//   AWS Organizations can't complete your request because of an internal service
10414//   error. Try again later.
10415//
10416//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
10417//   You have sent too many requests in too short a period of time. The limit
10418//   helps protect against denial-of-service attacks. Try again later.
10419//
10420//   For information on limits that affect AWS Organizations, see Limits of AWS
10421//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
10422//   in the AWS Organizations User Guide.
10423//
10424// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
10425func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) {
10426	req, out := c.RemoveAccountFromOrganizationRequest(input)
10427	return out, req.Send()
10428}
10429
10430// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of
10431// the ability to pass a context and additional request options.
10432//
10433// See RemoveAccountFromOrganization for details on how to use this API operation.
10434//
10435// The context must be non-nil and will be used for request cancellation. If
10436// the context is nil a panic will occur. In the future the SDK may create
10437// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10438// for more information on using Contexts.
10439func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) {
10440	req, out := c.RemoveAccountFromOrganizationRequest(input)
10441	req.SetContext(ctx)
10442	req.ApplyOptions(opts...)
10443	return out, req.Send()
10444}
10445
10446const opTagResource = "TagResource"
10447
10448// TagResourceRequest generates a "aws/request.Request" representing the
10449// client's request for the TagResource operation. The "output" return
10450// value will be populated with the request's response once the request completes
10451// successfully.
10452//
10453// Use "Send" method on the returned Request to send the API call to the service.
10454// the "output" return value is not valid until after Send returns without error.
10455//
10456// See TagResource for more information on using the TagResource
10457// API call, and error handling.
10458//
10459// This method is useful when you want to inject custom logic or configuration
10460// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10461//
10462//
10463//    // Example sending a request using the TagResourceRequest method.
10464//    req, resp := client.TagResourceRequest(params)
10465//
10466//    err := req.Send()
10467//    if err == nil { // resp is now filled
10468//        fmt.Println(resp)
10469//    }
10470//
10471// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
10472func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
10473	op := &request.Operation{
10474		Name:       opTagResource,
10475		HTTPMethod: "POST",
10476		HTTPPath:   "/",
10477	}
10478
10479	if input == nil {
10480		input = &TagResourceInput{}
10481	}
10482
10483	output = &TagResourceOutput{}
10484	req = c.newRequest(op, input, output)
10485	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
10486	return
10487}
10488
10489// TagResource API operation for AWS Organizations.
10490//
10491// Adds one or more tags to the specified resource.
10492//
10493// Currently, you can tag and untag accounts in AWS Organizations.
10494//
10495// This operation can be called only from the organization's master account.
10496//
10497// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10498// with awserr.Error's Code and Message methods to get detailed information about
10499// the error.
10500//
10501// See the AWS API reference guide for AWS Organizations's
10502// API operation TagResource for usage and error information.
10503//
10504// Returned Error Codes:
10505//   * ErrCodeAccessDeniedException "AccessDeniedException"
10506//   You don't have permissions to perform the requested operation. The user or
10507//   role that is making the request must have at least one IAM permissions policy
10508//   attached that grants the required permissions. For more information, see
10509//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10510//   in the IAM User Guide.
10511//
10512//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
10513//   The target of the operation is currently being modified by a different request.
10514//   Try again later.
10515//
10516//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
10517//   Your account isn't a member of an organization. To make this request, you
10518//   must use the credentials of an account that belongs to an organization.
10519//
10520//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
10521//   We can't find a root, OU, or account with the TargetId that you specified.
10522//
10523//   * ErrCodeConstraintViolationException "ConstraintViolationException"
10524//   Performing this operation violates a minimum or maximum value limit. Examples
10525//   include attempting to remove the last service control policy (SCP) from an
10526//   OU or root, or attaching too many policies to an account, OU, or root. This
10527//   exception includes a reason that contains additional information about the
10528//   violated limit.
10529//
10530//   Some of the reasons in the following list might not be applicable to this
10531//   specific API or operation:
10532//
10533//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
10534//      from the organization that doesn't yet have enough information to exist
10535//      as a standalone account. This account requires you to first agree to the
10536//      AWS Customer Agreement. Follow the steps at To leave an organization when
10537//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10538//      in the AWS Organizations User Guide.
10539//
10540//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
10541//      an account from the organization that doesn't yet have enough information
10542//      to exist as a standalone account. This account requires you to first complete
10543//      phone verification. Follow the steps at To leave an organization when
10544//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10545//      in the AWS Organizations User Guide.
10546//
10547//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
10548//      of accounts that you can create in one day.
10549//
10550//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
10551//      the number of accounts in an organization. If you need more accounts,
10552//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
10553//      request an increase in your limit. Or the number of invitations that you
10554//      tried to send would cause you to exceed the limit of accounts in your
10555//      organization. Send fewer invitations or contact AWS Support to request
10556//      an increase in the number of accounts. Deleted and closed accounts still
10557//      count toward your limit. If you get receive this exception when running
10558//      a command immediately after creating the organization, wait one hour and
10559//      try again. If after an hour it continues to fail with this error, contact
10560//      AWS Support (https://console.aws.amazon.com/support/home#/).
10561//
10562//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
10563//      handshakes that you can send in one day.
10564//
10565//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
10566//      in this organization, you first must migrate the organization's master
10567//      account to the marketplace that corresponds to the master account's address.
10568//      For example, accounts with India addresses must be associated with the
10569//      AISPL marketplace. All accounts in an organization must be associated
10570//      with the same marketplace.
10571//
10572//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
10573//      must first provide contact a valid address and phone number for the master
10574//      account. Then try the operation again.
10575//
10576//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
10577//      master account must have an associated account in the AWS GovCloud (US-West)
10578//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
10579//      in the AWS GovCloud User Guide.
10580//
10581//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
10582//      with this master account, you first must associate a valid payment instrument,
10583//      such as a credit card, with the account. Follow the steps at To leave
10584//      an organization when all required account information has not yet been
10585//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10586//      in the AWS Organizations User Guide.
10587//
10588//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
10589//      number of policies of a certain type that can be attached to an entity
10590//      at one time.
10591//
10592//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
10593//      on this resource.
10594//
10595//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
10596//      with this member account, you first must associate a valid payment instrument,
10597//      such as a credit card, with the account. Follow the steps at To leave
10598//      an organization when all required account information has not yet been
10599//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10600//      in the AWS Organizations User Guide.
10601//
10602//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
10603//      policy from an entity, which would cause the entity to have fewer than
10604//      the minimum number of policies of the required type.
10605//
10606//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
10607//      too many levels deep.
10608//
10609//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
10610//      that requires the organization to be configured to support all features.
10611//      An organization that supports only consolidated billing features can't
10612//      perform this operation.
10613//
10614//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
10615//      that you can have in an organization.
10616//
10617//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
10618//      policies that you can have in an organization.
10619//
10620//   * ErrCodeInvalidInputException "InvalidInputException"
10621//   The requested operation failed because you provided invalid values for one
10622//   or more of the request parameters. This exception includes a reason that
10623//   contains additional information about the violated limit:
10624//
10625//   Some of the reasons in the following list might not be applicable to this
10626//   specific API or operation:
10627//
10628//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10629//      can't be modified.
10630//
10631//      * INPUT_REQUIRED: You must include a value for all required parameters.
10632//
10633//      * INVALID_ENUM: You specified an invalid value.
10634//
10635//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
10636//
10637//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10638//      characters.
10639//
10640//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10641//      at least one invalid value.
10642//
10643//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10644//      from the response to a previous call of the operation.
10645//
10646//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10647//      organization, or email) as a party.
10648//
10649//      * INVALID_PATTERN: You provided a value that doesn't match the required
10650//      pattern.
10651//
10652//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10653//      match the required pattern.
10654//
10655//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10656//      name can't begin with the reserved prefix AWSServiceRoleFor.
10657//
10658//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10659//      Name (ARN) for the organization.
10660//
10661//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10662//
10663//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10664//      tag. You can’t add, edit, or delete system tag keys because they're
10665//      reserved for AWS use. System tags don’t count against your tags per
10666//      resource limit.
10667//
10668//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10669//      for the operation.
10670//
10671//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10672//      than allowed.
10673//
10674//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10675//      value than allowed.
10676//
10677//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10678//      than allowed.
10679//
10680//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10681//      value than allowed.
10682//
10683//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10684//      between entities in the same root.
10685//
10686//   * ErrCodeServiceException "ServiceException"
10687//   AWS Organizations can't complete your request because of an internal service
10688//   error. Try again later.
10689//
10690//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
10691//   You have sent too many requests in too short a period of time. The limit
10692//   helps protect against denial-of-service attacks. Try again later.
10693//
10694//   For information on limits that affect AWS Organizations, see Limits of AWS
10695//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
10696//   in the AWS Organizations User Guide.
10697//
10698// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
10699func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
10700	req, out := c.TagResourceRequest(input)
10701	return out, req.Send()
10702}
10703
10704// TagResourceWithContext is the same as TagResource with the addition of
10705// the ability to pass a context and additional request options.
10706//
10707// See TagResource for details on how to use this API operation.
10708//
10709// The context must be non-nil and will be used for request cancellation. If
10710// the context is nil a panic will occur. In the future the SDK may create
10711// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10712// for more information on using Contexts.
10713func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
10714	req, out := c.TagResourceRequest(input)
10715	req.SetContext(ctx)
10716	req.ApplyOptions(opts...)
10717	return out, req.Send()
10718}
10719
10720const opUntagResource = "UntagResource"
10721
10722// UntagResourceRequest generates a "aws/request.Request" representing the
10723// client's request for the UntagResource operation. The "output" return
10724// value will be populated with the request's response once the request completes
10725// successfully.
10726//
10727// Use "Send" method on the returned Request to send the API call to the service.
10728// the "output" return value is not valid until after Send returns without error.
10729//
10730// See UntagResource for more information on using the UntagResource
10731// API call, and error handling.
10732//
10733// This method is useful when you want to inject custom logic or configuration
10734// into the SDK's request lifecycle. Such as custom headers, or retry logic.
10735//
10736//
10737//    // Example sending a request using the UntagResourceRequest method.
10738//    req, resp := client.UntagResourceRequest(params)
10739//
10740//    err := req.Send()
10741//    if err == nil { // resp is now filled
10742//        fmt.Println(resp)
10743//    }
10744//
10745// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
10746func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
10747	op := &request.Operation{
10748		Name:       opUntagResource,
10749		HTTPMethod: "POST",
10750		HTTPPath:   "/",
10751	}
10752
10753	if input == nil {
10754		input = &UntagResourceInput{}
10755	}
10756
10757	output = &UntagResourceOutput{}
10758	req = c.newRequest(op, input, output)
10759	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
10760	return
10761}
10762
10763// UntagResource API operation for AWS Organizations.
10764//
10765// Removes a tag from the specified resource.
10766//
10767// Currently, you can tag and untag accounts in AWS Organizations.
10768//
10769// This operation can be called only from the organization's master account.
10770//
10771// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
10772// with awserr.Error's Code and Message methods to get detailed information about
10773// the error.
10774//
10775// See the AWS API reference guide for AWS Organizations's
10776// API operation UntagResource for usage and error information.
10777//
10778// Returned Error Codes:
10779//   * ErrCodeAccessDeniedException "AccessDeniedException"
10780//   You don't have permissions to perform the requested operation. The user or
10781//   role that is making the request must have at least one IAM permissions policy
10782//   attached that grants the required permissions. For more information, see
10783//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
10784//   in the IAM User Guide.
10785//
10786//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
10787//   The target of the operation is currently being modified by a different request.
10788//   Try again later.
10789//
10790//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
10791//   Your account isn't a member of an organization. To make this request, you
10792//   must use the credentials of an account that belongs to an organization.
10793//
10794//   * ErrCodeTargetNotFoundException "TargetNotFoundException"
10795//   We can't find a root, OU, or account with the TargetId that you specified.
10796//
10797//   * ErrCodeConstraintViolationException "ConstraintViolationException"
10798//   Performing this operation violates a minimum or maximum value limit. Examples
10799//   include attempting to remove the last service control policy (SCP) from an
10800//   OU or root, or attaching too many policies to an account, OU, or root. This
10801//   exception includes a reason that contains additional information about the
10802//   violated limit.
10803//
10804//   Some of the reasons in the following list might not be applicable to this
10805//   specific API or operation:
10806//
10807//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
10808//      from the organization that doesn't yet have enough information to exist
10809//      as a standalone account. This account requires you to first agree to the
10810//      AWS Customer Agreement. Follow the steps at To leave an organization when
10811//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10812//      in the AWS Organizations User Guide.
10813//
10814//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
10815//      an account from the organization that doesn't yet have enough information
10816//      to exist as a standalone account. This account requires you to first complete
10817//      phone verification. Follow the steps at To leave an organization when
10818//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10819//      in the AWS Organizations User Guide.
10820//
10821//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
10822//      of accounts that you can create in one day.
10823//
10824//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
10825//      the number of accounts in an organization. If you need more accounts,
10826//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
10827//      request an increase in your limit. Or the number of invitations that you
10828//      tried to send would cause you to exceed the limit of accounts in your
10829//      organization. Send fewer invitations or contact AWS Support to request
10830//      an increase in the number of accounts. Deleted and closed accounts still
10831//      count toward your limit. If you get receive this exception when running
10832//      a command immediately after creating the organization, wait one hour and
10833//      try again. If after an hour it continues to fail with this error, contact
10834//      AWS Support (https://console.aws.amazon.com/support/home#/).
10835//
10836//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
10837//      handshakes that you can send in one day.
10838//
10839//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
10840//      in this organization, you first must migrate the organization's master
10841//      account to the marketplace that corresponds to the master account's address.
10842//      For example, accounts with India addresses must be associated with the
10843//      AISPL marketplace. All accounts in an organization must be associated
10844//      with the same marketplace.
10845//
10846//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
10847//      must first provide contact a valid address and phone number for the master
10848//      account. Then try the operation again.
10849//
10850//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
10851//      master account must have an associated account in the AWS GovCloud (US-West)
10852//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
10853//      in the AWS GovCloud User Guide.
10854//
10855//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
10856//      with this master account, you first must associate a valid payment instrument,
10857//      such as a credit card, with the account. Follow the steps at To leave
10858//      an organization when all required account information has not yet been
10859//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10860//      in the AWS Organizations User Guide.
10861//
10862//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
10863//      number of policies of a certain type that can be attached to an entity
10864//      at one time.
10865//
10866//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
10867//      on this resource.
10868//
10869//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
10870//      with this member account, you first must associate a valid payment instrument,
10871//      such as a credit card, with the account. Follow the steps at To leave
10872//      an organization when all required account information has not yet been
10873//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
10874//      in the AWS Organizations User Guide.
10875//
10876//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
10877//      policy from an entity, which would cause the entity to have fewer than
10878//      the minimum number of policies of the required type.
10879//
10880//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
10881//      too many levels deep.
10882//
10883//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
10884//      that requires the organization to be configured to support all features.
10885//      An organization that supports only consolidated billing features can't
10886//      perform this operation.
10887//
10888//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
10889//      that you can have in an organization.
10890//
10891//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
10892//      policies that you can have in an organization.
10893//
10894//   * ErrCodeInvalidInputException "InvalidInputException"
10895//   The requested operation failed because you provided invalid values for one
10896//   or more of the request parameters. This exception includes a reason that
10897//   contains additional information about the violated limit:
10898//
10899//   Some of the reasons in the following list might not be applicable to this
10900//   specific API or operation:
10901//
10902//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
10903//      can't be modified.
10904//
10905//      * INPUT_REQUIRED: You must include a value for all required parameters.
10906//
10907//      * INVALID_ENUM: You specified an invalid value.
10908//
10909//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
10910//
10911//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
10912//      characters.
10913//
10914//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
10915//      at least one invalid value.
10916//
10917//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
10918//      from the response to a previous call of the operation.
10919//
10920//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
10921//      organization, or email) as a party.
10922//
10923//      * INVALID_PATTERN: You provided a value that doesn't match the required
10924//      pattern.
10925//
10926//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
10927//      match the required pattern.
10928//
10929//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
10930//      name can't begin with the reserved prefix AWSServiceRoleFor.
10931//
10932//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
10933//      Name (ARN) for the organization.
10934//
10935//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
10936//
10937//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
10938//      tag. You can’t add, edit, or delete system tag keys because they're
10939//      reserved for AWS use. System tags don’t count against your tags per
10940//      resource limit.
10941//
10942//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
10943//      for the operation.
10944//
10945//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
10946//      than allowed.
10947//
10948//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
10949//      value than allowed.
10950//
10951//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
10952//      than allowed.
10953//
10954//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
10955//      value than allowed.
10956//
10957//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
10958//      between entities in the same root.
10959//
10960//   * ErrCodeServiceException "ServiceException"
10961//   AWS Organizations can't complete your request because of an internal service
10962//   error. Try again later.
10963//
10964//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
10965//   You have sent too many requests in too short a period of time. The limit
10966//   helps protect against denial-of-service attacks. Try again later.
10967//
10968//   For information on limits that affect AWS Organizations, see Limits of AWS
10969//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
10970//   in the AWS Organizations User Guide.
10971//
10972// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
10973func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
10974	req, out := c.UntagResourceRequest(input)
10975	return out, req.Send()
10976}
10977
10978// UntagResourceWithContext is the same as UntagResource with the addition of
10979// the ability to pass a context and additional request options.
10980//
10981// See UntagResource for details on how to use this API operation.
10982//
10983// The context must be non-nil and will be used for request cancellation. If
10984// the context is nil a panic will occur. In the future the SDK may create
10985// sub-contexts for http.Requests. See https://golang.org/pkg/context/
10986// for more information on using Contexts.
10987func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
10988	req, out := c.UntagResourceRequest(input)
10989	req.SetContext(ctx)
10990	req.ApplyOptions(opts...)
10991	return out, req.Send()
10992}
10993
10994const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit"
10995
10996// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the
10997// client's request for the UpdateOrganizationalUnit operation. The "output" return
10998// value will be populated with the request's response once the request completes
10999// successfully.
11000//
11001// Use "Send" method on the returned Request to send the API call to the service.
11002// the "output" return value is not valid until after Send returns without error.
11003//
11004// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit
11005// API call, and error handling.
11006//
11007// This method is useful when you want to inject custom logic or configuration
11008// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11009//
11010//
11011//    // Example sending a request using the UpdateOrganizationalUnitRequest method.
11012//    req, resp := client.UpdateOrganizationalUnitRequest(params)
11013//
11014//    err := req.Send()
11015//    if err == nil { // resp is now filled
11016//        fmt.Println(resp)
11017//    }
11018//
11019// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
11020func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) {
11021	op := &request.Operation{
11022		Name:       opUpdateOrganizationalUnit,
11023		HTTPMethod: "POST",
11024		HTTPPath:   "/",
11025	}
11026
11027	if input == nil {
11028		input = &UpdateOrganizationalUnitInput{}
11029	}
11030
11031	output = &UpdateOrganizationalUnitOutput{}
11032	req = c.newRequest(op, input, output)
11033	return
11034}
11035
11036// UpdateOrganizationalUnit API operation for AWS Organizations.
11037//
11038// Renames the specified organizational unit (OU). The ID and ARN don't change.
11039// The child OUs and accounts remain in place, and any attached policies of
11040// the OU remain attached.
11041//
11042// This operation can be called only from the organization's master account.
11043//
11044// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11045// with awserr.Error's Code and Message methods to get detailed information about
11046// the error.
11047//
11048// See the AWS API reference guide for AWS Organizations's
11049// API operation UpdateOrganizationalUnit for usage and error information.
11050//
11051// Returned Error Codes:
11052//   * ErrCodeAccessDeniedException "AccessDeniedException"
11053//   You don't have permissions to perform the requested operation. The user or
11054//   role that is making the request must have at least one IAM permissions policy
11055//   attached that grants the required permissions. For more information, see
11056//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11057//   in the IAM User Guide.
11058//
11059//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
11060//   Your account isn't a member of an organization. To make this request, you
11061//   must use the credentials of an account that belongs to an organization.
11062//
11063//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
11064//   The target of the operation is currently being modified by a different request.
11065//   Try again later.
11066//
11067//   * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException"
11068//   An OU with the same name already exists.
11069//
11070//   * ErrCodeInvalidInputException "InvalidInputException"
11071//   The requested operation failed because you provided invalid values for one
11072//   or more of the request parameters. This exception includes a reason that
11073//   contains additional information about the violated limit:
11074//
11075//   Some of the reasons in the following list might not be applicable to this
11076//   specific API or operation:
11077//
11078//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11079//      can't be modified.
11080//
11081//      * INPUT_REQUIRED: You must include a value for all required parameters.
11082//
11083//      * INVALID_ENUM: You specified an invalid value.
11084//
11085//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
11086//
11087//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11088//      characters.
11089//
11090//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11091//      at least one invalid value.
11092//
11093//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11094//      from the response to a previous call of the operation.
11095//
11096//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11097//      organization, or email) as a party.
11098//
11099//      * INVALID_PATTERN: You provided a value that doesn't match the required
11100//      pattern.
11101//
11102//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11103//      match the required pattern.
11104//
11105//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11106//      name can't begin with the reserved prefix AWSServiceRoleFor.
11107//
11108//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11109//      Name (ARN) for the organization.
11110//
11111//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11112//
11113//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11114//      tag. You can’t add, edit, or delete system tag keys because they're
11115//      reserved for AWS use. System tags don’t count against your tags per
11116//      resource limit.
11117//
11118//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11119//      for the operation.
11120//
11121//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11122//      than allowed.
11123//
11124//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11125//      value than allowed.
11126//
11127//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11128//      than allowed.
11129//
11130//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11131//      value than allowed.
11132//
11133//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11134//      between entities in the same root.
11135//
11136//   * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException"
11137//   We can't find an OU with the OrganizationalUnitId that you specified.
11138//
11139//   * ErrCodeServiceException "ServiceException"
11140//   AWS Organizations can't complete your request because of an internal service
11141//   error. Try again later.
11142//
11143//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
11144//   You have sent too many requests in too short a period of time. The limit
11145//   helps protect against denial-of-service attacks. Try again later.
11146//
11147//   For information on limits that affect AWS Organizations, see Limits of AWS
11148//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
11149//   in the AWS Organizations User Guide.
11150//
11151// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
11152func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) {
11153	req, out := c.UpdateOrganizationalUnitRequest(input)
11154	return out, req.Send()
11155}
11156
11157// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of
11158// the ability to pass a context and additional request options.
11159//
11160// See UpdateOrganizationalUnit for details on how to use this API operation.
11161//
11162// The context must be non-nil and will be used for request cancellation. If
11163// the context is nil a panic will occur. In the future the SDK may create
11164// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11165// for more information on using Contexts.
11166func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) {
11167	req, out := c.UpdateOrganizationalUnitRequest(input)
11168	req.SetContext(ctx)
11169	req.ApplyOptions(opts...)
11170	return out, req.Send()
11171}
11172
11173const opUpdatePolicy = "UpdatePolicy"
11174
11175// UpdatePolicyRequest generates a "aws/request.Request" representing the
11176// client's request for the UpdatePolicy operation. The "output" return
11177// value will be populated with the request's response once the request completes
11178// successfully.
11179//
11180// Use "Send" method on the returned Request to send the API call to the service.
11181// the "output" return value is not valid until after Send returns without error.
11182//
11183// See UpdatePolicy for more information on using the UpdatePolicy
11184// API call, and error handling.
11185//
11186// This method is useful when you want to inject custom logic or configuration
11187// into the SDK's request lifecycle. Such as custom headers, or retry logic.
11188//
11189//
11190//    // Example sending a request using the UpdatePolicyRequest method.
11191//    req, resp := client.UpdatePolicyRequest(params)
11192//
11193//    err := req.Send()
11194//    if err == nil { // resp is now filled
11195//        fmt.Println(resp)
11196//    }
11197//
11198// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
11199func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
11200	op := &request.Operation{
11201		Name:       opUpdatePolicy,
11202		HTTPMethod: "POST",
11203		HTTPPath:   "/",
11204	}
11205
11206	if input == nil {
11207		input = &UpdatePolicyInput{}
11208	}
11209
11210	output = &UpdatePolicyOutput{}
11211	req = c.newRequest(op, input, output)
11212	return
11213}
11214
11215// UpdatePolicy API operation for AWS Organizations.
11216//
11217// Updates an existing policy with a new name, description, or content. If you
11218// don't supply any parameter, that value remains unchanged. You can't change
11219// a policy's type.
11220//
11221// This operation can be called only from the organization's master account.
11222//
11223// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
11224// with awserr.Error's Code and Message methods to get detailed information about
11225// the error.
11226//
11227// See the AWS API reference guide for AWS Organizations's
11228// API operation UpdatePolicy for usage and error information.
11229//
11230// Returned Error Codes:
11231//   * ErrCodeAccessDeniedException "AccessDeniedException"
11232//   You don't have permissions to perform the requested operation. The user or
11233//   role that is making the request must have at least one IAM permissions policy
11234//   attached that grants the required permissions. For more information, see
11235//   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
11236//   in the IAM User Guide.
11237//
11238//   * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
11239//   Your account isn't a member of an organization. To make this request, you
11240//   must use the credentials of an account that belongs to an organization.
11241//
11242//   * ErrCodeConcurrentModificationException "ConcurrentModificationException"
11243//   The target of the operation is currently being modified by a different request.
11244//   Try again later.
11245//
11246//   * ErrCodeConstraintViolationException "ConstraintViolationException"
11247//   Performing this operation violates a minimum or maximum value limit. Examples
11248//   include attempting to remove the last service control policy (SCP) from an
11249//   OU or root, or attaching too many policies to an account, OU, or root. This
11250//   exception includes a reason that contains additional information about the
11251//   violated limit.
11252//
11253//   Some of the reasons in the following list might not be applicable to this
11254//   specific API or operation:
11255//
11256//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
11257//      from the organization that doesn't yet have enough information to exist
11258//      as a standalone account. This account requires you to first agree to the
11259//      AWS Customer Agreement. Follow the steps at To leave an organization when
11260//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11261//      in the AWS Organizations User Guide.
11262//
11263//      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
11264//      an account from the organization that doesn't yet have enough information
11265//      to exist as a standalone account. This account requires you to first complete
11266//      phone verification. Follow the steps at To leave an organization when
11267//      all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11268//      in the AWS Organizations User Guide.
11269//
11270//      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
11271//      of accounts that you can create in one day.
11272//
11273//      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
11274//      the number of accounts in an organization. If you need more accounts,
11275//      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
11276//      request an increase in your limit. Or the number of invitations that you
11277//      tried to send would cause you to exceed the limit of accounts in your
11278//      organization. Send fewer invitations or contact AWS Support to request
11279//      an increase in the number of accounts. Deleted and closed accounts still
11280//      count toward your limit. If you get receive this exception when running
11281//      a command immediately after creating the organization, wait one hour and
11282//      try again. If after an hour it continues to fail with this error, contact
11283//      AWS Support (https://console.aws.amazon.com/support/home#/).
11284//
11285//      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
11286//      handshakes that you can send in one day.
11287//
11288//      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
11289//      in this organization, you first must migrate the organization's master
11290//      account to the marketplace that corresponds to the master account's address.
11291//      For example, accounts with India addresses must be associated with the
11292//      AISPL marketplace. All accounts in an organization must be associated
11293//      with the same marketplace.
11294//
11295//      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
11296//      must first provide contact a valid address and phone number for the master
11297//      account. Then try the operation again.
11298//
11299//      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
11300//      master account must have an associated account in the AWS GovCloud (US-West)
11301//      Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
11302//      in the AWS GovCloud User Guide.
11303//
11304//      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
11305//      with this master account, you first must associate a valid payment instrument,
11306//      such as a credit card, with the account. Follow the steps at To leave
11307//      an organization when all required account information has not yet been
11308//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11309//      in the AWS Organizations User Guide.
11310//
11311//      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
11312//      number of policies of a certain type that can be attached to an entity
11313//      at one time.
11314//
11315//      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
11316//      on this resource.
11317//
11318//      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
11319//      with this member account, you first must associate a valid payment instrument,
11320//      such as a credit card, with the account. Follow the steps at To leave
11321//      an organization when all required account information has not yet been
11322//      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
11323//      in the AWS Organizations User Guide.
11324//
11325//      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
11326//      policy from an entity, which would cause the entity to have fewer than
11327//      the minimum number of policies of the required type.
11328//
11329//      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
11330//      too many levels deep.
11331//
11332//      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
11333//      that requires the organization to be configured to support all features.
11334//      An organization that supports only consolidated billing features can't
11335//      perform this operation.
11336//
11337//      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
11338//      that you can have in an organization.
11339//
11340//      * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
11341//      policies that you can have in an organization.
11342//
11343//   * ErrCodeDuplicatePolicyException "DuplicatePolicyException"
11344//   A policy with the same name already exists.
11345//
11346//   * ErrCodeInvalidInputException "InvalidInputException"
11347//   The requested operation failed because you provided invalid values for one
11348//   or more of the request parameters. This exception includes a reason that
11349//   contains additional information about the violated limit:
11350//
11351//   Some of the reasons in the following list might not be applicable to this
11352//   specific API or operation:
11353//
11354//      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
11355//      can't be modified.
11356//
11357//      * INPUT_REQUIRED: You must include a value for all required parameters.
11358//
11359//      * INVALID_ENUM: You specified an invalid value.
11360//
11361//      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type.
11362//
11363//      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
11364//      characters.
11365//
11366//      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
11367//      at least one invalid value.
11368//
11369//      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
11370//      from the response to a previous call of the operation.
11371//
11372//      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
11373//      organization, or email) as a party.
11374//
11375//      * INVALID_PATTERN: You provided a value that doesn't match the required
11376//      pattern.
11377//
11378//      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
11379//      match the required pattern.
11380//
11381//      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
11382//      name can't begin with the reserved prefix AWSServiceRoleFor.
11383//
11384//      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
11385//      Name (ARN) for the organization.
11386//
11387//      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
11388//
11389//      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
11390//      tag. You can’t add, edit, or delete system tag keys because they're
11391//      reserved for AWS use. System tags don’t count against your tags per
11392//      resource limit.
11393//
11394//      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
11395//      for the operation.
11396//
11397//      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
11398//      than allowed.
11399//
11400//      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
11401//      value than allowed.
11402//
11403//      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
11404//      than allowed.
11405//
11406//      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
11407//      value than allowed.
11408//
11409//      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
11410//      between entities in the same root.
11411//
11412//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
11413//   The provided policy document doesn't meet the requirements of the specified
11414//   policy type. For example, the syntax might be incorrect. For details about
11415//   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
11416//   in the AWS Organizations User Guide.
11417//
11418//   * ErrCodePolicyNotFoundException "PolicyNotFoundException"
11419//   We can't find a policy with the PolicyId that you specified.
11420//
11421//   * ErrCodeServiceException "ServiceException"
11422//   AWS Organizations can't complete your request because of an internal service
11423//   error. Try again later.
11424//
11425//   * ErrCodeTooManyRequestsException "TooManyRequestsException"
11426//   You have sent too many requests in too short a period of time. The limit
11427//   helps protect against denial-of-service attacks. Try again later.
11428//
11429//   For information on limits that affect AWS Organizations, see Limits of AWS
11430//   Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)
11431//   in the AWS Organizations User Guide.
11432//
11433//   * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException"
11434//   This action isn't available in the current Region.
11435//
11436//   * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException"
11437//   Changes to the effective policy are in progress, and its contents can't be
11438//   returned. Try the operation again later.
11439//
11440// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
11441func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
11442	req, out := c.UpdatePolicyRequest(input)
11443	return out, req.Send()
11444}
11445
11446// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
11447// the ability to pass a context and additional request options.
11448//
11449// See UpdatePolicy for details on how to use this API operation.
11450//
11451// The context must be non-nil and will be used for request cancellation. If
11452// the context is nil a panic will occur. In the future the SDK may create
11453// sub-contexts for http.Requests. See https://golang.org/pkg/context/
11454// for more information on using Contexts.
11455func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
11456	req, out := c.UpdatePolicyRequest(input)
11457	req.SetContext(ctx)
11458	req.ApplyOptions(opts...)
11459	return out, req.Send()
11460}
11461
11462type AcceptHandshakeInput struct {
11463	_ struct{} `type:"structure"`
11464
11465	// The unique identifier (ID) of the handshake that you want to accept.
11466	//
11467	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
11468	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
11469	//
11470	// HandshakeId is a required field
11471	HandshakeId *string `type:"string" required:"true"`
11472}
11473
11474// String returns the string representation
11475func (s AcceptHandshakeInput) String() string {
11476	return awsutil.Prettify(s)
11477}
11478
11479// GoString returns the string representation
11480func (s AcceptHandshakeInput) GoString() string {
11481	return s.String()
11482}
11483
11484// Validate inspects the fields of the type to determine if they are valid.
11485func (s *AcceptHandshakeInput) Validate() error {
11486	invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"}
11487	if s.HandshakeId == nil {
11488		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
11489	}
11490
11491	if invalidParams.Len() > 0 {
11492		return invalidParams
11493	}
11494	return nil
11495}
11496
11497// SetHandshakeId sets the HandshakeId field's value.
11498func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput {
11499	s.HandshakeId = &v
11500	return s
11501}
11502
11503type AcceptHandshakeOutput struct {
11504	_ struct{} `type:"structure"`
11505
11506	// A structure that contains details about the accepted handshake.
11507	Handshake *Handshake `type:"structure"`
11508}
11509
11510// String returns the string representation
11511func (s AcceptHandshakeOutput) String() string {
11512	return awsutil.Prettify(s)
11513}
11514
11515// GoString returns the string representation
11516func (s AcceptHandshakeOutput) GoString() string {
11517	return s.String()
11518}
11519
11520// SetHandshake sets the Handshake field's value.
11521func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput {
11522	s.Handshake = v
11523	return s
11524}
11525
11526// Contains information about an AWS account that is a member of an organization.
11527type Account struct {
11528	_ struct{} `type:"structure"`
11529
11530	// The Amazon Resource Name (ARN) of the account.
11531	//
11532	// For more information about ARNs in Organizations, see ARN Formats Supported
11533	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
11534	// in the AWS Organizations User Guide.
11535	Arn *string `type:"string"`
11536
11537	// The email address associated with the AWS account.
11538	//
11539	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
11540	// a string of characters that represents a standard internet email address.
11541	Email *string `min:"6" type:"string" sensitive:"true"`
11542
11543	// The unique identifier (ID) of the account.
11544	//
11545	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
11546	// requires exactly 12 digits.
11547	Id *string `type:"string"`
11548
11549	// The method by which the account joined the organization.
11550	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
11551
11552	// The date the account became a part of the organization.
11553	JoinedTimestamp *time.Time `type:"timestamp"`
11554
11555	// The friendly name of the account.
11556	//
11557	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
11558	// this parameter is a string of any of the characters in the ASCII character
11559	// range.
11560	Name *string `min:"1" type:"string" sensitive:"true"`
11561
11562	// The status of the account in the organization.
11563	Status *string `type:"string" enum:"AccountStatus"`
11564}
11565
11566// String returns the string representation
11567func (s Account) String() string {
11568	return awsutil.Prettify(s)
11569}
11570
11571// GoString returns the string representation
11572func (s Account) GoString() string {
11573	return s.String()
11574}
11575
11576// SetArn sets the Arn field's value.
11577func (s *Account) SetArn(v string) *Account {
11578	s.Arn = &v
11579	return s
11580}
11581
11582// SetEmail sets the Email field's value.
11583func (s *Account) SetEmail(v string) *Account {
11584	s.Email = &v
11585	return s
11586}
11587
11588// SetId sets the Id field's value.
11589func (s *Account) SetId(v string) *Account {
11590	s.Id = &v
11591	return s
11592}
11593
11594// SetJoinedMethod sets the JoinedMethod field's value.
11595func (s *Account) SetJoinedMethod(v string) *Account {
11596	s.JoinedMethod = &v
11597	return s
11598}
11599
11600// SetJoinedTimestamp sets the JoinedTimestamp field's value.
11601func (s *Account) SetJoinedTimestamp(v time.Time) *Account {
11602	s.JoinedTimestamp = &v
11603	return s
11604}
11605
11606// SetName sets the Name field's value.
11607func (s *Account) SetName(v string) *Account {
11608	s.Name = &v
11609	return s
11610}
11611
11612// SetStatus sets the Status field's value.
11613func (s *Account) SetStatus(v string) *Account {
11614	s.Status = &v
11615	return s
11616}
11617
11618type AttachPolicyInput struct {
11619	_ struct{} `type:"structure"`
11620
11621	// The unique identifier (ID) of the policy that you want to attach to the target.
11622	// You can get the ID for the policy by calling the ListPolicies operation.
11623	//
11624	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
11625	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
11626	//
11627	// PolicyId is a required field
11628	PolicyId *string `type:"string" required:"true"`
11629
11630	// The unique identifier (ID) of the root, OU, or account that you want to attach
11631	// the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent,
11632	// or ListAccounts operations.
11633	//
11634	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
11635	// requires one of the following:
11636	//
11637	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
11638	//    letters or digits.
11639	//
11640	//    * Account - A string that consists of exactly 12 digits.
11641	//
11642	//    * Organizational unit (OU) - A string that begins with "ou-" followed
11643	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
11644	//    OU is in). This string is followed by a second "-" dash and from 8 to
11645	//    32 additional lowercase letters or digits.
11646	//
11647	// TargetId is a required field
11648	TargetId *string `type:"string" required:"true"`
11649}
11650
11651// String returns the string representation
11652func (s AttachPolicyInput) String() string {
11653	return awsutil.Prettify(s)
11654}
11655
11656// GoString returns the string representation
11657func (s AttachPolicyInput) GoString() string {
11658	return s.String()
11659}
11660
11661// Validate inspects the fields of the type to determine if they are valid.
11662func (s *AttachPolicyInput) Validate() error {
11663	invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"}
11664	if s.PolicyId == nil {
11665		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
11666	}
11667	if s.TargetId == nil {
11668		invalidParams.Add(request.NewErrParamRequired("TargetId"))
11669	}
11670
11671	if invalidParams.Len() > 0 {
11672		return invalidParams
11673	}
11674	return nil
11675}
11676
11677// SetPolicyId sets the PolicyId field's value.
11678func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput {
11679	s.PolicyId = &v
11680	return s
11681}
11682
11683// SetTargetId sets the TargetId field's value.
11684func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput {
11685	s.TargetId = &v
11686	return s
11687}
11688
11689type AttachPolicyOutput struct {
11690	_ struct{} `type:"structure"`
11691}
11692
11693// String returns the string representation
11694func (s AttachPolicyOutput) String() string {
11695	return awsutil.Prettify(s)
11696}
11697
11698// GoString returns the string representation
11699func (s AttachPolicyOutput) GoString() string {
11700	return s.String()
11701}
11702
11703type CancelHandshakeInput struct {
11704	_ struct{} `type:"structure"`
11705
11706	// The unique identifier (ID) of the handshake that you want to cancel. You
11707	// can get the ID from the ListHandshakesForOrganization operation.
11708	//
11709	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
11710	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
11711	//
11712	// HandshakeId is a required field
11713	HandshakeId *string `type:"string" required:"true"`
11714}
11715
11716// String returns the string representation
11717func (s CancelHandshakeInput) String() string {
11718	return awsutil.Prettify(s)
11719}
11720
11721// GoString returns the string representation
11722func (s CancelHandshakeInput) GoString() string {
11723	return s.String()
11724}
11725
11726// Validate inspects the fields of the type to determine if they are valid.
11727func (s *CancelHandshakeInput) Validate() error {
11728	invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"}
11729	if s.HandshakeId == nil {
11730		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
11731	}
11732
11733	if invalidParams.Len() > 0 {
11734		return invalidParams
11735	}
11736	return nil
11737}
11738
11739// SetHandshakeId sets the HandshakeId field's value.
11740func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput {
11741	s.HandshakeId = &v
11742	return s
11743}
11744
11745type CancelHandshakeOutput struct {
11746	_ struct{} `type:"structure"`
11747
11748	// A structure that contains details about the handshake that you canceled.
11749	Handshake *Handshake `type:"structure"`
11750}
11751
11752// String returns the string representation
11753func (s CancelHandshakeOutput) String() string {
11754	return awsutil.Prettify(s)
11755}
11756
11757// GoString returns the string representation
11758func (s CancelHandshakeOutput) GoString() string {
11759	return s.String()
11760}
11761
11762// SetHandshake sets the Handshake field's value.
11763func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput {
11764	s.Handshake = v
11765	return s
11766}
11767
11768// Contains a list of child entities, either OUs or accounts.
11769type Child struct {
11770	_ struct{} `type:"structure"`
11771
11772	// The unique identifier (ID) of this child entity.
11773	//
11774	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
11775	// requires one of the following:
11776	//
11777	//    * Account: A string that consists of exactly 12 digits.
11778	//
11779	//    * Organizational unit (OU): A string that begins with "ou-" followed by
11780	//    from 4 to 32 lower-case letters or digits (the ID of the root that contains
11781	//    the OU). This string is followed by a second "-" dash and from 8 to 32
11782	//    additional lower-case letters or digits.
11783	Id *string `type:"string"`
11784
11785	// The type of this child entity.
11786	Type *string `type:"string" enum:"ChildType"`
11787}
11788
11789// String returns the string representation
11790func (s Child) String() string {
11791	return awsutil.Prettify(s)
11792}
11793
11794// GoString returns the string representation
11795func (s Child) GoString() string {
11796	return s.String()
11797}
11798
11799// SetId sets the Id field's value.
11800func (s *Child) SetId(v string) *Child {
11801	s.Id = &v
11802	return s
11803}
11804
11805// SetType sets the Type field's value.
11806func (s *Child) SetType(v string) *Child {
11807	s.Type = &v
11808	return s
11809}
11810
11811type CreateAccountInput struct {
11812	_ struct{} `type:"structure"`
11813
11814	// The friendly name of the member account.
11815	//
11816	// AccountName is a required field
11817	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
11818
11819	// The email address of the owner to assign to the new member account. This
11820	// email address must not already be associated with another AWS account. You
11821	// must use a valid email address to complete account creation. You can't access
11822	// the root user of the account or remove an account that was created with an
11823	// invalid email address.
11824	//
11825	// Email is a required field
11826	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
11827
11828	// If set to ALLOW, the new account enables IAM users to access account billing
11829	// information if they have the required permissions. If set to DENY, only the
11830	// root user of the new account can access account billing information. For
11831	// more information, see Activating Access to the Billing and Cost Management
11832	// Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
11833	// in the AWS Billing and Cost Management User Guide.
11834	//
11835	// If you don't specify this parameter, the value defaults to ALLOW. This value
11836	// allows IAM users and roles with the required permissions to access billing
11837	// information for the new account.
11838	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
11839
11840	// (Optional)
11841	//
11842	// The name of an IAM role that AWS Organizations automatically preconfigures
11843	// in the new member account. This role trusts the master account, allowing
11844	// users in the master account to assume the role, as permitted by the master
11845	// account administrator. The role has administrator permissions in the new
11846	// member account.
11847	//
11848	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
11849	//
11850	// For more information about how to use this role to access the member account,
11851	// see Accessing and Administering the Member Accounts in Your Organization
11852	// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
11853	// in the AWS Organizations User Guide. Also see steps 2 and 3 in Tutorial:
11854	// Delegate Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
11855	// in the IAM User Guide.
11856	//
11857	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
11858	// this parameter. The pattern can include uppercase letters, lowercase letters,
11859	// digits with no spaces, and any of the following characters: =,.@-
11860	RoleName *string `type:"string"`
11861}
11862
11863// String returns the string representation
11864func (s CreateAccountInput) String() string {
11865	return awsutil.Prettify(s)
11866}
11867
11868// GoString returns the string representation
11869func (s CreateAccountInput) GoString() string {
11870	return s.String()
11871}
11872
11873// Validate inspects the fields of the type to determine if they are valid.
11874func (s *CreateAccountInput) Validate() error {
11875	invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"}
11876	if s.AccountName == nil {
11877		invalidParams.Add(request.NewErrParamRequired("AccountName"))
11878	}
11879	if s.AccountName != nil && len(*s.AccountName) < 1 {
11880		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
11881	}
11882	if s.Email == nil {
11883		invalidParams.Add(request.NewErrParamRequired("Email"))
11884	}
11885	if s.Email != nil && len(*s.Email) < 6 {
11886		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
11887	}
11888
11889	if invalidParams.Len() > 0 {
11890		return invalidParams
11891	}
11892	return nil
11893}
11894
11895// SetAccountName sets the AccountName field's value.
11896func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput {
11897	s.AccountName = &v
11898	return s
11899}
11900
11901// SetEmail sets the Email field's value.
11902func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput {
11903	s.Email = &v
11904	return s
11905}
11906
11907// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
11908func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput {
11909	s.IamUserAccessToBilling = &v
11910	return s
11911}
11912
11913// SetRoleName sets the RoleName field's value.
11914func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput {
11915	s.RoleName = &v
11916	return s
11917}
11918
11919type CreateAccountOutput struct {
11920	_ struct{} `type:"structure"`
11921
11922	// A structure that contains details about the request to create an account.
11923	// This response structure might not be fully populated when you first receive
11924	// it because account creation is an asynchronous process. You can pass the
11925	// returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
11926	// to get status about the progress of the request at later times. You can also
11927	// check the AWS CloudTrail log for the CreateAccountResult event. For more
11928	// information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
11929	// in the AWS Organizations User Guide.
11930	CreateAccountStatus *CreateAccountStatus `type:"structure"`
11931}
11932
11933// String returns the string representation
11934func (s CreateAccountOutput) String() string {
11935	return awsutil.Prettify(s)
11936}
11937
11938// GoString returns the string representation
11939func (s CreateAccountOutput) GoString() string {
11940	return s.String()
11941}
11942
11943// SetCreateAccountStatus sets the CreateAccountStatus field's value.
11944func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput {
11945	s.CreateAccountStatus = v
11946	return s
11947}
11948
11949// Contains the status about a CreateAccount or CreateGovCloudAccount request
11950// to create an AWS account or an AWS GovCloud (US) account in an organization.
11951type CreateAccountStatus struct {
11952	_ struct{} `type:"structure"`
11953
11954	// If the account was created successfully, the unique identifier (ID) of the
11955	// new account.
11956	//
11957	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
11958	// requires exactly 12 digits.
11959	AccountId *string `type:"string"`
11960
11961	// The account name given to the account when it was created.
11962	AccountName *string `min:"1" type:"string" sensitive:"true"`
11963
11964	// The date and time that the account was created and the request completed.
11965	CompletedTimestamp *time.Time `type:"timestamp"`
11966
11967	// If the request failed, a description of the reason for the failure.
11968	//
11969	//    * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you
11970	//    have reached the limit on the number of accounts in your organization.
11971	//
11972	//    * EMAIL_ALREADY_EXISTS: The account could not be created because another
11973	//    AWS account with that email address already exists.
11974	//
11975	//    * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US)
11976	//    Region could not be created because this Region already includes an account
11977	//    with that email address.
11978	//
11979	//    * INVALID_ADDRESS: The account could not be created because the address
11980	//    you provided is not valid.
11981	//
11982	//    * INVALID_EMAIL: The account could not be created because the email address
11983	//    you provided is not valid.
11984	//
11985	//    * INTERNAL_FAILURE: The account could not be created because of an internal
11986	//    failure. Try again later. If the problem persists, contact AWS Support.
11987	FailureReason *string `type:"string" enum:"CreateAccountFailureReason"`
11988
11989	// If the account was created successfully, the unique identifier (ID) of the
11990	// new account in the AWS GovCloud (US) Region.
11991	GovCloudAccountId *string `type:"string"`
11992
11993	// The unique identifier (ID) that references this request. You get this value
11994	// from the response of the initial CreateAccount request to create the account.
11995	//
11996	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
11997	// request ID string requires "car-" followed by from 8 to 32 lower-case letters
11998	// or digits.
11999	Id *string `type:"string"`
12000
12001	// The date and time that the request was made for the account creation.
12002	RequestedTimestamp *time.Time `type:"timestamp"`
12003
12004	// The status of the request.
12005	State *string `type:"string" enum:"CreateAccountState"`
12006}
12007
12008// String returns the string representation
12009func (s CreateAccountStatus) String() string {
12010	return awsutil.Prettify(s)
12011}
12012
12013// GoString returns the string representation
12014func (s CreateAccountStatus) GoString() string {
12015	return s.String()
12016}
12017
12018// SetAccountId sets the AccountId field's value.
12019func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus {
12020	s.AccountId = &v
12021	return s
12022}
12023
12024// SetAccountName sets the AccountName field's value.
12025func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus {
12026	s.AccountName = &v
12027	return s
12028}
12029
12030// SetCompletedTimestamp sets the CompletedTimestamp field's value.
12031func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus {
12032	s.CompletedTimestamp = &v
12033	return s
12034}
12035
12036// SetFailureReason sets the FailureReason field's value.
12037func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus {
12038	s.FailureReason = &v
12039	return s
12040}
12041
12042// SetGovCloudAccountId sets the GovCloudAccountId field's value.
12043func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus {
12044	s.GovCloudAccountId = &v
12045	return s
12046}
12047
12048// SetId sets the Id field's value.
12049func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus {
12050	s.Id = &v
12051	return s
12052}
12053
12054// SetRequestedTimestamp sets the RequestedTimestamp field's value.
12055func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus {
12056	s.RequestedTimestamp = &v
12057	return s
12058}
12059
12060// SetState sets the State field's value.
12061func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus {
12062	s.State = &v
12063	return s
12064}
12065
12066type CreateGovCloudAccountInput struct {
12067	_ struct{} `type:"structure"`
12068
12069	// The friendly name of the member account.
12070	//
12071	// AccountName is a required field
12072	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
12073
12074	// The email address of the owner to assign to the new member account in the
12075	// commercial Region. This email address must not already be associated with
12076	// another AWS account. You must use a valid email address to complete account
12077	// creation. You can't access the root user of the account or remove an account
12078	// that was created with an invalid email address. Like all request parameters
12079	// for CreateGovCloudAccount, the request for the email address for the AWS
12080	// GovCloud (US) account originates from the commercial Region. It does not
12081	// come from the AWS GovCloud (US) Region.
12082	//
12083	// Email is a required field
12084	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
12085
12086	// If set to ALLOW, the new linked account in the commercial Region enables
12087	// IAM users to access account billing information if they have the required
12088	// permissions. If set to DENY, only the root user of the new account can access
12089	// account billing information. For more information, see Activating Access
12090	// to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
12091	// in the AWS Billing and Cost Management User Guide.
12092	//
12093	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
12094	// users and roles with the required permissions can access billing information
12095	// for the new account.
12096	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
12097
12098	// (Optional)
12099	//
12100	// The name of an IAM role that AWS Organizations automatically preconfigures
12101	// in the new member accounts in both the AWS GovCloud (US) Region and in the
12102	// commercial Region. This role trusts the master account, allowing users in
12103	// the master account to assume the role, as permitted by the master account
12104	// administrator. The role has administrator permissions in the new member account.
12105	//
12106	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
12107	//
12108	// For more information about how to use this role to access the member account,
12109	// see Accessing and Administering the Member Accounts in Your Organization
12110	// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
12111	// in the AWS Organizations User Guide. See also steps 2 and 3 in Tutorial:
12112	// Delegate Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
12113	// in the IAM User Guide.
12114	//
12115	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
12116	// this parameter. The pattern can include uppercase letters, lowercase letters,
12117	// digits with no spaces, and any of the following characters: =,.@-
12118	RoleName *string `type:"string"`
12119}
12120
12121// String returns the string representation
12122func (s CreateGovCloudAccountInput) String() string {
12123	return awsutil.Prettify(s)
12124}
12125
12126// GoString returns the string representation
12127func (s CreateGovCloudAccountInput) GoString() string {
12128	return s.String()
12129}
12130
12131// Validate inspects the fields of the type to determine if they are valid.
12132func (s *CreateGovCloudAccountInput) Validate() error {
12133	invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"}
12134	if s.AccountName == nil {
12135		invalidParams.Add(request.NewErrParamRequired("AccountName"))
12136	}
12137	if s.AccountName != nil && len(*s.AccountName) < 1 {
12138		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
12139	}
12140	if s.Email == nil {
12141		invalidParams.Add(request.NewErrParamRequired("Email"))
12142	}
12143	if s.Email != nil && len(*s.Email) < 6 {
12144		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
12145	}
12146
12147	if invalidParams.Len() > 0 {
12148		return invalidParams
12149	}
12150	return nil
12151}
12152
12153// SetAccountName sets the AccountName field's value.
12154func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput {
12155	s.AccountName = &v
12156	return s
12157}
12158
12159// SetEmail sets the Email field's value.
12160func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput {
12161	s.Email = &v
12162	return s
12163}
12164
12165// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
12166func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput {
12167	s.IamUserAccessToBilling = &v
12168	return s
12169}
12170
12171// SetRoleName sets the RoleName field's value.
12172func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput {
12173	s.RoleName = &v
12174	return s
12175}
12176
12177type CreateGovCloudAccountOutput struct {
12178	_ struct{} `type:"structure"`
12179
12180	// Contains the status about a CreateAccount or CreateGovCloudAccount request
12181	// to create an AWS account or an AWS GovCloud (US) account in an organization.
12182	CreateAccountStatus *CreateAccountStatus `type:"structure"`
12183}
12184
12185// String returns the string representation
12186func (s CreateGovCloudAccountOutput) String() string {
12187	return awsutil.Prettify(s)
12188}
12189
12190// GoString returns the string representation
12191func (s CreateGovCloudAccountOutput) GoString() string {
12192	return s.String()
12193}
12194
12195// SetCreateAccountStatus sets the CreateAccountStatus field's value.
12196func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput {
12197	s.CreateAccountStatus = v
12198	return s
12199}
12200
12201type CreateOrganizationInput struct {
12202	_ struct{} `type:"structure"`
12203
12204	// Specifies the feature set supported by the new organization. Each feature
12205	// set supports different levels of functionality.
12206	//
12207	//    * CONSOLIDATED_BILLING: All member accounts have their bills consolidated
12208	//    to and paid by the master account. For more information, see Consolidated
12209	//    billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only)
12210	//    in the AWS Organizations User Guide. The consolidated billing feature
12211	//    subset isn't available for organizations in the AWS GovCloud (US) Region.
12212	//
12213	//    * ALL: In addition to all the features that consolidated billing feature
12214	//    set supports, the master account can also apply any policy type to any
12215	//    member account in the organization. For more information, see All features
12216	//    (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all)
12217	//    in the AWS Organizations User Guide.
12218	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
12219}
12220
12221// String returns the string representation
12222func (s CreateOrganizationInput) String() string {
12223	return awsutil.Prettify(s)
12224}
12225
12226// GoString returns the string representation
12227func (s CreateOrganizationInput) GoString() string {
12228	return s.String()
12229}
12230
12231// SetFeatureSet sets the FeatureSet field's value.
12232func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput {
12233	s.FeatureSet = &v
12234	return s
12235}
12236
12237type CreateOrganizationOutput struct {
12238	_ struct{} `type:"structure"`
12239
12240	// A structure that contains details about the newly created organization.
12241	Organization *Organization `type:"structure"`
12242}
12243
12244// String returns the string representation
12245func (s CreateOrganizationOutput) String() string {
12246	return awsutil.Prettify(s)
12247}
12248
12249// GoString returns the string representation
12250func (s CreateOrganizationOutput) GoString() string {
12251	return s.String()
12252}
12253
12254// SetOrganization sets the Organization field's value.
12255func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput {
12256	s.Organization = v
12257	return s
12258}
12259
12260type CreateOrganizationalUnitInput struct {
12261	_ struct{} `type:"structure"`
12262
12263	// The friendly name to assign to the new OU.
12264	//
12265	// Name is a required field
12266	Name *string `min:"1" type:"string" required:"true"`
12267
12268	// The unique identifier (ID) of the parent root or OU that you want to create
12269	// the new OU in.
12270	//
12271	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
12272	// requires one of the following:
12273	//
12274	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
12275	//    letters or digits.
12276	//
12277	//    * Organizational unit (OU) - A string that begins with "ou-" followed
12278	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
12279	//    OU is in). This string is followed by a second "-" dash and from 8 to
12280	//    32 additional lowercase letters or digits.
12281	//
12282	// ParentId is a required field
12283	ParentId *string `type:"string" required:"true"`
12284}
12285
12286// String returns the string representation
12287func (s CreateOrganizationalUnitInput) String() string {
12288	return awsutil.Prettify(s)
12289}
12290
12291// GoString returns the string representation
12292func (s CreateOrganizationalUnitInput) GoString() string {
12293	return s.String()
12294}
12295
12296// Validate inspects the fields of the type to determine if they are valid.
12297func (s *CreateOrganizationalUnitInput) Validate() error {
12298	invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"}
12299	if s.Name == nil {
12300		invalidParams.Add(request.NewErrParamRequired("Name"))
12301	}
12302	if s.Name != nil && len(*s.Name) < 1 {
12303		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
12304	}
12305	if s.ParentId == nil {
12306		invalidParams.Add(request.NewErrParamRequired("ParentId"))
12307	}
12308
12309	if invalidParams.Len() > 0 {
12310		return invalidParams
12311	}
12312	return nil
12313}
12314
12315// SetName sets the Name field's value.
12316func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput {
12317	s.Name = &v
12318	return s
12319}
12320
12321// SetParentId sets the ParentId field's value.
12322func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput {
12323	s.ParentId = &v
12324	return s
12325}
12326
12327type CreateOrganizationalUnitOutput struct {
12328	_ struct{} `type:"structure"`
12329
12330	// A structure that contains details about the newly created OU.
12331	OrganizationalUnit *OrganizationalUnit `type:"structure"`
12332}
12333
12334// String returns the string representation
12335func (s CreateOrganizationalUnitOutput) String() string {
12336	return awsutil.Prettify(s)
12337}
12338
12339// GoString returns the string representation
12340func (s CreateOrganizationalUnitOutput) GoString() string {
12341	return s.String()
12342}
12343
12344// SetOrganizationalUnit sets the OrganizationalUnit field's value.
12345func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput {
12346	s.OrganizationalUnit = v
12347	return s
12348}
12349
12350type CreatePolicyInput struct {
12351	_ struct{} `type:"structure"`
12352
12353	// The policy content to add to the new policy. For example, you could create
12354	// a service control policy (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
12355	// (SCP) that specifies the permissions that administrators in attached accounts
12356	// can delegate to their users, groups, and roles. The string for this SCP must
12357	// be JSON text. For more information about the SCP syntax, see Service Control
12358	// Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
12359	// in the AWS Organizations User Guide.
12360	//
12361	// Content is a required field
12362	Content *string `min:"1" type:"string" required:"true"`
12363
12364	// An optional description to assign to the policy.
12365	//
12366	// Description is a required field
12367	Description *string `type:"string" required:"true"`
12368
12369	// The friendly name to assign to the policy.
12370	//
12371	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
12372	// this parameter is a string of any of the characters in the ASCII character
12373	// range.
12374	//
12375	// Name is a required field
12376	Name *string `min:"1" type:"string" required:"true"`
12377
12378	// The type of policy to create.
12379	//
12380	// Type is a required field
12381	Type *string `type:"string" required:"true" enum:"PolicyType"`
12382}
12383
12384// String returns the string representation
12385func (s CreatePolicyInput) String() string {
12386	return awsutil.Prettify(s)
12387}
12388
12389// GoString returns the string representation
12390func (s CreatePolicyInput) GoString() string {
12391	return s.String()
12392}
12393
12394// Validate inspects the fields of the type to determine if they are valid.
12395func (s *CreatePolicyInput) Validate() error {
12396	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
12397	if s.Content == nil {
12398		invalidParams.Add(request.NewErrParamRequired("Content"))
12399	}
12400	if s.Content != nil && len(*s.Content) < 1 {
12401		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
12402	}
12403	if s.Description == nil {
12404		invalidParams.Add(request.NewErrParamRequired("Description"))
12405	}
12406	if s.Name == nil {
12407		invalidParams.Add(request.NewErrParamRequired("Name"))
12408	}
12409	if s.Name != nil && len(*s.Name) < 1 {
12410		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
12411	}
12412	if s.Type == nil {
12413		invalidParams.Add(request.NewErrParamRequired("Type"))
12414	}
12415
12416	if invalidParams.Len() > 0 {
12417		return invalidParams
12418	}
12419	return nil
12420}
12421
12422// SetContent sets the Content field's value.
12423func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput {
12424	s.Content = &v
12425	return s
12426}
12427
12428// SetDescription sets the Description field's value.
12429func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
12430	s.Description = &v
12431	return s
12432}
12433
12434// SetName sets the Name field's value.
12435func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput {
12436	s.Name = &v
12437	return s
12438}
12439
12440// SetType sets the Type field's value.
12441func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput {
12442	s.Type = &v
12443	return s
12444}
12445
12446type CreatePolicyOutput struct {
12447	_ struct{} `type:"structure"`
12448
12449	// A structure that contains details about the newly created policy.
12450	Policy *Policy `type:"structure"`
12451}
12452
12453// String returns the string representation
12454func (s CreatePolicyOutput) String() string {
12455	return awsutil.Prettify(s)
12456}
12457
12458// GoString returns the string representation
12459func (s CreatePolicyOutput) GoString() string {
12460	return s.String()
12461}
12462
12463// SetPolicy sets the Policy field's value.
12464func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
12465	s.Policy = v
12466	return s
12467}
12468
12469type DeclineHandshakeInput struct {
12470	_ struct{} `type:"structure"`
12471
12472	// The unique identifier (ID) of the handshake that you want to decline. You
12473	// can get the ID from the ListHandshakesForAccount operation.
12474	//
12475	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
12476	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
12477	//
12478	// HandshakeId is a required field
12479	HandshakeId *string `type:"string" required:"true"`
12480}
12481
12482// String returns the string representation
12483func (s DeclineHandshakeInput) String() string {
12484	return awsutil.Prettify(s)
12485}
12486
12487// GoString returns the string representation
12488func (s DeclineHandshakeInput) GoString() string {
12489	return s.String()
12490}
12491
12492// Validate inspects the fields of the type to determine if they are valid.
12493func (s *DeclineHandshakeInput) Validate() error {
12494	invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"}
12495	if s.HandshakeId == nil {
12496		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
12497	}
12498
12499	if invalidParams.Len() > 0 {
12500		return invalidParams
12501	}
12502	return nil
12503}
12504
12505// SetHandshakeId sets the HandshakeId field's value.
12506func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput {
12507	s.HandshakeId = &v
12508	return s
12509}
12510
12511type DeclineHandshakeOutput struct {
12512	_ struct{} `type:"structure"`
12513
12514	// A structure that contains details about the declined handshake. The state
12515	// is updated to show the value DECLINED.
12516	Handshake *Handshake `type:"structure"`
12517}
12518
12519// String returns the string representation
12520func (s DeclineHandshakeOutput) String() string {
12521	return awsutil.Prettify(s)
12522}
12523
12524// GoString returns the string representation
12525func (s DeclineHandshakeOutput) GoString() string {
12526	return s.String()
12527}
12528
12529// SetHandshake sets the Handshake field's value.
12530func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput {
12531	s.Handshake = v
12532	return s
12533}
12534
12535type DeleteOrganizationInput struct {
12536	_ struct{} `type:"structure"`
12537}
12538
12539// String returns the string representation
12540func (s DeleteOrganizationInput) String() string {
12541	return awsutil.Prettify(s)
12542}
12543
12544// GoString returns the string representation
12545func (s DeleteOrganizationInput) GoString() string {
12546	return s.String()
12547}
12548
12549type DeleteOrganizationOutput struct {
12550	_ struct{} `type:"structure"`
12551}
12552
12553// String returns the string representation
12554func (s DeleteOrganizationOutput) String() string {
12555	return awsutil.Prettify(s)
12556}
12557
12558// GoString returns the string representation
12559func (s DeleteOrganizationOutput) GoString() string {
12560	return s.String()
12561}
12562
12563type DeleteOrganizationalUnitInput struct {
12564	_ struct{} `type:"structure"`
12565
12566	// The unique identifier (ID) of the organizational unit that you want to delete.
12567	// You can get the ID from the ListOrganizationalUnitsForParent operation.
12568	//
12569	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
12570	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
12571	// or digits (the ID of the root that contains the OU). This string is followed
12572	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
12573	//
12574	// OrganizationalUnitId is a required field
12575	OrganizationalUnitId *string `type:"string" required:"true"`
12576}
12577
12578// String returns the string representation
12579func (s DeleteOrganizationalUnitInput) String() string {
12580	return awsutil.Prettify(s)
12581}
12582
12583// GoString returns the string representation
12584func (s DeleteOrganizationalUnitInput) GoString() string {
12585	return s.String()
12586}
12587
12588// Validate inspects the fields of the type to determine if they are valid.
12589func (s *DeleteOrganizationalUnitInput) Validate() error {
12590	invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"}
12591	if s.OrganizationalUnitId == nil {
12592		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
12593	}
12594
12595	if invalidParams.Len() > 0 {
12596		return invalidParams
12597	}
12598	return nil
12599}
12600
12601// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
12602func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput {
12603	s.OrganizationalUnitId = &v
12604	return s
12605}
12606
12607type DeleteOrganizationalUnitOutput struct {
12608	_ struct{} `type:"structure"`
12609}
12610
12611// String returns the string representation
12612func (s DeleteOrganizationalUnitOutput) String() string {
12613	return awsutil.Prettify(s)
12614}
12615
12616// GoString returns the string representation
12617func (s DeleteOrganizationalUnitOutput) GoString() string {
12618	return s.String()
12619}
12620
12621type DeletePolicyInput struct {
12622	_ struct{} `type:"structure"`
12623
12624	// The unique identifier (ID) of the policy that you want to delete. You can
12625	// get the ID from the ListPolicies or ListPoliciesForTarget operations.
12626	//
12627	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
12628	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
12629	//
12630	// PolicyId is a required field
12631	PolicyId *string `type:"string" required:"true"`
12632}
12633
12634// String returns the string representation
12635func (s DeletePolicyInput) String() string {
12636	return awsutil.Prettify(s)
12637}
12638
12639// GoString returns the string representation
12640func (s DeletePolicyInput) GoString() string {
12641	return s.String()
12642}
12643
12644// Validate inspects the fields of the type to determine if they are valid.
12645func (s *DeletePolicyInput) Validate() error {
12646	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
12647	if s.PolicyId == nil {
12648		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
12649	}
12650
12651	if invalidParams.Len() > 0 {
12652		return invalidParams
12653	}
12654	return nil
12655}
12656
12657// SetPolicyId sets the PolicyId field's value.
12658func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
12659	s.PolicyId = &v
12660	return s
12661}
12662
12663type DeletePolicyOutput struct {
12664	_ struct{} `type:"structure"`
12665}
12666
12667// String returns the string representation
12668func (s DeletePolicyOutput) String() string {
12669	return awsutil.Prettify(s)
12670}
12671
12672// GoString returns the string representation
12673func (s DeletePolicyOutput) GoString() string {
12674	return s.String()
12675}
12676
12677type DescribeAccountInput struct {
12678	_ struct{} `type:"structure"`
12679
12680	// The unique identifier (ID) of the AWS account that you want information about.
12681	// You can get the ID from the ListAccounts or ListAccountsForParent operations.
12682	//
12683	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
12684	// requires exactly 12 digits.
12685	//
12686	// AccountId is a required field
12687	AccountId *string `type:"string" required:"true"`
12688}
12689
12690// String returns the string representation
12691func (s DescribeAccountInput) String() string {
12692	return awsutil.Prettify(s)
12693}
12694
12695// GoString returns the string representation
12696func (s DescribeAccountInput) GoString() string {
12697	return s.String()
12698}
12699
12700// Validate inspects the fields of the type to determine if they are valid.
12701func (s *DescribeAccountInput) Validate() error {
12702	invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"}
12703	if s.AccountId == nil {
12704		invalidParams.Add(request.NewErrParamRequired("AccountId"))
12705	}
12706
12707	if invalidParams.Len() > 0 {
12708		return invalidParams
12709	}
12710	return nil
12711}
12712
12713// SetAccountId sets the AccountId field's value.
12714func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput {
12715	s.AccountId = &v
12716	return s
12717}
12718
12719type DescribeAccountOutput struct {
12720	_ struct{} `type:"structure"`
12721
12722	// A structure that contains information about the requested account.
12723	Account *Account `type:"structure"`
12724}
12725
12726// String returns the string representation
12727func (s DescribeAccountOutput) String() string {
12728	return awsutil.Prettify(s)
12729}
12730
12731// GoString returns the string representation
12732func (s DescribeAccountOutput) GoString() string {
12733	return s.String()
12734}
12735
12736// SetAccount sets the Account field's value.
12737func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput {
12738	s.Account = v
12739	return s
12740}
12741
12742type DescribeCreateAccountStatusInput struct {
12743	_ struct{} `type:"structure"`
12744
12745	// Specifies the operationId that uniquely identifies the request. You can get
12746	// the ID from the response to an earlier CreateAccount request, or from the
12747	// ListCreateAccountStatus operation.
12748	//
12749	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
12750	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
12751	// or digits.
12752	//
12753	// CreateAccountRequestId is a required field
12754	CreateAccountRequestId *string `type:"string" required:"true"`
12755}
12756
12757// String returns the string representation
12758func (s DescribeCreateAccountStatusInput) String() string {
12759	return awsutil.Prettify(s)
12760}
12761
12762// GoString returns the string representation
12763func (s DescribeCreateAccountStatusInput) GoString() string {
12764	return s.String()
12765}
12766
12767// Validate inspects the fields of the type to determine if they are valid.
12768func (s *DescribeCreateAccountStatusInput) Validate() error {
12769	invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"}
12770	if s.CreateAccountRequestId == nil {
12771		invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId"))
12772	}
12773
12774	if invalidParams.Len() > 0 {
12775		return invalidParams
12776	}
12777	return nil
12778}
12779
12780// SetCreateAccountRequestId sets the CreateAccountRequestId field's value.
12781func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput {
12782	s.CreateAccountRequestId = &v
12783	return s
12784}
12785
12786type DescribeCreateAccountStatusOutput struct {
12787	_ struct{} `type:"structure"`
12788
12789	// A structure that contains the current status of an account creation request.
12790	CreateAccountStatus *CreateAccountStatus `type:"structure"`
12791}
12792
12793// String returns the string representation
12794func (s DescribeCreateAccountStatusOutput) String() string {
12795	return awsutil.Prettify(s)
12796}
12797
12798// GoString returns the string representation
12799func (s DescribeCreateAccountStatusOutput) GoString() string {
12800	return s.String()
12801}
12802
12803// SetCreateAccountStatus sets the CreateAccountStatus field's value.
12804func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput {
12805	s.CreateAccountStatus = v
12806	return s
12807}
12808
12809type DescribeEffectivePolicyInput struct {
12810	_ struct{} `type:"structure"`
12811
12812	// The type of policy that you want information about.
12813	//
12814	// PolicyType is a required field
12815	PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"`
12816
12817	// When you're signed in as the master account, specify the ID of the account
12818	// that you want details about. Specifying an organization root or OU as the
12819	// target is not supported.
12820	TargetId *string `type:"string"`
12821}
12822
12823// String returns the string representation
12824func (s DescribeEffectivePolicyInput) String() string {
12825	return awsutil.Prettify(s)
12826}
12827
12828// GoString returns the string representation
12829func (s DescribeEffectivePolicyInput) GoString() string {
12830	return s.String()
12831}
12832
12833// Validate inspects the fields of the type to determine if they are valid.
12834func (s *DescribeEffectivePolicyInput) Validate() error {
12835	invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"}
12836	if s.PolicyType == nil {
12837		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
12838	}
12839
12840	if invalidParams.Len() > 0 {
12841		return invalidParams
12842	}
12843	return nil
12844}
12845
12846// SetPolicyType sets the PolicyType field's value.
12847func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput {
12848	s.PolicyType = &v
12849	return s
12850}
12851
12852// SetTargetId sets the TargetId field's value.
12853func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput {
12854	s.TargetId = &v
12855	return s
12856}
12857
12858type DescribeEffectivePolicyOutput struct {
12859	_ struct{} `type:"structure"`
12860
12861	// The contents of the effective policy.
12862	EffectivePolicy *EffectivePolicy `type:"structure"`
12863}
12864
12865// String returns the string representation
12866func (s DescribeEffectivePolicyOutput) String() string {
12867	return awsutil.Prettify(s)
12868}
12869
12870// GoString returns the string representation
12871func (s DescribeEffectivePolicyOutput) GoString() string {
12872	return s.String()
12873}
12874
12875// SetEffectivePolicy sets the EffectivePolicy field's value.
12876func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput {
12877	s.EffectivePolicy = v
12878	return s
12879}
12880
12881type DescribeHandshakeInput struct {
12882	_ struct{} `type:"structure"`
12883
12884	// The unique identifier (ID) of the handshake that you want information about.
12885	// You can get the ID from the original call to InviteAccountToOrganization,
12886	// or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
12887	//
12888	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
12889	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
12890	//
12891	// HandshakeId is a required field
12892	HandshakeId *string `type:"string" required:"true"`
12893}
12894
12895// String returns the string representation
12896func (s DescribeHandshakeInput) String() string {
12897	return awsutil.Prettify(s)
12898}
12899
12900// GoString returns the string representation
12901func (s DescribeHandshakeInput) GoString() string {
12902	return s.String()
12903}
12904
12905// Validate inspects the fields of the type to determine if they are valid.
12906func (s *DescribeHandshakeInput) Validate() error {
12907	invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"}
12908	if s.HandshakeId == nil {
12909		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
12910	}
12911
12912	if invalidParams.Len() > 0 {
12913		return invalidParams
12914	}
12915	return nil
12916}
12917
12918// SetHandshakeId sets the HandshakeId field's value.
12919func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput {
12920	s.HandshakeId = &v
12921	return s
12922}
12923
12924type DescribeHandshakeOutput struct {
12925	_ struct{} `type:"structure"`
12926
12927	// A structure that contains information about the specified handshake.
12928	Handshake *Handshake `type:"structure"`
12929}
12930
12931// String returns the string representation
12932func (s DescribeHandshakeOutput) String() string {
12933	return awsutil.Prettify(s)
12934}
12935
12936// GoString returns the string representation
12937func (s DescribeHandshakeOutput) GoString() string {
12938	return s.String()
12939}
12940
12941// SetHandshake sets the Handshake field's value.
12942func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput {
12943	s.Handshake = v
12944	return s
12945}
12946
12947type DescribeOrganizationInput struct {
12948	_ struct{} `type:"structure"`
12949}
12950
12951// String returns the string representation
12952func (s DescribeOrganizationInput) String() string {
12953	return awsutil.Prettify(s)
12954}
12955
12956// GoString returns the string representation
12957func (s DescribeOrganizationInput) GoString() string {
12958	return s.String()
12959}
12960
12961type DescribeOrganizationOutput struct {
12962	_ struct{} `type:"structure"`
12963
12964	// A structure that contains information about the organization.
12965	Organization *Organization `type:"structure"`
12966}
12967
12968// String returns the string representation
12969func (s DescribeOrganizationOutput) String() string {
12970	return awsutil.Prettify(s)
12971}
12972
12973// GoString returns the string representation
12974func (s DescribeOrganizationOutput) GoString() string {
12975	return s.String()
12976}
12977
12978// SetOrganization sets the Organization field's value.
12979func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput {
12980	s.Organization = v
12981	return s
12982}
12983
12984type DescribeOrganizationalUnitInput struct {
12985	_ struct{} `type:"structure"`
12986
12987	// The unique identifier (ID) of the organizational unit that you want details
12988	// about. You can get the ID from the ListOrganizationalUnitsForParent operation.
12989	//
12990	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
12991	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
12992	// or digits (the ID of the root that contains the OU). This string is followed
12993	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
12994	//
12995	// OrganizationalUnitId is a required field
12996	OrganizationalUnitId *string `type:"string" required:"true"`
12997}
12998
12999// String returns the string representation
13000func (s DescribeOrganizationalUnitInput) String() string {
13001	return awsutil.Prettify(s)
13002}
13003
13004// GoString returns the string representation
13005func (s DescribeOrganizationalUnitInput) GoString() string {
13006	return s.String()
13007}
13008
13009// Validate inspects the fields of the type to determine if they are valid.
13010func (s *DescribeOrganizationalUnitInput) Validate() error {
13011	invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"}
13012	if s.OrganizationalUnitId == nil {
13013		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
13014	}
13015
13016	if invalidParams.Len() > 0 {
13017		return invalidParams
13018	}
13019	return nil
13020}
13021
13022// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
13023func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput {
13024	s.OrganizationalUnitId = &v
13025	return s
13026}
13027
13028type DescribeOrganizationalUnitOutput struct {
13029	_ struct{} `type:"structure"`
13030
13031	// A structure that contains details about the specified OU.
13032	OrganizationalUnit *OrganizationalUnit `type:"structure"`
13033}
13034
13035// String returns the string representation
13036func (s DescribeOrganizationalUnitOutput) String() string {
13037	return awsutil.Prettify(s)
13038}
13039
13040// GoString returns the string representation
13041func (s DescribeOrganizationalUnitOutput) GoString() string {
13042	return s.String()
13043}
13044
13045// SetOrganizationalUnit sets the OrganizationalUnit field's value.
13046func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput {
13047	s.OrganizationalUnit = v
13048	return s
13049}
13050
13051type DescribePolicyInput struct {
13052	_ struct{} `type:"structure"`
13053
13054	// The unique identifier (ID) of the policy that you want details about. You
13055	// can get the ID from the ListPolicies or ListPoliciesForTarget operations.
13056	//
13057	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
13058	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
13059	//
13060	// PolicyId is a required field
13061	PolicyId *string `type:"string" required:"true"`
13062}
13063
13064// String returns the string representation
13065func (s DescribePolicyInput) String() string {
13066	return awsutil.Prettify(s)
13067}
13068
13069// GoString returns the string representation
13070func (s DescribePolicyInput) GoString() string {
13071	return s.String()
13072}
13073
13074// Validate inspects the fields of the type to determine if they are valid.
13075func (s *DescribePolicyInput) Validate() error {
13076	invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"}
13077	if s.PolicyId == nil {
13078		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
13079	}
13080
13081	if invalidParams.Len() > 0 {
13082		return invalidParams
13083	}
13084	return nil
13085}
13086
13087// SetPolicyId sets the PolicyId field's value.
13088func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput {
13089	s.PolicyId = &v
13090	return s
13091}
13092
13093type DescribePolicyOutput struct {
13094	_ struct{} `type:"structure"`
13095
13096	// A structure that contains details about the specified policy.
13097	Policy *Policy `type:"structure"`
13098}
13099
13100// String returns the string representation
13101func (s DescribePolicyOutput) String() string {
13102	return awsutil.Prettify(s)
13103}
13104
13105// GoString returns the string representation
13106func (s DescribePolicyOutput) GoString() string {
13107	return s.String()
13108}
13109
13110// SetPolicy sets the Policy field's value.
13111func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput {
13112	s.Policy = v
13113	return s
13114}
13115
13116type DetachPolicyInput struct {
13117	_ struct{} `type:"structure"`
13118
13119	// The unique identifier (ID) of the policy you want to detach. You can get
13120	// the ID from the ListPolicies or ListPoliciesForTarget operations.
13121	//
13122	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
13123	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
13124	//
13125	// PolicyId is a required field
13126	PolicyId *string `type:"string" required:"true"`
13127
13128	// The unique identifier (ID) of the root, OU, or account that you want to detach
13129	// the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent,
13130	// or ListAccounts operations.
13131	//
13132	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
13133	// requires one of the following:
13134	//
13135	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
13136	//    letters or digits.
13137	//
13138	//    * Account - A string that consists of exactly 12 digits.
13139	//
13140	//    * Organizational unit (OU) - A string that begins with "ou-" followed
13141	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
13142	//    OU is in). This string is followed by a second "-" dash and from 8 to
13143	//    32 additional lowercase letters or digits.
13144	//
13145	// TargetId is a required field
13146	TargetId *string `type:"string" required:"true"`
13147}
13148
13149// String returns the string representation
13150func (s DetachPolicyInput) String() string {
13151	return awsutil.Prettify(s)
13152}
13153
13154// GoString returns the string representation
13155func (s DetachPolicyInput) GoString() string {
13156	return s.String()
13157}
13158
13159// Validate inspects the fields of the type to determine if they are valid.
13160func (s *DetachPolicyInput) Validate() error {
13161	invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"}
13162	if s.PolicyId == nil {
13163		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
13164	}
13165	if s.TargetId == nil {
13166		invalidParams.Add(request.NewErrParamRequired("TargetId"))
13167	}
13168
13169	if invalidParams.Len() > 0 {
13170		return invalidParams
13171	}
13172	return nil
13173}
13174
13175// SetPolicyId sets the PolicyId field's value.
13176func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput {
13177	s.PolicyId = &v
13178	return s
13179}
13180
13181// SetTargetId sets the TargetId field's value.
13182func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput {
13183	s.TargetId = &v
13184	return s
13185}
13186
13187type DetachPolicyOutput struct {
13188	_ struct{} `type:"structure"`
13189}
13190
13191// String returns the string representation
13192func (s DetachPolicyOutput) String() string {
13193	return awsutil.Prettify(s)
13194}
13195
13196// GoString returns the string representation
13197func (s DetachPolicyOutput) GoString() string {
13198	return s.String()
13199}
13200
13201type DisableAWSServiceAccessInput struct {
13202	_ struct{} `type:"structure"`
13203
13204	// The service principal name of the AWS service for which you want to disable
13205	// integration with your organization. This is typically in the form of a URL,
13206	// such as service-abbreviation.amazonaws.com.
13207	//
13208	// ServicePrincipal is a required field
13209	ServicePrincipal *string `min:"1" type:"string" required:"true"`
13210}
13211
13212// String returns the string representation
13213func (s DisableAWSServiceAccessInput) String() string {
13214	return awsutil.Prettify(s)
13215}
13216
13217// GoString returns the string representation
13218func (s DisableAWSServiceAccessInput) GoString() string {
13219	return s.String()
13220}
13221
13222// Validate inspects the fields of the type to determine if they are valid.
13223func (s *DisableAWSServiceAccessInput) Validate() error {
13224	invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"}
13225	if s.ServicePrincipal == nil {
13226		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
13227	}
13228	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
13229		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
13230	}
13231
13232	if invalidParams.Len() > 0 {
13233		return invalidParams
13234	}
13235	return nil
13236}
13237
13238// SetServicePrincipal sets the ServicePrincipal field's value.
13239func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput {
13240	s.ServicePrincipal = &v
13241	return s
13242}
13243
13244type DisableAWSServiceAccessOutput struct {
13245	_ struct{} `type:"structure"`
13246}
13247
13248// String returns the string representation
13249func (s DisableAWSServiceAccessOutput) String() string {
13250	return awsutil.Prettify(s)
13251}
13252
13253// GoString returns the string representation
13254func (s DisableAWSServiceAccessOutput) GoString() string {
13255	return s.String()
13256}
13257
13258type DisablePolicyTypeInput struct {
13259	_ struct{} `type:"structure"`
13260
13261	// The policy type that you want to disable in this root.
13262	//
13263	// PolicyType is a required field
13264	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
13265
13266	// The unique identifier (ID) of the root in which you want to disable a policy
13267	// type. You can get the ID from the ListRoots operation.
13268	//
13269	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
13270	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
13271	//
13272	// RootId is a required field
13273	RootId *string `type:"string" required:"true"`
13274}
13275
13276// String returns the string representation
13277func (s DisablePolicyTypeInput) String() string {
13278	return awsutil.Prettify(s)
13279}
13280
13281// GoString returns the string representation
13282func (s DisablePolicyTypeInput) GoString() string {
13283	return s.String()
13284}
13285
13286// Validate inspects the fields of the type to determine if they are valid.
13287func (s *DisablePolicyTypeInput) Validate() error {
13288	invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"}
13289	if s.PolicyType == nil {
13290		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
13291	}
13292	if s.RootId == nil {
13293		invalidParams.Add(request.NewErrParamRequired("RootId"))
13294	}
13295
13296	if invalidParams.Len() > 0 {
13297		return invalidParams
13298	}
13299	return nil
13300}
13301
13302// SetPolicyType sets the PolicyType field's value.
13303func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput {
13304	s.PolicyType = &v
13305	return s
13306}
13307
13308// SetRootId sets the RootId field's value.
13309func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput {
13310	s.RootId = &v
13311	return s
13312}
13313
13314type DisablePolicyTypeOutput struct {
13315	_ struct{} `type:"structure"`
13316
13317	// A structure that shows the root with the updated list of enabled policy types.
13318	Root *Root `type:"structure"`
13319}
13320
13321// String returns the string representation
13322func (s DisablePolicyTypeOutput) String() string {
13323	return awsutil.Prettify(s)
13324}
13325
13326// GoString returns the string representation
13327func (s DisablePolicyTypeOutput) GoString() string {
13328	return s.String()
13329}
13330
13331// SetRoot sets the Root field's value.
13332func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput {
13333	s.Root = v
13334	return s
13335}
13336
13337// Contains rules to be applied to the affected accounts. The effective policy
13338// is the aggregation of any policies the account inherits, plus any policy
13339// directly attached to the account.
13340type EffectivePolicy struct {
13341	_ struct{} `type:"structure"`
13342
13343	// The time of the last update to this policy.
13344	LastUpdatedTimestamp *time.Time `type:"timestamp"`
13345
13346	// The text content of the policy.
13347	PolicyContent *string `min:"1" type:"string"`
13348
13349	// The policy type.
13350	PolicyType *string `type:"string" enum:"EffectivePolicyType"`
13351
13352	// The account ID of the policy target.
13353	TargetId *string `type:"string"`
13354}
13355
13356// String returns the string representation
13357func (s EffectivePolicy) String() string {
13358	return awsutil.Prettify(s)
13359}
13360
13361// GoString returns the string representation
13362func (s EffectivePolicy) GoString() string {
13363	return s.String()
13364}
13365
13366// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value.
13367func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy {
13368	s.LastUpdatedTimestamp = &v
13369	return s
13370}
13371
13372// SetPolicyContent sets the PolicyContent field's value.
13373func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy {
13374	s.PolicyContent = &v
13375	return s
13376}
13377
13378// SetPolicyType sets the PolicyType field's value.
13379func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy {
13380	s.PolicyType = &v
13381	return s
13382}
13383
13384// SetTargetId sets the TargetId field's value.
13385func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy {
13386	s.TargetId = &v
13387	return s
13388}
13389
13390type EnableAWSServiceAccessInput struct {
13391	_ struct{} `type:"structure"`
13392
13393	// The service principal name of the AWS service for which you want to enable
13394	// integration with your organization. This is typically in the form of a URL,
13395	// such as service-abbreviation.amazonaws.com.
13396	//
13397	// ServicePrincipal is a required field
13398	ServicePrincipal *string `min:"1" type:"string" required:"true"`
13399}
13400
13401// String returns the string representation
13402func (s EnableAWSServiceAccessInput) String() string {
13403	return awsutil.Prettify(s)
13404}
13405
13406// GoString returns the string representation
13407func (s EnableAWSServiceAccessInput) GoString() string {
13408	return s.String()
13409}
13410
13411// Validate inspects the fields of the type to determine if they are valid.
13412func (s *EnableAWSServiceAccessInput) Validate() error {
13413	invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"}
13414	if s.ServicePrincipal == nil {
13415		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
13416	}
13417	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
13418		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
13419	}
13420
13421	if invalidParams.Len() > 0 {
13422		return invalidParams
13423	}
13424	return nil
13425}
13426
13427// SetServicePrincipal sets the ServicePrincipal field's value.
13428func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput {
13429	s.ServicePrincipal = &v
13430	return s
13431}
13432
13433type EnableAWSServiceAccessOutput struct {
13434	_ struct{} `type:"structure"`
13435}
13436
13437// String returns the string representation
13438func (s EnableAWSServiceAccessOutput) String() string {
13439	return awsutil.Prettify(s)
13440}
13441
13442// GoString returns the string representation
13443func (s EnableAWSServiceAccessOutput) GoString() string {
13444	return s.String()
13445}
13446
13447type EnableAllFeaturesInput struct {
13448	_ struct{} `type:"structure"`
13449}
13450
13451// String returns the string representation
13452func (s EnableAllFeaturesInput) String() string {
13453	return awsutil.Prettify(s)
13454}
13455
13456// GoString returns the string representation
13457func (s EnableAllFeaturesInput) GoString() string {
13458	return s.String()
13459}
13460
13461type EnableAllFeaturesOutput struct {
13462	_ struct{} `type:"structure"`
13463
13464	// A structure that contains details about the handshake created to support
13465	// this request to enable all features in the organization.
13466	Handshake *Handshake `type:"structure"`
13467}
13468
13469// String returns the string representation
13470func (s EnableAllFeaturesOutput) String() string {
13471	return awsutil.Prettify(s)
13472}
13473
13474// GoString returns the string representation
13475func (s EnableAllFeaturesOutput) GoString() string {
13476	return s.String()
13477}
13478
13479// SetHandshake sets the Handshake field's value.
13480func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput {
13481	s.Handshake = v
13482	return s
13483}
13484
13485type EnablePolicyTypeInput struct {
13486	_ struct{} `type:"structure"`
13487
13488	// The policy type that you want to enable.
13489	//
13490	// PolicyType is a required field
13491	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
13492
13493	// The unique identifier (ID) of the root in which you want to enable a policy
13494	// type. You can get the ID from the ListRoots operation.
13495	//
13496	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
13497	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
13498	//
13499	// RootId is a required field
13500	RootId *string `type:"string" required:"true"`
13501}
13502
13503// String returns the string representation
13504func (s EnablePolicyTypeInput) String() string {
13505	return awsutil.Prettify(s)
13506}
13507
13508// GoString returns the string representation
13509func (s EnablePolicyTypeInput) GoString() string {
13510	return s.String()
13511}
13512
13513// Validate inspects the fields of the type to determine if they are valid.
13514func (s *EnablePolicyTypeInput) Validate() error {
13515	invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"}
13516	if s.PolicyType == nil {
13517		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
13518	}
13519	if s.RootId == nil {
13520		invalidParams.Add(request.NewErrParamRequired("RootId"))
13521	}
13522
13523	if invalidParams.Len() > 0 {
13524		return invalidParams
13525	}
13526	return nil
13527}
13528
13529// SetPolicyType sets the PolicyType field's value.
13530func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput {
13531	s.PolicyType = &v
13532	return s
13533}
13534
13535// SetRootId sets the RootId field's value.
13536func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput {
13537	s.RootId = &v
13538	return s
13539}
13540
13541type EnablePolicyTypeOutput struct {
13542	_ struct{} `type:"structure"`
13543
13544	// A structure that shows the root with the updated list of enabled policy types.
13545	Root *Root `type:"structure"`
13546}
13547
13548// String returns the string representation
13549func (s EnablePolicyTypeOutput) String() string {
13550	return awsutil.Prettify(s)
13551}
13552
13553// GoString returns the string representation
13554func (s EnablePolicyTypeOutput) GoString() string {
13555	return s.String()
13556}
13557
13558// SetRoot sets the Root field's value.
13559func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput {
13560	s.Root = v
13561	return s
13562}
13563
13564// A structure that contains details of a service principal that is enabled
13565// to integrate with AWS Organizations.
13566type EnabledServicePrincipal struct {
13567	_ struct{} `type:"structure"`
13568
13569	// The date that the service principal was enabled for integration with AWS
13570	// Organizations.
13571	DateEnabled *time.Time `type:"timestamp"`
13572
13573	// The name of the service principal. This is typically in the form of a URL,
13574	// such as: servicename.amazonaws.com.
13575	ServicePrincipal *string `min:"1" type:"string"`
13576}
13577
13578// String returns the string representation
13579func (s EnabledServicePrincipal) String() string {
13580	return awsutil.Prettify(s)
13581}
13582
13583// GoString returns the string representation
13584func (s EnabledServicePrincipal) GoString() string {
13585	return s.String()
13586}
13587
13588// SetDateEnabled sets the DateEnabled field's value.
13589func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal {
13590	s.DateEnabled = &v
13591	return s
13592}
13593
13594// SetServicePrincipal sets the ServicePrincipal field's value.
13595func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal {
13596	s.ServicePrincipal = &v
13597	return s
13598}
13599
13600// Contains information that must be exchanged to securely establish a relationship
13601// between two accounts (an originator and a recipient). For example, assume
13602// that a master account (the originator) invites another account (the recipient)
13603// to join its organization. In that case, the two accounts exchange information
13604// as a series of handshake requests and responses.
13605//
13606// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists
13607// for only 30 days after entering that state. After that, they are deleted.
13608type Handshake struct {
13609	_ struct{} `type:"structure"`
13610
13611	// The type of handshake, indicating what action occurs when the recipient accepts
13612	// the handshake. The following handshake types are supported:
13613	//
13614	//    * INVITE: This type of handshake represents a request to join an organization.
13615	//    It is always sent from the master account to only non-member accounts.
13616	//
13617	//    * ENABLE_ALL_FEATURES: This type of handshake represents a request to
13618	//    enable all features in an organization. It is always sent from the master
13619	//    account to only invited member accounts. Created accounts do not receive
13620	//    this because those accounts were created by the organization's master
13621	//    account and approval is inferred.
13622	//
13623	//    * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations
13624	//    service when all member accounts have approved the ENABLE_ALL_FEATURES
13625	//    invitation. It is sent only to the master account and signals the master
13626	//    that it can finalize the process to enable all features.
13627	Action *string `type:"string" enum:"ActionType"`
13628
13629	// The Amazon Resource Name (ARN) of a handshake.
13630	//
13631	// For more information about ARNs in Organizations, see ARN Formats Supported
13632	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
13633	// in the AWS Organizations User Guide.
13634	Arn *string `type:"string"`
13635
13636	// The date and time that the handshake expires. If the recipient of the handshake
13637	// request fails to respond before the specified date and time, the handshake
13638	// becomes inactive and is no longer valid.
13639	ExpirationTimestamp *time.Time `type:"timestamp"`
13640
13641	// The unique identifier (ID) of a handshake. The originating account creates
13642	// the ID when it initiates the handshake.
13643	//
13644	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
13645	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
13646	Id *string `type:"string"`
13647
13648	// Information about the two accounts that are participating in the handshake.
13649	Parties []*HandshakeParty `type:"list"`
13650
13651	// The date and time that the handshake request was made.
13652	RequestedTimestamp *time.Time `type:"timestamp"`
13653
13654	// Additional information that is needed to process the handshake.
13655	Resources []*HandshakeResource `type:"list"`
13656
13657	// The current state of the handshake. Use the state to trace the flow of the
13658	// handshake through the process from its creation to its acceptance. The meaning
13659	// of each of the valid values is as follows:
13660	//
13661	//    * REQUESTED: This handshake was sent to multiple recipients (applicable
13662	//    to only some handshake types) and not all recipients have responded yet.
13663	//    The request stays in this state until all recipients respond.
13664	//
13665	//    * OPEN: This handshake was sent to multiple recipients (applicable to
13666	//    only some policy types) and all recipients have responded, allowing the
13667	//    originator to complete the handshake action.
13668	//
13669	//    * CANCELED: This handshake is no longer active because it was canceled
13670	//    by the originating account.
13671	//
13672	//    * ACCEPTED: This handshake is complete because it has been accepted by
13673	//    the recipient.
13674	//
13675	//    * DECLINED: This handshake is no longer active because it was declined
13676	//    by the recipient account.
13677	//
13678	//    * EXPIRED: This handshake is no longer active because the originator did
13679	//    not receive a response of any kind from the recipient before the expiration
13680	//    time (15 days).
13681	State *string `type:"string" enum:"HandshakeState"`
13682}
13683
13684// String returns the string representation
13685func (s Handshake) String() string {
13686	return awsutil.Prettify(s)
13687}
13688
13689// GoString returns the string representation
13690func (s Handshake) GoString() string {
13691	return s.String()
13692}
13693
13694// SetAction sets the Action field's value.
13695func (s *Handshake) SetAction(v string) *Handshake {
13696	s.Action = &v
13697	return s
13698}
13699
13700// SetArn sets the Arn field's value.
13701func (s *Handshake) SetArn(v string) *Handshake {
13702	s.Arn = &v
13703	return s
13704}
13705
13706// SetExpirationTimestamp sets the ExpirationTimestamp field's value.
13707func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake {
13708	s.ExpirationTimestamp = &v
13709	return s
13710}
13711
13712// SetId sets the Id field's value.
13713func (s *Handshake) SetId(v string) *Handshake {
13714	s.Id = &v
13715	return s
13716}
13717
13718// SetParties sets the Parties field's value.
13719func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake {
13720	s.Parties = v
13721	return s
13722}
13723
13724// SetRequestedTimestamp sets the RequestedTimestamp field's value.
13725func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake {
13726	s.RequestedTimestamp = &v
13727	return s
13728}
13729
13730// SetResources sets the Resources field's value.
13731func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake {
13732	s.Resources = v
13733	return s
13734}
13735
13736// SetState sets the State field's value.
13737func (s *Handshake) SetState(v string) *Handshake {
13738	s.State = &v
13739	return s
13740}
13741
13742// Specifies the criteria that are used to select the handshakes for the operation.
13743type HandshakeFilter struct {
13744	_ struct{} `type:"structure"`
13745
13746	// Specifies the type of handshake action.
13747	//
13748	// If you specify ActionType, you cannot also specify ParentHandshakeId.
13749	ActionType *string `type:"string" enum:"ActionType"`
13750
13751	// Specifies the parent handshake. Only used for handshake types that are a
13752	// child of another type.
13753	//
13754	// If you specify ParentHandshakeId, you cannot also specify ActionType.
13755	//
13756	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
13757	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
13758	ParentHandshakeId *string `type:"string"`
13759}
13760
13761// String returns the string representation
13762func (s HandshakeFilter) String() string {
13763	return awsutil.Prettify(s)
13764}
13765
13766// GoString returns the string representation
13767func (s HandshakeFilter) GoString() string {
13768	return s.String()
13769}
13770
13771// SetActionType sets the ActionType field's value.
13772func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter {
13773	s.ActionType = &v
13774	return s
13775}
13776
13777// SetParentHandshakeId sets the ParentHandshakeId field's value.
13778func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter {
13779	s.ParentHandshakeId = &v
13780	return s
13781}
13782
13783// Identifies a participant in a handshake.
13784type HandshakeParty struct {
13785	_ struct{} `type:"structure"`
13786
13787	// The unique identifier (ID) for the party.
13788	//
13789	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
13790	// requires "h-" followed by from 8 to 32 lower-case letters or digits.
13791	//
13792	// Id is a required field
13793	Id *string `min:"1" type:"string" required:"true" sensitive:"true"`
13794
13795	// The type of party.
13796	//
13797	// Type is a required field
13798	Type *string `type:"string" required:"true" enum:"HandshakePartyType"`
13799}
13800
13801// String returns the string representation
13802func (s HandshakeParty) String() string {
13803	return awsutil.Prettify(s)
13804}
13805
13806// GoString returns the string representation
13807func (s HandshakeParty) GoString() string {
13808	return s.String()
13809}
13810
13811// Validate inspects the fields of the type to determine if they are valid.
13812func (s *HandshakeParty) Validate() error {
13813	invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"}
13814	if s.Id == nil {
13815		invalidParams.Add(request.NewErrParamRequired("Id"))
13816	}
13817	if s.Id != nil && len(*s.Id) < 1 {
13818		invalidParams.Add(request.NewErrParamMinLen("Id", 1))
13819	}
13820	if s.Type == nil {
13821		invalidParams.Add(request.NewErrParamRequired("Type"))
13822	}
13823
13824	if invalidParams.Len() > 0 {
13825		return invalidParams
13826	}
13827	return nil
13828}
13829
13830// SetId sets the Id field's value.
13831func (s *HandshakeParty) SetId(v string) *HandshakeParty {
13832	s.Id = &v
13833	return s
13834}
13835
13836// SetType sets the Type field's value.
13837func (s *HandshakeParty) SetType(v string) *HandshakeParty {
13838	s.Type = &v
13839	return s
13840}
13841
13842// Contains additional data that is needed to process a handshake.
13843type HandshakeResource struct {
13844	_ struct{} `type:"structure"`
13845
13846	// When needed, contains an additional array of HandshakeResource objects.
13847	Resources []*HandshakeResource `type:"list"`
13848
13849	// The type of information being passed, specifying how the value is to be interpreted
13850	// by the other party:
13851	//
13852	//    * ACCOUNT - Specifies an AWS account ID number.
13853	//
13854	//    * ORGANIZATION - Specifies an organization ID number.
13855	//
13856	//    * EMAIL - Specifies the email address that is associated with the account
13857	//    that receives the handshake.
13858	//
13859	//    * OWNER_EMAIL - Specifies the email address associated with the master
13860	//    account. Included as information about an organization.
13861	//
13862	//    * OWNER_NAME - Specifies the name associated with the master account.
13863	//    Included as information about an organization.
13864	//
13865	//    * NOTES - Additional text provided by the handshake initiator and intended
13866	//    for the recipient to read.
13867	Type *string `type:"string" enum:"HandshakeResourceType"`
13868
13869	// The information that is passed to the other party in the handshake. The format
13870	// of the value string must match the requirements of the specified type.
13871	Value *string `type:"string" sensitive:"true"`
13872}
13873
13874// String returns the string representation
13875func (s HandshakeResource) String() string {
13876	return awsutil.Prettify(s)
13877}
13878
13879// GoString returns the string representation
13880func (s HandshakeResource) GoString() string {
13881	return s.String()
13882}
13883
13884// SetResources sets the Resources field's value.
13885func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource {
13886	s.Resources = v
13887	return s
13888}
13889
13890// SetType sets the Type field's value.
13891func (s *HandshakeResource) SetType(v string) *HandshakeResource {
13892	s.Type = &v
13893	return s
13894}
13895
13896// SetValue sets the Value field's value.
13897func (s *HandshakeResource) SetValue(v string) *HandshakeResource {
13898	s.Value = &v
13899	return s
13900}
13901
13902type InviteAccountToOrganizationInput struct {
13903	_ struct{} `type:"structure"`
13904
13905	// Additional information that you want to include in the generated email to
13906	// the recipient account owner.
13907	Notes *string `type:"string" sensitive:"true"`
13908
13909	// The identifier (ID) of the AWS account that you want to invite to join your
13910	// organization. This is a JSON object that contains the following elements:
13911	//
13912	// { "Type": "ACCOUNT", "Id": "< account id number >" }
13913	//
13914	// If you use the AWS CLI, you can submit this as a single string, similar to
13915	// the following example:
13916	//
13917	// --target Id=123456789012,Type=ACCOUNT
13918	//
13919	// If you specify "Type": "ACCOUNT", you must provide the AWS account ID number
13920	// as the Id. If you specify "Type": "EMAIL", you must specify the email address
13921	// that is associated with the account.
13922	//
13923	// --target Id=diego@example.com,Type=EMAIL
13924	//
13925	// Target is a required field
13926	Target *HandshakeParty `type:"structure" required:"true"`
13927}
13928
13929// String returns the string representation
13930func (s InviteAccountToOrganizationInput) String() string {
13931	return awsutil.Prettify(s)
13932}
13933
13934// GoString returns the string representation
13935func (s InviteAccountToOrganizationInput) GoString() string {
13936	return s.String()
13937}
13938
13939// Validate inspects the fields of the type to determine if they are valid.
13940func (s *InviteAccountToOrganizationInput) Validate() error {
13941	invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"}
13942	if s.Target == nil {
13943		invalidParams.Add(request.NewErrParamRequired("Target"))
13944	}
13945	if s.Target != nil {
13946		if err := s.Target.Validate(); err != nil {
13947			invalidParams.AddNested("Target", err.(request.ErrInvalidParams))
13948		}
13949	}
13950
13951	if invalidParams.Len() > 0 {
13952		return invalidParams
13953	}
13954	return nil
13955}
13956
13957// SetNotes sets the Notes field's value.
13958func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput {
13959	s.Notes = &v
13960	return s
13961}
13962
13963// SetTarget sets the Target field's value.
13964func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput {
13965	s.Target = v
13966	return s
13967}
13968
13969type InviteAccountToOrganizationOutput struct {
13970	_ struct{} `type:"structure"`
13971
13972	// A structure that contains details about the handshake that is created to
13973	// support this invitation request.
13974	Handshake *Handshake `type:"structure"`
13975}
13976
13977// String returns the string representation
13978func (s InviteAccountToOrganizationOutput) String() string {
13979	return awsutil.Prettify(s)
13980}
13981
13982// GoString returns the string representation
13983func (s InviteAccountToOrganizationOutput) GoString() string {
13984	return s.String()
13985}
13986
13987// SetHandshake sets the Handshake field's value.
13988func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput {
13989	s.Handshake = v
13990	return s
13991}
13992
13993type LeaveOrganizationInput struct {
13994	_ struct{} `type:"structure"`
13995}
13996
13997// String returns the string representation
13998func (s LeaveOrganizationInput) String() string {
13999	return awsutil.Prettify(s)
14000}
14001
14002// GoString returns the string representation
14003func (s LeaveOrganizationInput) GoString() string {
14004	return s.String()
14005}
14006
14007type LeaveOrganizationOutput struct {
14008	_ struct{} `type:"structure"`
14009}
14010
14011// String returns the string representation
14012func (s LeaveOrganizationOutput) String() string {
14013	return awsutil.Prettify(s)
14014}
14015
14016// GoString returns the string representation
14017func (s LeaveOrganizationOutput) GoString() string {
14018	return s.String()
14019}
14020
14021type ListAWSServiceAccessForOrganizationInput struct {
14022	_ struct{} `type:"structure"`
14023
14024	// (Optional) Use this to limit the number of results you want included per
14025	// page in the response. If you do not include this parameter, it defaults to
14026	// a value that is specific to the operation. If additional items exist beyond
14027	// the maximum you specify, the NextToken response element is present and has
14028	// a value (is not null). Include that value as the NextToken request parameter
14029	// in the next call to the operation to get the next part of the results. Note
14030	// that Organizations might return fewer results than the maximum even when
14031	// there are more results available. You should check NextToken after every
14032	// operation to ensure that you receive all of the results.
14033	MaxResults *int64 `min:"1" type:"integer"`
14034
14035	// Use this parameter if you receive a NextToken response in a previous request
14036	// that indicates that there is more output available. Set it to the value of
14037	// the previous call's NextToken response to indicate where the output should
14038	// continue from.
14039	NextToken *string `type:"string"`
14040}
14041
14042// String returns the string representation
14043func (s ListAWSServiceAccessForOrganizationInput) String() string {
14044	return awsutil.Prettify(s)
14045}
14046
14047// GoString returns the string representation
14048func (s ListAWSServiceAccessForOrganizationInput) GoString() string {
14049	return s.String()
14050}
14051
14052// Validate inspects the fields of the type to determine if they are valid.
14053func (s *ListAWSServiceAccessForOrganizationInput) Validate() error {
14054	invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"}
14055	if s.MaxResults != nil && *s.MaxResults < 1 {
14056		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14057	}
14058
14059	if invalidParams.Len() > 0 {
14060		return invalidParams
14061	}
14062	return nil
14063}
14064
14065// SetMaxResults sets the MaxResults field's value.
14066func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput {
14067	s.MaxResults = &v
14068	return s
14069}
14070
14071// SetNextToken sets the NextToken field's value.
14072func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput {
14073	s.NextToken = &v
14074	return s
14075}
14076
14077type ListAWSServiceAccessForOrganizationOutput struct {
14078	_ struct{} `type:"structure"`
14079
14080	// A list of the service principals for the services that are enabled to integrate
14081	// with your organization. Each principal is a structure that includes the name
14082	// and the date that it was enabled for integration with AWS Organizations.
14083	EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"`
14084
14085	// If present, this value indicates that there is more output available than
14086	// is included in the current response. Use this value in the NextToken request
14087	// parameter in a subsequent call to the operation to get the next part of the
14088	// output. You should repeat this until the NextToken response element comes
14089	// back as null.
14090	NextToken *string `type:"string"`
14091}
14092
14093// String returns the string representation
14094func (s ListAWSServiceAccessForOrganizationOutput) String() string {
14095	return awsutil.Prettify(s)
14096}
14097
14098// GoString returns the string representation
14099func (s ListAWSServiceAccessForOrganizationOutput) GoString() string {
14100	return s.String()
14101}
14102
14103// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value.
14104func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput {
14105	s.EnabledServicePrincipals = v
14106	return s
14107}
14108
14109// SetNextToken sets the NextToken field's value.
14110func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput {
14111	s.NextToken = &v
14112	return s
14113}
14114
14115type ListAccountsForParentInput struct {
14116	_ struct{} `type:"structure"`
14117
14118	// (Optional) Use this to limit the number of results you want included per
14119	// page in the response. If you do not include this parameter, it defaults to
14120	// a value that is specific to the operation. If additional items exist beyond
14121	// the maximum you specify, the NextToken response element is present and has
14122	// a value (is not null). Include that value as the NextToken request parameter
14123	// in the next call to the operation to get the next part of the results. Note
14124	// that Organizations might return fewer results than the maximum even when
14125	// there are more results available. You should check NextToken after every
14126	// operation to ensure that you receive all of the results.
14127	MaxResults *int64 `min:"1" type:"integer"`
14128
14129	// Use this parameter if you receive a NextToken response in a previous request
14130	// that indicates that there is more output available. Set it to the value of
14131	// the previous call's NextToken response to indicate where the output should
14132	// continue from.
14133	NextToken *string `type:"string"`
14134
14135	// The unique identifier (ID) for the parent root or organization unit (OU)
14136	// whose accounts you want to list.
14137	//
14138	// ParentId is a required field
14139	ParentId *string `type:"string" required:"true"`
14140}
14141
14142// String returns the string representation
14143func (s ListAccountsForParentInput) String() string {
14144	return awsutil.Prettify(s)
14145}
14146
14147// GoString returns the string representation
14148func (s ListAccountsForParentInput) GoString() string {
14149	return s.String()
14150}
14151
14152// Validate inspects the fields of the type to determine if they are valid.
14153func (s *ListAccountsForParentInput) Validate() error {
14154	invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"}
14155	if s.MaxResults != nil && *s.MaxResults < 1 {
14156		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14157	}
14158	if s.ParentId == nil {
14159		invalidParams.Add(request.NewErrParamRequired("ParentId"))
14160	}
14161
14162	if invalidParams.Len() > 0 {
14163		return invalidParams
14164	}
14165	return nil
14166}
14167
14168// SetMaxResults sets the MaxResults field's value.
14169func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput {
14170	s.MaxResults = &v
14171	return s
14172}
14173
14174// SetNextToken sets the NextToken field's value.
14175func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput {
14176	s.NextToken = &v
14177	return s
14178}
14179
14180// SetParentId sets the ParentId field's value.
14181func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput {
14182	s.ParentId = &v
14183	return s
14184}
14185
14186type ListAccountsForParentOutput struct {
14187	_ struct{} `type:"structure"`
14188
14189	// A list of the accounts in the specified root or OU.
14190	Accounts []*Account `type:"list"`
14191
14192	// If present, this value indicates that there is more output available than
14193	// is included in the current response. Use this value in the NextToken request
14194	// parameter in a subsequent call to the operation to get the next part of the
14195	// output. You should repeat this until the NextToken response element comes
14196	// back as null.
14197	NextToken *string `type:"string"`
14198}
14199
14200// String returns the string representation
14201func (s ListAccountsForParentOutput) String() string {
14202	return awsutil.Prettify(s)
14203}
14204
14205// GoString returns the string representation
14206func (s ListAccountsForParentOutput) GoString() string {
14207	return s.String()
14208}
14209
14210// SetAccounts sets the Accounts field's value.
14211func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput {
14212	s.Accounts = v
14213	return s
14214}
14215
14216// SetNextToken sets the NextToken field's value.
14217func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput {
14218	s.NextToken = &v
14219	return s
14220}
14221
14222type ListAccountsInput struct {
14223	_ struct{} `type:"structure"`
14224
14225	// (Optional) Use this to limit the number of results you want included per
14226	// page in the response. If you do not include this parameter, it defaults to
14227	// a value that is specific to the operation. If additional items exist beyond
14228	// the maximum you specify, the NextToken response element is present and has
14229	// a value (is not null). Include that value as the NextToken request parameter
14230	// in the next call to the operation to get the next part of the results. Note
14231	// that Organizations might return fewer results than the maximum even when
14232	// there are more results available. You should check NextToken after every
14233	// operation to ensure that you receive all of the results.
14234	MaxResults *int64 `min:"1" type:"integer"`
14235
14236	// Use this parameter if you receive a NextToken response in a previous request
14237	// that indicates that there is more output available. Set it to the value of
14238	// the previous call's NextToken response to indicate where the output should
14239	// continue from.
14240	NextToken *string `type:"string"`
14241}
14242
14243// String returns the string representation
14244func (s ListAccountsInput) String() string {
14245	return awsutil.Prettify(s)
14246}
14247
14248// GoString returns the string representation
14249func (s ListAccountsInput) GoString() string {
14250	return s.String()
14251}
14252
14253// Validate inspects the fields of the type to determine if they are valid.
14254func (s *ListAccountsInput) Validate() error {
14255	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
14256	if s.MaxResults != nil && *s.MaxResults < 1 {
14257		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14258	}
14259
14260	if invalidParams.Len() > 0 {
14261		return invalidParams
14262	}
14263	return nil
14264}
14265
14266// SetMaxResults sets the MaxResults field's value.
14267func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
14268	s.MaxResults = &v
14269	return s
14270}
14271
14272// SetNextToken sets the NextToken field's value.
14273func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
14274	s.NextToken = &v
14275	return s
14276}
14277
14278type ListAccountsOutput struct {
14279	_ struct{} `type:"structure"`
14280
14281	// A list of objects in the organization.
14282	Accounts []*Account `type:"list"`
14283
14284	// If present, this value indicates that there is more output available than
14285	// is included in the current response. Use this value in the NextToken request
14286	// parameter in a subsequent call to the operation to get the next part of the
14287	// output. You should repeat this until the NextToken response element comes
14288	// back as null.
14289	NextToken *string `type:"string"`
14290}
14291
14292// String returns the string representation
14293func (s ListAccountsOutput) String() string {
14294	return awsutil.Prettify(s)
14295}
14296
14297// GoString returns the string representation
14298func (s ListAccountsOutput) GoString() string {
14299	return s.String()
14300}
14301
14302// SetAccounts sets the Accounts field's value.
14303func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput {
14304	s.Accounts = v
14305	return s
14306}
14307
14308// SetNextToken sets the NextToken field's value.
14309func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
14310	s.NextToken = &v
14311	return s
14312}
14313
14314type ListChildrenInput struct {
14315	_ struct{} `type:"structure"`
14316
14317	// Filters the output to include only the specified child type.
14318	//
14319	// ChildType is a required field
14320	ChildType *string `type:"string" required:"true" enum:"ChildType"`
14321
14322	// (Optional) Use this to limit the number of results you want included per
14323	// page in the response. If you do not include this parameter, it defaults to
14324	// a value that is specific to the operation. If additional items exist beyond
14325	// the maximum you specify, the NextToken response element is present and has
14326	// a value (is not null). Include that value as the NextToken request parameter
14327	// in the next call to the operation to get the next part of the results. Note
14328	// that Organizations might return fewer results than the maximum even when
14329	// there are more results available. You should check NextToken after every
14330	// operation to ensure that you receive all of the results.
14331	MaxResults *int64 `min:"1" type:"integer"`
14332
14333	// Use this parameter if you receive a NextToken response in a previous request
14334	// that indicates that there is more output available. Set it to the value of
14335	// the previous call's NextToken response to indicate where the output should
14336	// continue from.
14337	NextToken *string `type:"string"`
14338
14339	// The unique identifier (ID) for the parent root or OU whose children you want
14340	// to list.
14341	//
14342	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
14343	// requires one of the following:
14344	//
14345	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
14346	//    letters or digits.
14347	//
14348	//    * Organizational unit (OU) - A string that begins with "ou-" followed
14349	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
14350	//    OU is in). This string is followed by a second "-" dash and from 8 to
14351	//    32 additional lowercase letters or digits.
14352	//
14353	// ParentId is a required field
14354	ParentId *string `type:"string" required:"true"`
14355}
14356
14357// String returns the string representation
14358func (s ListChildrenInput) String() string {
14359	return awsutil.Prettify(s)
14360}
14361
14362// GoString returns the string representation
14363func (s ListChildrenInput) GoString() string {
14364	return s.String()
14365}
14366
14367// Validate inspects the fields of the type to determine if they are valid.
14368func (s *ListChildrenInput) Validate() error {
14369	invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"}
14370	if s.ChildType == nil {
14371		invalidParams.Add(request.NewErrParamRequired("ChildType"))
14372	}
14373	if s.MaxResults != nil && *s.MaxResults < 1 {
14374		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14375	}
14376	if s.ParentId == nil {
14377		invalidParams.Add(request.NewErrParamRequired("ParentId"))
14378	}
14379
14380	if invalidParams.Len() > 0 {
14381		return invalidParams
14382	}
14383	return nil
14384}
14385
14386// SetChildType sets the ChildType field's value.
14387func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput {
14388	s.ChildType = &v
14389	return s
14390}
14391
14392// SetMaxResults sets the MaxResults field's value.
14393func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput {
14394	s.MaxResults = &v
14395	return s
14396}
14397
14398// SetNextToken sets the NextToken field's value.
14399func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput {
14400	s.NextToken = &v
14401	return s
14402}
14403
14404// SetParentId sets the ParentId field's value.
14405func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput {
14406	s.ParentId = &v
14407	return s
14408}
14409
14410type ListChildrenOutput struct {
14411	_ struct{} `type:"structure"`
14412
14413	// The list of children of the specified parent container.
14414	Children []*Child `type:"list"`
14415
14416	// If present, this value indicates that there is more output available than
14417	// is included in the current response. Use this value in the NextToken request
14418	// parameter in a subsequent call to the operation to get the next part of the
14419	// output. You should repeat this until the NextToken response element comes
14420	// back as null.
14421	NextToken *string `type:"string"`
14422}
14423
14424// String returns the string representation
14425func (s ListChildrenOutput) String() string {
14426	return awsutil.Prettify(s)
14427}
14428
14429// GoString returns the string representation
14430func (s ListChildrenOutput) GoString() string {
14431	return s.String()
14432}
14433
14434// SetChildren sets the Children field's value.
14435func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput {
14436	s.Children = v
14437	return s
14438}
14439
14440// SetNextToken sets the NextToken field's value.
14441func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput {
14442	s.NextToken = &v
14443	return s
14444}
14445
14446type ListCreateAccountStatusInput struct {
14447	_ struct{} `type:"structure"`
14448
14449	// (Optional) Use this to limit the number of results you want included per
14450	// page in the response. If you do not include this parameter, it defaults to
14451	// a value that is specific to the operation. If additional items exist beyond
14452	// the maximum you specify, the NextToken response element is present and has
14453	// a value (is not null). Include that value as the NextToken request parameter
14454	// in the next call to the operation to get the next part of the results. Note
14455	// that Organizations might return fewer results than the maximum even when
14456	// there are more results available. You should check NextToken after every
14457	// operation to ensure that you receive all of the results.
14458	MaxResults *int64 `min:"1" type:"integer"`
14459
14460	// Use this parameter if you receive a NextToken response in a previous request
14461	// that indicates that there is more output available. Set it to the value of
14462	// the previous call's NextToken response to indicate where the output should
14463	// continue from.
14464	NextToken *string `type:"string"`
14465
14466	// A list of one or more states that you want included in the response. If this
14467	// parameter isn't present, all requests are included in the response.
14468	States []*string `type:"list"`
14469}
14470
14471// String returns the string representation
14472func (s ListCreateAccountStatusInput) String() string {
14473	return awsutil.Prettify(s)
14474}
14475
14476// GoString returns the string representation
14477func (s ListCreateAccountStatusInput) GoString() string {
14478	return s.String()
14479}
14480
14481// Validate inspects the fields of the type to determine if they are valid.
14482func (s *ListCreateAccountStatusInput) Validate() error {
14483	invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"}
14484	if s.MaxResults != nil && *s.MaxResults < 1 {
14485		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14486	}
14487
14488	if invalidParams.Len() > 0 {
14489		return invalidParams
14490	}
14491	return nil
14492}
14493
14494// SetMaxResults sets the MaxResults field's value.
14495func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput {
14496	s.MaxResults = &v
14497	return s
14498}
14499
14500// SetNextToken sets the NextToken field's value.
14501func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput {
14502	s.NextToken = &v
14503	return s
14504}
14505
14506// SetStates sets the States field's value.
14507func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput {
14508	s.States = v
14509	return s
14510}
14511
14512type ListCreateAccountStatusOutput struct {
14513	_ struct{} `type:"structure"`
14514
14515	// A list of objects with details about the requests. Certain elements, such
14516	// as the accountId number, are present in the output only after the account
14517	// has been successfully created.
14518	CreateAccountStatuses []*CreateAccountStatus `type:"list"`
14519
14520	// If present, this value indicates that there is more output available than
14521	// is included in the current response. Use this value in the NextToken request
14522	// parameter in a subsequent call to the operation to get the next part of the
14523	// output. You should repeat this until the NextToken response element comes
14524	// back as null.
14525	NextToken *string `type:"string"`
14526}
14527
14528// String returns the string representation
14529func (s ListCreateAccountStatusOutput) String() string {
14530	return awsutil.Prettify(s)
14531}
14532
14533// GoString returns the string representation
14534func (s ListCreateAccountStatusOutput) GoString() string {
14535	return s.String()
14536}
14537
14538// SetCreateAccountStatuses sets the CreateAccountStatuses field's value.
14539func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput {
14540	s.CreateAccountStatuses = v
14541	return s
14542}
14543
14544// SetNextToken sets the NextToken field's value.
14545func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput {
14546	s.NextToken = &v
14547	return s
14548}
14549
14550type ListHandshakesForAccountInput struct {
14551	_ struct{} `type:"structure"`
14552
14553	// Filters the handshakes that you want included in the response. The default
14554	// is all types. Use the ActionType element to limit the output to only a specified
14555	// type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively,
14556	// you can specify the ENABLE_ALL_FEATURES handshake, which generates a separate
14557	// child handshake for each member account. When you do specify ParentHandshakeId
14558	// to see only the handshakes that were generated by that parent request.
14559	Filter *HandshakeFilter `type:"structure"`
14560
14561	// (Optional) Use this to limit the number of results you want included per
14562	// page in the response. If you do not include this parameter, it defaults to
14563	// a value that is specific to the operation. If additional items exist beyond
14564	// the maximum you specify, the NextToken response element is present and has
14565	// a value (is not null). Include that value as the NextToken request parameter
14566	// in the next call to the operation to get the next part of the results. Note
14567	// that Organizations might return fewer results than the maximum even when
14568	// there are more results available. You should check NextToken after every
14569	// operation to ensure that you receive all of the results.
14570	MaxResults *int64 `min:"1" type:"integer"`
14571
14572	// Use this parameter if you receive a NextToken response in a previous request
14573	// that indicates that there is more output available. Set it to the value of
14574	// the previous call's NextToken response to indicate where the output should
14575	// continue from.
14576	NextToken *string `type:"string"`
14577}
14578
14579// String returns the string representation
14580func (s ListHandshakesForAccountInput) String() string {
14581	return awsutil.Prettify(s)
14582}
14583
14584// GoString returns the string representation
14585func (s ListHandshakesForAccountInput) GoString() string {
14586	return s.String()
14587}
14588
14589// Validate inspects the fields of the type to determine if they are valid.
14590func (s *ListHandshakesForAccountInput) Validate() error {
14591	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"}
14592	if s.MaxResults != nil && *s.MaxResults < 1 {
14593		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14594	}
14595
14596	if invalidParams.Len() > 0 {
14597		return invalidParams
14598	}
14599	return nil
14600}
14601
14602// SetFilter sets the Filter field's value.
14603func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput {
14604	s.Filter = v
14605	return s
14606}
14607
14608// SetMaxResults sets the MaxResults field's value.
14609func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput {
14610	s.MaxResults = &v
14611	return s
14612}
14613
14614// SetNextToken sets the NextToken field's value.
14615func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput {
14616	s.NextToken = &v
14617	return s
14618}
14619
14620type ListHandshakesForAccountOutput struct {
14621	_ struct{} `type:"structure"`
14622
14623	// A list of Handshake objects with details about each of the handshakes that
14624	// is associated with the specified account.
14625	Handshakes []*Handshake `type:"list"`
14626
14627	// If present, this value indicates that there is more output available than
14628	// is included in the current response. Use this value in the NextToken request
14629	// parameter in a subsequent call to the operation to get the next part of the
14630	// output. You should repeat this until the NextToken response element comes
14631	// back as null.
14632	NextToken *string `type:"string"`
14633}
14634
14635// String returns the string representation
14636func (s ListHandshakesForAccountOutput) String() string {
14637	return awsutil.Prettify(s)
14638}
14639
14640// GoString returns the string representation
14641func (s ListHandshakesForAccountOutput) GoString() string {
14642	return s.String()
14643}
14644
14645// SetHandshakes sets the Handshakes field's value.
14646func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput {
14647	s.Handshakes = v
14648	return s
14649}
14650
14651// SetNextToken sets the NextToken field's value.
14652func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput {
14653	s.NextToken = &v
14654	return s
14655}
14656
14657type ListHandshakesForOrganizationInput struct {
14658	_ struct{} `type:"structure"`
14659
14660	// A filter of the handshakes that you want included in the response. The default
14661	// is all types. Use the ActionType element to limit the output to only a specified
14662	// type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively,
14663	// you can specify the ENABLE-ALL-FEATURES handshake, which generates a separate
14664	// child handshake for each member account. When you do, specify the ParentHandshakeId
14665	// to see only the handshakes that were generated by that parent request.
14666	Filter *HandshakeFilter `type:"structure"`
14667
14668	// (Optional) Use this to limit the number of results you want included per
14669	// page in the response. If you do not include this parameter, it defaults to
14670	// a value that is specific to the operation. If additional items exist beyond
14671	// the maximum you specify, the NextToken response element is present and has
14672	// a value (is not null). Include that value as the NextToken request parameter
14673	// in the next call to the operation to get the next part of the results. Note
14674	// that Organizations might return fewer results than the maximum even when
14675	// there are more results available. You should check NextToken after every
14676	// operation to ensure that you receive all of the results.
14677	MaxResults *int64 `min:"1" type:"integer"`
14678
14679	// Use this parameter if you receive a NextToken response in a previous request
14680	// that indicates that there is more output available. Set it to the value of
14681	// the previous call's NextToken response to indicate where the output should
14682	// continue from.
14683	NextToken *string `type:"string"`
14684}
14685
14686// String returns the string representation
14687func (s ListHandshakesForOrganizationInput) String() string {
14688	return awsutil.Prettify(s)
14689}
14690
14691// GoString returns the string representation
14692func (s ListHandshakesForOrganizationInput) GoString() string {
14693	return s.String()
14694}
14695
14696// Validate inspects the fields of the type to determine if they are valid.
14697func (s *ListHandshakesForOrganizationInput) Validate() error {
14698	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"}
14699	if s.MaxResults != nil && *s.MaxResults < 1 {
14700		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14701	}
14702
14703	if invalidParams.Len() > 0 {
14704		return invalidParams
14705	}
14706	return nil
14707}
14708
14709// SetFilter sets the Filter field's value.
14710func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput {
14711	s.Filter = v
14712	return s
14713}
14714
14715// SetMaxResults sets the MaxResults field's value.
14716func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput {
14717	s.MaxResults = &v
14718	return s
14719}
14720
14721// SetNextToken sets the NextToken field's value.
14722func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput {
14723	s.NextToken = &v
14724	return s
14725}
14726
14727type ListHandshakesForOrganizationOutput struct {
14728	_ struct{} `type:"structure"`
14729
14730	// A list of Handshake objects with details about each of the handshakes that
14731	// are associated with an organization.
14732	Handshakes []*Handshake `type:"list"`
14733
14734	// If present, this value indicates that there is more output available than
14735	// is included in the current response. Use this value in the NextToken request
14736	// parameter in a subsequent call to the operation to get the next part of the
14737	// output. You should repeat this until the NextToken response element comes
14738	// back as null.
14739	NextToken *string `type:"string"`
14740}
14741
14742// String returns the string representation
14743func (s ListHandshakesForOrganizationOutput) String() string {
14744	return awsutil.Prettify(s)
14745}
14746
14747// GoString returns the string representation
14748func (s ListHandshakesForOrganizationOutput) GoString() string {
14749	return s.String()
14750}
14751
14752// SetHandshakes sets the Handshakes field's value.
14753func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput {
14754	s.Handshakes = v
14755	return s
14756}
14757
14758// SetNextToken sets the NextToken field's value.
14759func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput {
14760	s.NextToken = &v
14761	return s
14762}
14763
14764type ListOrganizationalUnitsForParentInput struct {
14765	_ struct{} `type:"structure"`
14766
14767	// (Optional) Use this to limit the number of results you want included per
14768	// page in the response. If you do not include this parameter, it defaults to
14769	// a value that is specific to the operation. If additional items exist beyond
14770	// the maximum you specify, the NextToken response element is present and has
14771	// a value (is not null). Include that value as the NextToken request parameter
14772	// in the next call to the operation to get the next part of the results. Note
14773	// that Organizations might return fewer results than the maximum even when
14774	// there are more results available. You should check NextToken after every
14775	// operation to ensure that you receive all of the results.
14776	MaxResults *int64 `min:"1" type:"integer"`
14777
14778	// Use this parameter if you receive a NextToken response in a previous request
14779	// that indicates that there is more output available. Set it to the value of
14780	// the previous call's NextToken response to indicate where the output should
14781	// continue from.
14782	NextToken *string `type:"string"`
14783
14784	// The unique identifier (ID) of the root or OU whose child OUs you want to
14785	// list.
14786	//
14787	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
14788	// requires one of the following:
14789	//
14790	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
14791	//    letters or digits.
14792	//
14793	//    * Organizational unit (OU) - A string that begins with "ou-" followed
14794	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
14795	//    OU is in). This string is followed by a second "-" dash and from 8 to
14796	//    32 additional lowercase letters or digits.
14797	//
14798	// ParentId is a required field
14799	ParentId *string `type:"string" required:"true"`
14800}
14801
14802// String returns the string representation
14803func (s ListOrganizationalUnitsForParentInput) String() string {
14804	return awsutil.Prettify(s)
14805}
14806
14807// GoString returns the string representation
14808func (s ListOrganizationalUnitsForParentInput) GoString() string {
14809	return s.String()
14810}
14811
14812// Validate inspects the fields of the type to determine if they are valid.
14813func (s *ListOrganizationalUnitsForParentInput) Validate() error {
14814	invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"}
14815	if s.MaxResults != nil && *s.MaxResults < 1 {
14816		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14817	}
14818	if s.ParentId == nil {
14819		invalidParams.Add(request.NewErrParamRequired("ParentId"))
14820	}
14821
14822	if invalidParams.Len() > 0 {
14823		return invalidParams
14824	}
14825	return nil
14826}
14827
14828// SetMaxResults sets the MaxResults field's value.
14829func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput {
14830	s.MaxResults = &v
14831	return s
14832}
14833
14834// SetNextToken sets the NextToken field's value.
14835func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput {
14836	s.NextToken = &v
14837	return s
14838}
14839
14840// SetParentId sets the ParentId field's value.
14841func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput {
14842	s.ParentId = &v
14843	return s
14844}
14845
14846type ListOrganizationalUnitsForParentOutput struct {
14847	_ struct{} `type:"structure"`
14848
14849	// If present, this value indicates that there is more output available than
14850	// is included in the current response. Use this value in the NextToken request
14851	// parameter in a subsequent call to the operation to get the next part of the
14852	// output. You should repeat this until the NextToken response element comes
14853	// back as null.
14854	NextToken *string `type:"string"`
14855
14856	// A list of the OUs in the specified root or parent OU.
14857	OrganizationalUnits []*OrganizationalUnit `type:"list"`
14858}
14859
14860// String returns the string representation
14861func (s ListOrganizationalUnitsForParentOutput) String() string {
14862	return awsutil.Prettify(s)
14863}
14864
14865// GoString returns the string representation
14866func (s ListOrganizationalUnitsForParentOutput) GoString() string {
14867	return s.String()
14868}
14869
14870// SetNextToken sets the NextToken field's value.
14871func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput {
14872	s.NextToken = &v
14873	return s
14874}
14875
14876// SetOrganizationalUnits sets the OrganizationalUnits field's value.
14877func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput {
14878	s.OrganizationalUnits = v
14879	return s
14880}
14881
14882type ListParentsInput struct {
14883	_ struct{} `type:"structure"`
14884
14885	// The unique identifier (ID) of the OU or account whose parent containers you
14886	// want to list. Don't specify a root.
14887	//
14888	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
14889	// requires one of the following:
14890	//
14891	//    * Account - A string that consists of exactly 12 digits.
14892	//
14893	//    * Organizational unit (OU) - A string that begins with "ou-" followed
14894	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
14895	//    the OU). This string is followed by a second "-" dash and from 8 to 32
14896	//    additional lowercase letters or digits.
14897	//
14898	// ChildId is a required field
14899	ChildId *string `type:"string" required:"true"`
14900
14901	// (Optional) Use this to limit the number of results you want included per
14902	// page in the response. If you do not include this parameter, it defaults to
14903	// a value that is specific to the operation. If additional items exist beyond
14904	// the maximum you specify, the NextToken response element is present and has
14905	// a value (is not null). Include that value as the NextToken request parameter
14906	// in the next call to the operation to get the next part of the results. Note
14907	// that Organizations might return fewer results than the maximum even when
14908	// there are more results available. You should check NextToken after every
14909	// operation to ensure that you receive all of the results.
14910	MaxResults *int64 `min:"1" type:"integer"`
14911
14912	// Use this parameter if you receive a NextToken response in a previous request
14913	// that indicates that there is more output available. Set it to the value of
14914	// the previous call's NextToken response to indicate where the output should
14915	// continue from.
14916	NextToken *string `type:"string"`
14917}
14918
14919// String returns the string representation
14920func (s ListParentsInput) String() string {
14921	return awsutil.Prettify(s)
14922}
14923
14924// GoString returns the string representation
14925func (s ListParentsInput) GoString() string {
14926	return s.String()
14927}
14928
14929// Validate inspects the fields of the type to determine if they are valid.
14930func (s *ListParentsInput) Validate() error {
14931	invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"}
14932	if s.ChildId == nil {
14933		invalidParams.Add(request.NewErrParamRequired("ChildId"))
14934	}
14935	if s.MaxResults != nil && *s.MaxResults < 1 {
14936		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
14937	}
14938
14939	if invalidParams.Len() > 0 {
14940		return invalidParams
14941	}
14942	return nil
14943}
14944
14945// SetChildId sets the ChildId field's value.
14946func (s *ListParentsInput) SetChildId(v string) *ListParentsInput {
14947	s.ChildId = &v
14948	return s
14949}
14950
14951// SetMaxResults sets the MaxResults field's value.
14952func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput {
14953	s.MaxResults = &v
14954	return s
14955}
14956
14957// SetNextToken sets the NextToken field's value.
14958func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput {
14959	s.NextToken = &v
14960	return s
14961}
14962
14963type ListParentsOutput struct {
14964	_ struct{} `type:"structure"`
14965
14966	// If present, this value indicates that there is more output available than
14967	// is included in the current response. Use this value in the NextToken request
14968	// parameter in a subsequent call to the operation to get the next part of the
14969	// output. You should repeat this until the NextToken response element comes
14970	// back as null.
14971	NextToken *string `type:"string"`
14972
14973	// A list of parents for the specified child account or OU.
14974	Parents []*Parent `type:"list"`
14975}
14976
14977// String returns the string representation
14978func (s ListParentsOutput) String() string {
14979	return awsutil.Prettify(s)
14980}
14981
14982// GoString returns the string representation
14983func (s ListParentsOutput) GoString() string {
14984	return s.String()
14985}
14986
14987// SetNextToken sets the NextToken field's value.
14988func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput {
14989	s.NextToken = &v
14990	return s
14991}
14992
14993// SetParents sets the Parents field's value.
14994func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput {
14995	s.Parents = v
14996	return s
14997}
14998
14999type ListPoliciesForTargetInput struct {
15000	_ struct{} `type:"structure"`
15001
15002	// The type of policy that you want to include in the returned list.
15003	//
15004	// Filter is a required field
15005	Filter *string `type:"string" required:"true" enum:"PolicyType"`
15006
15007	// (Optional) Use this to limit the number of results you want included per
15008	// page in the response. If you do not include this parameter, it defaults to
15009	// a value that is specific to the operation. If additional items exist beyond
15010	// the maximum you specify, the NextToken response element is present and has
15011	// a value (is not null). Include that value as the NextToken request parameter
15012	// in the next call to the operation to get the next part of the results. Note
15013	// that Organizations might return fewer results than the maximum even when
15014	// there are more results available. You should check NextToken after every
15015	// operation to ensure that you receive all of the results.
15016	MaxResults *int64 `min:"1" type:"integer"`
15017
15018	// Use this parameter if you receive a NextToken response in a previous request
15019	// that indicates that there is more output available. Set it to the value of
15020	// the previous call's NextToken response to indicate where the output should
15021	// continue from.
15022	NextToken *string `type:"string"`
15023
15024	// The unique identifier (ID) of the root, organizational unit, or account whose
15025	// policies you want to list.
15026	//
15027	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
15028	// requires one of the following:
15029	//
15030	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
15031	//    letters or digits.
15032	//
15033	//    * Account - A string that consists of exactly 12 digits.
15034	//
15035	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15036	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
15037	//    OU is in). This string is followed by a second "-" dash and from 8 to
15038	//    32 additional lowercase letters or digits.
15039	//
15040	// TargetId is a required field
15041	TargetId *string `type:"string" required:"true"`
15042}
15043
15044// String returns the string representation
15045func (s ListPoliciesForTargetInput) String() string {
15046	return awsutil.Prettify(s)
15047}
15048
15049// GoString returns the string representation
15050func (s ListPoliciesForTargetInput) GoString() string {
15051	return s.String()
15052}
15053
15054// Validate inspects the fields of the type to determine if they are valid.
15055func (s *ListPoliciesForTargetInput) Validate() error {
15056	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"}
15057	if s.Filter == nil {
15058		invalidParams.Add(request.NewErrParamRequired("Filter"))
15059	}
15060	if s.MaxResults != nil && *s.MaxResults < 1 {
15061		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
15062	}
15063	if s.TargetId == nil {
15064		invalidParams.Add(request.NewErrParamRequired("TargetId"))
15065	}
15066
15067	if invalidParams.Len() > 0 {
15068		return invalidParams
15069	}
15070	return nil
15071}
15072
15073// SetFilter sets the Filter field's value.
15074func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput {
15075	s.Filter = &v
15076	return s
15077}
15078
15079// SetMaxResults sets the MaxResults field's value.
15080func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput {
15081	s.MaxResults = &v
15082	return s
15083}
15084
15085// SetNextToken sets the NextToken field's value.
15086func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput {
15087	s.NextToken = &v
15088	return s
15089}
15090
15091// SetTargetId sets the TargetId field's value.
15092func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput {
15093	s.TargetId = &v
15094	return s
15095}
15096
15097type ListPoliciesForTargetOutput struct {
15098	_ struct{} `type:"structure"`
15099
15100	// If present, this value indicates that there is more output available than
15101	// is included in the current response. Use this value in the NextToken request
15102	// parameter in a subsequent call to the operation to get the next part of the
15103	// output. You should repeat this until the NextToken response element comes
15104	// back as null.
15105	NextToken *string `type:"string"`
15106
15107	// The list of policies that match the criteria in the request.
15108	Policies []*PolicySummary `type:"list"`
15109}
15110
15111// String returns the string representation
15112func (s ListPoliciesForTargetOutput) String() string {
15113	return awsutil.Prettify(s)
15114}
15115
15116// GoString returns the string representation
15117func (s ListPoliciesForTargetOutput) GoString() string {
15118	return s.String()
15119}
15120
15121// SetNextToken sets the NextToken field's value.
15122func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput {
15123	s.NextToken = &v
15124	return s
15125}
15126
15127// SetPolicies sets the Policies field's value.
15128func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput {
15129	s.Policies = v
15130	return s
15131}
15132
15133type ListPoliciesInput struct {
15134	_ struct{} `type:"structure"`
15135
15136	// Specifies the type of policy that you want to include in the response.
15137	//
15138	// Filter is a required field
15139	Filter *string `type:"string" required:"true" enum:"PolicyType"`
15140
15141	// (Optional) Use this to limit the number of results you want included per
15142	// page in the response. If you do not include this parameter, it defaults to
15143	// a value that is specific to the operation. If additional items exist beyond
15144	// the maximum you specify, the NextToken response element is present and has
15145	// a value (is not null). Include that value as the NextToken request parameter
15146	// in the next call to the operation to get the next part of the results. Note
15147	// that Organizations might return fewer results than the maximum even when
15148	// there are more results available. You should check NextToken after every
15149	// operation to ensure that you receive all of the results.
15150	MaxResults *int64 `min:"1" type:"integer"`
15151
15152	// Use this parameter if you receive a NextToken response in a previous request
15153	// that indicates that there is more output available. Set it to the value of
15154	// the previous call's NextToken response to indicate where the output should
15155	// continue from.
15156	NextToken *string `type:"string"`
15157}
15158
15159// String returns the string representation
15160func (s ListPoliciesInput) String() string {
15161	return awsutil.Prettify(s)
15162}
15163
15164// GoString returns the string representation
15165func (s ListPoliciesInput) GoString() string {
15166	return s.String()
15167}
15168
15169// Validate inspects the fields of the type to determine if they are valid.
15170func (s *ListPoliciesInput) Validate() error {
15171	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
15172	if s.Filter == nil {
15173		invalidParams.Add(request.NewErrParamRequired("Filter"))
15174	}
15175	if s.MaxResults != nil && *s.MaxResults < 1 {
15176		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
15177	}
15178
15179	if invalidParams.Len() > 0 {
15180		return invalidParams
15181	}
15182	return nil
15183}
15184
15185// SetFilter sets the Filter field's value.
15186func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput {
15187	s.Filter = &v
15188	return s
15189}
15190
15191// SetMaxResults sets the MaxResults field's value.
15192func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
15193	s.MaxResults = &v
15194	return s
15195}
15196
15197// SetNextToken sets the NextToken field's value.
15198func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
15199	s.NextToken = &v
15200	return s
15201}
15202
15203type ListPoliciesOutput struct {
15204	_ struct{} `type:"structure"`
15205
15206	// If present, this value indicates that there is more output available than
15207	// is included in the current response. Use this value in the NextToken request
15208	// parameter in a subsequent call to the operation to get the next part of the
15209	// output. You should repeat this until the NextToken response element comes
15210	// back as null.
15211	NextToken *string `type:"string"`
15212
15213	// A list of policies that match the filter criteria in the request. The output
15214	// list doesn't include the policy contents. To see the content for a policy,
15215	// see DescribePolicy.
15216	Policies []*PolicySummary `type:"list"`
15217}
15218
15219// String returns the string representation
15220func (s ListPoliciesOutput) String() string {
15221	return awsutil.Prettify(s)
15222}
15223
15224// GoString returns the string representation
15225func (s ListPoliciesOutput) GoString() string {
15226	return s.String()
15227}
15228
15229// SetNextToken sets the NextToken field's value.
15230func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
15231	s.NextToken = &v
15232	return s
15233}
15234
15235// SetPolicies sets the Policies field's value.
15236func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput {
15237	s.Policies = v
15238	return s
15239}
15240
15241type ListRootsInput struct {
15242	_ struct{} `type:"structure"`
15243
15244	// (Optional) Use this to limit the number of results you want included per
15245	// page in the response. If you do not include this parameter, it defaults to
15246	// a value that is specific to the operation. If additional items exist beyond
15247	// the maximum you specify, the NextToken response element is present and has
15248	// a value (is not null). Include that value as the NextToken request parameter
15249	// in the next call to the operation to get the next part of the results. Note
15250	// that Organizations might return fewer results than the maximum even when
15251	// there are more results available. You should check NextToken after every
15252	// operation to ensure that you receive all of the results.
15253	MaxResults *int64 `min:"1" type:"integer"`
15254
15255	// Use this parameter if you receive a NextToken response in a previous request
15256	// that indicates that there is more output available. Set it to the value of
15257	// the previous call's NextToken response to indicate where the output should
15258	// continue from.
15259	NextToken *string `type:"string"`
15260}
15261
15262// String returns the string representation
15263func (s ListRootsInput) String() string {
15264	return awsutil.Prettify(s)
15265}
15266
15267// GoString returns the string representation
15268func (s ListRootsInput) GoString() string {
15269	return s.String()
15270}
15271
15272// Validate inspects the fields of the type to determine if they are valid.
15273func (s *ListRootsInput) Validate() error {
15274	invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"}
15275	if s.MaxResults != nil && *s.MaxResults < 1 {
15276		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
15277	}
15278
15279	if invalidParams.Len() > 0 {
15280		return invalidParams
15281	}
15282	return nil
15283}
15284
15285// SetMaxResults sets the MaxResults field's value.
15286func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput {
15287	s.MaxResults = &v
15288	return s
15289}
15290
15291// SetNextToken sets the NextToken field's value.
15292func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput {
15293	s.NextToken = &v
15294	return s
15295}
15296
15297type ListRootsOutput struct {
15298	_ struct{} `type:"structure"`
15299
15300	// If present, this value indicates that there is more output available than
15301	// is included in the current response. Use this value in the NextToken request
15302	// parameter in a subsequent call to the operation to get the next part of the
15303	// output. You should repeat this until the NextToken response element comes
15304	// back as null.
15305	NextToken *string `type:"string"`
15306
15307	// A list of roots that are defined in an organization.
15308	Roots []*Root `type:"list"`
15309}
15310
15311// String returns the string representation
15312func (s ListRootsOutput) String() string {
15313	return awsutil.Prettify(s)
15314}
15315
15316// GoString returns the string representation
15317func (s ListRootsOutput) GoString() string {
15318	return s.String()
15319}
15320
15321// SetNextToken sets the NextToken field's value.
15322func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput {
15323	s.NextToken = &v
15324	return s
15325}
15326
15327// SetRoots sets the Roots field's value.
15328func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput {
15329	s.Roots = v
15330	return s
15331}
15332
15333type ListTagsForResourceInput struct {
15334	_ struct{} `type:"structure"`
15335
15336	// Use this parameter if you receive a NextToken response in a previous request
15337	// that indicates that there is more output available. Set it to the value of
15338	// the previous call's NextToken response to indicate where the output should
15339	// continue from.
15340	NextToken *string `type:"string"`
15341
15342	// The ID of the resource that you want to retrieve tags for.
15343	//
15344	// ResourceId is a required field
15345	ResourceId *string `type:"string" required:"true"`
15346}
15347
15348// String returns the string representation
15349func (s ListTagsForResourceInput) String() string {
15350	return awsutil.Prettify(s)
15351}
15352
15353// GoString returns the string representation
15354func (s ListTagsForResourceInput) GoString() string {
15355	return s.String()
15356}
15357
15358// Validate inspects the fields of the type to determine if they are valid.
15359func (s *ListTagsForResourceInput) Validate() error {
15360	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
15361	if s.ResourceId == nil {
15362		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
15363	}
15364
15365	if invalidParams.Len() > 0 {
15366		return invalidParams
15367	}
15368	return nil
15369}
15370
15371// SetNextToken sets the NextToken field's value.
15372func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
15373	s.NextToken = &v
15374	return s
15375}
15376
15377// SetResourceId sets the ResourceId field's value.
15378func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput {
15379	s.ResourceId = &v
15380	return s
15381}
15382
15383type ListTagsForResourceOutput struct {
15384	_ struct{} `type:"structure"`
15385
15386	// If present, this value indicates that there is more output available than
15387	// is included in the current response. Use this value in the NextToken request
15388	// parameter in a subsequent call to the operation to get the next part of the
15389	// output. You should repeat this until the NextToken response element comes
15390	// back as null.
15391	NextToken *string `type:"string"`
15392
15393	// The tags that are assigned to the resource.
15394	Tags []*Tag `type:"list"`
15395}
15396
15397// String returns the string representation
15398func (s ListTagsForResourceOutput) String() string {
15399	return awsutil.Prettify(s)
15400}
15401
15402// GoString returns the string representation
15403func (s ListTagsForResourceOutput) GoString() string {
15404	return s.String()
15405}
15406
15407// SetNextToken sets the NextToken field's value.
15408func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
15409	s.NextToken = &v
15410	return s
15411}
15412
15413// SetTags sets the Tags field's value.
15414func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
15415	s.Tags = v
15416	return s
15417}
15418
15419type ListTargetsForPolicyInput struct {
15420	_ struct{} `type:"structure"`
15421
15422	// (Optional) Use this to limit the number of results you want included per
15423	// page in the response. If you do not include this parameter, it defaults to
15424	// a value that is specific to the operation. If additional items exist beyond
15425	// the maximum you specify, the NextToken response element is present and has
15426	// a value (is not null). Include that value as the NextToken request parameter
15427	// in the next call to the operation to get the next part of the results. Note
15428	// that Organizations might return fewer results than the maximum even when
15429	// there are more results available. You should check NextToken after every
15430	// operation to ensure that you receive all of the results.
15431	MaxResults *int64 `min:"1" type:"integer"`
15432
15433	// Use this parameter if you receive a NextToken response in a previous request
15434	// that indicates that there is more output available. Set it to the value of
15435	// the previous call's NextToken response to indicate where the output should
15436	// continue from.
15437	NextToken *string `type:"string"`
15438
15439	// The unique identifier (ID) of the policy whose attachments you want to know.
15440	//
15441	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
15442	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
15443	//
15444	// PolicyId is a required field
15445	PolicyId *string `type:"string" required:"true"`
15446}
15447
15448// String returns the string representation
15449func (s ListTargetsForPolicyInput) String() string {
15450	return awsutil.Prettify(s)
15451}
15452
15453// GoString returns the string representation
15454func (s ListTargetsForPolicyInput) GoString() string {
15455	return s.String()
15456}
15457
15458// Validate inspects the fields of the type to determine if they are valid.
15459func (s *ListTargetsForPolicyInput) Validate() error {
15460	invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"}
15461	if s.MaxResults != nil && *s.MaxResults < 1 {
15462		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
15463	}
15464	if s.PolicyId == nil {
15465		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
15466	}
15467
15468	if invalidParams.Len() > 0 {
15469		return invalidParams
15470	}
15471	return nil
15472}
15473
15474// SetMaxResults sets the MaxResults field's value.
15475func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput {
15476	s.MaxResults = &v
15477	return s
15478}
15479
15480// SetNextToken sets the NextToken field's value.
15481func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput {
15482	s.NextToken = &v
15483	return s
15484}
15485
15486// SetPolicyId sets the PolicyId field's value.
15487func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput {
15488	s.PolicyId = &v
15489	return s
15490}
15491
15492type ListTargetsForPolicyOutput struct {
15493	_ struct{} `type:"structure"`
15494
15495	// If present, this value indicates that there is more output available than
15496	// is included in the current response. Use this value in the NextToken request
15497	// parameter in a subsequent call to the operation to get the next part of the
15498	// output. You should repeat this until the NextToken response element comes
15499	// back as null.
15500	NextToken *string `type:"string"`
15501
15502	// A list of structures, each of which contains details about one of the entities
15503	// to which the specified policy is attached.
15504	Targets []*PolicyTargetSummary `type:"list"`
15505}
15506
15507// String returns the string representation
15508func (s ListTargetsForPolicyOutput) String() string {
15509	return awsutil.Prettify(s)
15510}
15511
15512// GoString returns the string representation
15513func (s ListTargetsForPolicyOutput) GoString() string {
15514	return s.String()
15515}
15516
15517// SetNextToken sets the NextToken field's value.
15518func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput {
15519	s.NextToken = &v
15520	return s
15521}
15522
15523// SetTargets sets the Targets field's value.
15524func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput {
15525	s.Targets = v
15526	return s
15527}
15528
15529type MoveAccountInput struct {
15530	_ struct{} `type:"structure"`
15531
15532	// The unique identifier (ID) of the account that you want to move.
15533	//
15534	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
15535	// requires exactly 12 digits.
15536	//
15537	// AccountId is a required field
15538	AccountId *string `type:"string" required:"true"`
15539
15540	// The unique identifier (ID) of the root or organizational unit that you want
15541	// to move the account to.
15542	//
15543	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
15544	// requires one of the following:
15545	//
15546	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
15547	//    letters or digits.
15548	//
15549	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15550	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
15551	//    OU is in). This string is followed by a second "-" dash and from 8 to
15552	//    32 additional lowercase letters or digits.
15553	//
15554	// DestinationParentId is a required field
15555	DestinationParentId *string `type:"string" required:"true"`
15556
15557	// The unique identifier (ID) of the root or organizational unit that you want
15558	// to move the account from.
15559	//
15560	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
15561	// requires one of the following:
15562	//
15563	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
15564	//    letters or digits.
15565	//
15566	//    * Organizational unit (OU) - A string that begins with "ou-" followed
15567	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
15568	//    OU is in). This string is followed by a second "-" dash and from 8 to
15569	//    32 additional lowercase letters or digits.
15570	//
15571	// SourceParentId is a required field
15572	SourceParentId *string `type:"string" required:"true"`
15573}
15574
15575// String returns the string representation
15576func (s MoveAccountInput) String() string {
15577	return awsutil.Prettify(s)
15578}
15579
15580// GoString returns the string representation
15581func (s MoveAccountInput) GoString() string {
15582	return s.String()
15583}
15584
15585// Validate inspects the fields of the type to determine if they are valid.
15586func (s *MoveAccountInput) Validate() error {
15587	invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"}
15588	if s.AccountId == nil {
15589		invalidParams.Add(request.NewErrParamRequired("AccountId"))
15590	}
15591	if s.DestinationParentId == nil {
15592		invalidParams.Add(request.NewErrParamRequired("DestinationParentId"))
15593	}
15594	if s.SourceParentId == nil {
15595		invalidParams.Add(request.NewErrParamRequired("SourceParentId"))
15596	}
15597
15598	if invalidParams.Len() > 0 {
15599		return invalidParams
15600	}
15601	return nil
15602}
15603
15604// SetAccountId sets the AccountId field's value.
15605func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput {
15606	s.AccountId = &v
15607	return s
15608}
15609
15610// SetDestinationParentId sets the DestinationParentId field's value.
15611func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput {
15612	s.DestinationParentId = &v
15613	return s
15614}
15615
15616// SetSourceParentId sets the SourceParentId field's value.
15617func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput {
15618	s.SourceParentId = &v
15619	return s
15620}
15621
15622type MoveAccountOutput struct {
15623	_ struct{} `type:"structure"`
15624}
15625
15626// String returns the string representation
15627func (s MoveAccountOutput) String() string {
15628	return awsutil.Prettify(s)
15629}
15630
15631// GoString returns the string representation
15632func (s MoveAccountOutput) GoString() string {
15633	return s.String()
15634}
15635
15636// Contains details about an organization. An organization is a collection of
15637// accounts that are centrally managed together using consolidated billing,
15638// organized hierarchically with organizational units (OUs), and controlled
15639// with policies.
15640type Organization struct {
15641	_ struct{} `type:"structure"`
15642
15643	// The Amazon Resource Name (ARN) of an organization.
15644	//
15645	// For more information about ARNs in Organizations, see ARN Formats Supported
15646	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
15647	// in the AWS Organizations User Guide.
15648	Arn *string `type:"string"`
15649
15650	// A list of policy types that are enabled for this organization. For example,
15651	// if your organization has all features enabled, then service control policies
15652	// (SCPs) are included in the list.
15653	//
15654	// Even if a policy type is shown as available in the organization, you can
15655	// separately enable and disable them at the root level by using EnablePolicyType
15656	// and DisablePolicyType. Use ListRoots to see the status of a policy type in
15657	// that root.
15658	AvailablePolicyTypes []*PolicyTypeSummary `type:"list"`
15659
15660	// Specifies the functionality that currently is available to the organization.
15661	// If set to "ALL", then all features are enabled and policies can be applied
15662	// to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only
15663	// consolidated billing functionality is available. For more information, see
15664	// Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
15665	// in the AWS Organizations User Guide.
15666	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
15667
15668	// The unique identifier (ID) of an organization.
15669	//
15670	// The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID
15671	// string requires "o-" followed by from 10 to 32 lower-case letters or digits.
15672	Id *string `type:"string"`
15673
15674	// The Amazon Resource Name (ARN) of the account that is designated as the master
15675	// account for the organization.
15676	//
15677	// For more information about ARNs in Organizations, see ARN Formats Supported
15678	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
15679	// in the AWS Organizations User Guide.
15680	MasterAccountArn *string `type:"string"`
15681
15682	// The email address that is associated with the AWS account that is designated
15683	// as the master account for the organization.
15684	MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"`
15685
15686	// The unique identifier (ID) of the master account of an organization.
15687	//
15688	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
15689	// requires exactly 12 digits.
15690	MasterAccountId *string `type:"string"`
15691}
15692
15693// String returns the string representation
15694func (s Organization) String() string {
15695	return awsutil.Prettify(s)
15696}
15697
15698// GoString returns the string representation
15699func (s Organization) GoString() string {
15700	return s.String()
15701}
15702
15703// SetArn sets the Arn field's value.
15704func (s *Organization) SetArn(v string) *Organization {
15705	s.Arn = &v
15706	return s
15707}
15708
15709// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value.
15710func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization {
15711	s.AvailablePolicyTypes = v
15712	return s
15713}
15714
15715// SetFeatureSet sets the FeatureSet field's value.
15716func (s *Organization) SetFeatureSet(v string) *Organization {
15717	s.FeatureSet = &v
15718	return s
15719}
15720
15721// SetId sets the Id field's value.
15722func (s *Organization) SetId(v string) *Organization {
15723	s.Id = &v
15724	return s
15725}
15726
15727// SetMasterAccountArn sets the MasterAccountArn field's value.
15728func (s *Organization) SetMasterAccountArn(v string) *Organization {
15729	s.MasterAccountArn = &v
15730	return s
15731}
15732
15733// SetMasterAccountEmail sets the MasterAccountEmail field's value.
15734func (s *Organization) SetMasterAccountEmail(v string) *Organization {
15735	s.MasterAccountEmail = &v
15736	return s
15737}
15738
15739// SetMasterAccountId sets the MasterAccountId field's value.
15740func (s *Organization) SetMasterAccountId(v string) *Organization {
15741	s.MasterAccountId = &v
15742	return s
15743}
15744
15745// Contains details about an organizational unit (OU). An OU is a container
15746// of AWS accounts within a root of an organization. Policies that are attached
15747// to an OU apply to all accounts contained in that OU and in any child OUs.
15748type OrganizationalUnit struct {
15749	_ struct{} `type:"structure"`
15750
15751	// The Amazon Resource Name (ARN) of this OU.
15752	//
15753	// For more information about ARNs in Organizations, see ARN Formats Supported
15754	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
15755	// in the AWS Organizations User Guide.
15756	Arn *string `type:"string"`
15757
15758	// The unique identifier (ID) associated with this OU.
15759	//
15760	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
15761	// unit ID string requires "ou-" followed by from 4 to 32 lower-case letters
15762	// or digits (the ID of the root that contains the OU). This string is followed
15763	// by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
15764	Id *string `type:"string"`
15765
15766	// The friendly name of this OU.
15767	//
15768	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15769	// this parameter is a string of any of the characters in the ASCII character
15770	// range.
15771	Name *string `min:"1" type:"string"`
15772}
15773
15774// String returns the string representation
15775func (s OrganizationalUnit) String() string {
15776	return awsutil.Prettify(s)
15777}
15778
15779// GoString returns the string representation
15780func (s OrganizationalUnit) GoString() string {
15781	return s.String()
15782}
15783
15784// SetArn sets the Arn field's value.
15785func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit {
15786	s.Arn = &v
15787	return s
15788}
15789
15790// SetId sets the Id field's value.
15791func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit {
15792	s.Id = &v
15793	return s
15794}
15795
15796// SetName sets the Name field's value.
15797func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit {
15798	s.Name = &v
15799	return s
15800}
15801
15802// Contains information about either a root or an organizational unit (OU) that
15803// can contain OUs or accounts in an organization.
15804type Parent struct {
15805	_ struct{} `type:"structure"`
15806
15807	// The unique identifier (ID) of the parent entity.
15808	//
15809	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
15810	// requires one of the following:
15811	//
15812	//    * Root: A string that begins with "r-" followed by from 4 to 32 lower-case
15813	//    letters or digits.
15814	//
15815	//    * Organizational unit (OU): A string that begins with "ou-" followed by
15816	//    from 4 to 32 lower-case letters or digits (the ID of the root that the
15817	//    OU is in). This string is followed by a second "-" dash and from 8 to
15818	//    32 additional lower-case letters or digits.
15819	Id *string `type:"string"`
15820
15821	// The type of the parent entity.
15822	Type *string `type:"string" enum:"ParentType"`
15823}
15824
15825// String returns the string representation
15826func (s Parent) String() string {
15827	return awsutil.Prettify(s)
15828}
15829
15830// GoString returns the string representation
15831func (s Parent) GoString() string {
15832	return s.String()
15833}
15834
15835// SetId sets the Id field's value.
15836func (s *Parent) SetId(v string) *Parent {
15837	s.Id = &v
15838	return s
15839}
15840
15841// SetType sets the Type field's value.
15842func (s *Parent) SetType(v string) *Parent {
15843	s.Type = &v
15844	return s
15845}
15846
15847// Contains rules to be applied to the affected accounts. Policies can be attached
15848// directly to accounts, or to roots and OUs to affect all accounts in those
15849// hierarchies.
15850type Policy struct {
15851	_ struct{} `type:"structure"`
15852
15853	// The text content of the policy.
15854	Content *string `min:"1" type:"string"`
15855
15856	// A structure that contains additional details about the policy.
15857	PolicySummary *PolicySummary `type:"structure"`
15858}
15859
15860// String returns the string representation
15861func (s Policy) String() string {
15862	return awsutil.Prettify(s)
15863}
15864
15865// GoString returns the string representation
15866func (s Policy) GoString() string {
15867	return s.String()
15868}
15869
15870// SetContent sets the Content field's value.
15871func (s *Policy) SetContent(v string) *Policy {
15872	s.Content = &v
15873	return s
15874}
15875
15876// SetPolicySummary sets the PolicySummary field's value.
15877func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy {
15878	s.PolicySummary = v
15879	return s
15880}
15881
15882// Contains information about a policy, but does not include the content. To
15883// see the content of a policy, see DescribePolicy.
15884type PolicySummary struct {
15885	_ struct{} `type:"structure"`
15886
15887	// The Amazon Resource Name (ARN) of the policy.
15888	//
15889	// For more information about ARNs in Organizations, see ARN Formats Supported
15890	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
15891	// in the AWS Organizations User Guide.
15892	Arn *string `type:"string"`
15893
15894	// A Boolean value that indicates whether the specified policy is an AWS managed
15895	// policy. If true, then you can attach the policy to roots, OUs, or accounts,
15896	// but you cannot edit it.
15897	AwsManaged *bool `type:"boolean"`
15898
15899	// The description of the policy.
15900	Description *string `type:"string"`
15901
15902	// The unique identifier (ID) of the policy.
15903	//
15904	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
15905	// requires "p-" followed by from 8 to 128 lower-case letters or digits.
15906	Id *string `type:"string"`
15907
15908	// The friendly name of the policy.
15909	//
15910	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15911	// this parameter is a string of any of the characters in the ASCII character
15912	// range.
15913	Name *string `min:"1" type:"string"`
15914
15915	// The type of policy.
15916	Type *string `type:"string" enum:"PolicyType"`
15917}
15918
15919// String returns the string representation
15920func (s PolicySummary) String() string {
15921	return awsutil.Prettify(s)
15922}
15923
15924// GoString returns the string representation
15925func (s PolicySummary) GoString() string {
15926	return s.String()
15927}
15928
15929// SetArn sets the Arn field's value.
15930func (s *PolicySummary) SetArn(v string) *PolicySummary {
15931	s.Arn = &v
15932	return s
15933}
15934
15935// SetAwsManaged sets the AwsManaged field's value.
15936func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary {
15937	s.AwsManaged = &v
15938	return s
15939}
15940
15941// SetDescription sets the Description field's value.
15942func (s *PolicySummary) SetDescription(v string) *PolicySummary {
15943	s.Description = &v
15944	return s
15945}
15946
15947// SetId sets the Id field's value.
15948func (s *PolicySummary) SetId(v string) *PolicySummary {
15949	s.Id = &v
15950	return s
15951}
15952
15953// SetName sets the Name field's value.
15954func (s *PolicySummary) SetName(v string) *PolicySummary {
15955	s.Name = &v
15956	return s
15957}
15958
15959// SetType sets the Type field's value.
15960func (s *PolicySummary) SetType(v string) *PolicySummary {
15961	s.Type = &v
15962	return s
15963}
15964
15965// Contains information about a root, OU, or account that a policy is attached
15966// to.
15967type PolicyTargetSummary struct {
15968	_ struct{} `type:"structure"`
15969
15970	// The Amazon Resource Name (ARN) of the policy target.
15971	//
15972	// For more information about ARNs in Organizations, see ARN Formats Supported
15973	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
15974	// in the AWS Organizations User Guide.
15975	Arn *string `type:"string"`
15976
15977	// The friendly name of the policy target.
15978	//
15979	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
15980	// this parameter is a string of any of the characters in the ASCII character
15981	// range.
15982	Name *string `min:"1" type:"string"`
15983
15984	// The unique identifier (ID) of the policy target.
15985	//
15986	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
15987	// requires one of the following:
15988	//
15989	//    * Root: A string that begins with "r-" followed by from 4 to 32 lower-case
15990	//    letters or digits.
15991	//
15992	//    * Account: A string that consists of exactly 12 digits.
15993	//
15994	//    * Organizational unit (OU): A string that begins with "ou-" followed by
15995	//    from 4 to 32 lower-case letters or digits (the ID of the root that the
15996	//    OU is in). This string is followed by a second "-" dash and from 8 to
15997	//    32 additional lower-case letters or digits.
15998	TargetId *string `type:"string"`
15999
16000	// The type of the policy target.
16001	Type *string `type:"string" enum:"TargetType"`
16002}
16003
16004// String returns the string representation
16005func (s PolicyTargetSummary) String() string {
16006	return awsutil.Prettify(s)
16007}
16008
16009// GoString returns the string representation
16010func (s PolicyTargetSummary) GoString() string {
16011	return s.String()
16012}
16013
16014// SetArn sets the Arn field's value.
16015func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary {
16016	s.Arn = &v
16017	return s
16018}
16019
16020// SetName sets the Name field's value.
16021func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary {
16022	s.Name = &v
16023	return s
16024}
16025
16026// SetTargetId sets the TargetId field's value.
16027func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary {
16028	s.TargetId = &v
16029	return s
16030}
16031
16032// SetType sets the Type field's value.
16033func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary {
16034	s.Type = &v
16035	return s
16036}
16037
16038// Contains information about a policy type and its status in the associated
16039// root.
16040type PolicyTypeSummary struct {
16041	_ struct{} `type:"structure"`
16042
16043	// The status of the policy type as it relates to the associated root. You can
16044	// attach a policy of the specified type to a root or to an OU or account in
16045	// that root. To do so, the policy must be available in the organization and
16046	// enabled for that root.
16047	Status *string `type:"string" enum:"PolicyTypeStatus"`
16048
16049	// The name of the policy type.
16050	Type *string `type:"string" enum:"PolicyType"`
16051}
16052
16053// String returns the string representation
16054func (s PolicyTypeSummary) String() string {
16055	return awsutil.Prettify(s)
16056}
16057
16058// GoString returns the string representation
16059func (s PolicyTypeSummary) GoString() string {
16060	return s.String()
16061}
16062
16063// SetStatus sets the Status field's value.
16064func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary {
16065	s.Status = &v
16066	return s
16067}
16068
16069// SetType sets the Type field's value.
16070func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary {
16071	s.Type = &v
16072	return s
16073}
16074
16075type RemoveAccountFromOrganizationInput struct {
16076	_ struct{} `type:"structure"`
16077
16078	// The unique identifier (ID) of the member account that you want to remove
16079	// from the organization.
16080	//
16081	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
16082	// requires exactly 12 digits.
16083	//
16084	// AccountId is a required field
16085	AccountId *string `type:"string" required:"true"`
16086}
16087
16088// String returns the string representation
16089func (s RemoveAccountFromOrganizationInput) String() string {
16090	return awsutil.Prettify(s)
16091}
16092
16093// GoString returns the string representation
16094func (s RemoveAccountFromOrganizationInput) GoString() string {
16095	return s.String()
16096}
16097
16098// Validate inspects the fields of the type to determine if they are valid.
16099func (s *RemoveAccountFromOrganizationInput) Validate() error {
16100	invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"}
16101	if s.AccountId == nil {
16102		invalidParams.Add(request.NewErrParamRequired("AccountId"))
16103	}
16104
16105	if invalidParams.Len() > 0 {
16106		return invalidParams
16107	}
16108	return nil
16109}
16110
16111// SetAccountId sets the AccountId field's value.
16112func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput {
16113	s.AccountId = &v
16114	return s
16115}
16116
16117type RemoveAccountFromOrganizationOutput struct {
16118	_ struct{} `type:"structure"`
16119}
16120
16121// String returns the string representation
16122func (s RemoveAccountFromOrganizationOutput) String() string {
16123	return awsutil.Prettify(s)
16124}
16125
16126// GoString returns the string representation
16127func (s RemoveAccountFromOrganizationOutput) GoString() string {
16128	return s.String()
16129}
16130
16131// Contains details about a root. A root is a top-level parent node in the hierarchy
16132// of an organization that can contain organizational units (OUs) and accounts.
16133// Every root contains every AWS account in the organization. Each root enables
16134// the accounts to be organized in a different way and to have different policy
16135// types enabled for use in that root.
16136type Root struct {
16137	_ struct{} `type:"structure"`
16138
16139	// The Amazon Resource Name (ARN) of the root.
16140	//
16141	// For more information about ARNs in Organizations, see ARN Formats Supported
16142	// by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns)
16143	// in the AWS Organizations User Guide.
16144	Arn *string `type:"string"`
16145
16146	// The unique identifier (ID) for the root.
16147	//
16148	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
16149	// requires "r-" followed by from 4 to 32 lower-case letters or digits.
16150	Id *string `type:"string"`
16151
16152	// The friendly name of the root.
16153	//
16154	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
16155	// this parameter is a string of any of the characters in the ASCII character
16156	// range.
16157	Name *string `min:"1" type:"string"`
16158
16159	// The types of policies that are currently enabled for the root and therefore
16160	// can be attached to the root or to its OUs or accounts.
16161	//
16162	// Even if a policy type is shown as available in the organization, you can
16163	// separately enable and disable them at the root level by using EnablePolicyType
16164	// and DisablePolicyType. Use DescribeOrganization to see the availability of
16165	// the policy types in that organization.
16166	PolicyTypes []*PolicyTypeSummary `type:"list"`
16167}
16168
16169// String returns the string representation
16170func (s Root) String() string {
16171	return awsutil.Prettify(s)
16172}
16173
16174// GoString returns the string representation
16175func (s Root) GoString() string {
16176	return s.String()
16177}
16178
16179// SetArn sets the Arn field's value.
16180func (s *Root) SetArn(v string) *Root {
16181	s.Arn = &v
16182	return s
16183}
16184
16185// SetId sets the Id field's value.
16186func (s *Root) SetId(v string) *Root {
16187	s.Id = &v
16188	return s
16189}
16190
16191// SetName sets the Name field's value.
16192func (s *Root) SetName(v string) *Root {
16193	s.Name = &v
16194	return s
16195}
16196
16197// SetPolicyTypes sets the PolicyTypes field's value.
16198func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root {
16199	s.PolicyTypes = v
16200	return s
16201}
16202
16203// A custom key-value pair associated with a resource such as an account within
16204// your organization.
16205type Tag struct {
16206	_ struct{} `type:"structure"`
16207
16208	// The key identifier, or name, of the tag.
16209	//
16210	// Key is a required field
16211	Key *string `min:"1" type:"string" required:"true"`
16212
16213	// The string value that's associated with the key of the tag. You can set the
16214	// value of a tag to an empty string, but you can't set the value of a tag to
16215	// null.
16216	//
16217	// Value is a required field
16218	Value *string `type:"string" required:"true"`
16219}
16220
16221// String returns the string representation
16222func (s Tag) String() string {
16223	return awsutil.Prettify(s)
16224}
16225
16226// GoString returns the string representation
16227func (s Tag) GoString() string {
16228	return s.String()
16229}
16230
16231// Validate inspects the fields of the type to determine if they are valid.
16232func (s *Tag) Validate() error {
16233	invalidParams := request.ErrInvalidParams{Context: "Tag"}
16234	if s.Key == nil {
16235		invalidParams.Add(request.NewErrParamRequired("Key"))
16236	}
16237	if s.Key != nil && len(*s.Key) < 1 {
16238		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
16239	}
16240	if s.Value == nil {
16241		invalidParams.Add(request.NewErrParamRequired("Value"))
16242	}
16243
16244	if invalidParams.Len() > 0 {
16245		return invalidParams
16246	}
16247	return nil
16248}
16249
16250// SetKey sets the Key field's value.
16251func (s *Tag) SetKey(v string) *Tag {
16252	s.Key = &v
16253	return s
16254}
16255
16256// SetValue sets the Value field's value.
16257func (s *Tag) SetValue(v string) *Tag {
16258	s.Value = &v
16259	return s
16260}
16261
16262type TagResourceInput struct {
16263	_ struct{} `type:"structure"`
16264
16265	// The ID of the resource to add a tag to.
16266	//
16267	// ResourceId is a required field
16268	ResourceId *string `type:"string" required:"true"`
16269
16270	// The tag to add to the specified resource. Specifying the tag key is required.
16271	// You can set the value of a tag to an empty string, but you can't set the
16272	// value of a tag to null.
16273	//
16274	// Tags is a required field
16275	Tags []*Tag `type:"list" required:"true"`
16276}
16277
16278// String returns the string representation
16279func (s TagResourceInput) String() string {
16280	return awsutil.Prettify(s)
16281}
16282
16283// GoString returns the string representation
16284func (s TagResourceInput) GoString() string {
16285	return s.String()
16286}
16287
16288// Validate inspects the fields of the type to determine if they are valid.
16289func (s *TagResourceInput) Validate() error {
16290	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
16291	if s.ResourceId == nil {
16292		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
16293	}
16294	if s.Tags == nil {
16295		invalidParams.Add(request.NewErrParamRequired("Tags"))
16296	}
16297	if s.Tags != nil {
16298		for i, v := range s.Tags {
16299			if v == nil {
16300				continue
16301			}
16302			if err := v.Validate(); err != nil {
16303				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
16304			}
16305		}
16306	}
16307
16308	if invalidParams.Len() > 0 {
16309		return invalidParams
16310	}
16311	return nil
16312}
16313
16314// SetResourceId sets the ResourceId field's value.
16315func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput {
16316	s.ResourceId = &v
16317	return s
16318}
16319
16320// SetTags sets the Tags field's value.
16321func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
16322	s.Tags = v
16323	return s
16324}
16325
16326type TagResourceOutput struct {
16327	_ struct{} `type:"structure"`
16328}
16329
16330// String returns the string representation
16331func (s TagResourceOutput) String() string {
16332	return awsutil.Prettify(s)
16333}
16334
16335// GoString returns the string representation
16336func (s TagResourceOutput) GoString() string {
16337	return s.String()
16338}
16339
16340type UntagResourceInput struct {
16341	_ struct{} `type:"structure"`
16342
16343	// The ID of the resource to remove the tag from.
16344	//
16345	// ResourceId is a required field
16346	ResourceId *string `type:"string" required:"true"`
16347
16348	// The tag to remove from the specified resource.
16349	//
16350	// TagKeys is a required field
16351	TagKeys []*string `type:"list" required:"true"`
16352}
16353
16354// String returns the string representation
16355func (s UntagResourceInput) String() string {
16356	return awsutil.Prettify(s)
16357}
16358
16359// GoString returns the string representation
16360func (s UntagResourceInput) GoString() string {
16361	return s.String()
16362}
16363
16364// Validate inspects the fields of the type to determine if they are valid.
16365func (s *UntagResourceInput) Validate() error {
16366	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
16367	if s.ResourceId == nil {
16368		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
16369	}
16370	if s.TagKeys == nil {
16371		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
16372	}
16373
16374	if invalidParams.Len() > 0 {
16375		return invalidParams
16376	}
16377	return nil
16378}
16379
16380// SetResourceId sets the ResourceId field's value.
16381func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput {
16382	s.ResourceId = &v
16383	return s
16384}
16385
16386// SetTagKeys sets the TagKeys field's value.
16387func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
16388	s.TagKeys = v
16389	return s
16390}
16391
16392type UntagResourceOutput struct {
16393	_ struct{} `type:"structure"`
16394}
16395
16396// String returns the string representation
16397func (s UntagResourceOutput) String() string {
16398	return awsutil.Prettify(s)
16399}
16400
16401// GoString returns the string representation
16402func (s UntagResourceOutput) GoString() string {
16403	return s.String()
16404}
16405
16406type UpdateOrganizationalUnitInput struct {
16407	_ struct{} `type:"structure"`
16408
16409	// The new name that you want to assign to the OU.
16410	//
16411	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
16412	// this parameter is a string of any of the characters in the ASCII character
16413	// range.
16414	Name *string `min:"1" type:"string"`
16415
16416	// The unique identifier (ID) of the OU that you want to rename. You can get
16417	// the ID from the ListOrganizationalUnitsForParent operation.
16418	//
16419	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
16420	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
16421	// or digits (the ID of the root that contains the OU). This string is followed
16422	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
16423	//
16424	// OrganizationalUnitId is a required field
16425	OrganizationalUnitId *string `type:"string" required:"true"`
16426}
16427
16428// String returns the string representation
16429func (s UpdateOrganizationalUnitInput) String() string {
16430	return awsutil.Prettify(s)
16431}
16432
16433// GoString returns the string representation
16434func (s UpdateOrganizationalUnitInput) GoString() string {
16435	return s.String()
16436}
16437
16438// Validate inspects the fields of the type to determine if they are valid.
16439func (s *UpdateOrganizationalUnitInput) Validate() error {
16440	invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"}
16441	if s.Name != nil && len(*s.Name) < 1 {
16442		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
16443	}
16444	if s.OrganizationalUnitId == nil {
16445		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
16446	}
16447
16448	if invalidParams.Len() > 0 {
16449		return invalidParams
16450	}
16451	return nil
16452}
16453
16454// SetName sets the Name field's value.
16455func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput {
16456	s.Name = &v
16457	return s
16458}
16459
16460// SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
16461func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput {
16462	s.OrganizationalUnitId = &v
16463	return s
16464}
16465
16466type UpdateOrganizationalUnitOutput struct {
16467	_ struct{} `type:"structure"`
16468
16469	// A structure that contains the details about the specified OU, including its
16470	// new name.
16471	OrganizationalUnit *OrganizationalUnit `type:"structure"`
16472}
16473
16474// String returns the string representation
16475func (s UpdateOrganizationalUnitOutput) String() string {
16476	return awsutil.Prettify(s)
16477}
16478
16479// GoString returns the string representation
16480func (s UpdateOrganizationalUnitOutput) GoString() string {
16481	return s.String()
16482}
16483
16484// SetOrganizationalUnit sets the OrganizationalUnit field's value.
16485func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput {
16486	s.OrganizationalUnit = v
16487	return s
16488}
16489
16490type UpdatePolicyInput struct {
16491	_ struct{} `type:"structure"`
16492
16493	// If provided, the new content for the policy. The text must be correctly formatted
16494	// JSON that complies with the syntax for the policy's type. For more information,
16495	// see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
16496	// in the AWS Organizations User Guide.
16497	Content *string `min:"1" type:"string"`
16498
16499	// If provided, the new description for the policy.
16500	Description *string `type:"string"`
16501
16502	// If provided, the new name for the policy.
16503	//
16504	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
16505	// this parameter is a string of any of the characters in the ASCII character
16506	// range.
16507	Name *string `min:"1" type:"string"`
16508
16509	// The unique identifier (ID) of the policy that you want to update.
16510	//
16511	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
16512	// requires "p-" followed by from 8 to 128 lowercase letters or digits.
16513	//
16514	// PolicyId is a required field
16515	PolicyId *string `type:"string" required:"true"`
16516}
16517
16518// String returns the string representation
16519func (s UpdatePolicyInput) String() string {
16520	return awsutil.Prettify(s)
16521}
16522
16523// GoString returns the string representation
16524func (s UpdatePolicyInput) GoString() string {
16525	return s.String()
16526}
16527
16528// Validate inspects the fields of the type to determine if they are valid.
16529func (s *UpdatePolicyInput) Validate() error {
16530	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
16531	if s.Content != nil && len(*s.Content) < 1 {
16532		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
16533	}
16534	if s.Name != nil && len(*s.Name) < 1 {
16535		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
16536	}
16537	if s.PolicyId == nil {
16538		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
16539	}
16540
16541	if invalidParams.Len() > 0 {
16542		return invalidParams
16543	}
16544	return nil
16545}
16546
16547// SetContent sets the Content field's value.
16548func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput {
16549	s.Content = &v
16550	return s
16551}
16552
16553// SetDescription sets the Description field's value.
16554func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput {
16555	s.Description = &v
16556	return s
16557}
16558
16559// SetName sets the Name field's value.
16560func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput {
16561	s.Name = &v
16562	return s
16563}
16564
16565// SetPolicyId sets the PolicyId field's value.
16566func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
16567	s.PolicyId = &v
16568	return s
16569}
16570
16571type UpdatePolicyOutput struct {
16572	_ struct{} `type:"structure"`
16573
16574	// A structure that contains details about the updated policy, showing the requested
16575	// changes.
16576	Policy *Policy `type:"structure"`
16577}
16578
16579// String returns the string representation
16580func (s UpdatePolicyOutput) String() string {
16581	return awsutil.Prettify(s)
16582}
16583
16584// GoString returns the string representation
16585func (s UpdatePolicyOutput) GoString() string {
16586	return s.String()
16587}
16588
16589// SetPolicy sets the Policy field's value.
16590func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput {
16591	s.Policy = v
16592	return s
16593}
16594
16595const (
16596	// AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value
16597	AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
16598)
16599
16600const (
16601	// AccountJoinedMethodInvited is a AccountJoinedMethod enum value
16602	AccountJoinedMethodInvited = "INVITED"
16603
16604	// AccountJoinedMethodCreated is a AccountJoinedMethod enum value
16605	AccountJoinedMethodCreated = "CREATED"
16606)
16607
16608const (
16609	// AccountStatusActive is a AccountStatus enum value
16610	AccountStatusActive = "ACTIVE"
16611
16612	// AccountStatusSuspended is a AccountStatus enum value
16613	AccountStatusSuspended = "SUSPENDED"
16614)
16615
16616const (
16617	// ActionTypeInvite is a ActionType enum value
16618	ActionTypeInvite = "INVITE"
16619
16620	// ActionTypeEnableAllFeatures is a ActionType enum value
16621	ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES"
16622
16623	// ActionTypeApproveAllFeatures is a ActionType enum value
16624	ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES"
16625
16626	// ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value
16627	ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
16628)
16629
16630const (
16631	// ChildTypeAccount is a ChildType enum value
16632	ChildTypeAccount = "ACCOUNT"
16633
16634	// ChildTypeOrganizationalUnit is a ChildType enum value
16635	ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
16636)
16637
16638const (
16639	// ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
16640	ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
16641
16642	// ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value
16643	ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
16644
16645	// ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
16646	ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
16647
16648	// ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value
16649	ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
16650
16651	// ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
16652	ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
16653
16654	// ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value
16655	ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
16656
16657	// ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
16658	ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
16659
16660	// ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
16661	ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
16662
16663	// ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value
16664	ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
16665
16666	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value
16667	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
16668
16669	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value
16670	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
16671
16672	// ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
16673	ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
16674
16675	// ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
16676	ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
16677
16678	// ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value
16679	ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
16680
16681	// ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value
16682	ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
16683
16684	// ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value
16685	ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
16686
16687	// ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value
16688	ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
16689
16690	// ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value
16691	ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
16692
16693	// ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value
16694	ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
16695
16696	// ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value
16697	ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
16698
16699	// ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value
16700	ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE"
16701
16702	// ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value
16703	ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
16704
16705	// ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value
16706	ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION"
16707)
16708
16709const (
16710	// CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value
16711	CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
16712
16713	// CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value
16714	CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS"
16715
16716	// CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value
16717	CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS"
16718
16719	// CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value
16720	CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL"
16721
16722	// CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value
16723	CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
16724
16725	// CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value
16726	CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE"
16727
16728	// CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value
16729	CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
16730)
16731
16732const (
16733	// CreateAccountStateInProgress is a CreateAccountState enum value
16734	CreateAccountStateInProgress = "IN_PROGRESS"
16735
16736	// CreateAccountStateSucceeded is a CreateAccountState enum value
16737	CreateAccountStateSucceeded = "SUCCEEDED"
16738
16739	// CreateAccountStateFailed is a CreateAccountState enum value
16740	CreateAccountStateFailed = "FAILED"
16741)
16742
16743const (
16744	// EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value
16745	EffectivePolicyTypeTagPolicy = "TAG_POLICY"
16746)
16747
16748const (
16749	// HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
16750	HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
16751
16752	// HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
16753	HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
16754
16755	// HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value
16756	HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
16757
16758	// HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
16759	HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
16760
16761	// HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
16762	HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
16763
16764	// HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value
16765	HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
16766
16767	// HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value
16768	HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
16769
16770	// HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
16771	HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
16772)
16773
16774const (
16775	// HandshakePartyTypeAccount is a HandshakePartyType enum value
16776	HandshakePartyTypeAccount = "ACCOUNT"
16777
16778	// HandshakePartyTypeOrganization is a HandshakePartyType enum value
16779	HandshakePartyTypeOrganization = "ORGANIZATION"
16780
16781	// HandshakePartyTypeEmail is a HandshakePartyType enum value
16782	HandshakePartyTypeEmail = "EMAIL"
16783)
16784
16785const (
16786	// HandshakeResourceTypeAccount is a HandshakeResourceType enum value
16787	HandshakeResourceTypeAccount = "ACCOUNT"
16788
16789	// HandshakeResourceTypeOrganization is a HandshakeResourceType enum value
16790	HandshakeResourceTypeOrganization = "ORGANIZATION"
16791
16792	// HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value
16793	HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET"
16794
16795	// HandshakeResourceTypeEmail is a HandshakeResourceType enum value
16796	HandshakeResourceTypeEmail = "EMAIL"
16797
16798	// HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value
16799	HandshakeResourceTypeMasterEmail = "MASTER_EMAIL"
16800
16801	// HandshakeResourceTypeMasterName is a HandshakeResourceType enum value
16802	HandshakeResourceTypeMasterName = "MASTER_NAME"
16803
16804	// HandshakeResourceTypeNotes is a HandshakeResourceType enum value
16805	HandshakeResourceTypeNotes = "NOTES"
16806
16807	// HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value
16808	HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE"
16809)
16810
16811const (
16812	// HandshakeStateRequested is a HandshakeState enum value
16813	HandshakeStateRequested = "REQUESTED"
16814
16815	// HandshakeStateOpen is a HandshakeState enum value
16816	HandshakeStateOpen = "OPEN"
16817
16818	// HandshakeStateCanceled is a HandshakeState enum value
16819	HandshakeStateCanceled = "CANCELED"
16820
16821	// HandshakeStateAccepted is a HandshakeState enum value
16822	HandshakeStateAccepted = "ACCEPTED"
16823
16824	// HandshakeStateDeclined is a HandshakeState enum value
16825	HandshakeStateDeclined = "DECLINED"
16826
16827	// HandshakeStateExpired is a HandshakeState enum value
16828	HandshakeStateExpired = "EXPIRED"
16829)
16830
16831const (
16832	// IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value
16833	IAMUserAccessToBillingAllow = "ALLOW"
16834
16835	// IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value
16836	IAMUserAccessToBillingDeny = "DENY"
16837)
16838
16839const (
16840	// InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value
16841	InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
16842
16843	// InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value
16844	InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN"
16845
16846	// InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value
16847	InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID"
16848
16849	// InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value
16850	InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM"
16851
16852	// InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value
16853	InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
16854
16855	// InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value
16856	InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER"
16857
16858	// InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value
16859	InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED"
16860
16861	// InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value
16862	InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED"
16863
16864	// InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value
16865	InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED"
16866
16867	// InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value
16868	InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED"
16869
16870	// InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value
16871	InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY"
16872
16873	// InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value
16874	InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN"
16875
16876	// InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value
16877	InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
16878
16879	// InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value
16880	InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED"
16881
16882	// InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value
16883	InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN"
16884
16885	// InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value
16886	InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER"
16887
16888	// InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value
16889	InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
16890
16891	// InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value
16892	InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
16893
16894	// InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value
16895	InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
16896
16897	// InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value
16898	InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME"
16899
16900	// InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value
16901	InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
16902
16903	// InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value
16904	InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED"
16905)
16906
16907const (
16908	// OrganizationFeatureSetAll is a OrganizationFeatureSet enum value
16909	OrganizationFeatureSetAll = "ALL"
16910
16911	// OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value
16912	OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING"
16913)
16914
16915const (
16916	// ParentTypeRoot is a ParentType enum value
16917	ParentTypeRoot = "ROOT"
16918
16919	// ParentTypeOrganizationalUnit is a ParentType enum value
16920	ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
16921)
16922
16923const (
16924	// PolicyTypeServiceControlPolicy is a PolicyType enum value
16925	PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY"
16926
16927	// PolicyTypeTagPolicy is a PolicyType enum value
16928	PolicyTypeTagPolicy = "TAG_POLICY"
16929)
16930
16931const (
16932	// PolicyTypeStatusEnabled is a PolicyTypeStatus enum value
16933	PolicyTypeStatusEnabled = "ENABLED"
16934
16935	// PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value
16936	PolicyTypeStatusPendingEnable = "PENDING_ENABLE"
16937
16938	// PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value
16939	PolicyTypeStatusPendingDisable = "PENDING_DISABLE"
16940)
16941
16942const (
16943	// TargetTypeAccount is a TargetType enum value
16944	TargetTypeAccount = "ACCOUNT"
16945
16946	// TargetTypeOrganizationalUnit is a TargetType enum value
16947	TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
16948
16949	// TargetTypeRoot is a TargetType enum value
16950	TargetTypeRoot = "ROOT"
16951)
16952