1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package organizations 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opAcceptHandshake = "AcceptHandshake" 17 18// AcceptHandshakeRequest generates a "aws/request.Request" representing the 19// client's request for the AcceptHandshake operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See AcceptHandshake for more information on using the AcceptHandshake 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the AcceptHandshakeRequest method. 34// req, resp := client.AcceptHandshakeRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 42func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { 43 op := &request.Operation{ 44 Name: opAcceptHandshake, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AcceptHandshakeInput{} 51 } 52 53 output = &AcceptHandshakeOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// AcceptHandshake API operation for AWS Organizations. 59// 60// Sends a response to the originator of a handshake agreeing to the action 61// proposed by the handshake request. 62// 63// This operation can be called only by the following principals when they also 64// have the relevant IAM permissions: 65// 66// * Invitation to join or Approve all features request handshakes: only 67// a principal from the member account. The user who calls the API for an 68// invitation to join must have the organizations:AcceptHandshake permission. 69// If you enabled all features in the organization, the user must also have 70// the iam:CreateServiceLinkedRole permission so that AWS Organizations can 71// create the required service-linked role named AWSServiceRoleForOrganizations. 72// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) 73// in the AWS Organizations User Guide. 74// 75// * Enable all features final confirmation handshake: only a principal from 76// the master account. For more information about invitations, see Inviting 77// an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) 78// in the AWS Organizations User Guide. For more information about requests 79// to enable all features in the organization, see Enabling All Features 80// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 81// in the AWS Organizations User Guide. 82// 83// After you accept a handshake, it continues to appear in the results of relevant 84// APIs for only 30 days. After that, it's deleted. 85// 86// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 87// with awserr.Error's Code and Message methods to get detailed information about 88// the error. 89// 90// See the AWS API reference guide for AWS Organizations's 91// API operation AcceptHandshake for usage and error information. 92// 93// Returned Error Codes: 94// * ErrCodeAccessDeniedException "AccessDeniedException" 95// You don't have permissions to perform the requested operation. The user or 96// role that is making the request must have at least one IAM permissions policy 97// attached that grants the required permissions. For more information, see 98// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 99// in the IAM User Guide. 100// 101// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 102// Your account isn't a member of an organization. To make this request, you 103// must use the credentials of an account that belongs to an organization. 104// 105// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 106// The requested operation would violate the constraint identified in the reason 107// code. 108// 109// Some of the reasons in the following list might not be applicable to this 110// specific API or operation: 111// 112// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 113// the number of accounts in an organization. Note that deleted and closed 114// accounts still count toward your limit. If you get this exception immediately 115// after creating the organization, wait one hour and try again. If after 116// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 117// 118// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 119// the invited account is already a member of an organization. 120// 121// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 122// handshakes that you can send in one day. 123// 124// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 125// to join an organization while it's in the process of enabling all features. 126// You can resume inviting accounts after you finalize the process when all 127// accounts have agreed to the change. 128// 129// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 130// because the organization has already enabled all features. 131// 132// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 133// the account is from a different marketplace than the accounts in the organization. 134// For example, accounts with India addresses must be associated with the 135// AISPL marketplace. All accounts in an organization must be from the same 136// marketplace. 137// 138// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 139// change the membership of an account too quickly after its previous change. 140// 141// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 142// account that doesn't have a payment instrument, such as a credit card, 143// associated with it. 144// 145// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 146// We can't find a handshake with the HandshakeId that you specified. 147// 148// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 149// You can't perform the operation on the handshake in its current state. For 150// example, you can't cancel a handshake that was already accepted or accept 151// a handshake that was already declined. 152// 153// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 154// The specified handshake is already in the requested state. For example, you 155// can't accept a handshake that was already accepted. 156// 157// * ErrCodeInvalidInputException "InvalidInputException" 158// The requested operation failed because you provided invalid values for one 159// or more of the request parameters. This exception includes a reason that 160// contains additional information about the violated limit: 161// 162// Some of the reasons in the following list might not be applicable to this 163// specific API or operation: 164// 165// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 166// can't be modified. 167// 168// * INPUT_REQUIRED: You must include a value for all required parameters. 169// 170// * INVALID_ENUM: You specified an invalid value. 171// 172// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 173// 174// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 175// characters. 176// 177// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 178// at least one invalid value. 179// 180// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 181// from the response to a previous call of the operation. 182// 183// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 184// organization, or email) as a party. 185// 186// * INVALID_PATTERN: You provided a value that doesn't match the required 187// pattern. 188// 189// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 190// match the required pattern. 191// 192// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 193// name can't begin with the reserved prefix AWSServiceRoleFor. 194// 195// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 196// Name (ARN) for the organization. 197// 198// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 199// 200// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 201// tag. You can’t add, edit, or delete system tag keys because they're 202// reserved for AWS use. System tags don’t count against your tags per 203// resource limit. 204// 205// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 206// for the operation. 207// 208// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 209// than allowed. 210// 211// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 212// value than allowed. 213// 214// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 215// than allowed. 216// 217// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 218// value than allowed. 219// 220// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 221// between entities in the same root. 222// 223// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 224// The target of the operation is currently being modified by a different request. 225// Try again later. 226// 227// * ErrCodeServiceException "ServiceException" 228// AWS Organizations can't complete your request because of an internal service 229// error. Try again later. 230// 231// * ErrCodeTooManyRequestsException "TooManyRequestsException" 232// You have sent too many requests in too short a period of time. The limit 233// helps protect against denial-of-service attacks. Try again later. 234// 235// For information on limits that affect AWS Organizations, see Limits of AWS 236// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 237// in the AWS Organizations User Guide. 238// 239// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException" 240// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 241// for organizations.amazonaws.com permission so that AWS Organizations can 242// create the required service-linked role. You don't have that permission. 243// 244// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 245func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { 246 req, out := c.AcceptHandshakeRequest(input) 247 return out, req.Send() 248} 249 250// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of 251// the ability to pass a context and additional request options. 252// 253// See AcceptHandshake for details on how to use this API operation. 254// 255// The context must be non-nil and will be used for request cancellation. If 256// the context is nil a panic will occur. In the future the SDK may create 257// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 258// for more information on using Contexts. 259func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { 260 req, out := c.AcceptHandshakeRequest(input) 261 req.SetContext(ctx) 262 req.ApplyOptions(opts...) 263 return out, req.Send() 264} 265 266const opAttachPolicy = "AttachPolicy" 267 268// AttachPolicyRequest generates a "aws/request.Request" representing the 269// client's request for the AttachPolicy operation. The "output" return 270// value will be populated with the request's response once the request completes 271// successfully. 272// 273// Use "Send" method on the returned Request to send the API call to the service. 274// the "output" return value is not valid until after Send returns without error. 275// 276// See AttachPolicy for more information on using the AttachPolicy 277// API call, and error handling. 278// 279// This method is useful when you want to inject custom logic or configuration 280// into the SDK's request lifecycle. Such as custom headers, or retry logic. 281// 282// 283// // Example sending a request using the AttachPolicyRequest method. 284// req, resp := client.AttachPolicyRequest(params) 285// 286// err := req.Send() 287// if err == nil { // resp is now filled 288// fmt.Println(resp) 289// } 290// 291// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 292func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { 293 op := &request.Operation{ 294 Name: opAttachPolicy, 295 HTTPMethod: "POST", 296 HTTPPath: "/", 297 } 298 299 if input == nil { 300 input = &AttachPolicyInput{} 301 } 302 303 output = &AttachPolicyOutput{} 304 req = c.newRequest(op, input, output) 305 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 306 return 307} 308 309// AttachPolicy API operation for AWS Organizations. 310// 311// Attaches a policy to a root, an organizational unit (OU), or an individual 312// account. 313// 314// How the policy affects accounts depends on the type of policy: 315// 316// * For more information about attaching SCPs, see How SCPs Work (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html) 317// in the AWS Organizations User Guide. 318// 319// * For information about attaching tag policies, see How Policy Inheritance 320// Works (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) 321// in the AWS Organizations User Guide. 322// 323// This operation can be called only from the organization's master account. 324// 325// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 326// with awserr.Error's Code and Message methods to get detailed information about 327// the error. 328// 329// See the AWS API reference guide for AWS Organizations's 330// API operation AttachPolicy for usage and error information. 331// 332// Returned Error Codes: 333// * ErrCodeAccessDeniedException "AccessDeniedException" 334// You don't have permissions to perform the requested operation. The user or 335// role that is making the request must have at least one IAM permissions policy 336// attached that grants the required permissions. For more information, see 337// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 338// in the IAM User Guide. 339// 340// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 341// Your account isn't a member of an organization. To make this request, you 342// must use the credentials of an account that belongs to an organization. 343// 344// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 345// The target of the operation is currently being modified by a different request. 346// Try again later. 347// 348// * ErrCodeConstraintViolationException "ConstraintViolationException" 349// Performing this operation violates a minimum or maximum value limit. Examples 350// include attempting to remove the last service control policy (SCP) from an 351// OU or root, or attaching too many policies to an account, OU, or root. This 352// exception includes a reason that contains additional information about the 353// violated limit. 354// 355// Some of the reasons in the following list might not be applicable to this 356// specific API or operation: 357// 358// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 359// from the organization that doesn't yet have enough information to exist 360// as a standalone account. This account requires you to first agree to the 361// AWS Customer Agreement. Follow the steps at To leave an organization when 362// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 363// in the AWS Organizations User Guide. 364// 365// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 366// an account from the organization that doesn't yet have enough information 367// to exist as a standalone account. This account requires you to first complete 368// phone verification. Follow the steps at To leave an organization when 369// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 370// in the AWS Organizations User Guide. 371// 372// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 373// of accounts that you can create in one day. 374// 375// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 376// the number of accounts in an organization. If you need more accounts, 377// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 378// request an increase in your limit. Or the number of invitations that you 379// tried to send would cause you to exceed the limit of accounts in your 380// organization. Send fewer invitations or contact AWS Support to request 381// an increase in the number of accounts. Deleted and closed accounts still 382// count toward your limit. If you get receive this exception when running 383// a command immediately after creating the organization, wait one hour and 384// try again. If after an hour it continues to fail with this error, contact 385// AWS Support (https://console.aws.amazon.com/support/home#/). 386// 387// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 388// handshakes that you can send in one day. 389// 390// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 391// in this organization, you first must migrate the organization's master 392// account to the marketplace that corresponds to the master account's address. 393// For example, accounts with India addresses must be associated with the 394// AISPL marketplace. All accounts in an organization must be associated 395// with the same marketplace. 396// 397// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 398// must first provide contact a valid address and phone number for the master 399// account. Then try the operation again. 400// 401// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 402// master account must have an associated account in the AWS GovCloud (US-West) 403// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 404// in the AWS GovCloud User Guide. 405// 406// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 407// with this master account, you first must associate a valid payment instrument, 408// such as a credit card, with the account. Follow the steps at To leave 409// an organization when all required account information has not yet been 410// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 411// in the AWS Organizations User Guide. 412// 413// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 414// number of policies of a certain type that can be attached to an entity 415// at one time. 416// 417// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 418// on this resource. 419// 420// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 421// with this member account, you first must associate a valid payment instrument, 422// such as a credit card, with the account. Follow the steps at To leave 423// an organization when all required account information has not yet been 424// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 425// in the AWS Organizations User Guide. 426// 427// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 428// policy from an entity, which would cause the entity to have fewer than 429// the minimum number of policies of the required type. 430// 431// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 432// too many levels deep. 433// 434// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 435// that requires the organization to be configured to support all features. 436// An organization that supports only consolidated billing features can't 437// perform this operation. 438// 439// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 440// that you can have in an organization. 441// 442// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 443// policies that you can have in an organization. 444// 445// * ErrCodeDuplicatePolicyAttachmentException "DuplicatePolicyAttachmentException" 446// The selected policy is already attached to the specified target. 447// 448// * ErrCodeInvalidInputException "InvalidInputException" 449// The requested operation failed because you provided invalid values for one 450// or more of the request parameters. This exception includes a reason that 451// contains additional information about the violated limit: 452// 453// Some of the reasons in the following list might not be applicable to this 454// specific API or operation: 455// 456// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 457// can't be modified. 458// 459// * INPUT_REQUIRED: You must include a value for all required parameters. 460// 461// * INVALID_ENUM: You specified an invalid value. 462// 463// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 464// 465// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 466// characters. 467// 468// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 469// at least one invalid value. 470// 471// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 472// from the response to a previous call of the operation. 473// 474// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 475// organization, or email) as a party. 476// 477// * INVALID_PATTERN: You provided a value that doesn't match the required 478// pattern. 479// 480// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 481// match the required pattern. 482// 483// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 484// name can't begin with the reserved prefix AWSServiceRoleFor. 485// 486// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 487// Name (ARN) for the organization. 488// 489// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 490// 491// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 492// tag. You can’t add, edit, or delete system tag keys because they're 493// reserved for AWS use. System tags don’t count against your tags per 494// resource limit. 495// 496// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 497// for the operation. 498// 499// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 500// than allowed. 501// 502// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 503// value than allowed. 504// 505// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 506// than allowed. 507// 508// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 509// value than allowed. 510// 511// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 512// between entities in the same root. 513// 514// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 515// We can't find a policy with the PolicyId that you specified. 516// 517// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" 518// The specified policy type isn't currently enabled in this root. You can't 519// attach policies of the specified type to entities in a root until you enable 520// that type in the root. For more information, see Enabling All Features in 521// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 522// in the AWS Organizations User Guide. 523// 524// * ErrCodeServiceException "ServiceException" 525// AWS Organizations can't complete your request because of an internal service 526// error. Try again later. 527// 528// * ErrCodeTargetNotFoundException "TargetNotFoundException" 529// We can't find a root, OU, or account with the TargetId that you specified. 530// 531// * ErrCodeTooManyRequestsException "TooManyRequestsException" 532// You have sent too many requests in too short a period of time. The limit 533// helps protect against denial-of-service attacks. Try again later. 534// 535// For information on limits that affect AWS Organizations, see Limits of AWS 536// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 537// in the AWS Organizations User Guide. 538// 539// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 540// This action isn't available in the current Region. 541// 542// * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException" 543// Changes to the effective policy are in progress, and its contents can't be 544// returned. Try the operation again later. 545// 546// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 547func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { 548 req, out := c.AttachPolicyRequest(input) 549 return out, req.Send() 550} 551 552// AttachPolicyWithContext is the same as AttachPolicy with the addition of 553// the ability to pass a context and additional request options. 554// 555// See AttachPolicy for details on how to use this API operation. 556// 557// The context must be non-nil and will be used for request cancellation. If 558// the context is nil a panic will occur. In the future the SDK may create 559// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 560// for more information on using Contexts. 561func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { 562 req, out := c.AttachPolicyRequest(input) 563 req.SetContext(ctx) 564 req.ApplyOptions(opts...) 565 return out, req.Send() 566} 567 568const opCancelHandshake = "CancelHandshake" 569 570// CancelHandshakeRequest generates a "aws/request.Request" representing the 571// client's request for the CancelHandshake operation. The "output" return 572// value will be populated with the request's response once the request completes 573// successfully. 574// 575// Use "Send" method on the returned Request to send the API call to the service. 576// the "output" return value is not valid until after Send returns without error. 577// 578// See CancelHandshake for more information on using the CancelHandshake 579// API call, and error handling. 580// 581// This method is useful when you want to inject custom logic or configuration 582// into the SDK's request lifecycle. Such as custom headers, or retry logic. 583// 584// 585// // Example sending a request using the CancelHandshakeRequest method. 586// req, resp := client.CancelHandshakeRequest(params) 587// 588// err := req.Send() 589// if err == nil { // resp is now filled 590// fmt.Println(resp) 591// } 592// 593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 594func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { 595 op := &request.Operation{ 596 Name: opCancelHandshake, 597 HTTPMethod: "POST", 598 HTTPPath: "/", 599 } 600 601 if input == nil { 602 input = &CancelHandshakeInput{} 603 } 604 605 output = &CancelHandshakeOutput{} 606 req = c.newRequest(op, input, output) 607 return 608} 609 610// CancelHandshake API operation for AWS Organizations. 611// 612// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. 613// 614// This operation can be called only from the account that originated the handshake. 615// The recipient of the handshake can't cancel it, but can use DeclineHandshake 616// instead. After a handshake is canceled, the recipient can no longer respond 617// to that handshake. 618// 619// After you cancel a handshake, it continues to appear in the results of relevant 620// APIs for only 30 days. After that, it's deleted. 621// 622// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 623// with awserr.Error's Code and Message methods to get detailed information about 624// the error. 625// 626// See the AWS API reference guide for AWS Organizations's 627// API operation CancelHandshake for usage and error information. 628// 629// Returned Error Codes: 630// * ErrCodeAccessDeniedException "AccessDeniedException" 631// You don't have permissions to perform the requested operation. The user or 632// role that is making the request must have at least one IAM permissions policy 633// attached that grants the required permissions. For more information, see 634// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 635// in the IAM User Guide. 636// 637// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 638// The target of the operation is currently being modified by a different request. 639// Try again later. 640// 641// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 642// We can't find a handshake with the HandshakeId that you specified. 643// 644// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 645// You can't perform the operation on the handshake in its current state. For 646// example, you can't cancel a handshake that was already accepted or accept 647// a handshake that was already declined. 648// 649// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 650// The specified handshake is already in the requested state. For example, you 651// can't accept a handshake that was already accepted. 652// 653// * ErrCodeInvalidInputException "InvalidInputException" 654// The requested operation failed because you provided invalid values for one 655// or more of the request parameters. This exception includes a reason that 656// contains additional information about the violated limit: 657// 658// Some of the reasons in the following list might not be applicable to this 659// specific API or operation: 660// 661// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 662// can't be modified. 663// 664// * INPUT_REQUIRED: You must include a value for all required parameters. 665// 666// * INVALID_ENUM: You specified an invalid value. 667// 668// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 669// 670// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 671// characters. 672// 673// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 674// at least one invalid value. 675// 676// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 677// from the response to a previous call of the operation. 678// 679// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 680// organization, or email) as a party. 681// 682// * INVALID_PATTERN: You provided a value that doesn't match the required 683// pattern. 684// 685// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 686// match the required pattern. 687// 688// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 689// name can't begin with the reserved prefix AWSServiceRoleFor. 690// 691// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 692// Name (ARN) for the organization. 693// 694// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 695// 696// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 697// tag. You can’t add, edit, or delete system tag keys because they're 698// reserved for AWS use. System tags don’t count against your tags per 699// resource limit. 700// 701// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 702// for the operation. 703// 704// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 705// than allowed. 706// 707// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 708// value than allowed. 709// 710// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 711// than allowed. 712// 713// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 714// value than allowed. 715// 716// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 717// between entities in the same root. 718// 719// * ErrCodeServiceException "ServiceException" 720// AWS Organizations can't complete your request because of an internal service 721// error. Try again later. 722// 723// * ErrCodeTooManyRequestsException "TooManyRequestsException" 724// You have sent too many requests in too short a period of time. The limit 725// helps protect against denial-of-service attacks. Try again later. 726// 727// For information on limits that affect AWS Organizations, see Limits of AWS 728// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 729// in the AWS Organizations User Guide. 730// 731// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 732func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { 733 req, out := c.CancelHandshakeRequest(input) 734 return out, req.Send() 735} 736 737// CancelHandshakeWithContext is the same as CancelHandshake with the addition of 738// the ability to pass a context and additional request options. 739// 740// See CancelHandshake for details on how to use this API operation. 741// 742// The context must be non-nil and will be used for request cancellation. If 743// the context is nil a panic will occur. In the future the SDK may create 744// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 745// for more information on using Contexts. 746func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { 747 req, out := c.CancelHandshakeRequest(input) 748 req.SetContext(ctx) 749 req.ApplyOptions(opts...) 750 return out, req.Send() 751} 752 753const opCreateAccount = "CreateAccount" 754 755// CreateAccountRequest generates a "aws/request.Request" representing the 756// client's request for the CreateAccount operation. The "output" return 757// value will be populated with the request's response once the request completes 758// successfully. 759// 760// Use "Send" method on the returned Request to send the API call to the service. 761// the "output" return value is not valid until after Send returns without error. 762// 763// See CreateAccount for more information on using the CreateAccount 764// API call, and error handling. 765// 766// This method is useful when you want to inject custom logic or configuration 767// into the SDK's request lifecycle. Such as custom headers, or retry logic. 768// 769// 770// // Example sending a request using the CreateAccountRequest method. 771// req, resp := client.CreateAccountRequest(params) 772// 773// err := req.Send() 774// if err == nil { // resp is now filled 775// fmt.Println(resp) 776// } 777// 778// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 779func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { 780 op := &request.Operation{ 781 Name: opCreateAccount, 782 HTTPMethod: "POST", 783 HTTPPath: "/", 784 } 785 786 if input == nil { 787 input = &CreateAccountInput{} 788 } 789 790 output = &CreateAccountOutput{} 791 req = c.newRequest(op, input, output) 792 return 793} 794 795// CreateAccount API operation for AWS Organizations. 796// 797// Creates an AWS account that is automatically a member of the organization 798// whose credentials made the request. This is an asynchronous request that 799// AWS performs in the background. Because CreateAccount operates asynchronously, 800// it can return a successful completion message even though account initialization 801// might still be in progress. You might need to wait a few minutes before you 802// can successfully access the account. To check the status of the request, 803// do one of the following: 804// 805// * Use the OperationId response element from this operation to provide 806// as a parameter to the DescribeCreateAccountStatus operation. 807// 808// * Check the AWS CloudTrail log for the CreateAccountResult event. For 809// information on using AWS CloudTrail with AWS Organizations, see Monitoring 810// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 811// in the AWS Organizations User Guide. 812// 813// The user who calls the API to create an account must have the organizations:CreateAccount 814// permission. If you enabled all features in the organization, AWS Organizations 815// creates the required service-linked role named AWSServiceRoleForOrganizations. 816// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 817// in the AWS Organizations User Guide. 818// 819// AWS Organizations preconfigures the new member account with a role (named 820// OrganizationAccountAccessRole by default) that grants users in the master 821// account administrator permissions in the new member account. Principals in 822// the master account can assume the role. AWS Organizations clones the company 823// name and address information for the new account from the organization's 824// master account. 825// 826// This operation can be called only from the organization's master account. 827// 828// For more information about creating accounts, see Creating an AWS Account 829// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 830// in the AWS Organizations User Guide. 831// 832// * When you create an account in an organization, the information required 833// for the account to operate as a standalone account is not automatically 834// collected. For example, information about the payment method and signing 835// the end user license agreement (EULA) is not collected. If you must remove 836// an account from your organization later, you can do so only after you 837// provide the missing information. Follow the steps at To leave an organization 838// as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 839// in the AWS Organizations User Guide. 840// 841// * If you get an exception that indicates that you exceeded your account 842// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 843// 844// * If you get an exception that indicates that the operation failed because 845// your organization is still initializing, wait one hour and then try again. 846// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 847// 848// * Using CreateAccount to create multiple temporary accounts isn't recommended. 849// You can only close an account from the Billing and Cost Management Console, 850// and you must be signed in as the root user. For information on the requirements 851// and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 852// in the AWS Organizations User Guide. 853// 854// When you create a member account with this operation, you can choose whether 855// to create the account with the IAM User and Role Access to Billing Information 856// switch enabled. If you enable it, IAM users and roles that have appropriate 857// permissions can view billing information for the account. If you disable 858// it, only the account root user can access billing information. For information 859// about how to disable this switch for an account, see Granting Access to Your 860// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 861// 862// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 863// with awserr.Error's Code and Message methods to get detailed information about 864// the error. 865// 866// See the AWS API reference guide for AWS Organizations's 867// API operation CreateAccount for usage and error information. 868// 869// Returned Error Codes: 870// * ErrCodeAccessDeniedException "AccessDeniedException" 871// You don't have permissions to perform the requested operation. The user or 872// role that is making the request must have at least one IAM permissions policy 873// attached that grants the required permissions. For more information, see 874// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 875// in the IAM User Guide. 876// 877// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 878// Your account isn't a member of an organization. To make this request, you 879// must use the credentials of an account that belongs to an organization. 880// 881// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 882// The target of the operation is currently being modified by a different request. 883// Try again later. 884// 885// * ErrCodeConstraintViolationException "ConstraintViolationException" 886// Performing this operation violates a minimum or maximum value limit. Examples 887// include attempting to remove the last service control policy (SCP) from an 888// OU or root, or attaching too many policies to an account, OU, or root. This 889// exception includes a reason that contains additional information about the 890// violated limit. 891// 892// Some of the reasons in the following list might not be applicable to this 893// specific API or operation: 894// 895// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 896// from the organization that doesn't yet have enough information to exist 897// as a standalone account. This account requires you to first agree to the 898// AWS Customer Agreement. Follow the steps at To leave an organization when 899// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 900// in the AWS Organizations User Guide. 901// 902// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 903// an account from the organization that doesn't yet have enough information 904// to exist as a standalone account. This account requires you to first complete 905// phone verification. Follow the steps at To leave an organization when 906// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 907// in the AWS Organizations User Guide. 908// 909// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 910// of accounts that you can create in one day. 911// 912// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 913// the number of accounts in an organization. If you need more accounts, 914// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 915// request an increase in your limit. Or the number of invitations that you 916// tried to send would cause you to exceed the limit of accounts in your 917// organization. Send fewer invitations or contact AWS Support to request 918// an increase in the number of accounts. Deleted and closed accounts still 919// count toward your limit. If you get receive this exception when running 920// a command immediately after creating the organization, wait one hour and 921// try again. If after an hour it continues to fail with this error, contact 922// AWS Support (https://console.aws.amazon.com/support/home#/). 923// 924// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 925// handshakes that you can send in one day. 926// 927// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 928// in this organization, you first must migrate the organization's master 929// account to the marketplace that corresponds to the master account's address. 930// For example, accounts with India addresses must be associated with the 931// AISPL marketplace. All accounts in an organization must be associated 932// with the same marketplace. 933// 934// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 935// must first provide contact a valid address and phone number for the master 936// account. Then try the operation again. 937// 938// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 939// master account must have an associated account in the AWS GovCloud (US-West) 940// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 941// in the AWS GovCloud User Guide. 942// 943// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 944// with this master account, you first must associate a valid payment instrument, 945// such as a credit card, with the account. Follow the steps at To leave 946// an organization when all required account information has not yet been 947// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 948// in the AWS Organizations User Guide. 949// 950// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 951// number of policies of a certain type that can be attached to an entity 952// at one time. 953// 954// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 955// on this resource. 956// 957// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 958// with this member account, you first must associate a valid payment instrument, 959// such as a credit card, with the account. Follow the steps at To leave 960// an organization when all required account information has not yet been 961// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 962// in the AWS Organizations User Guide. 963// 964// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 965// policy from an entity, which would cause the entity to have fewer than 966// the minimum number of policies of the required type. 967// 968// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 969// too many levels deep. 970// 971// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 972// that requires the organization to be configured to support all features. 973// An organization that supports only consolidated billing features can't 974// perform this operation. 975// 976// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 977// that you can have in an organization. 978// 979// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 980// policies that you can have in an organization. 981// 982// * ErrCodeInvalidInputException "InvalidInputException" 983// The requested operation failed because you provided invalid values for one 984// or more of the request parameters. This exception includes a reason that 985// contains additional information about the violated limit: 986// 987// Some of the reasons in the following list might not be applicable to this 988// specific API or operation: 989// 990// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 991// can't be modified. 992// 993// * INPUT_REQUIRED: You must include a value for all required parameters. 994// 995// * INVALID_ENUM: You specified an invalid value. 996// 997// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 998// 999// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1000// characters. 1001// 1002// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1003// at least one invalid value. 1004// 1005// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1006// from the response to a previous call of the operation. 1007// 1008// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1009// organization, or email) as a party. 1010// 1011// * INVALID_PATTERN: You provided a value that doesn't match the required 1012// pattern. 1013// 1014// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1015// match the required pattern. 1016// 1017// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1018// name can't begin with the reserved prefix AWSServiceRoleFor. 1019// 1020// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1021// Name (ARN) for the organization. 1022// 1023// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1024// 1025// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1026// tag. You can’t add, edit, or delete system tag keys because they're 1027// reserved for AWS use. System tags don’t count against your tags per 1028// resource limit. 1029// 1030// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1031// for the operation. 1032// 1033// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1034// than allowed. 1035// 1036// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1037// value than allowed. 1038// 1039// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1040// than allowed. 1041// 1042// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1043// value than allowed. 1044// 1045// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1046// between entities in the same root. 1047// 1048// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 1049// AWS Organizations couldn't perform the operation because your organization 1050// hasn't finished initializing. This can take up to an hour. Try again later. 1051// If after one hour you continue to receive this error, contact AWS Support 1052// (https://console.aws.amazon.com/support/home#/). 1053// 1054// * ErrCodeServiceException "ServiceException" 1055// AWS Organizations can't complete your request because of an internal service 1056// error. Try again later. 1057// 1058// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1059// You have sent too many requests in too short a period of time. The limit 1060// helps protect against denial-of-service attacks. Try again later. 1061// 1062// For information on limits that affect AWS Organizations, see Limits of AWS 1063// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1064// in the AWS Organizations User Guide. 1065// 1066// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 1067// This action isn't available in the current Region. 1068// 1069// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 1070func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { 1071 req, out := c.CreateAccountRequest(input) 1072 return out, req.Send() 1073} 1074 1075// CreateAccountWithContext is the same as CreateAccount with the addition of 1076// the ability to pass a context and additional request options. 1077// 1078// See CreateAccount for details on how to use this API operation. 1079// 1080// The context must be non-nil and will be used for request cancellation. If 1081// the context is nil a panic will occur. In the future the SDK may create 1082// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1083// for more information on using Contexts. 1084func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { 1085 req, out := c.CreateAccountRequest(input) 1086 req.SetContext(ctx) 1087 req.ApplyOptions(opts...) 1088 return out, req.Send() 1089} 1090 1091const opCreateGovCloudAccount = "CreateGovCloudAccount" 1092 1093// CreateGovCloudAccountRequest generates a "aws/request.Request" representing the 1094// client's request for the CreateGovCloudAccount operation. The "output" return 1095// value will be populated with the request's response once the request completes 1096// successfully. 1097// 1098// Use "Send" method on the returned Request to send the API call to the service. 1099// the "output" return value is not valid until after Send returns without error. 1100// 1101// See CreateGovCloudAccount for more information on using the CreateGovCloudAccount 1102// API call, and error handling. 1103// 1104// This method is useful when you want to inject custom logic or configuration 1105// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1106// 1107// 1108// // Example sending a request using the CreateGovCloudAccountRequest method. 1109// req, resp := client.CreateGovCloudAccountRequest(params) 1110// 1111// err := req.Send() 1112// if err == nil { // resp is now filled 1113// fmt.Println(resp) 1114// } 1115// 1116// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1117func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) { 1118 op := &request.Operation{ 1119 Name: opCreateGovCloudAccount, 1120 HTTPMethod: "POST", 1121 HTTPPath: "/", 1122 } 1123 1124 if input == nil { 1125 input = &CreateGovCloudAccountInput{} 1126 } 1127 1128 output = &CreateGovCloudAccountOutput{} 1129 req = c.newRequest(op, input, output) 1130 return 1131} 1132 1133// CreateGovCloudAccount API operation for AWS Organizations. 1134// 1135// This action is available if all of the following are true: 1136// 1137// * You're authorized to create accounts in the AWS GovCloud (US) Region. 1138// For more information on the AWS GovCloud (US) Region, see the AWS GovCloud 1139// User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) 1140// 1141// * You already have an account in the AWS GovCloud (US) Region that is 1142// associated with your master account in the commercial Region. 1143// 1144// * You call this action from the master account of your organization in 1145// the commercial Region. 1146// 1147// * You have the organizations:CreateGovCloudAccount permission. AWS Organizations 1148// creates the required service-linked role named AWSServiceRoleForOrganizations. 1149// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 1150// in the AWS Organizations User Guide. 1151// 1152// AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, 1153// but you should also do the following: 1154// 1155// * Verify that AWS CloudTrail is enabled to store logs. 1156// 1157// * Create an S3 bucket for AWS CloudTrail log storage. For more information, 1158// see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) 1159// in the AWS GovCloud User Guide. 1160// 1161// You call this action from the master account of your organization in the 1162// commercial Region to create a standalone AWS account in the AWS GovCloud 1163// (US) Region. After the account is created, the master account of an organization 1164// in the AWS GovCloud (US) Region can invite it to that organization. For more 1165// information on inviting standalone accounts in the AWS GovCloud (US) to join 1166// an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1167// in the AWS GovCloud User Guide. 1168// 1169// Calling CreateGovCloudAccount is an asynchronous request that AWS performs 1170// in the background. Because CreateGovCloudAccount operates asynchronously, 1171// it can return a successful completion message even though account initialization 1172// might still be in progress. You might need to wait a few minutes before you 1173// can successfully access the account. To check the status of the request, 1174// do one of the following: 1175// 1176// * Use the OperationId response element from this operation to provide 1177// as a parameter to the DescribeCreateAccountStatus operation. 1178// 1179// * Check the AWS CloudTrail log for the CreateAccountResult event. For 1180// information on using AWS CloudTrail with Organizations, see Monitoring 1181// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 1182// in the AWS Organizations User Guide. 1183// 1184// When you call the CreateGovCloudAccount action, you create two accounts: 1185// a standalone account in the AWS GovCloud (US) Region and an associated account 1186// in the commercial Region for billing and support purposes. The account in 1187// the commercial Region is automatically a member of the organization whose 1188// credentials made the request. Both accounts are associated with the same 1189// email address. 1190// 1191// A role is created in the new account in the commercial Region that allows 1192// the master account in the organization in the commercial Region to assume 1193// it. An AWS GovCloud (US) account is then created and associated with the 1194// commercial account that you just created. A role is created in the new AWS 1195// GovCloud (US) account. This role can be assumed by the AWS GovCloud (US) 1196// account that is associated with the master account of the commercial organization. 1197// For more information and to view a diagram that explains how account access 1198// works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1199// in the AWS GovCloud User Guide. 1200// 1201// For more information about creating accounts, see Creating an AWS Account 1202// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 1203// in the AWS Organizations User Guide. 1204// 1205// * You can create an account in an organization using the AWS Organizations 1206// console, API, or CLI commands. When you do, the information required for 1207// the account to operate as a standalone account, such as a payment method, 1208// is not automatically collected. If you must remove an account from your 1209// organization later, you can do so only after you provide the missing information. 1210// Follow the steps at To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1211// in the AWS Organizations User Guide. 1212// 1213// * If you get an exception that indicates that you exceeded your account 1214// limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1215// 1216// * If you get an exception that indicates that the operation failed because 1217// your organization is still initializing, wait one hour and then try again. 1218// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1219// 1220// * Using CreateGovCloudAccount to create multiple temporary accounts isn't 1221// recommended. You can only close an account from the AWS Billing and Cost 1222// Management console, and you must be signed in as the root user. For information 1223// on the requirements and process for closing an account, see Closing an 1224// AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 1225// in the AWS Organizations User Guide. 1226// 1227// When you create a member account with this operation, you can choose whether 1228// to create the account with the IAM User and Role Access to Billing Information 1229// switch enabled. If you enable it, IAM users and roles that have appropriate 1230// permissions can view billing information for the account. If you disable 1231// it, only the account root user can access billing information. For information 1232// about how to disable this switch for an account, see Granting Access to Your 1233// Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 1234// 1235// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1236// with awserr.Error's Code and Message methods to get detailed information about 1237// the error. 1238// 1239// See the AWS API reference guide for AWS Organizations's 1240// API operation CreateGovCloudAccount for usage and error information. 1241// 1242// Returned Error Codes: 1243// * ErrCodeAccessDeniedException "AccessDeniedException" 1244// You don't have permissions to perform the requested operation. The user or 1245// role that is making the request must have at least one IAM permissions policy 1246// attached that grants the required permissions. For more information, see 1247// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1248// in the IAM User Guide. 1249// 1250// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 1251// Your account isn't a member of an organization. To make this request, you 1252// must use the credentials of an account that belongs to an organization. 1253// 1254// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1255// The target of the operation is currently being modified by a different request. 1256// Try again later. 1257// 1258// * ErrCodeConstraintViolationException "ConstraintViolationException" 1259// Performing this operation violates a minimum or maximum value limit. Examples 1260// include attempting to remove the last service control policy (SCP) from an 1261// OU or root, or attaching too many policies to an account, OU, or root. This 1262// exception includes a reason that contains additional information about the 1263// violated limit. 1264// 1265// Some of the reasons in the following list might not be applicable to this 1266// specific API or operation: 1267// 1268// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1269// from the organization that doesn't yet have enough information to exist 1270// as a standalone account. This account requires you to first agree to the 1271// AWS Customer Agreement. Follow the steps at To leave an organization when 1272// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1273// in the AWS Organizations User Guide. 1274// 1275// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1276// an account from the organization that doesn't yet have enough information 1277// to exist as a standalone account. This account requires you to first complete 1278// phone verification. Follow the steps at To leave an organization when 1279// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1280// in the AWS Organizations User Guide. 1281// 1282// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1283// of accounts that you can create in one day. 1284// 1285// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1286// the number of accounts in an organization. If you need more accounts, 1287// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1288// request an increase in your limit. Or the number of invitations that you 1289// tried to send would cause you to exceed the limit of accounts in your 1290// organization. Send fewer invitations or contact AWS Support to request 1291// an increase in the number of accounts. Deleted and closed accounts still 1292// count toward your limit. If you get receive this exception when running 1293// a command immediately after creating the organization, wait one hour and 1294// try again. If after an hour it continues to fail with this error, contact 1295// AWS Support (https://console.aws.amazon.com/support/home#/). 1296// 1297// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1298// handshakes that you can send in one day. 1299// 1300// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1301// in this organization, you first must migrate the organization's master 1302// account to the marketplace that corresponds to the master account's address. 1303// For example, accounts with India addresses must be associated with the 1304// AISPL marketplace. All accounts in an organization must be associated 1305// with the same marketplace. 1306// 1307// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1308// must first provide contact a valid address and phone number for the master 1309// account. Then try the operation again. 1310// 1311// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1312// master account must have an associated account in the AWS GovCloud (US-West) 1313// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1314// in the AWS GovCloud User Guide. 1315// 1316// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1317// with this master account, you first must associate a valid payment instrument, 1318// such as a credit card, with the account. Follow the steps at To leave 1319// an organization when all required account information has not yet been 1320// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1321// in the AWS Organizations User Guide. 1322// 1323// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1324// number of policies of a certain type that can be attached to an entity 1325// at one time. 1326// 1327// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1328// on this resource. 1329// 1330// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1331// with this member account, you first must associate a valid payment instrument, 1332// such as a credit card, with the account. Follow the steps at To leave 1333// an organization when all required account information has not yet been 1334// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1335// in the AWS Organizations User Guide. 1336// 1337// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1338// policy from an entity, which would cause the entity to have fewer than 1339// the minimum number of policies of the required type. 1340// 1341// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1342// too many levels deep. 1343// 1344// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1345// that requires the organization to be configured to support all features. 1346// An organization that supports only consolidated billing features can't 1347// perform this operation. 1348// 1349// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1350// that you can have in an organization. 1351// 1352// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1353// policies that you can have in an organization. 1354// 1355// * ErrCodeInvalidInputException "InvalidInputException" 1356// The requested operation failed because you provided invalid values for one 1357// or more of the request parameters. This exception includes a reason that 1358// contains additional information about the violated limit: 1359// 1360// Some of the reasons in the following list might not be applicable to this 1361// specific API or operation: 1362// 1363// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1364// can't be modified. 1365// 1366// * INPUT_REQUIRED: You must include a value for all required parameters. 1367// 1368// * INVALID_ENUM: You specified an invalid value. 1369// 1370// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 1371// 1372// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1373// characters. 1374// 1375// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1376// at least one invalid value. 1377// 1378// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1379// from the response to a previous call of the operation. 1380// 1381// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1382// organization, or email) as a party. 1383// 1384// * INVALID_PATTERN: You provided a value that doesn't match the required 1385// pattern. 1386// 1387// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1388// match the required pattern. 1389// 1390// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1391// name can't begin with the reserved prefix AWSServiceRoleFor. 1392// 1393// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1394// Name (ARN) for the organization. 1395// 1396// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1397// 1398// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1399// tag. You can’t add, edit, or delete system tag keys because they're 1400// reserved for AWS use. System tags don’t count against your tags per 1401// resource limit. 1402// 1403// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1404// for the operation. 1405// 1406// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1407// than allowed. 1408// 1409// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1410// value than allowed. 1411// 1412// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1413// than allowed. 1414// 1415// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1416// value than allowed. 1417// 1418// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1419// between entities in the same root. 1420// 1421// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 1422// AWS Organizations couldn't perform the operation because your organization 1423// hasn't finished initializing. This can take up to an hour. Try again later. 1424// If after one hour you continue to receive this error, contact AWS Support 1425// (https://console.aws.amazon.com/support/home#/). 1426// 1427// * ErrCodeServiceException "ServiceException" 1428// AWS Organizations can't complete your request because of an internal service 1429// error. Try again later. 1430// 1431// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1432// You have sent too many requests in too short a period of time. The limit 1433// helps protect against denial-of-service attacks. Try again later. 1434// 1435// For information on limits that affect AWS Organizations, see Limits of AWS 1436// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1437// in the AWS Organizations User Guide. 1438// 1439// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 1440// This action isn't available in the current Region. 1441// 1442// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1443func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) { 1444 req, out := c.CreateGovCloudAccountRequest(input) 1445 return out, req.Send() 1446} 1447 1448// CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of 1449// the ability to pass a context and additional request options. 1450// 1451// See CreateGovCloudAccount for details on how to use this API operation. 1452// 1453// The context must be non-nil and will be used for request cancellation. If 1454// the context is nil a panic will occur. In the future the SDK may create 1455// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1456// for more information on using Contexts. 1457func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) { 1458 req, out := c.CreateGovCloudAccountRequest(input) 1459 req.SetContext(ctx) 1460 req.ApplyOptions(opts...) 1461 return out, req.Send() 1462} 1463 1464const opCreateOrganization = "CreateOrganization" 1465 1466// CreateOrganizationRequest generates a "aws/request.Request" representing the 1467// client's request for the CreateOrganization operation. The "output" return 1468// value will be populated with the request's response once the request completes 1469// successfully. 1470// 1471// Use "Send" method on the returned Request to send the API call to the service. 1472// the "output" return value is not valid until after Send returns without error. 1473// 1474// See CreateOrganization for more information on using the CreateOrganization 1475// API call, and error handling. 1476// 1477// This method is useful when you want to inject custom logic or configuration 1478// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1479// 1480// 1481// // Example sending a request using the CreateOrganizationRequest method. 1482// req, resp := client.CreateOrganizationRequest(params) 1483// 1484// err := req.Send() 1485// if err == nil { // resp is now filled 1486// fmt.Println(resp) 1487// } 1488// 1489// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1490func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { 1491 op := &request.Operation{ 1492 Name: opCreateOrganization, 1493 HTTPMethod: "POST", 1494 HTTPPath: "/", 1495 } 1496 1497 if input == nil { 1498 input = &CreateOrganizationInput{} 1499 } 1500 1501 output = &CreateOrganizationOutput{} 1502 req = c.newRequest(op, input, output) 1503 return 1504} 1505 1506// CreateOrganization API operation for AWS Organizations. 1507// 1508// Creates an AWS organization. The account whose user is calling the CreateOrganization 1509// operation automatically becomes the master account (https://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account) 1510// of the new organization. 1511// 1512// This operation must be called using credentials from the account that is 1513// to become the new organization's master account. The principal must also 1514// have the relevant IAM permissions. 1515// 1516// By default (or if you set the FeatureSet parameter to ALL), the new organization 1517// is created with all features enabled. In addition, service control policies 1518// are automatically enabled in the root. If you instead create the organization 1519// supporting only the consolidated billing features, no policy types are enabled 1520// by default, and you can't use organization policies. 1521// 1522// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1523// with awserr.Error's Code and Message methods to get detailed information about 1524// the error. 1525// 1526// See the AWS API reference guide for AWS Organizations's 1527// API operation CreateOrganization for usage and error information. 1528// 1529// Returned Error Codes: 1530// * ErrCodeAccessDeniedException "AccessDeniedException" 1531// You don't have permissions to perform the requested operation. The user or 1532// role that is making the request must have at least one IAM permissions policy 1533// attached that grants the required permissions. For more information, see 1534// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1535// in the IAM User Guide. 1536// 1537// * ErrCodeAlreadyInOrganizationException "AlreadyInOrganizationException" 1538// This account is already a member of an organization. An account can belong 1539// to only one organization at a time. 1540// 1541// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1542// The target of the operation is currently being modified by a different request. 1543// Try again later. 1544// 1545// * ErrCodeConstraintViolationException "ConstraintViolationException" 1546// Performing this operation violates a minimum or maximum value limit. Examples 1547// include attempting to remove the last service control policy (SCP) from an 1548// OU or root, or attaching too many policies to an account, OU, or root. This 1549// exception includes a reason that contains additional information about the 1550// violated limit. 1551// 1552// Some of the reasons in the following list might not be applicable to this 1553// specific API or operation: 1554// 1555// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1556// from the organization that doesn't yet have enough information to exist 1557// as a standalone account. This account requires you to first agree to the 1558// AWS Customer Agreement. Follow the steps at To leave an organization when 1559// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1560// in the AWS Organizations User Guide. 1561// 1562// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1563// an account from the organization that doesn't yet have enough information 1564// to exist as a standalone account. This account requires you to first complete 1565// phone verification. Follow the steps at To leave an organization when 1566// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1567// in the AWS Organizations User Guide. 1568// 1569// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1570// of accounts that you can create in one day. 1571// 1572// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1573// the number of accounts in an organization. If you need more accounts, 1574// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1575// request an increase in your limit. Or the number of invitations that you 1576// tried to send would cause you to exceed the limit of accounts in your 1577// organization. Send fewer invitations or contact AWS Support to request 1578// an increase in the number of accounts. Deleted and closed accounts still 1579// count toward your limit. If you get receive this exception when running 1580// a command immediately after creating the organization, wait one hour and 1581// try again. If after an hour it continues to fail with this error, contact 1582// AWS Support (https://console.aws.amazon.com/support/home#/). 1583// 1584// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1585// handshakes that you can send in one day. 1586// 1587// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1588// in this organization, you first must migrate the organization's master 1589// account to the marketplace that corresponds to the master account's address. 1590// For example, accounts with India addresses must be associated with the 1591// AISPL marketplace. All accounts in an organization must be associated 1592// with the same marketplace. 1593// 1594// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1595// must first provide contact a valid address and phone number for the master 1596// account. Then try the operation again. 1597// 1598// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1599// master account must have an associated account in the AWS GovCloud (US-West) 1600// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1601// in the AWS GovCloud User Guide. 1602// 1603// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1604// with this master account, you first must associate a valid payment instrument, 1605// such as a credit card, with the account. Follow the steps at To leave 1606// an organization when all required account information has not yet been 1607// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1608// in the AWS Organizations User Guide. 1609// 1610// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1611// number of policies of a certain type that can be attached to an entity 1612// at one time. 1613// 1614// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1615// on this resource. 1616// 1617// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1618// with this member account, you first must associate a valid payment instrument, 1619// such as a credit card, with the account. Follow the steps at To leave 1620// an organization when all required account information has not yet been 1621// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1622// in the AWS Organizations User Guide. 1623// 1624// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1625// policy from an entity, which would cause the entity to have fewer than 1626// the minimum number of policies of the required type. 1627// 1628// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1629// too many levels deep. 1630// 1631// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1632// that requires the organization to be configured to support all features. 1633// An organization that supports only consolidated billing features can't 1634// perform this operation. 1635// 1636// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1637// that you can have in an organization. 1638// 1639// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1640// policies that you can have in an organization. 1641// 1642// * ErrCodeInvalidInputException "InvalidInputException" 1643// The requested operation failed because you provided invalid values for one 1644// or more of the request parameters. This exception includes a reason that 1645// contains additional information about the violated limit: 1646// 1647// Some of the reasons in the following list might not be applicable to this 1648// specific API or operation: 1649// 1650// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1651// can't be modified. 1652// 1653// * INPUT_REQUIRED: You must include a value for all required parameters. 1654// 1655// * INVALID_ENUM: You specified an invalid value. 1656// 1657// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 1658// 1659// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1660// characters. 1661// 1662// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1663// at least one invalid value. 1664// 1665// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1666// from the response to a previous call of the operation. 1667// 1668// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1669// organization, or email) as a party. 1670// 1671// * INVALID_PATTERN: You provided a value that doesn't match the required 1672// pattern. 1673// 1674// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1675// match the required pattern. 1676// 1677// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1678// name can't begin with the reserved prefix AWSServiceRoleFor. 1679// 1680// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1681// Name (ARN) for the organization. 1682// 1683// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1684// 1685// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1686// tag. You can’t add, edit, or delete system tag keys because they're 1687// reserved for AWS use. System tags don’t count against your tags per 1688// resource limit. 1689// 1690// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1691// for the operation. 1692// 1693// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1694// than allowed. 1695// 1696// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1697// value than allowed. 1698// 1699// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1700// than allowed. 1701// 1702// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1703// value than allowed. 1704// 1705// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1706// between entities in the same root. 1707// 1708// * ErrCodeServiceException "ServiceException" 1709// AWS Organizations can't complete your request because of an internal service 1710// error. Try again later. 1711// 1712// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1713// You have sent too many requests in too short a period of time. The limit 1714// helps protect against denial-of-service attacks. Try again later. 1715// 1716// For information on limits that affect AWS Organizations, see Limits of AWS 1717// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 1718// in the AWS Organizations User Guide. 1719// 1720// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException" 1721// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 1722// for organizations.amazonaws.com permission so that AWS Organizations can 1723// create the required service-linked role. You don't have that permission. 1724// 1725// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1726func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { 1727 req, out := c.CreateOrganizationRequest(input) 1728 return out, req.Send() 1729} 1730 1731// CreateOrganizationWithContext is the same as CreateOrganization with the addition of 1732// the ability to pass a context and additional request options. 1733// 1734// See CreateOrganization for details on how to use this API operation. 1735// 1736// The context must be non-nil and will be used for request cancellation. If 1737// the context is nil a panic will occur. In the future the SDK may create 1738// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1739// for more information on using Contexts. 1740func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { 1741 req, out := c.CreateOrganizationRequest(input) 1742 req.SetContext(ctx) 1743 req.ApplyOptions(opts...) 1744 return out, req.Send() 1745} 1746 1747const opCreateOrganizationalUnit = "CreateOrganizationalUnit" 1748 1749// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the 1750// client's request for the CreateOrganizationalUnit operation. The "output" return 1751// value will be populated with the request's response once the request completes 1752// successfully. 1753// 1754// Use "Send" method on the returned Request to send the API call to the service. 1755// the "output" return value is not valid until after Send returns without error. 1756// 1757// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit 1758// API call, and error handling. 1759// 1760// This method is useful when you want to inject custom logic or configuration 1761// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1762// 1763// 1764// // Example sending a request using the CreateOrganizationalUnitRequest method. 1765// req, resp := client.CreateOrganizationalUnitRequest(params) 1766// 1767// err := req.Send() 1768// if err == nil { // resp is now filled 1769// fmt.Println(resp) 1770// } 1771// 1772// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 1773func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { 1774 op := &request.Operation{ 1775 Name: opCreateOrganizationalUnit, 1776 HTTPMethod: "POST", 1777 HTTPPath: "/", 1778 } 1779 1780 if input == nil { 1781 input = &CreateOrganizationalUnitInput{} 1782 } 1783 1784 output = &CreateOrganizationalUnitOutput{} 1785 req = c.newRequest(op, input, output) 1786 return 1787} 1788 1789// CreateOrganizationalUnit API operation for AWS Organizations. 1790// 1791// Creates an organizational unit (OU) within a root or parent OU. An OU is 1792// a container for accounts that enables you to organize your accounts to apply 1793// policies according to your business requirements. The number of levels deep 1794// that you can nest OUs is dependent upon the policy types enabled for that 1795// root. For service control policies, the limit is five. 1796// 1797// For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) 1798// in the AWS Organizations User Guide. 1799// 1800// This operation can be called only from the organization's master account. 1801// 1802// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1803// with awserr.Error's Code and Message methods to get detailed information about 1804// the error. 1805// 1806// See the AWS API reference guide for AWS Organizations's 1807// API operation CreateOrganizationalUnit for usage and error information. 1808// 1809// Returned Error Codes: 1810// * ErrCodeAccessDeniedException "AccessDeniedException" 1811// You don't have permissions to perform the requested operation. The user or 1812// role that is making the request must have at least one IAM permissions policy 1813// attached that grants the required permissions. For more information, see 1814// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1815// in the IAM User Guide. 1816// 1817// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 1818// Your account isn't a member of an organization. To make this request, you 1819// must use the credentials of an account that belongs to an organization. 1820// 1821// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 1822// The target of the operation is currently being modified by a different request. 1823// Try again later. 1824// 1825// * ErrCodeConstraintViolationException "ConstraintViolationException" 1826// Performing this operation violates a minimum or maximum value limit. Examples 1827// include attempting to remove the last service control policy (SCP) from an 1828// OU or root, or attaching too many policies to an account, OU, or root. This 1829// exception includes a reason that contains additional information about the 1830// violated limit. 1831// 1832// Some of the reasons in the following list might not be applicable to this 1833// specific API or operation: 1834// 1835// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1836// from the organization that doesn't yet have enough information to exist 1837// as a standalone account. This account requires you to first agree to the 1838// AWS Customer Agreement. Follow the steps at To leave an organization when 1839// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1840// in the AWS Organizations User Guide. 1841// 1842// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1843// an account from the organization that doesn't yet have enough information 1844// to exist as a standalone account. This account requires you to first complete 1845// phone verification. Follow the steps at To leave an organization when 1846// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1847// in the AWS Organizations User Guide. 1848// 1849// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1850// of accounts that you can create in one day. 1851// 1852// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1853// the number of accounts in an organization. If you need more accounts, 1854// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1855// request an increase in your limit. Or the number of invitations that you 1856// tried to send would cause you to exceed the limit of accounts in your 1857// organization. Send fewer invitations or contact AWS Support to request 1858// an increase in the number of accounts. Deleted and closed accounts still 1859// count toward your limit. If you get receive this exception when running 1860// a command immediately after creating the organization, wait one hour and 1861// try again. If after an hour it continues to fail with this error, contact 1862// AWS Support (https://console.aws.amazon.com/support/home#/). 1863// 1864// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1865// handshakes that you can send in one day. 1866// 1867// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1868// in this organization, you first must migrate the organization's master 1869// account to the marketplace that corresponds to the master account's address. 1870// For example, accounts with India addresses must be associated with the 1871// AISPL marketplace. All accounts in an organization must be associated 1872// with the same marketplace. 1873// 1874// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1875// must first provide contact a valid address and phone number for the master 1876// account. Then try the operation again. 1877// 1878// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1879// master account must have an associated account in the AWS GovCloud (US-West) 1880// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1881// in the AWS GovCloud User Guide. 1882// 1883// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1884// with this master account, you first must associate a valid payment instrument, 1885// such as a credit card, with the account. Follow the steps at To leave 1886// an organization when all required account information has not yet been 1887// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1888// in the AWS Organizations User Guide. 1889// 1890// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1891// number of policies of a certain type that can be attached to an entity 1892// at one time. 1893// 1894// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1895// on this resource. 1896// 1897// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1898// with this member account, you first must associate a valid payment instrument, 1899// such as a credit card, with the account. Follow the steps at To leave 1900// an organization when all required account information has not yet been 1901// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1902// in the AWS Organizations User Guide. 1903// 1904// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1905// policy from an entity, which would cause the entity to have fewer than 1906// the minimum number of policies of the required type. 1907// 1908// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1909// too many levels deep. 1910// 1911// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1912// that requires the organization to be configured to support all features. 1913// An organization that supports only consolidated billing features can't 1914// perform this operation. 1915// 1916// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1917// that you can have in an organization. 1918// 1919// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 1920// policies that you can have in an organization. 1921// 1922// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" 1923// An OU with the same name already exists. 1924// 1925// * ErrCodeInvalidInputException "InvalidInputException" 1926// The requested operation failed because you provided invalid values for one 1927// or more of the request parameters. This exception includes a reason that 1928// contains additional information about the violated limit: 1929// 1930// Some of the reasons in the following list might not be applicable to this 1931// specific API or operation: 1932// 1933// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1934// can't be modified. 1935// 1936// * INPUT_REQUIRED: You must include a value for all required parameters. 1937// 1938// * INVALID_ENUM: You specified an invalid value. 1939// 1940// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 1941// 1942// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1943// characters. 1944// 1945// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1946// at least one invalid value. 1947// 1948// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1949// from the response to a previous call of the operation. 1950// 1951// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1952// organization, or email) as a party. 1953// 1954// * INVALID_PATTERN: You provided a value that doesn't match the required 1955// pattern. 1956// 1957// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1958// match the required pattern. 1959// 1960// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1961// name can't begin with the reserved prefix AWSServiceRoleFor. 1962// 1963// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1964// Name (ARN) for the organization. 1965// 1966// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1967// 1968// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1969// tag. You can’t add, edit, or delete system tag keys because they're 1970// reserved for AWS use. System tags don’t count against your tags per 1971// resource limit. 1972// 1973// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1974// for the operation. 1975// 1976// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1977// than allowed. 1978// 1979// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1980// value than allowed. 1981// 1982// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1983// than allowed. 1984// 1985// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1986// value than allowed. 1987// 1988// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1989// between entities in the same root. 1990// 1991// * ErrCodeParentNotFoundException "ParentNotFoundException" 1992// We can't find a root or OU with the ParentId that you specified. 1993// 1994// * ErrCodeServiceException "ServiceException" 1995// AWS Organizations can't complete your request because of an internal service 1996// error. Try again later. 1997// 1998// * ErrCodeTooManyRequestsException "TooManyRequestsException" 1999// You have sent too many requests in too short a period of time. The limit 2000// helps protect against denial-of-service attacks. Try again later. 2001// 2002// For information on limits that affect AWS Organizations, see Limits of AWS 2003// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2004// in the AWS Organizations User Guide. 2005// 2006// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2007func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { 2008 req, out := c.CreateOrganizationalUnitRequest(input) 2009 return out, req.Send() 2010} 2011 2012// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of 2013// the ability to pass a context and additional request options. 2014// 2015// See CreateOrganizationalUnit for details on how to use this API operation. 2016// 2017// The context must be non-nil and will be used for request cancellation. If 2018// the context is nil a panic will occur. In the future the SDK may create 2019// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2020// for more information on using Contexts. 2021func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { 2022 req, out := c.CreateOrganizationalUnitRequest(input) 2023 req.SetContext(ctx) 2024 req.ApplyOptions(opts...) 2025 return out, req.Send() 2026} 2027 2028const opCreatePolicy = "CreatePolicy" 2029 2030// CreatePolicyRequest generates a "aws/request.Request" representing the 2031// client's request for the CreatePolicy operation. The "output" return 2032// value will be populated with the request's response once the request completes 2033// successfully. 2034// 2035// Use "Send" method on the returned Request to send the API call to the service. 2036// the "output" return value is not valid until after Send returns without error. 2037// 2038// See CreatePolicy for more information on using the CreatePolicy 2039// API call, and error handling. 2040// 2041// This method is useful when you want to inject custom logic or configuration 2042// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2043// 2044// 2045// // Example sending a request using the CreatePolicyRequest method. 2046// req, resp := client.CreatePolicyRequest(params) 2047// 2048// err := req.Send() 2049// if err == nil { // resp is now filled 2050// fmt.Println(resp) 2051// } 2052// 2053// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2054func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { 2055 op := &request.Operation{ 2056 Name: opCreatePolicy, 2057 HTTPMethod: "POST", 2058 HTTPPath: "/", 2059 } 2060 2061 if input == nil { 2062 input = &CreatePolicyInput{} 2063 } 2064 2065 output = &CreatePolicyOutput{} 2066 req = c.newRequest(op, input, output) 2067 return 2068} 2069 2070// CreatePolicy API operation for AWS Organizations. 2071// 2072// Creates a policy of a specified type that you can attach to a root, an organizational 2073// unit (OU), or an individual AWS account. 2074// 2075// For more information about policies and their use, see Managing Organization 2076// Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). 2077// 2078// This operation can be called only from the organization's master account. 2079// 2080// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2081// with awserr.Error's Code and Message methods to get detailed information about 2082// the error. 2083// 2084// See the AWS API reference guide for AWS Organizations's 2085// API operation CreatePolicy for usage and error information. 2086// 2087// Returned Error Codes: 2088// * ErrCodeAccessDeniedException "AccessDeniedException" 2089// You don't have permissions to perform the requested operation. The user or 2090// role that is making the request must have at least one IAM permissions policy 2091// attached that grants the required permissions. For more information, see 2092// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2093// in the IAM User Guide. 2094// 2095// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2096// Your account isn't a member of an organization. To make this request, you 2097// must use the credentials of an account that belongs to an organization. 2098// 2099// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2100// The target of the operation is currently being modified by a different request. 2101// Try again later. 2102// 2103// * ErrCodeConstraintViolationException "ConstraintViolationException" 2104// Performing this operation violates a minimum or maximum value limit. Examples 2105// include attempting to remove the last service control policy (SCP) from an 2106// OU or root, or attaching too many policies to an account, OU, or root. This 2107// exception includes a reason that contains additional information about the 2108// violated limit. 2109// 2110// Some of the reasons in the following list might not be applicable to this 2111// specific API or operation: 2112// 2113// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2114// from the organization that doesn't yet have enough information to exist 2115// as a standalone account. This account requires you to first agree to the 2116// AWS Customer Agreement. Follow the steps at To leave an organization when 2117// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2118// in the AWS Organizations User Guide. 2119// 2120// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2121// an account from the organization that doesn't yet have enough information 2122// to exist as a standalone account. This account requires you to first complete 2123// phone verification. Follow the steps at To leave an organization when 2124// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2125// in the AWS Organizations User Guide. 2126// 2127// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2128// of accounts that you can create in one day. 2129// 2130// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2131// the number of accounts in an organization. If you need more accounts, 2132// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2133// request an increase in your limit. Or the number of invitations that you 2134// tried to send would cause you to exceed the limit of accounts in your 2135// organization. Send fewer invitations or contact AWS Support to request 2136// an increase in the number of accounts. Deleted and closed accounts still 2137// count toward your limit. If you get receive this exception when running 2138// a command immediately after creating the organization, wait one hour and 2139// try again. If after an hour it continues to fail with this error, contact 2140// AWS Support (https://console.aws.amazon.com/support/home#/). 2141// 2142// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2143// handshakes that you can send in one day. 2144// 2145// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2146// in this organization, you first must migrate the organization's master 2147// account to the marketplace that corresponds to the master account's address. 2148// For example, accounts with India addresses must be associated with the 2149// AISPL marketplace. All accounts in an organization must be associated 2150// with the same marketplace. 2151// 2152// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2153// must first provide contact a valid address and phone number for the master 2154// account. Then try the operation again. 2155// 2156// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2157// master account must have an associated account in the AWS GovCloud (US-West) 2158// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2159// in the AWS GovCloud User Guide. 2160// 2161// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2162// with this master account, you first must associate a valid payment instrument, 2163// such as a credit card, with the account. Follow the steps at To leave 2164// an organization when all required account information has not yet been 2165// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2166// in the AWS Organizations User Guide. 2167// 2168// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2169// number of policies of a certain type that can be attached to an entity 2170// at one time. 2171// 2172// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2173// on this resource. 2174// 2175// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2176// with this member account, you first must associate a valid payment instrument, 2177// such as a credit card, with the account. Follow the steps at To leave 2178// an organization when all required account information has not yet been 2179// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2180// in the AWS Organizations User Guide. 2181// 2182// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2183// policy from an entity, which would cause the entity to have fewer than 2184// the minimum number of policies of the required type. 2185// 2186// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2187// too many levels deep. 2188// 2189// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2190// that requires the organization to be configured to support all features. 2191// An organization that supports only consolidated billing features can't 2192// perform this operation. 2193// 2194// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2195// that you can have in an organization. 2196// 2197// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 2198// policies that you can have in an organization. 2199// 2200// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" 2201// A policy with the same name already exists. 2202// 2203// * ErrCodeInvalidInputException "InvalidInputException" 2204// The requested operation failed because you provided invalid values for one 2205// or more of the request parameters. This exception includes a reason that 2206// contains additional information about the violated limit: 2207// 2208// Some of the reasons in the following list might not be applicable to this 2209// specific API or operation: 2210// 2211// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2212// can't be modified. 2213// 2214// * INPUT_REQUIRED: You must include a value for all required parameters. 2215// 2216// * INVALID_ENUM: You specified an invalid value. 2217// 2218// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 2219// 2220// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2221// characters. 2222// 2223// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2224// at least one invalid value. 2225// 2226// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2227// from the response to a previous call of the operation. 2228// 2229// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2230// organization, or email) as a party. 2231// 2232// * INVALID_PATTERN: You provided a value that doesn't match the required 2233// pattern. 2234// 2235// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2236// match the required pattern. 2237// 2238// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2239// name can't begin with the reserved prefix AWSServiceRoleFor. 2240// 2241// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2242// Name (ARN) for the organization. 2243// 2244// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2245// 2246// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2247// tag. You can’t add, edit, or delete system tag keys because they're 2248// reserved for AWS use. System tags don’t count against your tags per 2249// resource limit. 2250// 2251// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2252// for the operation. 2253// 2254// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2255// than allowed. 2256// 2257// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2258// value than allowed. 2259// 2260// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2261// than allowed. 2262// 2263// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2264// value than allowed. 2265// 2266// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2267// between entities in the same root. 2268// 2269// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 2270// The provided policy document doesn't meet the requirements of the specified 2271// policy type. For example, the syntax might be incorrect. For details about 2272// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 2273// in the AWS Organizations User Guide. 2274// 2275// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" 2276// You can't use the specified policy type with the feature set currently enabled 2277// for this organization. For example, you can enable SCPs only after you enable 2278// all features in the organization. For more information, see Enabling and 2279// Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) 2280// in the AWS Organizations User Guide. 2281// 2282// * ErrCodeServiceException "ServiceException" 2283// AWS Organizations can't complete your request because of an internal service 2284// error. Try again later. 2285// 2286// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2287// You have sent too many requests in too short a period of time. The limit 2288// helps protect against denial-of-service attacks. Try again later. 2289// 2290// For information on limits that affect AWS Organizations, see Limits of AWS 2291// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2292// in the AWS Organizations User Guide. 2293// 2294// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 2295// This action isn't available in the current Region. 2296// 2297// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2298func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { 2299 req, out := c.CreatePolicyRequest(input) 2300 return out, req.Send() 2301} 2302 2303// CreatePolicyWithContext is the same as CreatePolicy with the addition of 2304// the ability to pass a context and additional request options. 2305// 2306// See CreatePolicy for details on how to use this API operation. 2307// 2308// The context must be non-nil and will be used for request cancellation. If 2309// the context is nil a panic will occur. In the future the SDK may create 2310// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2311// for more information on using Contexts. 2312func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { 2313 req, out := c.CreatePolicyRequest(input) 2314 req.SetContext(ctx) 2315 req.ApplyOptions(opts...) 2316 return out, req.Send() 2317} 2318 2319const opDeclineHandshake = "DeclineHandshake" 2320 2321// DeclineHandshakeRequest generates a "aws/request.Request" representing the 2322// client's request for the DeclineHandshake operation. The "output" return 2323// value will be populated with the request's response once the request completes 2324// successfully. 2325// 2326// Use "Send" method on the returned Request to send the API call to the service. 2327// the "output" return value is not valid until after Send returns without error. 2328// 2329// See DeclineHandshake for more information on using the DeclineHandshake 2330// API call, and error handling. 2331// 2332// This method is useful when you want to inject custom logic or configuration 2333// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2334// 2335// 2336// // Example sending a request using the DeclineHandshakeRequest method. 2337// req, resp := client.DeclineHandshakeRequest(params) 2338// 2339// err := req.Send() 2340// if err == nil { // resp is now filled 2341// fmt.Println(resp) 2342// } 2343// 2344// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2345func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { 2346 op := &request.Operation{ 2347 Name: opDeclineHandshake, 2348 HTTPMethod: "POST", 2349 HTTPPath: "/", 2350 } 2351 2352 if input == nil { 2353 input = &DeclineHandshakeInput{} 2354 } 2355 2356 output = &DeclineHandshakeOutput{} 2357 req = c.newRequest(op, input, output) 2358 return 2359} 2360 2361// DeclineHandshake API operation for AWS Organizations. 2362// 2363// Declines a handshake request. This sets the handshake state to DECLINED and 2364// effectively deactivates the request. 2365// 2366// This operation can be called only from the account that received the handshake. 2367// The originator of the handshake can use CancelHandshake instead. The originator 2368// can't reactivate a declined request, but can reinitiate the process with 2369// a new handshake request. 2370// 2371// After you decline a handshake, it continues to appear in the results of relevant 2372// API operations for only 30 days. After that, it's deleted. 2373// 2374// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2375// with awserr.Error's Code and Message methods to get detailed information about 2376// the error. 2377// 2378// See the AWS API reference guide for AWS Organizations's 2379// API operation DeclineHandshake for usage and error information. 2380// 2381// Returned Error Codes: 2382// * ErrCodeAccessDeniedException "AccessDeniedException" 2383// You don't have permissions to perform the requested operation. The user or 2384// role that is making the request must have at least one IAM permissions policy 2385// attached that grants the required permissions. For more information, see 2386// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2387// in the IAM User Guide. 2388// 2389// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2390// The target of the operation is currently being modified by a different request. 2391// Try again later. 2392// 2393// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 2394// We can't find a handshake with the HandshakeId that you specified. 2395// 2396// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException" 2397// You can't perform the operation on the handshake in its current state. For 2398// example, you can't cancel a handshake that was already accepted or accept 2399// a handshake that was already declined. 2400// 2401// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException" 2402// The specified handshake is already in the requested state. For example, you 2403// can't accept a handshake that was already accepted. 2404// 2405// * ErrCodeInvalidInputException "InvalidInputException" 2406// The requested operation failed because you provided invalid values for one 2407// or more of the request parameters. This exception includes a reason that 2408// contains additional information about the violated limit: 2409// 2410// Some of the reasons in the following list might not be applicable to this 2411// specific API or operation: 2412// 2413// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2414// can't be modified. 2415// 2416// * INPUT_REQUIRED: You must include a value for all required parameters. 2417// 2418// * INVALID_ENUM: You specified an invalid value. 2419// 2420// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 2421// 2422// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2423// characters. 2424// 2425// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2426// at least one invalid value. 2427// 2428// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2429// from the response to a previous call of the operation. 2430// 2431// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2432// organization, or email) as a party. 2433// 2434// * INVALID_PATTERN: You provided a value that doesn't match the required 2435// pattern. 2436// 2437// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2438// match the required pattern. 2439// 2440// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2441// name can't begin with the reserved prefix AWSServiceRoleFor. 2442// 2443// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2444// Name (ARN) for the organization. 2445// 2446// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2447// 2448// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2449// tag. You can’t add, edit, or delete system tag keys because they're 2450// reserved for AWS use. System tags don’t count against your tags per 2451// resource limit. 2452// 2453// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2454// for the operation. 2455// 2456// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2457// than allowed. 2458// 2459// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2460// value than allowed. 2461// 2462// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2463// than allowed. 2464// 2465// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2466// value than allowed. 2467// 2468// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2469// between entities in the same root. 2470// 2471// * ErrCodeServiceException "ServiceException" 2472// AWS Organizations can't complete your request because of an internal service 2473// error. Try again later. 2474// 2475// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2476// You have sent too many requests in too short a period of time. The limit 2477// helps protect against denial-of-service attacks. Try again later. 2478// 2479// For information on limits that affect AWS Organizations, see Limits of AWS 2480// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2481// in the AWS Organizations User Guide. 2482// 2483// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2484func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { 2485 req, out := c.DeclineHandshakeRequest(input) 2486 return out, req.Send() 2487} 2488 2489// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of 2490// the ability to pass a context and additional request options. 2491// 2492// See DeclineHandshake for details on how to use this API operation. 2493// 2494// The context must be non-nil and will be used for request cancellation. If 2495// the context is nil a panic will occur. In the future the SDK may create 2496// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2497// for more information on using Contexts. 2498func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { 2499 req, out := c.DeclineHandshakeRequest(input) 2500 req.SetContext(ctx) 2501 req.ApplyOptions(opts...) 2502 return out, req.Send() 2503} 2504 2505const opDeleteOrganization = "DeleteOrganization" 2506 2507// DeleteOrganizationRequest generates a "aws/request.Request" representing the 2508// client's request for the DeleteOrganization operation. The "output" return 2509// value will be populated with the request's response once the request completes 2510// successfully. 2511// 2512// Use "Send" method on the returned Request to send the API call to the service. 2513// the "output" return value is not valid until after Send returns without error. 2514// 2515// See DeleteOrganization for more information on using the DeleteOrganization 2516// API call, and error handling. 2517// 2518// This method is useful when you want to inject custom logic or configuration 2519// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2520// 2521// 2522// // Example sending a request using the DeleteOrganizationRequest method. 2523// req, resp := client.DeleteOrganizationRequest(params) 2524// 2525// err := req.Send() 2526// if err == nil { // resp is now filled 2527// fmt.Println(resp) 2528// } 2529// 2530// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2531func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { 2532 op := &request.Operation{ 2533 Name: opDeleteOrganization, 2534 HTTPMethod: "POST", 2535 HTTPPath: "/", 2536 } 2537 2538 if input == nil { 2539 input = &DeleteOrganizationInput{} 2540 } 2541 2542 output = &DeleteOrganizationOutput{} 2543 req = c.newRequest(op, input, output) 2544 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2545 return 2546} 2547 2548// DeleteOrganization API operation for AWS Organizations. 2549// 2550// Deletes the organization. You can delete an organization only by using credentials 2551// from the master account. The organization must be empty of member accounts. 2552// 2553// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2554// with awserr.Error's Code and Message methods to get detailed information about 2555// the error. 2556// 2557// See the AWS API reference guide for AWS Organizations's 2558// API operation DeleteOrganization for usage and error information. 2559// 2560// Returned Error Codes: 2561// * ErrCodeAccessDeniedException "AccessDeniedException" 2562// You don't have permissions to perform the requested operation. The user or 2563// role that is making the request must have at least one IAM permissions policy 2564// attached that grants the required permissions. For more information, see 2565// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2566// in the IAM User Guide. 2567// 2568// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2569// Your account isn't a member of an organization. To make this request, you 2570// must use the credentials of an account that belongs to an organization. 2571// 2572// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2573// The target of the operation is currently being modified by a different request. 2574// Try again later. 2575// 2576// * ErrCodeInvalidInputException "InvalidInputException" 2577// The requested operation failed because you provided invalid values for one 2578// or more of the request parameters. This exception includes a reason that 2579// contains additional information about the violated limit: 2580// 2581// Some of the reasons in the following list might not be applicable to this 2582// specific API or operation: 2583// 2584// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2585// can't be modified. 2586// 2587// * INPUT_REQUIRED: You must include a value for all required parameters. 2588// 2589// * INVALID_ENUM: You specified an invalid value. 2590// 2591// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 2592// 2593// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2594// characters. 2595// 2596// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2597// at least one invalid value. 2598// 2599// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2600// from the response to a previous call of the operation. 2601// 2602// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2603// organization, or email) as a party. 2604// 2605// * INVALID_PATTERN: You provided a value that doesn't match the required 2606// pattern. 2607// 2608// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2609// match the required pattern. 2610// 2611// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2612// name can't begin with the reserved prefix AWSServiceRoleFor. 2613// 2614// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2615// Name (ARN) for the organization. 2616// 2617// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2618// 2619// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2620// tag. You can’t add, edit, or delete system tag keys because they're 2621// reserved for AWS use. System tags don’t count against your tags per 2622// resource limit. 2623// 2624// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2625// for the operation. 2626// 2627// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2628// than allowed. 2629// 2630// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2631// value than allowed. 2632// 2633// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2634// than allowed. 2635// 2636// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2637// value than allowed. 2638// 2639// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2640// between entities in the same root. 2641// 2642// * ErrCodeOrganizationNotEmptyException "OrganizationNotEmptyException" 2643// The organization isn't empty. To delete an organization, you must first remove 2644// all accounts except the master account, delete all OUs, and delete all policies. 2645// 2646// * ErrCodeServiceException "ServiceException" 2647// AWS Organizations can't complete your request because of an internal service 2648// error. Try again later. 2649// 2650// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2651// You have sent too many requests in too short a period of time. The limit 2652// helps protect against denial-of-service attacks. Try again later. 2653// 2654// For information on limits that affect AWS Organizations, see Limits of AWS 2655// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2656// in the AWS Organizations User Guide. 2657// 2658// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2659func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { 2660 req, out := c.DeleteOrganizationRequest(input) 2661 return out, req.Send() 2662} 2663 2664// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of 2665// the ability to pass a context and additional request options. 2666// 2667// See DeleteOrganization for details on how to use this API operation. 2668// 2669// The context must be non-nil and will be used for request cancellation. If 2670// the context is nil a panic will occur. In the future the SDK may create 2671// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2672// for more information on using Contexts. 2673func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { 2674 req, out := c.DeleteOrganizationRequest(input) 2675 req.SetContext(ctx) 2676 req.ApplyOptions(opts...) 2677 return out, req.Send() 2678} 2679 2680const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" 2681 2682// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the 2683// client's request for the DeleteOrganizationalUnit operation. The "output" return 2684// value will be populated with the request's response once the request completes 2685// successfully. 2686// 2687// Use "Send" method on the returned Request to send the API call to the service. 2688// the "output" return value is not valid until after Send returns without error. 2689// 2690// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit 2691// API call, and error handling. 2692// 2693// This method is useful when you want to inject custom logic or configuration 2694// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2695// 2696// 2697// // Example sending a request using the DeleteOrganizationalUnitRequest method. 2698// req, resp := client.DeleteOrganizationalUnitRequest(params) 2699// 2700// err := req.Send() 2701// if err == nil { // resp is now filled 2702// fmt.Println(resp) 2703// } 2704// 2705// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 2706func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { 2707 op := &request.Operation{ 2708 Name: opDeleteOrganizationalUnit, 2709 HTTPMethod: "POST", 2710 HTTPPath: "/", 2711 } 2712 2713 if input == nil { 2714 input = &DeleteOrganizationalUnitInput{} 2715 } 2716 2717 output = &DeleteOrganizationalUnitOutput{} 2718 req = c.newRequest(op, input, output) 2719 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2720 return 2721} 2722 2723// DeleteOrganizationalUnit API operation for AWS Organizations. 2724// 2725// Deletes an organizational unit (OU) from a root or another OU. You must first 2726// remove all accounts and child OUs from the OU that you want to delete. 2727// 2728// This operation can be called only from the organization's master account. 2729// 2730// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2731// with awserr.Error's Code and Message methods to get detailed information about 2732// the error. 2733// 2734// See the AWS API reference guide for AWS Organizations's 2735// API operation DeleteOrganizationalUnit for usage and error information. 2736// 2737// Returned Error Codes: 2738// * ErrCodeAccessDeniedException "AccessDeniedException" 2739// You don't have permissions to perform the requested operation. The user or 2740// role that is making the request must have at least one IAM permissions policy 2741// attached that grants the required permissions. For more information, see 2742// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2743// in the IAM User Guide. 2744// 2745// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2746// Your account isn't a member of an organization. To make this request, you 2747// must use the credentials of an account that belongs to an organization. 2748// 2749// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2750// The target of the operation is currently being modified by a different request. 2751// Try again later. 2752// 2753// * ErrCodeInvalidInputException "InvalidInputException" 2754// The requested operation failed because you provided invalid values for one 2755// or more of the request parameters. This exception includes a reason that 2756// contains additional information about the violated limit: 2757// 2758// Some of the reasons in the following list might not be applicable to this 2759// specific API or operation: 2760// 2761// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2762// can't be modified. 2763// 2764// * INPUT_REQUIRED: You must include a value for all required parameters. 2765// 2766// * INVALID_ENUM: You specified an invalid value. 2767// 2768// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 2769// 2770// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2771// characters. 2772// 2773// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2774// at least one invalid value. 2775// 2776// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2777// from the response to a previous call of the operation. 2778// 2779// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2780// organization, or email) as a party. 2781// 2782// * INVALID_PATTERN: You provided a value that doesn't match the required 2783// pattern. 2784// 2785// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2786// match the required pattern. 2787// 2788// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2789// name can't begin with the reserved prefix AWSServiceRoleFor. 2790// 2791// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2792// Name (ARN) for the organization. 2793// 2794// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2795// 2796// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2797// tag. You can’t add, edit, or delete system tag keys because they're 2798// reserved for AWS use. System tags don’t count against your tags per 2799// resource limit. 2800// 2801// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2802// for the operation. 2803// 2804// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2805// than allowed. 2806// 2807// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2808// value than allowed. 2809// 2810// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2811// than allowed. 2812// 2813// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2814// value than allowed. 2815// 2816// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2817// between entities in the same root. 2818// 2819// * ErrCodeOrganizationalUnitNotEmptyException "OrganizationalUnitNotEmptyException" 2820// The specified OU is not empty. Move all accounts to another root or to other 2821// OUs, remove all child OUs, and try the operation again. 2822// 2823// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 2824// We can't find an OU with the OrganizationalUnitId that you specified. 2825// 2826// * ErrCodeServiceException "ServiceException" 2827// AWS Organizations can't complete your request because of an internal service 2828// error. Try again later. 2829// 2830// * ErrCodeTooManyRequestsException "TooManyRequestsException" 2831// You have sent too many requests in too short a period of time. The limit 2832// helps protect against denial-of-service attacks. Try again later. 2833// 2834// For information on limits that affect AWS Organizations, see Limits of AWS 2835// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 2836// in the AWS Organizations User Guide. 2837// 2838// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 2839func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { 2840 req, out := c.DeleteOrganizationalUnitRequest(input) 2841 return out, req.Send() 2842} 2843 2844// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of 2845// the ability to pass a context and additional request options. 2846// 2847// See DeleteOrganizationalUnit for details on how to use this API operation. 2848// 2849// The context must be non-nil and will be used for request cancellation. If 2850// the context is nil a panic will occur. In the future the SDK may create 2851// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2852// for more information on using Contexts. 2853func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { 2854 req, out := c.DeleteOrganizationalUnitRequest(input) 2855 req.SetContext(ctx) 2856 req.ApplyOptions(opts...) 2857 return out, req.Send() 2858} 2859 2860const opDeletePolicy = "DeletePolicy" 2861 2862// DeletePolicyRequest generates a "aws/request.Request" representing the 2863// client's request for the DeletePolicy operation. The "output" return 2864// value will be populated with the request's response once the request completes 2865// successfully. 2866// 2867// Use "Send" method on the returned Request to send the API call to the service. 2868// the "output" return value is not valid until after Send returns without error. 2869// 2870// See DeletePolicy for more information on using the DeletePolicy 2871// API call, and error handling. 2872// 2873// This method is useful when you want to inject custom logic or configuration 2874// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2875// 2876// 2877// // Example sending a request using the DeletePolicyRequest method. 2878// req, resp := client.DeletePolicyRequest(params) 2879// 2880// err := req.Send() 2881// if err == nil { // resp is now filled 2882// fmt.Println(resp) 2883// } 2884// 2885// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 2886func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 2887 op := &request.Operation{ 2888 Name: opDeletePolicy, 2889 HTTPMethod: "POST", 2890 HTTPPath: "/", 2891 } 2892 2893 if input == nil { 2894 input = &DeletePolicyInput{} 2895 } 2896 2897 output = &DeletePolicyOutput{} 2898 req = c.newRequest(op, input, output) 2899 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2900 return 2901} 2902 2903// DeletePolicy API operation for AWS Organizations. 2904// 2905// Deletes the specified policy from your organization. Before you perform this 2906// operation, you must first detach the policy from all organizational units 2907// (OUs), roots, and accounts. 2908// 2909// This operation can be called only from the organization's master account. 2910// 2911// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2912// with awserr.Error's Code and Message methods to get detailed information about 2913// the error. 2914// 2915// See the AWS API reference guide for AWS Organizations's 2916// API operation DeletePolicy for usage and error information. 2917// 2918// Returned Error Codes: 2919// * ErrCodeAccessDeniedException "AccessDeniedException" 2920// You don't have permissions to perform the requested operation. The user or 2921// role that is making the request must have at least one IAM permissions policy 2922// attached that grants the required permissions. For more information, see 2923// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2924// in the IAM User Guide. 2925// 2926// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 2927// Your account isn't a member of an organization. To make this request, you 2928// must use the credentials of an account that belongs to an organization. 2929// 2930// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 2931// The target of the operation is currently being modified by a different request. 2932// Try again later. 2933// 2934// * ErrCodeInvalidInputException "InvalidInputException" 2935// The requested operation failed because you provided invalid values for one 2936// or more of the request parameters. This exception includes a reason that 2937// contains additional information about the violated limit: 2938// 2939// Some of the reasons in the following list might not be applicable to this 2940// specific API or operation: 2941// 2942// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2943// can't be modified. 2944// 2945// * INPUT_REQUIRED: You must include a value for all required parameters. 2946// 2947// * INVALID_ENUM: You specified an invalid value. 2948// 2949// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 2950// 2951// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2952// characters. 2953// 2954// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2955// at least one invalid value. 2956// 2957// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2958// from the response to a previous call of the operation. 2959// 2960// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2961// organization, or email) as a party. 2962// 2963// * INVALID_PATTERN: You provided a value that doesn't match the required 2964// pattern. 2965// 2966// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2967// match the required pattern. 2968// 2969// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2970// name can't begin with the reserved prefix AWSServiceRoleFor. 2971// 2972// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2973// Name (ARN) for the organization. 2974// 2975// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2976// 2977// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2978// tag. You can’t add, edit, or delete system tag keys because they're 2979// reserved for AWS use. System tags don’t count against your tags per 2980// resource limit. 2981// 2982// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2983// for the operation. 2984// 2985// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2986// than allowed. 2987// 2988// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2989// value than allowed. 2990// 2991// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2992// than allowed. 2993// 2994// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2995// value than allowed. 2996// 2997// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2998// between entities in the same root. 2999// 3000// * ErrCodePolicyInUseException "PolicyInUseException" 3001// The policy is attached to one or more entities. You must detach it from all 3002// roots, OUs, and accounts before performing this operation. 3003// 3004// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 3005// We can't find a policy with the PolicyId that you specified. 3006// 3007// * ErrCodeServiceException "ServiceException" 3008// AWS Organizations can't complete your request because of an internal service 3009// error. Try again later. 3010// 3011// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3012// You have sent too many requests in too short a period of time. The limit 3013// helps protect against denial-of-service attacks. Try again later. 3014// 3015// For information on limits that affect AWS Organizations, see Limits of AWS 3016// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3017// in the AWS Organizations User Guide. 3018// 3019// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 3020// This action isn't available in the current Region. 3021// 3022// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3023func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 3024 req, out := c.DeletePolicyRequest(input) 3025 return out, req.Send() 3026} 3027 3028// DeletePolicyWithContext is the same as DeletePolicy with the addition of 3029// the ability to pass a context and additional request options. 3030// 3031// See DeletePolicy for details on how to use this API operation. 3032// 3033// The context must be non-nil and will be used for request cancellation. If 3034// the context is nil a panic will occur. In the future the SDK may create 3035// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3036// for more information on using Contexts. 3037func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 3038 req, out := c.DeletePolicyRequest(input) 3039 req.SetContext(ctx) 3040 req.ApplyOptions(opts...) 3041 return out, req.Send() 3042} 3043 3044const opDescribeAccount = "DescribeAccount" 3045 3046// DescribeAccountRequest generates a "aws/request.Request" representing the 3047// client's request for the DescribeAccount operation. The "output" return 3048// value will be populated with the request's response once the request completes 3049// successfully. 3050// 3051// Use "Send" method on the returned Request to send the API call to the service. 3052// the "output" return value is not valid until after Send returns without error. 3053// 3054// See DescribeAccount for more information on using the DescribeAccount 3055// API call, and error handling. 3056// 3057// This method is useful when you want to inject custom logic or configuration 3058// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3059// 3060// 3061// // Example sending a request using the DescribeAccountRequest method. 3062// req, resp := client.DescribeAccountRequest(params) 3063// 3064// err := req.Send() 3065// if err == nil { // resp is now filled 3066// fmt.Println(resp) 3067// } 3068// 3069// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3070func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { 3071 op := &request.Operation{ 3072 Name: opDescribeAccount, 3073 HTTPMethod: "POST", 3074 HTTPPath: "/", 3075 } 3076 3077 if input == nil { 3078 input = &DescribeAccountInput{} 3079 } 3080 3081 output = &DescribeAccountOutput{} 3082 req = c.newRequest(op, input, output) 3083 return 3084} 3085 3086// DescribeAccount API operation for AWS Organizations. 3087// 3088// Retrieves AWS Organizations related information about the specified account. 3089// 3090// This operation can be called only from the organization's master account. 3091// 3092// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3093// with awserr.Error's Code and Message methods to get detailed information about 3094// the error. 3095// 3096// See the AWS API reference guide for AWS Organizations's 3097// API operation DescribeAccount for usage and error information. 3098// 3099// Returned Error Codes: 3100// * ErrCodeAccessDeniedException "AccessDeniedException" 3101// You don't have permissions to perform the requested operation. The user or 3102// role that is making the request must have at least one IAM permissions policy 3103// attached that grants the required permissions. For more information, see 3104// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3105// in the IAM User Guide. 3106// 3107// * ErrCodeAccountNotFoundException "AccountNotFoundException" 3108// We can't find an AWS account with the AccountId that you specified. Or the 3109// account whose credentials you used to make this request isn't a member of 3110// an organization. 3111// 3112// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3113// Your account isn't a member of an organization. To make this request, you 3114// must use the credentials of an account that belongs to an organization. 3115// 3116// * ErrCodeInvalidInputException "InvalidInputException" 3117// The requested operation failed because you provided invalid values for one 3118// or more of the request parameters. This exception includes a reason that 3119// contains additional information about the violated limit: 3120// 3121// Some of the reasons in the following list might not be applicable to this 3122// specific API or operation: 3123// 3124// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3125// can't be modified. 3126// 3127// * INPUT_REQUIRED: You must include a value for all required parameters. 3128// 3129// * INVALID_ENUM: You specified an invalid value. 3130// 3131// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 3132// 3133// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3134// characters. 3135// 3136// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3137// at least one invalid value. 3138// 3139// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3140// from the response to a previous call of the operation. 3141// 3142// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3143// organization, or email) as a party. 3144// 3145// * INVALID_PATTERN: You provided a value that doesn't match the required 3146// pattern. 3147// 3148// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3149// match the required pattern. 3150// 3151// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3152// name can't begin with the reserved prefix AWSServiceRoleFor. 3153// 3154// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3155// Name (ARN) for the organization. 3156// 3157// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3158// 3159// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3160// tag. You can’t add, edit, or delete system tag keys because they're 3161// reserved for AWS use. System tags don’t count against your tags per 3162// resource limit. 3163// 3164// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3165// for the operation. 3166// 3167// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3168// than allowed. 3169// 3170// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3171// value than allowed. 3172// 3173// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3174// than allowed. 3175// 3176// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3177// value than allowed. 3178// 3179// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3180// between entities in the same root. 3181// 3182// * ErrCodeServiceException "ServiceException" 3183// AWS Organizations can't complete your request because of an internal service 3184// error. Try again later. 3185// 3186// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3187// You have sent too many requests in too short a period of time. The limit 3188// helps protect against denial-of-service attacks. Try again later. 3189// 3190// For information on limits that affect AWS Organizations, see Limits of AWS 3191// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3192// in the AWS Organizations User Guide. 3193// 3194// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3195func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { 3196 req, out := c.DescribeAccountRequest(input) 3197 return out, req.Send() 3198} 3199 3200// DescribeAccountWithContext is the same as DescribeAccount with the addition of 3201// the ability to pass a context and additional request options. 3202// 3203// See DescribeAccount for details on how to use this API operation. 3204// 3205// The context must be non-nil and will be used for request cancellation. If 3206// the context is nil a panic will occur. In the future the SDK may create 3207// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3208// for more information on using Contexts. 3209func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { 3210 req, out := c.DescribeAccountRequest(input) 3211 req.SetContext(ctx) 3212 req.ApplyOptions(opts...) 3213 return out, req.Send() 3214} 3215 3216const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" 3217 3218// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the 3219// client's request for the DescribeCreateAccountStatus operation. The "output" return 3220// value will be populated with the request's response once the request completes 3221// successfully. 3222// 3223// Use "Send" method on the returned Request to send the API call to the service. 3224// the "output" return value is not valid until after Send returns without error. 3225// 3226// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus 3227// API call, and error handling. 3228// 3229// This method is useful when you want to inject custom logic or configuration 3230// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3231// 3232// 3233// // Example sending a request using the DescribeCreateAccountStatusRequest method. 3234// req, resp := client.DescribeCreateAccountStatusRequest(params) 3235// 3236// err := req.Send() 3237// if err == nil { // resp is now filled 3238// fmt.Println(resp) 3239// } 3240// 3241// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3242func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { 3243 op := &request.Operation{ 3244 Name: opDescribeCreateAccountStatus, 3245 HTTPMethod: "POST", 3246 HTTPPath: "/", 3247 } 3248 3249 if input == nil { 3250 input = &DescribeCreateAccountStatusInput{} 3251 } 3252 3253 output = &DescribeCreateAccountStatusOutput{} 3254 req = c.newRequest(op, input, output) 3255 return 3256} 3257 3258// DescribeCreateAccountStatus API operation for AWS Organizations. 3259// 3260// Retrieves the current status of an asynchronous request to create an account. 3261// 3262// This operation can be called only from the organization's master account. 3263// 3264// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3265// with awserr.Error's Code and Message methods to get detailed information about 3266// the error. 3267// 3268// See the AWS API reference guide for AWS Organizations's 3269// API operation DescribeCreateAccountStatus for usage and error information. 3270// 3271// Returned Error Codes: 3272// * ErrCodeAccessDeniedException "AccessDeniedException" 3273// You don't have permissions to perform the requested operation. The user or 3274// role that is making the request must have at least one IAM permissions policy 3275// attached that grants the required permissions. For more information, see 3276// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3277// in the IAM User Guide. 3278// 3279// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3280// Your account isn't a member of an organization. To make this request, you 3281// must use the credentials of an account that belongs to an organization. 3282// 3283// * ErrCodeCreateAccountStatusNotFoundException "CreateAccountStatusNotFoundException" 3284// We can't find a create account request with the CreateAccountRequestId that 3285// you specified. 3286// 3287// * ErrCodeInvalidInputException "InvalidInputException" 3288// The requested operation failed because you provided invalid values for one 3289// or more of the request parameters. This exception includes a reason that 3290// contains additional information about the violated limit: 3291// 3292// Some of the reasons in the following list might not be applicable to this 3293// specific API or operation: 3294// 3295// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3296// can't be modified. 3297// 3298// * INPUT_REQUIRED: You must include a value for all required parameters. 3299// 3300// * INVALID_ENUM: You specified an invalid value. 3301// 3302// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 3303// 3304// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3305// characters. 3306// 3307// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3308// at least one invalid value. 3309// 3310// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3311// from the response to a previous call of the operation. 3312// 3313// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3314// organization, or email) as a party. 3315// 3316// * INVALID_PATTERN: You provided a value that doesn't match the required 3317// pattern. 3318// 3319// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3320// match the required pattern. 3321// 3322// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3323// name can't begin with the reserved prefix AWSServiceRoleFor. 3324// 3325// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3326// Name (ARN) for the organization. 3327// 3328// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3329// 3330// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3331// tag. You can’t add, edit, or delete system tag keys because they're 3332// reserved for AWS use. System tags don’t count against your tags per 3333// resource limit. 3334// 3335// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3336// for the operation. 3337// 3338// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3339// than allowed. 3340// 3341// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3342// value than allowed. 3343// 3344// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3345// than allowed. 3346// 3347// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3348// value than allowed. 3349// 3350// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3351// between entities in the same root. 3352// 3353// * ErrCodeServiceException "ServiceException" 3354// AWS Organizations can't complete your request because of an internal service 3355// error. Try again later. 3356// 3357// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3358// You have sent too many requests in too short a period of time. The limit 3359// helps protect against denial-of-service attacks. Try again later. 3360// 3361// For information on limits that affect AWS Organizations, see Limits of AWS 3362// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3363// in the AWS Organizations User Guide. 3364// 3365// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 3366// This action isn't available in the current Region. 3367// 3368// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 3369func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { 3370 req, out := c.DescribeCreateAccountStatusRequest(input) 3371 return out, req.Send() 3372} 3373 3374// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of 3375// the ability to pass a context and additional request options. 3376// 3377// See DescribeCreateAccountStatus for details on how to use this API operation. 3378// 3379// The context must be non-nil and will be used for request cancellation. If 3380// the context is nil a panic will occur. In the future the SDK may create 3381// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3382// for more information on using Contexts. 3383func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { 3384 req, out := c.DescribeCreateAccountStatusRequest(input) 3385 req.SetContext(ctx) 3386 req.ApplyOptions(opts...) 3387 return out, req.Send() 3388} 3389 3390const opDescribeEffectivePolicy = "DescribeEffectivePolicy" 3391 3392// DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the 3393// client's request for the DescribeEffectivePolicy operation. The "output" return 3394// value will be populated with the request's response once the request completes 3395// successfully. 3396// 3397// Use "Send" method on the returned Request to send the API call to the service. 3398// the "output" return value is not valid until after Send returns without error. 3399// 3400// See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy 3401// API call, and error handling. 3402// 3403// This method is useful when you want to inject custom logic or configuration 3404// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3405// 3406// 3407// // Example sending a request using the DescribeEffectivePolicyRequest method. 3408// req, resp := client.DescribeEffectivePolicyRequest(params) 3409// 3410// err := req.Send() 3411// if err == nil { // resp is now filled 3412// fmt.Println(resp) 3413// } 3414// 3415// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 3416func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) { 3417 op := &request.Operation{ 3418 Name: opDescribeEffectivePolicy, 3419 HTTPMethod: "POST", 3420 HTTPPath: "/", 3421 } 3422 3423 if input == nil { 3424 input = &DescribeEffectivePolicyInput{} 3425 } 3426 3427 output = &DescribeEffectivePolicyOutput{} 3428 req = c.newRequest(op, input, output) 3429 return 3430} 3431 3432// DescribeEffectivePolicy API operation for AWS Organizations. 3433// 3434// Returns the contents of the effective tag policy for the account. The effective 3435// tag policy is the aggregation of any tag policies the account inherits, plus 3436// any policy directly that is attached to the account. 3437// 3438// This action returns information on tag policies only. 3439// 3440// For more information on policy inheritance, see How Policy Inheritance Works 3441// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) 3442// in the AWS Organizations User Guide. 3443// 3444// This operation can be called from any account in the organization. 3445// 3446// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3447// with awserr.Error's Code and Message methods to get detailed information about 3448// the error. 3449// 3450// See the AWS API reference guide for AWS Organizations's 3451// API operation DescribeEffectivePolicy for usage and error information. 3452// 3453// Returned Error Codes: 3454// * ErrCodeAccessDeniedException "AccessDeniedException" 3455// You don't have permissions to perform the requested operation. The user or 3456// role that is making the request must have at least one IAM permissions policy 3457// attached that grants the required permissions. For more information, see 3458// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3459// in the IAM User Guide. 3460// 3461// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3462// Your account isn't a member of an organization. To make this request, you 3463// must use the credentials of an account that belongs to an organization. 3464// 3465// * ErrCodeConstraintViolationException "ConstraintViolationException" 3466// Performing this operation violates a minimum or maximum value limit. Examples 3467// include attempting to remove the last service control policy (SCP) from an 3468// OU or root, or attaching too many policies to an account, OU, or root. This 3469// exception includes a reason that contains additional information about the 3470// violated limit. 3471// 3472// Some of the reasons in the following list might not be applicable to this 3473// specific API or operation: 3474// 3475// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 3476// from the organization that doesn't yet have enough information to exist 3477// as a standalone account. This account requires you to first agree to the 3478// AWS Customer Agreement. Follow the steps at To leave an organization when 3479// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3480// in the AWS Organizations User Guide. 3481// 3482// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 3483// an account from the organization that doesn't yet have enough information 3484// to exist as a standalone account. This account requires you to first complete 3485// phone verification. Follow the steps at To leave an organization when 3486// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3487// in the AWS Organizations User Guide. 3488// 3489// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 3490// of accounts that you can create in one day. 3491// 3492// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 3493// the number of accounts in an organization. If you need more accounts, 3494// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 3495// request an increase in your limit. Or the number of invitations that you 3496// tried to send would cause you to exceed the limit of accounts in your 3497// organization. Send fewer invitations or contact AWS Support to request 3498// an increase in the number of accounts. Deleted and closed accounts still 3499// count toward your limit. If you get receive this exception when running 3500// a command immediately after creating the organization, wait one hour and 3501// try again. If after an hour it continues to fail with this error, contact 3502// AWS Support (https://console.aws.amazon.com/support/home#/). 3503// 3504// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 3505// handshakes that you can send in one day. 3506// 3507// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 3508// in this organization, you first must migrate the organization's master 3509// account to the marketplace that corresponds to the master account's address. 3510// For example, accounts with India addresses must be associated with the 3511// AISPL marketplace. All accounts in an organization must be associated 3512// with the same marketplace. 3513// 3514// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 3515// must first provide contact a valid address and phone number for the master 3516// account. Then try the operation again. 3517// 3518// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 3519// master account must have an associated account in the AWS GovCloud (US-West) 3520// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 3521// in the AWS GovCloud User Guide. 3522// 3523// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 3524// with this master account, you first must associate a valid payment instrument, 3525// such as a credit card, with the account. Follow the steps at To leave 3526// an organization when all required account information has not yet been 3527// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3528// in the AWS Organizations User Guide. 3529// 3530// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 3531// number of policies of a certain type that can be attached to an entity 3532// at one time. 3533// 3534// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 3535// on this resource. 3536// 3537// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 3538// with this member account, you first must associate a valid payment instrument, 3539// such as a credit card, with the account. Follow the steps at To leave 3540// an organization when all required account information has not yet been 3541// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3542// in the AWS Organizations User Guide. 3543// 3544// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 3545// policy from an entity, which would cause the entity to have fewer than 3546// the minimum number of policies of the required type. 3547// 3548// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 3549// too many levels deep. 3550// 3551// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 3552// that requires the organization to be configured to support all features. 3553// An organization that supports only consolidated billing features can't 3554// perform this operation. 3555// 3556// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 3557// that you can have in an organization. 3558// 3559// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 3560// policies that you can have in an organization. 3561// 3562// * ErrCodeServiceException "ServiceException" 3563// AWS Organizations can't complete your request because of an internal service 3564// error. Try again later. 3565// 3566// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3567// You have sent too many requests in too short a period of time. The limit 3568// helps protect against denial-of-service attacks. Try again later. 3569// 3570// For information on limits that affect AWS Organizations, see Limits of AWS 3571// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3572// in the AWS Organizations User Guide. 3573// 3574// * ErrCodeTargetNotFoundException "TargetNotFoundException" 3575// We can't find a root, OU, or account with the TargetId that you specified. 3576// 3577// * ErrCodeEffectivePolicyNotFoundException "EffectivePolicyNotFoundException" 3578// If you ran this action on the master account, this policy type is not enabled. 3579// If you ran the action on a member account, the account doesn't have an effective 3580// policy of this type. Contact the administrator of your organization about 3581// attaching a policy of this type to the account. 3582// 3583// * ErrCodeInvalidInputException "InvalidInputException" 3584// The requested operation failed because you provided invalid values for one 3585// or more of the request parameters. This exception includes a reason that 3586// contains additional information about the violated limit: 3587// 3588// Some of the reasons in the following list might not be applicable to this 3589// specific API or operation: 3590// 3591// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3592// can't be modified. 3593// 3594// * INPUT_REQUIRED: You must include a value for all required parameters. 3595// 3596// * INVALID_ENUM: You specified an invalid value. 3597// 3598// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 3599// 3600// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3601// characters. 3602// 3603// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3604// at least one invalid value. 3605// 3606// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3607// from the response to a previous call of the operation. 3608// 3609// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3610// organization, or email) as a party. 3611// 3612// * INVALID_PATTERN: You provided a value that doesn't match the required 3613// pattern. 3614// 3615// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3616// match the required pattern. 3617// 3618// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3619// name can't begin with the reserved prefix AWSServiceRoleFor. 3620// 3621// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3622// Name (ARN) for the organization. 3623// 3624// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3625// 3626// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3627// tag. You can’t add, edit, or delete system tag keys because they're 3628// reserved for AWS use. System tags don’t count against your tags per 3629// resource limit. 3630// 3631// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3632// for the operation. 3633// 3634// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3635// than allowed. 3636// 3637// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3638// value than allowed. 3639// 3640// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3641// than allowed. 3642// 3643// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3644// value than allowed. 3645// 3646// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3647// between entities in the same root. 3648// 3649// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 3650// This action isn't available in the current Region. 3651// 3652// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 3653func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) { 3654 req, out := c.DescribeEffectivePolicyRequest(input) 3655 return out, req.Send() 3656} 3657 3658// DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of 3659// the ability to pass a context and additional request options. 3660// 3661// See DescribeEffectivePolicy for details on how to use this API operation. 3662// 3663// The context must be non-nil and will be used for request cancellation. If 3664// the context is nil a panic will occur. In the future the SDK may create 3665// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3666// for more information on using Contexts. 3667func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) { 3668 req, out := c.DescribeEffectivePolicyRequest(input) 3669 req.SetContext(ctx) 3670 req.ApplyOptions(opts...) 3671 return out, req.Send() 3672} 3673 3674const opDescribeHandshake = "DescribeHandshake" 3675 3676// DescribeHandshakeRequest generates a "aws/request.Request" representing the 3677// client's request for the DescribeHandshake operation. The "output" return 3678// value will be populated with the request's response once the request completes 3679// successfully. 3680// 3681// Use "Send" method on the returned Request to send the API call to the service. 3682// the "output" return value is not valid until after Send returns without error. 3683// 3684// See DescribeHandshake for more information on using the DescribeHandshake 3685// API call, and error handling. 3686// 3687// This method is useful when you want to inject custom logic or configuration 3688// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3689// 3690// 3691// // Example sending a request using the DescribeHandshakeRequest method. 3692// req, resp := client.DescribeHandshakeRequest(params) 3693// 3694// err := req.Send() 3695// if err == nil { // resp is now filled 3696// fmt.Println(resp) 3697// } 3698// 3699// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 3700func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { 3701 op := &request.Operation{ 3702 Name: opDescribeHandshake, 3703 HTTPMethod: "POST", 3704 HTTPPath: "/", 3705 } 3706 3707 if input == nil { 3708 input = &DescribeHandshakeInput{} 3709 } 3710 3711 output = &DescribeHandshakeOutput{} 3712 req = c.newRequest(op, input, output) 3713 return 3714} 3715 3716// DescribeHandshake API operation for AWS Organizations. 3717// 3718// Retrieves information about a previously requested handshake. The handshake 3719// ID comes from the response to the original InviteAccountToOrganization operation 3720// that generated the handshake. 3721// 3722// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 3723// 30 days after they change to that state. They're then deleted and no longer 3724// accessible. 3725// 3726// This operation can be called from any account in the organization. 3727// 3728// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3729// with awserr.Error's Code and Message methods to get detailed information about 3730// the error. 3731// 3732// See the AWS API reference guide for AWS Organizations's 3733// API operation DescribeHandshake for usage and error information. 3734// 3735// Returned Error Codes: 3736// * ErrCodeAccessDeniedException "AccessDeniedException" 3737// You don't have permissions to perform the requested operation. The user or 3738// role that is making the request must have at least one IAM permissions policy 3739// attached that grants the required permissions. For more information, see 3740// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3741// in the IAM User Guide. 3742// 3743// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 3744// The target of the operation is currently being modified by a different request. 3745// Try again later. 3746// 3747// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException" 3748// We can't find a handshake with the HandshakeId that you specified. 3749// 3750// * ErrCodeInvalidInputException "InvalidInputException" 3751// The requested operation failed because you provided invalid values for one 3752// or more of the request parameters. This exception includes a reason that 3753// contains additional information about the violated limit: 3754// 3755// Some of the reasons in the following list might not be applicable to this 3756// specific API or operation: 3757// 3758// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3759// can't be modified. 3760// 3761// * INPUT_REQUIRED: You must include a value for all required parameters. 3762// 3763// * INVALID_ENUM: You specified an invalid value. 3764// 3765// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 3766// 3767// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3768// characters. 3769// 3770// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3771// at least one invalid value. 3772// 3773// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3774// from the response to a previous call of the operation. 3775// 3776// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3777// organization, or email) as a party. 3778// 3779// * INVALID_PATTERN: You provided a value that doesn't match the required 3780// pattern. 3781// 3782// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3783// match the required pattern. 3784// 3785// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3786// name can't begin with the reserved prefix AWSServiceRoleFor. 3787// 3788// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3789// Name (ARN) for the organization. 3790// 3791// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3792// 3793// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3794// tag. You can’t add, edit, or delete system tag keys because they're 3795// reserved for AWS use. System tags don’t count against your tags per 3796// resource limit. 3797// 3798// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3799// for the operation. 3800// 3801// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3802// than allowed. 3803// 3804// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3805// value than allowed. 3806// 3807// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3808// than allowed. 3809// 3810// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3811// value than allowed. 3812// 3813// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3814// between entities in the same root. 3815// 3816// * ErrCodeServiceException "ServiceException" 3817// AWS Organizations can't complete your request because of an internal service 3818// error. Try again later. 3819// 3820// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3821// You have sent too many requests in too short a period of time. The limit 3822// helps protect against denial-of-service attacks. Try again later. 3823// 3824// For information on limits that affect AWS Organizations, see Limits of AWS 3825// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3826// in the AWS Organizations User Guide. 3827// 3828// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 3829func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { 3830 req, out := c.DescribeHandshakeRequest(input) 3831 return out, req.Send() 3832} 3833 3834// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of 3835// the ability to pass a context and additional request options. 3836// 3837// See DescribeHandshake for details on how to use this API operation. 3838// 3839// The context must be non-nil and will be used for request cancellation. If 3840// the context is nil a panic will occur. In the future the SDK may create 3841// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3842// for more information on using Contexts. 3843func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { 3844 req, out := c.DescribeHandshakeRequest(input) 3845 req.SetContext(ctx) 3846 req.ApplyOptions(opts...) 3847 return out, req.Send() 3848} 3849 3850const opDescribeOrganization = "DescribeOrganization" 3851 3852// DescribeOrganizationRequest generates a "aws/request.Request" representing the 3853// client's request for the DescribeOrganization operation. The "output" return 3854// value will be populated with the request's response once the request completes 3855// successfully. 3856// 3857// Use "Send" method on the returned Request to send the API call to the service. 3858// the "output" return value is not valid until after Send returns without error. 3859// 3860// See DescribeOrganization for more information on using the DescribeOrganization 3861// API call, and error handling. 3862// 3863// This method is useful when you want to inject custom logic or configuration 3864// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3865// 3866// 3867// // Example sending a request using the DescribeOrganizationRequest method. 3868// req, resp := client.DescribeOrganizationRequest(params) 3869// 3870// err := req.Send() 3871// if err == nil { // resp is now filled 3872// fmt.Println(resp) 3873// } 3874// 3875// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 3876func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { 3877 op := &request.Operation{ 3878 Name: opDescribeOrganization, 3879 HTTPMethod: "POST", 3880 HTTPPath: "/", 3881 } 3882 3883 if input == nil { 3884 input = &DescribeOrganizationInput{} 3885 } 3886 3887 output = &DescribeOrganizationOutput{} 3888 req = c.newRequest(op, input, output) 3889 return 3890} 3891 3892// DescribeOrganization API operation for AWS Organizations. 3893// 3894// Retrieves information about the organization that the user's account belongs 3895// to. 3896// 3897// This operation can be called from any account in the organization. 3898// 3899// Even if a policy type is shown as available in the organization, you can 3900// disable it separately at the root level with DisablePolicyType. Use ListRoots 3901// to see the status of policy types for a specified root. 3902// 3903// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3904// with awserr.Error's Code and Message methods to get detailed information about 3905// the error. 3906// 3907// See the AWS API reference guide for AWS Organizations's 3908// API operation DescribeOrganization for usage and error information. 3909// 3910// Returned Error Codes: 3911// * ErrCodeAccessDeniedException "AccessDeniedException" 3912// You don't have permissions to perform the requested operation. The user or 3913// role that is making the request must have at least one IAM permissions policy 3914// attached that grants the required permissions. For more information, see 3915// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3916// in the IAM User Guide. 3917// 3918// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 3919// Your account isn't a member of an organization. To make this request, you 3920// must use the credentials of an account that belongs to an organization. 3921// 3922// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 3923// The target of the operation is currently being modified by a different request. 3924// Try again later. 3925// 3926// * ErrCodeServiceException "ServiceException" 3927// AWS Organizations can't complete your request because of an internal service 3928// error. Try again later. 3929// 3930// * ErrCodeTooManyRequestsException "TooManyRequestsException" 3931// You have sent too many requests in too short a period of time. The limit 3932// helps protect against denial-of-service attacks. Try again later. 3933// 3934// For information on limits that affect AWS Organizations, see Limits of AWS 3935// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 3936// in the AWS Organizations User Guide. 3937// 3938// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 3939func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { 3940 req, out := c.DescribeOrganizationRequest(input) 3941 return out, req.Send() 3942} 3943 3944// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of 3945// the ability to pass a context and additional request options. 3946// 3947// See DescribeOrganization for details on how to use this API operation. 3948// 3949// The context must be non-nil and will be used for request cancellation. If 3950// the context is nil a panic will occur. In the future the SDK may create 3951// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3952// for more information on using Contexts. 3953func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { 3954 req, out := c.DescribeOrganizationRequest(input) 3955 req.SetContext(ctx) 3956 req.ApplyOptions(opts...) 3957 return out, req.Send() 3958} 3959 3960const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" 3961 3962// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the 3963// client's request for the DescribeOrganizationalUnit operation. The "output" return 3964// value will be populated with the request's response once the request completes 3965// successfully. 3966// 3967// Use "Send" method on the returned Request to send the API call to the service. 3968// the "output" return value is not valid until after Send returns without error. 3969// 3970// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit 3971// API call, and error handling. 3972// 3973// This method is useful when you want to inject custom logic or configuration 3974// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3975// 3976// 3977// // Example sending a request using the DescribeOrganizationalUnitRequest method. 3978// req, resp := client.DescribeOrganizationalUnitRequest(params) 3979// 3980// err := req.Send() 3981// if err == nil { // resp is now filled 3982// fmt.Println(resp) 3983// } 3984// 3985// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 3986func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { 3987 op := &request.Operation{ 3988 Name: opDescribeOrganizationalUnit, 3989 HTTPMethod: "POST", 3990 HTTPPath: "/", 3991 } 3992 3993 if input == nil { 3994 input = &DescribeOrganizationalUnitInput{} 3995 } 3996 3997 output = &DescribeOrganizationalUnitOutput{} 3998 req = c.newRequest(op, input, output) 3999 return 4000} 4001 4002// DescribeOrganizationalUnit API operation for AWS Organizations. 4003// 4004// Retrieves information about an organizational unit (OU). 4005// 4006// This operation can be called only from the organization's master account. 4007// 4008// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4009// with awserr.Error's Code and Message methods to get detailed information about 4010// the error. 4011// 4012// See the AWS API reference guide for AWS Organizations's 4013// API operation DescribeOrganizationalUnit for usage and error information. 4014// 4015// Returned Error Codes: 4016// * ErrCodeAccessDeniedException "AccessDeniedException" 4017// You don't have permissions to perform the requested operation. The user or 4018// role that is making the request must have at least one IAM permissions policy 4019// attached that grants the required permissions. For more information, see 4020// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4021// in the IAM User Guide. 4022// 4023// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4024// Your account isn't a member of an organization. To make this request, you 4025// must use the credentials of an account that belongs to an organization. 4026// 4027// * ErrCodeInvalidInputException "InvalidInputException" 4028// The requested operation failed because you provided invalid values for one 4029// or more of the request parameters. This exception includes a reason that 4030// contains additional information about the violated limit: 4031// 4032// Some of the reasons in the following list might not be applicable to this 4033// specific API or operation: 4034// 4035// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4036// can't be modified. 4037// 4038// * INPUT_REQUIRED: You must include a value for all required parameters. 4039// 4040// * INVALID_ENUM: You specified an invalid value. 4041// 4042// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 4043// 4044// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4045// characters. 4046// 4047// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4048// at least one invalid value. 4049// 4050// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4051// from the response to a previous call of the operation. 4052// 4053// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4054// organization, or email) as a party. 4055// 4056// * INVALID_PATTERN: You provided a value that doesn't match the required 4057// pattern. 4058// 4059// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4060// match the required pattern. 4061// 4062// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4063// name can't begin with the reserved prefix AWSServiceRoleFor. 4064// 4065// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4066// Name (ARN) for the organization. 4067// 4068// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4069// 4070// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4071// tag. You can’t add, edit, or delete system tag keys because they're 4072// reserved for AWS use. System tags don’t count against your tags per 4073// resource limit. 4074// 4075// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4076// for the operation. 4077// 4078// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4079// than allowed. 4080// 4081// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4082// value than allowed. 4083// 4084// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4085// than allowed. 4086// 4087// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4088// value than allowed. 4089// 4090// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4091// between entities in the same root. 4092// 4093// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 4094// We can't find an OU with the OrganizationalUnitId that you specified. 4095// 4096// * ErrCodeServiceException "ServiceException" 4097// AWS Organizations can't complete your request because of an internal service 4098// error. Try again later. 4099// 4100// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4101// You have sent too many requests in too short a period of time. The limit 4102// helps protect against denial-of-service attacks. Try again later. 4103// 4104// For information on limits that affect AWS Organizations, see Limits of AWS 4105// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4106// in the AWS Organizations User Guide. 4107// 4108// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4109func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { 4110 req, out := c.DescribeOrganizationalUnitRequest(input) 4111 return out, req.Send() 4112} 4113 4114// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of 4115// the ability to pass a context and additional request options. 4116// 4117// See DescribeOrganizationalUnit for details on how to use this API operation. 4118// 4119// The context must be non-nil and will be used for request cancellation. If 4120// the context is nil a panic will occur. In the future the SDK may create 4121// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4122// for more information on using Contexts. 4123func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { 4124 req, out := c.DescribeOrganizationalUnitRequest(input) 4125 req.SetContext(ctx) 4126 req.ApplyOptions(opts...) 4127 return out, req.Send() 4128} 4129 4130const opDescribePolicy = "DescribePolicy" 4131 4132// DescribePolicyRequest generates a "aws/request.Request" representing the 4133// client's request for the DescribePolicy operation. The "output" return 4134// value will be populated with the request's response once the request completes 4135// successfully. 4136// 4137// Use "Send" method on the returned Request to send the API call to the service. 4138// the "output" return value is not valid until after Send returns without error. 4139// 4140// See DescribePolicy for more information on using the DescribePolicy 4141// API call, and error handling. 4142// 4143// This method is useful when you want to inject custom logic or configuration 4144// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4145// 4146// 4147// // Example sending a request using the DescribePolicyRequest method. 4148// req, resp := client.DescribePolicyRequest(params) 4149// 4150// err := req.Send() 4151// if err == nil { // resp is now filled 4152// fmt.Println(resp) 4153// } 4154// 4155// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 4156func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { 4157 op := &request.Operation{ 4158 Name: opDescribePolicy, 4159 HTTPMethod: "POST", 4160 HTTPPath: "/", 4161 } 4162 4163 if input == nil { 4164 input = &DescribePolicyInput{} 4165 } 4166 4167 output = &DescribePolicyOutput{} 4168 req = c.newRequest(op, input, output) 4169 return 4170} 4171 4172// DescribePolicy API operation for AWS Organizations. 4173// 4174// Retrieves information about a policy. 4175// 4176// This operation can be called only from the organization's master account. 4177// 4178// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4179// with awserr.Error's Code and Message methods to get detailed information about 4180// the error. 4181// 4182// See the AWS API reference guide for AWS Organizations's 4183// API operation DescribePolicy for usage and error information. 4184// 4185// Returned Error Codes: 4186// * ErrCodeAccessDeniedException "AccessDeniedException" 4187// You don't have permissions to perform the requested operation. The user or 4188// role that is making the request must have at least one IAM permissions policy 4189// attached that grants the required permissions. For more information, see 4190// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4191// in the IAM User Guide. 4192// 4193// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4194// Your account isn't a member of an organization. To make this request, you 4195// must use the credentials of an account that belongs to an organization. 4196// 4197// * ErrCodeInvalidInputException "InvalidInputException" 4198// The requested operation failed because you provided invalid values for one 4199// or more of the request parameters. This exception includes a reason that 4200// contains additional information about the violated limit: 4201// 4202// Some of the reasons in the following list might not be applicable to this 4203// specific API or operation: 4204// 4205// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4206// can't be modified. 4207// 4208// * INPUT_REQUIRED: You must include a value for all required parameters. 4209// 4210// * INVALID_ENUM: You specified an invalid value. 4211// 4212// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 4213// 4214// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4215// characters. 4216// 4217// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4218// at least one invalid value. 4219// 4220// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4221// from the response to a previous call of the operation. 4222// 4223// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4224// organization, or email) as a party. 4225// 4226// * INVALID_PATTERN: You provided a value that doesn't match the required 4227// pattern. 4228// 4229// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4230// match the required pattern. 4231// 4232// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4233// name can't begin with the reserved prefix AWSServiceRoleFor. 4234// 4235// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4236// Name (ARN) for the organization. 4237// 4238// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4239// 4240// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4241// tag. You can’t add, edit, or delete system tag keys because they're 4242// reserved for AWS use. System tags don’t count against your tags per 4243// resource limit. 4244// 4245// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4246// for the operation. 4247// 4248// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4249// than allowed. 4250// 4251// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4252// value than allowed. 4253// 4254// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4255// than allowed. 4256// 4257// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4258// value than allowed. 4259// 4260// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4261// between entities in the same root. 4262// 4263// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 4264// We can't find a policy with the PolicyId that you specified. 4265// 4266// * ErrCodeServiceException "ServiceException" 4267// AWS Organizations can't complete your request because of an internal service 4268// error. Try again later. 4269// 4270// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4271// You have sent too many requests in too short a period of time. The limit 4272// helps protect against denial-of-service attacks. Try again later. 4273// 4274// For information on limits that affect AWS Organizations, see Limits of AWS 4275// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4276// in the AWS Organizations User Guide. 4277// 4278// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 4279// This action isn't available in the current Region. 4280// 4281// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 4282func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { 4283 req, out := c.DescribePolicyRequest(input) 4284 return out, req.Send() 4285} 4286 4287// DescribePolicyWithContext is the same as DescribePolicy with the addition of 4288// the ability to pass a context and additional request options. 4289// 4290// See DescribePolicy for details on how to use this API operation. 4291// 4292// The context must be non-nil and will be used for request cancellation. If 4293// the context is nil a panic will occur. In the future the SDK may create 4294// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4295// for more information on using Contexts. 4296func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { 4297 req, out := c.DescribePolicyRequest(input) 4298 req.SetContext(ctx) 4299 req.ApplyOptions(opts...) 4300 return out, req.Send() 4301} 4302 4303const opDetachPolicy = "DetachPolicy" 4304 4305// DetachPolicyRequest generates a "aws/request.Request" representing the 4306// client's request for the DetachPolicy operation. The "output" return 4307// value will be populated with the request's response once the request completes 4308// successfully. 4309// 4310// Use "Send" method on the returned Request to send the API call to the service. 4311// the "output" return value is not valid until after Send returns without error. 4312// 4313// See DetachPolicy for more information on using the DetachPolicy 4314// API call, and error handling. 4315// 4316// This method is useful when you want to inject custom logic or configuration 4317// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4318// 4319// 4320// // Example sending a request using the DetachPolicyRequest method. 4321// req, resp := client.DetachPolicyRequest(params) 4322// 4323// err := req.Send() 4324// if err == nil { // resp is now filled 4325// fmt.Println(resp) 4326// } 4327// 4328// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 4329func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { 4330 op := &request.Operation{ 4331 Name: opDetachPolicy, 4332 HTTPMethod: "POST", 4333 HTTPPath: "/", 4334 } 4335 4336 if input == nil { 4337 input = &DetachPolicyInput{} 4338 } 4339 4340 output = &DetachPolicyOutput{} 4341 req = c.newRequest(op, input, output) 4342 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4343 return 4344} 4345 4346// DetachPolicy API operation for AWS Organizations. 4347// 4348// Detaches a policy from a target root, organizational unit (OU), or account. 4349// If the policy being detached is a service control policy (SCP), the changes 4350// to permissions for IAM users and roles in affected accounts are immediate. 4351// 4352// Note: Every root, OU, and account must have at least one SCP attached. You 4353// can replace the default FullAWSAccess policy with one that limits the permissions 4354// that can be delegated. To do that, you must attach the replacement policy 4355// before you can remove the default one. This is the authorization strategy 4356// of using an allow list (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_whitelist). 4357// You could instead attach a second SCP and leave the FullAWSAccess SCP still 4358// attached. You could then specify "Effect": "Deny" in the second SCP to override 4359// the "Effect": "Allow" in the FullAWSAccess policy (or any other attached 4360// SCP). If you take these steps, you're using the authorization strategy of 4361// a deny list (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html#orgs_policies_blacklist). 4362// 4363// This operation can be called only from the organization's master account. 4364// 4365// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4366// with awserr.Error's Code and Message methods to get detailed information about 4367// the error. 4368// 4369// See the AWS API reference guide for AWS Organizations's 4370// API operation DetachPolicy for usage and error information. 4371// 4372// Returned Error Codes: 4373// * ErrCodeAccessDeniedException "AccessDeniedException" 4374// You don't have permissions to perform the requested operation. The user or 4375// role that is making the request must have at least one IAM permissions policy 4376// attached that grants the required permissions. For more information, see 4377// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4378// in the IAM User Guide. 4379// 4380// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4381// Your account isn't a member of an organization. To make this request, you 4382// must use the credentials of an account that belongs to an organization. 4383// 4384// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4385// The target of the operation is currently being modified by a different request. 4386// Try again later. 4387// 4388// * ErrCodeConstraintViolationException "ConstraintViolationException" 4389// Performing this operation violates a minimum or maximum value limit. Examples 4390// include attempting to remove the last service control policy (SCP) from an 4391// OU or root, or attaching too many policies to an account, OU, or root. This 4392// exception includes a reason that contains additional information about the 4393// violated limit. 4394// 4395// Some of the reasons in the following list might not be applicable to this 4396// specific API or operation: 4397// 4398// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4399// from the organization that doesn't yet have enough information to exist 4400// as a standalone account. This account requires you to first agree to the 4401// AWS Customer Agreement. Follow the steps at To leave an organization when 4402// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4403// in the AWS Organizations User Guide. 4404// 4405// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4406// an account from the organization that doesn't yet have enough information 4407// to exist as a standalone account. This account requires you to first complete 4408// phone verification. Follow the steps at To leave an organization when 4409// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4410// in the AWS Organizations User Guide. 4411// 4412// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4413// of accounts that you can create in one day. 4414// 4415// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4416// the number of accounts in an organization. If you need more accounts, 4417// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4418// request an increase in your limit. Or the number of invitations that you 4419// tried to send would cause you to exceed the limit of accounts in your 4420// organization. Send fewer invitations or contact AWS Support to request 4421// an increase in the number of accounts. Deleted and closed accounts still 4422// count toward your limit. If you get receive this exception when running 4423// a command immediately after creating the organization, wait one hour and 4424// try again. If after an hour it continues to fail with this error, contact 4425// AWS Support (https://console.aws.amazon.com/support/home#/). 4426// 4427// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4428// handshakes that you can send in one day. 4429// 4430// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4431// in this organization, you first must migrate the organization's master 4432// account to the marketplace that corresponds to the master account's address. 4433// For example, accounts with India addresses must be associated with the 4434// AISPL marketplace. All accounts in an organization must be associated 4435// with the same marketplace. 4436// 4437// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4438// must first provide contact a valid address and phone number for the master 4439// account. Then try the operation again. 4440// 4441// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4442// master account must have an associated account in the AWS GovCloud (US-West) 4443// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4444// in the AWS GovCloud User Guide. 4445// 4446// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4447// with this master account, you first must associate a valid payment instrument, 4448// such as a credit card, with the account. Follow the steps at To leave 4449// an organization when all required account information has not yet been 4450// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4451// in the AWS Organizations User Guide. 4452// 4453// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4454// number of policies of a certain type that can be attached to an entity 4455// at one time. 4456// 4457// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4458// on this resource. 4459// 4460// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4461// with this member account, you first must associate a valid payment instrument, 4462// such as a credit card, with the account. Follow the steps at To leave 4463// an organization when all required account information has not yet been 4464// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4465// in the AWS Organizations User Guide. 4466// 4467// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4468// policy from an entity, which would cause the entity to have fewer than 4469// the minimum number of policies of the required type. 4470// 4471// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4472// too many levels deep. 4473// 4474// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4475// that requires the organization to be configured to support all features. 4476// An organization that supports only consolidated billing features can't 4477// perform this operation. 4478// 4479// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4480// that you can have in an organization. 4481// 4482// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 4483// policies that you can have in an organization. 4484// 4485// * ErrCodeInvalidInputException "InvalidInputException" 4486// The requested operation failed because you provided invalid values for one 4487// or more of the request parameters. This exception includes a reason that 4488// contains additional information about the violated limit: 4489// 4490// Some of the reasons in the following list might not be applicable to this 4491// specific API or operation: 4492// 4493// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4494// can't be modified. 4495// 4496// * INPUT_REQUIRED: You must include a value for all required parameters. 4497// 4498// * INVALID_ENUM: You specified an invalid value. 4499// 4500// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 4501// 4502// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4503// characters. 4504// 4505// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4506// at least one invalid value. 4507// 4508// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4509// from the response to a previous call of the operation. 4510// 4511// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4512// organization, or email) as a party. 4513// 4514// * INVALID_PATTERN: You provided a value that doesn't match the required 4515// pattern. 4516// 4517// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4518// match the required pattern. 4519// 4520// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4521// name can't begin with the reserved prefix AWSServiceRoleFor. 4522// 4523// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4524// Name (ARN) for the organization. 4525// 4526// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4527// 4528// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4529// tag. You can’t add, edit, or delete system tag keys because they're 4530// reserved for AWS use. System tags don’t count against your tags per 4531// resource limit. 4532// 4533// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4534// for the operation. 4535// 4536// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4537// than allowed. 4538// 4539// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4540// value than allowed. 4541// 4542// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4543// than allowed. 4544// 4545// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4546// value than allowed. 4547// 4548// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4549// between entities in the same root. 4550// 4551// * ErrCodePolicyNotAttachedException "PolicyNotAttachedException" 4552// The policy isn't attached to the specified target in the specified root. 4553// 4554// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 4555// We can't find a policy with the PolicyId that you specified. 4556// 4557// * ErrCodeServiceException "ServiceException" 4558// AWS Organizations can't complete your request because of an internal service 4559// error. Try again later. 4560// 4561// * ErrCodeTargetNotFoundException "TargetNotFoundException" 4562// We can't find a root, OU, or account with the TargetId that you specified. 4563// 4564// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4565// You have sent too many requests in too short a period of time. The limit 4566// helps protect against denial-of-service attacks. Try again later. 4567// 4568// For information on limits that affect AWS Organizations, see Limits of AWS 4569// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4570// in the AWS Organizations User Guide. 4571// 4572// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 4573// This action isn't available in the current Region. 4574// 4575// * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException" 4576// Changes to the effective policy are in progress, and its contents can't be 4577// returned. Try the operation again later. 4578// 4579// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 4580func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { 4581 req, out := c.DetachPolicyRequest(input) 4582 return out, req.Send() 4583} 4584 4585// DetachPolicyWithContext is the same as DetachPolicy with the addition of 4586// the ability to pass a context and additional request options. 4587// 4588// See DetachPolicy for details on how to use this API operation. 4589// 4590// The context must be non-nil and will be used for request cancellation. If 4591// the context is nil a panic will occur. In the future the SDK may create 4592// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4593// for more information on using Contexts. 4594func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { 4595 req, out := c.DetachPolicyRequest(input) 4596 req.SetContext(ctx) 4597 req.ApplyOptions(opts...) 4598 return out, req.Send() 4599} 4600 4601const opDisableAWSServiceAccess = "DisableAWSServiceAccess" 4602 4603// DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the 4604// client's request for the DisableAWSServiceAccess operation. The "output" return 4605// value will be populated with the request's response once the request completes 4606// successfully. 4607// 4608// Use "Send" method on the returned Request to send the API call to the service. 4609// the "output" return value is not valid until after Send returns without error. 4610// 4611// See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess 4612// API call, and error handling. 4613// 4614// This method is useful when you want to inject custom logic or configuration 4615// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4616// 4617// 4618// // Example sending a request using the DisableAWSServiceAccessRequest method. 4619// req, resp := client.DisableAWSServiceAccessRequest(params) 4620// 4621// err := req.Send() 4622// if err == nil { // resp is now filled 4623// fmt.Println(resp) 4624// } 4625// 4626// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 4627func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) { 4628 op := &request.Operation{ 4629 Name: opDisableAWSServiceAccess, 4630 HTTPMethod: "POST", 4631 HTTPPath: "/", 4632 } 4633 4634 if input == nil { 4635 input = &DisableAWSServiceAccessInput{} 4636 } 4637 4638 output = &DisableAWSServiceAccessOutput{} 4639 req = c.newRequest(op, input, output) 4640 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4641 return 4642} 4643 4644// DisableAWSServiceAccess API operation for AWS Organizations. 4645// 4646// Disables the integration of an AWS service (the service that is specified 4647// by ServicePrincipal) with AWS Organizations. When you disable integration, 4648// the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 4649// in new accounts in your organization. This means the service can't perform 4650// operations on your behalf on any new accounts in your organization. The service 4651// can still perform operations in older accounts until the service completes 4652// its clean-up from AWS Organizations. 4653// 4654// We recommend that you disable integration between AWS Organizations and the 4655// specified AWS service by using the console or commands that are provided 4656// by the specified service. Doing so ensures that the other service is aware 4657// that it can clean up any resources that are required only for the integration. 4658// How the service cleans up its resources in the organization's accounts depends 4659// on that service. For more information, see the documentation for the other 4660// AWS service. 4661// 4662// After you perform the DisableAWSServiceAccess operation, the specified service 4663// can no longer perform operations in your organization's accounts. The only 4664// exception is when the operations are explicitly permitted by IAM policies 4665// that are attached to your roles. 4666// 4667// For more information about integrating other services with AWS Organizations, 4668// including the list of services that work with Organizations, see Integrating 4669// AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 4670// in the AWS Organizations User Guide. 4671// 4672// This operation can be called only from the organization's master account. 4673// 4674// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4675// with awserr.Error's Code and Message methods to get detailed information about 4676// the error. 4677// 4678// See the AWS API reference guide for AWS Organizations's 4679// API operation DisableAWSServiceAccess for usage and error information. 4680// 4681// Returned Error Codes: 4682// * ErrCodeAccessDeniedException "AccessDeniedException" 4683// You don't have permissions to perform the requested operation. The user or 4684// role that is making the request must have at least one IAM permissions policy 4685// attached that grants the required permissions. For more information, see 4686// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4687// in the IAM User Guide. 4688// 4689// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4690// Your account isn't a member of an organization. To make this request, you 4691// must use the credentials of an account that belongs to an organization. 4692// 4693// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4694// The target of the operation is currently being modified by a different request. 4695// Try again later. 4696// 4697// * ErrCodeConstraintViolationException "ConstraintViolationException" 4698// Performing this operation violates a minimum or maximum value limit. Examples 4699// include attempting to remove the last service control policy (SCP) from an 4700// OU or root, or attaching too many policies to an account, OU, or root. This 4701// exception includes a reason that contains additional information about the 4702// violated limit. 4703// 4704// Some of the reasons in the following list might not be applicable to this 4705// specific API or operation: 4706// 4707// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4708// from the organization that doesn't yet have enough information to exist 4709// as a standalone account. This account requires you to first agree to the 4710// AWS Customer Agreement. Follow the steps at To leave an organization when 4711// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4712// in the AWS Organizations User Guide. 4713// 4714// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4715// an account from the organization that doesn't yet have enough information 4716// to exist as a standalone account. This account requires you to first complete 4717// phone verification. Follow the steps at To leave an organization when 4718// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4719// in the AWS Organizations User Guide. 4720// 4721// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4722// of accounts that you can create in one day. 4723// 4724// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4725// the number of accounts in an organization. If you need more accounts, 4726// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4727// request an increase in your limit. Or the number of invitations that you 4728// tried to send would cause you to exceed the limit of accounts in your 4729// organization. Send fewer invitations or contact AWS Support to request 4730// an increase in the number of accounts. Deleted and closed accounts still 4731// count toward your limit. If you get receive this exception when running 4732// a command immediately after creating the organization, wait one hour and 4733// try again. If after an hour it continues to fail with this error, contact 4734// AWS Support (https://console.aws.amazon.com/support/home#/). 4735// 4736// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4737// handshakes that you can send in one day. 4738// 4739// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4740// in this organization, you first must migrate the organization's master 4741// account to the marketplace that corresponds to the master account's address. 4742// For example, accounts with India addresses must be associated with the 4743// AISPL marketplace. All accounts in an organization must be associated 4744// with the same marketplace. 4745// 4746// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4747// must first provide contact a valid address and phone number for the master 4748// account. Then try the operation again. 4749// 4750// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4751// master account must have an associated account in the AWS GovCloud (US-West) 4752// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4753// in the AWS GovCloud User Guide. 4754// 4755// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4756// with this master account, you first must associate a valid payment instrument, 4757// such as a credit card, with the account. Follow the steps at To leave 4758// an organization when all required account information has not yet been 4759// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4760// in the AWS Organizations User Guide. 4761// 4762// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4763// number of policies of a certain type that can be attached to an entity 4764// at one time. 4765// 4766// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4767// on this resource. 4768// 4769// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4770// with this member account, you first must associate a valid payment instrument, 4771// such as a credit card, with the account. Follow the steps at To leave 4772// an organization when all required account information has not yet been 4773// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4774// in the AWS Organizations User Guide. 4775// 4776// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4777// policy from an entity, which would cause the entity to have fewer than 4778// the minimum number of policies of the required type. 4779// 4780// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4781// too many levels deep. 4782// 4783// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4784// that requires the organization to be configured to support all features. 4785// An organization that supports only consolidated billing features can't 4786// perform this operation. 4787// 4788// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4789// that you can have in an organization. 4790// 4791// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 4792// policies that you can have in an organization. 4793// 4794// * ErrCodeInvalidInputException "InvalidInputException" 4795// The requested operation failed because you provided invalid values for one 4796// or more of the request parameters. This exception includes a reason that 4797// contains additional information about the violated limit: 4798// 4799// Some of the reasons in the following list might not be applicable to this 4800// specific API or operation: 4801// 4802// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4803// can't be modified. 4804// 4805// * INPUT_REQUIRED: You must include a value for all required parameters. 4806// 4807// * INVALID_ENUM: You specified an invalid value. 4808// 4809// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 4810// 4811// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4812// characters. 4813// 4814// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4815// at least one invalid value. 4816// 4817// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4818// from the response to a previous call of the operation. 4819// 4820// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4821// organization, or email) as a party. 4822// 4823// * INVALID_PATTERN: You provided a value that doesn't match the required 4824// pattern. 4825// 4826// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4827// match the required pattern. 4828// 4829// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4830// name can't begin with the reserved prefix AWSServiceRoleFor. 4831// 4832// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4833// Name (ARN) for the organization. 4834// 4835// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4836// 4837// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4838// tag. You can’t add, edit, or delete system tag keys because they're 4839// reserved for AWS use. System tags don’t count against your tags per 4840// resource limit. 4841// 4842// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4843// for the operation. 4844// 4845// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4846// than allowed. 4847// 4848// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4849// value than allowed. 4850// 4851// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4852// than allowed. 4853// 4854// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4855// value than allowed. 4856// 4857// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4858// between entities in the same root. 4859// 4860// * ErrCodeServiceException "ServiceException" 4861// AWS Organizations can't complete your request because of an internal service 4862// error. Try again later. 4863// 4864// * ErrCodeTooManyRequestsException "TooManyRequestsException" 4865// You have sent too many requests in too short a period of time. The limit 4866// helps protect against denial-of-service attacks. Try again later. 4867// 4868// For information on limits that affect AWS Organizations, see Limits of AWS 4869// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 4870// in the AWS Organizations User Guide. 4871// 4872// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 4873func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) { 4874 req, out := c.DisableAWSServiceAccessRequest(input) 4875 return out, req.Send() 4876} 4877 4878// DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of 4879// the ability to pass a context and additional request options. 4880// 4881// See DisableAWSServiceAccess for details on how to use this API operation. 4882// 4883// The context must be non-nil and will be used for request cancellation. If 4884// the context is nil a panic will occur. In the future the SDK may create 4885// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4886// for more information on using Contexts. 4887func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) { 4888 req, out := c.DisableAWSServiceAccessRequest(input) 4889 req.SetContext(ctx) 4890 req.ApplyOptions(opts...) 4891 return out, req.Send() 4892} 4893 4894const opDisablePolicyType = "DisablePolicyType" 4895 4896// DisablePolicyTypeRequest generates a "aws/request.Request" representing the 4897// client's request for the DisablePolicyType operation. The "output" return 4898// value will be populated with the request's response once the request completes 4899// successfully. 4900// 4901// Use "Send" method on the returned Request to send the API call to the service. 4902// the "output" return value is not valid until after Send returns without error. 4903// 4904// See DisablePolicyType for more information on using the DisablePolicyType 4905// API call, and error handling. 4906// 4907// This method is useful when you want to inject custom logic or configuration 4908// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4909// 4910// 4911// // Example sending a request using the DisablePolicyTypeRequest method. 4912// req, resp := client.DisablePolicyTypeRequest(params) 4913// 4914// err := req.Send() 4915// if err == nil { // resp is now filled 4916// fmt.Println(resp) 4917// } 4918// 4919// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 4920func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { 4921 op := &request.Operation{ 4922 Name: opDisablePolicyType, 4923 HTTPMethod: "POST", 4924 HTTPPath: "/", 4925 } 4926 4927 if input == nil { 4928 input = &DisablePolicyTypeInput{} 4929 } 4930 4931 output = &DisablePolicyTypeOutput{} 4932 req = c.newRequest(op, input, output) 4933 return 4934} 4935 4936// DisablePolicyType API operation for AWS Organizations. 4937// 4938// Disables an organizational control policy type in a root and detaches all 4939// policies of that type from the organization root, OUs, and accounts. A policy 4940// of a certain type can be attached to entities in a root only if that type 4941// is enabled in the root. After you perform this operation, you no longer can 4942// attach policies of the specified type to that root or to any organizational 4943// unit (OU) or account in that root. You can undo this by using the EnablePolicyType 4944// operation. 4945// 4946// This is an asynchronous request that AWS performs in the background. If you 4947// disable a policy for a root, it still appears enabled for the organization 4948// if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 4949// are enabled for the organization. AWS recommends that you first use ListRoots 4950// to see the status of policy types for a specified root, and then use this 4951// operation. 4952// 4953// This operation can be called only from the organization's master account. 4954// 4955// To view the status of available policy types in the organization, use DescribeOrganization. 4956// 4957// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4958// with awserr.Error's Code and Message methods to get detailed information about 4959// the error. 4960// 4961// See the AWS API reference guide for AWS Organizations's 4962// API operation DisablePolicyType for usage and error information. 4963// 4964// Returned Error Codes: 4965// * ErrCodeAccessDeniedException "AccessDeniedException" 4966// You don't have permissions to perform the requested operation. The user or 4967// role that is making the request must have at least one IAM permissions policy 4968// attached that grants the required permissions. For more information, see 4969// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4970// in the IAM User Guide. 4971// 4972// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 4973// Your account isn't a member of an organization. To make this request, you 4974// must use the credentials of an account that belongs to an organization. 4975// 4976// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 4977// The target of the operation is currently being modified by a different request. 4978// Try again later. 4979// 4980// * ErrCodeConstraintViolationException "ConstraintViolationException" 4981// Performing this operation violates a minimum or maximum value limit. Examples 4982// include attempting to remove the last service control policy (SCP) from an 4983// OU or root, or attaching too many policies to an account, OU, or root. This 4984// exception includes a reason that contains additional information about the 4985// violated limit. 4986// 4987// Some of the reasons in the following list might not be applicable to this 4988// specific API or operation: 4989// 4990// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4991// from the organization that doesn't yet have enough information to exist 4992// as a standalone account. This account requires you to first agree to the 4993// AWS Customer Agreement. Follow the steps at To leave an organization when 4994// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4995// in the AWS Organizations User Guide. 4996// 4997// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4998// an account from the organization that doesn't yet have enough information 4999// to exist as a standalone account. This account requires you to first complete 5000// phone verification. Follow the steps at To leave an organization when 5001// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5002// in the AWS Organizations User Guide. 5003// 5004// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5005// of accounts that you can create in one day. 5006// 5007// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5008// the number of accounts in an organization. If you need more accounts, 5009// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5010// request an increase in your limit. Or the number of invitations that you 5011// tried to send would cause you to exceed the limit of accounts in your 5012// organization. Send fewer invitations or contact AWS Support to request 5013// an increase in the number of accounts. Deleted and closed accounts still 5014// count toward your limit. If you get receive this exception when running 5015// a command immediately after creating the organization, wait one hour and 5016// try again. If after an hour it continues to fail with this error, contact 5017// AWS Support (https://console.aws.amazon.com/support/home#/). 5018// 5019// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5020// handshakes that you can send in one day. 5021// 5022// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5023// in this organization, you first must migrate the organization's master 5024// account to the marketplace that corresponds to the master account's address. 5025// For example, accounts with India addresses must be associated with the 5026// AISPL marketplace. All accounts in an organization must be associated 5027// with the same marketplace. 5028// 5029// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5030// must first provide contact a valid address and phone number for the master 5031// account. Then try the operation again. 5032// 5033// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5034// master account must have an associated account in the AWS GovCloud (US-West) 5035// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5036// in the AWS GovCloud User Guide. 5037// 5038// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5039// with this master account, you first must associate a valid payment instrument, 5040// such as a credit card, with the account. Follow the steps at To leave 5041// an organization when all required account information has not yet been 5042// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5043// in the AWS Organizations User Guide. 5044// 5045// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5046// number of policies of a certain type that can be attached to an entity 5047// at one time. 5048// 5049// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5050// on this resource. 5051// 5052// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5053// with this member account, you first must associate a valid payment instrument, 5054// such as a credit card, with the account. Follow the steps at To leave 5055// an organization when all required account information has not yet been 5056// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5057// in the AWS Organizations User Guide. 5058// 5059// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5060// policy from an entity, which would cause the entity to have fewer than 5061// the minimum number of policies of the required type. 5062// 5063// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5064// too many levels deep. 5065// 5066// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5067// that requires the organization to be configured to support all features. 5068// An organization that supports only consolidated billing features can't 5069// perform this operation. 5070// 5071// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5072// that you can have in an organization. 5073// 5074// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 5075// policies that you can have in an organization. 5076// 5077// * ErrCodeInvalidInputException "InvalidInputException" 5078// The requested operation failed because you provided invalid values for one 5079// or more of the request parameters. This exception includes a reason that 5080// contains additional information about the violated limit: 5081// 5082// Some of the reasons in the following list might not be applicable to this 5083// specific API or operation: 5084// 5085// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5086// can't be modified. 5087// 5088// * INPUT_REQUIRED: You must include a value for all required parameters. 5089// 5090// * INVALID_ENUM: You specified an invalid value. 5091// 5092// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 5093// 5094// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5095// characters. 5096// 5097// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5098// at least one invalid value. 5099// 5100// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5101// from the response to a previous call of the operation. 5102// 5103// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5104// organization, or email) as a party. 5105// 5106// * INVALID_PATTERN: You provided a value that doesn't match the required 5107// pattern. 5108// 5109// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5110// match the required pattern. 5111// 5112// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5113// name can't begin with the reserved prefix AWSServiceRoleFor. 5114// 5115// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5116// Name (ARN) for the organization. 5117// 5118// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5119// 5120// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5121// tag. You can’t add, edit, or delete system tag keys because they're 5122// reserved for AWS use. System tags don’t count against your tags per 5123// resource limit. 5124// 5125// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5126// for the operation. 5127// 5128// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5129// than allowed. 5130// 5131// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5132// value than allowed. 5133// 5134// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5135// than allowed. 5136// 5137// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5138// value than allowed. 5139// 5140// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5141// between entities in the same root. 5142// 5143// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException" 5144// The specified policy type isn't currently enabled in this root. You can't 5145// attach policies of the specified type to entities in a root until you enable 5146// that type in the root. For more information, see Enabling All Features in 5147// Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5148// in the AWS Organizations User Guide. 5149// 5150// * ErrCodeRootNotFoundException "RootNotFoundException" 5151// We can't find a root with the RootId that you specified. 5152// 5153// * ErrCodeServiceException "ServiceException" 5154// AWS Organizations can't complete your request because of an internal service 5155// error. Try again later. 5156// 5157// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5158// You have sent too many requests in too short a period of time. The limit 5159// helps protect against denial-of-service attacks. Try again later. 5160// 5161// For information on limits that affect AWS Organizations, see Limits of AWS 5162// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5163// in the AWS Organizations User Guide. 5164// 5165// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 5166// This action isn't available in the current Region. 5167// 5168// * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException" 5169// Changes to the effective policy are in progress, and its contents can't be 5170// returned. Try the operation again later. 5171// 5172// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 5173func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { 5174 req, out := c.DisablePolicyTypeRequest(input) 5175 return out, req.Send() 5176} 5177 5178// DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of 5179// the ability to pass a context and additional request options. 5180// 5181// See DisablePolicyType for details on how to use this API operation. 5182// 5183// The context must be non-nil and will be used for request cancellation. If 5184// the context is nil a panic will occur. In the future the SDK may create 5185// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5186// for more information on using Contexts. 5187func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { 5188 req, out := c.DisablePolicyTypeRequest(input) 5189 req.SetContext(ctx) 5190 req.ApplyOptions(opts...) 5191 return out, req.Send() 5192} 5193 5194const opEnableAWSServiceAccess = "EnableAWSServiceAccess" 5195 5196// EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the 5197// client's request for the EnableAWSServiceAccess operation. The "output" return 5198// value will be populated with the request's response once the request completes 5199// successfully. 5200// 5201// Use "Send" method on the returned Request to send the API call to the service. 5202// the "output" return value is not valid until after Send returns without error. 5203// 5204// See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess 5205// API call, and error handling. 5206// 5207// This method is useful when you want to inject custom logic or configuration 5208// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5209// 5210// 5211// // Example sending a request using the EnableAWSServiceAccessRequest method. 5212// req, resp := client.EnableAWSServiceAccessRequest(params) 5213// 5214// err := req.Send() 5215// if err == nil { // resp is now filled 5216// fmt.Println(resp) 5217// } 5218// 5219// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 5220func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) { 5221 op := &request.Operation{ 5222 Name: opEnableAWSServiceAccess, 5223 HTTPMethod: "POST", 5224 HTTPPath: "/", 5225 } 5226 5227 if input == nil { 5228 input = &EnableAWSServiceAccessInput{} 5229 } 5230 5231 output = &EnableAWSServiceAccessOutput{} 5232 req = c.newRequest(op, input, output) 5233 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5234 return 5235} 5236 5237// EnableAWSServiceAccess API operation for AWS Organizations. 5238// 5239// Enables the integration of an AWS service (the service that is specified 5240// by ServicePrincipal) with AWS Organizations. When you enable integration, 5241// you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 5242// in all the accounts in your organization. This allows the service to perform 5243// operations on your behalf in your organization and its accounts. 5244// 5245// We recommend that you enable integration between AWS Organizations and the 5246// specified AWS service by using the console or commands that are provided 5247// by the specified service. Doing so ensures that the service is aware that 5248// it can create the resources that are required for the integration. How the 5249// service creates those resources in the organization's accounts depends on 5250// that service. For more information, see the documentation for the other AWS 5251// service. 5252// 5253// For more information about enabling services to integrate with AWS Organizations, 5254// see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 5255// in the AWS Organizations User Guide. 5256// 5257// This operation can be called only from the organization's master account 5258// and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). 5259// 5260// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5261// with awserr.Error's Code and Message methods to get detailed information about 5262// the error. 5263// 5264// See the AWS API reference guide for AWS Organizations's 5265// API operation EnableAWSServiceAccess for usage and error information. 5266// 5267// Returned Error Codes: 5268// * ErrCodeAccessDeniedException "AccessDeniedException" 5269// You don't have permissions to perform the requested operation. The user or 5270// role that is making the request must have at least one IAM permissions policy 5271// attached that grants the required permissions. For more information, see 5272// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5273// in the IAM User Guide. 5274// 5275// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5276// Your account isn't a member of an organization. To make this request, you 5277// must use the credentials of an account that belongs to an organization. 5278// 5279// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5280// The target of the operation is currently being modified by a different request. 5281// Try again later. 5282// 5283// * ErrCodeConstraintViolationException "ConstraintViolationException" 5284// Performing this operation violates a minimum or maximum value limit. Examples 5285// include attempting to remove the last service control policy (SCP) from an 5286// OU or root, or attaching too many policies to an account, OU, or root. This 5287// exception includes a reason that contains additional information about the 5288// violated limit. 5289// 5290// Some of the reasons in the following list might not be applicable to this 5291// specific API or operation: 5292// 5293// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5294// from the organization that doesn't yet have enough information to exist 5295// as a standalone account. This account requires you to first agree to the 5296// AWS Customer Agreement. Follow the steps at To leave an organization when 5297// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5298// in the AWS Organizations User Guide. 5299// 5300// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5301// an account from the organization that doesn't yet have enough information 5302// to exist as a standalone account. This account requires you to first complete 5303// phone verification. Follow the steps at To leave an organization when 5304// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5305// in the AWS Organizations User Guide. 5306// 5307// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5308// of accounts that you can create in one day. 5309// 5310// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5311// the number of accounts in an organization. If you need more accounts, 5312// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5313// request an increase in your limit. Or the number of invitations that you 5314// tried to send would cause you to exceed the limit of accounts in your 5315// organization. Send fewer invitations or contact AWS Support to request 5316// an increase in the number of accounts. Deleted and closed accounts still 5317// count toward your limit. If you get receive this exception when running 5318// a command immediately after creating the organization, wait one hour and 5319// try again. If after an hour it continues to fail with this error, contact 5320// AWS Support (https://console.aws.amazon.com/support/home#/). 5321// 5322// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5323// handshakes that you can send in one day. 5324// 5325// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5326// in this organization, you first must migrate the organization's master 5327// account to the marketplace that corresponds to the master account's address. 5328// For example, accounts with India addresses must be associated with the 5329// AISPL marketplace. All accounts in an organization must be associated 5330// with the same marketplace. 5331// 5332// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5333// must first provide contact a valid address and phone number for the master 5334// account. Then try the operation again. 5335// 5336// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5337// master account must have an associated account in the AWS GovCloud (US-West) 5338// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5339// in the AWS GovCloud User Guide. 5340// 5341// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5342// with this master account, you first must associate a valid payment instrument, 5343// such as a credit card, with the account. Follow the steps at To leave 5344// an organization when all required account information has not yet been 5345// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5346// in the AWS Organizations User Guide. 5347// 5348// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5349// number of policies of a certain type that can be attached to an entity 5350// at one time. 5351// 5352// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5353// on this resource. 5354// 5355// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5356// with this member account, you first must associate a valid payment instrument, 5357// such as a credit card, with the account. Follow the steps at To leave 5358// an organization when all required account information has not yet been 5359// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5360// in the AWS Organizations User Guide. 5361// 5362// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5363// policy from an entity, which would cause the entity to have fewer than 5364// the minimum number of policies of the required type. 5365// 5366// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5367// too many levels deep. 5368// 5369// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5370// that requires the organization to be configured to support all features. 5371// An organization that supports only consolidated billing features can't 5372// perform this operation. 5373// 5374// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5375// that you can have in an organization. 5376// 5377// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 5378// policies that you can have in an organization. 5379// 5380// * ErrCodeInvalidInputException "InvalidInputException" 5381// The requested operation failed because you provided invalid values for one 5382// or more of the request parameters. This exception includes a reason that 5383// contains additional information about the violated limit: 5384// 5385// Some of the reasons in the following list might not be applicable to this 5386// specific API or operation: 5387// 5388// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5389// can't be modified. 5390// 5391// * INPUT_REQUIRED: You must include a value for all required parameters. 5392// 5393// * INVALID_ENUM: You specified an invalid value. 5394// 5395// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 5396// 5397// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5398// characters. 5399// 5400// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5401// at least one invalid value. 5402// 5403// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5404// from the response to a previous call of the operation. 5405// 5406// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5407// organization, or email) as a party. 5408// 5409// * INVALID_PATTERN: You provided a value that doesn't match the required 5410// pattern. 5411// 5412// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5413// match the required pattern. 5414// 5415// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5416// name can't begin with the reserved prefix AWSServiceRoleFor. 5417// 5418// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5419// Name (ARN) for the organization. 5420// 5421// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5422// 5423// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5424// tag. You can’t add, edit, or delete system tag keys because they're 5425// reserved for AWS use. System tags don’t count against your tags per 5426// resource limit. 5427// 5428// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5429// for the operation. 5430// 5431// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5432// than allowed. 5433// 5434// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5435// value than allowed. 5436// 5437// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5438// than allowed. 5439// 5440// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5441// value than allowed. 5442// 5443// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5444// between entities in the same root. 5445// 5446// * ErrCodeServiceException "ServiceException" 5447// AWS Organizations can't complete your request because of an internal service 5448// error. Try again later. 5449// 5450// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5451// You have sent too many requests in too short a period of time. The limit 5452// helps protect against denial-of-service attacks. Try again later. 5453// 5454// For information on limits that affect AWS Organizations, see Limits of AWS 5455// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5456// in the AWS Organizations User Guide. 5457// 5458// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 5459func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) { 5460 req, out := c.EnableAWSServiceAccessRequest(input) 5461 return out, req.Send() 5462} 5463 5464// EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of 5465// the ability to pass a context and additional request options. 5466// 5467// See EnableAWSServiceAccess for details on how to use this API operation. 5468// 5469// The context must be non-nil and will be used for request cancellation. If 5470// the context is nil a panic will occur. In the future the SDK may create 5471// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5472// for more information on using Contexts. 5473func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) { 5474 req, out := c.EnableAWSServiceAccessRequest(input) 5475 req.SetContext(ctx) 5476 req.ApplyOptions(opts...) 5477 return out, req.Send() 5478} 5479 5480const opEnableAllFeatures = "EnableAllFeatures" 5481 5482// EnableAllFeaturesRequest generates a "aws/request.Request" representing the 5483// client's request for the EnableAllFeatures operation. The "output" return 5484// value will be populated with the request's response once the request completes 5485// successfully. 5486// 5487// Use "Send" method on the returned Request to send the API call to the service. 5488// the "output" return value is not valid until after Send returns without error. 5489// 5490// See EnableAllFeatures for more information on using the EnableAllFeatures 5491// API call, and error handling. 5492// 5493// This method is useful when you want to inject custom logic or configuration 5494// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5495// 5496// 5497// // Example sending a request using the EnableAllFeaturesRequest method. 5498// req, resp := client.EnableAllFeaturesRequest(params) 5499// 5500// err := req.Send() 5501// if err == nil { // resp is now filled 5502// fmt.Println(resp) 5503// } 5504// 5505// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 5506func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { 5507 op := &request.Operation{ 5508 Name: opEnableAllFeatures, 5509 HTTPMethod: "POST", 5510 HTTPPath: "/", 5511 } 5512 5513 if input == nil { 5514 input = &EnableAllFeaturesInput{} 5515 } 5516 5517 output = &EnableAllFeaturesOutput{} 5518 req = c.newRequest(op, input, output) 5519 return 5520} 5521 5522// EnableAllFeatures API operation for AWS Organizations. 5523// 5524// Enables all features in an organization. This enables the use of organization 5525// policies that can restrict the services and actions that can be called in 5526// each account. Until you enable all features, you have access only to consolidated 5527// billing. You can't use any of the advanced account administration features 5528// that AWS Organizations supports. For more information, see Enabling All Features 5529// in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5530// in the AWS Organizations User Guide. 5531// 5532// This operation is required only for organizations that were created explicitly 5533// with only the consolidated billing features enabled. Calling this operation 5534// sends a handshake to every invited account in the organization. The feature 5535// set change can be finalized and the additional features enabled only after 5536// all administrators in the invited accounts approve the change. Accepting 5537// the handshake approves the change. 5538// 5539// After you enable all features, you can separately enable or disable individual 5540// policy types in a root using EnablePolicyType and DisablePolicyType. To see 5541// the status of policy types in a root, use ListRoots. 5542// 5543// After all invited member accounts accept the handshake, you finalize the 5544// feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". 5545// This completes the change. 5546// 5547// After you enable all features in your organization, the master account in 5548// the organization can apply policies on all member accounts. These policies 5549// can restrict what users and even administrators in those accounts can do. 5550// The master account can apply policies that prevent accounts from leaving 5551// the organization. Ensure that your account administrators are aware of this. 5552// 5553// This operation can be called only from the organization's master account. 5554// 5555// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5556// with awserr.Error's Code and Message methods to get detailed information about 5557// the error. 5558// 5559// See the AWS API reference guide for AWS Organizations's 5560// API operation EnableAllFeatures for usage and error information. 5561// 5562// Returned Error Codes: 5563// * ErrCodeAccessDeniedException "AccessDeniedException" 5564// You don't have permissions to perform the requested operation. The user or 5565// role that is making the request must have at least one IAM permissions policy 5566// attached that grants the required permissions. For more information, see 5567// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5568// in the IAM User Guide. 5569// 5570// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5571// Your account isn't a member of an organization. To make this request, you 5572// must use the credentials of an account that belongs to an organization. 5573// 5574// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5575// The target of the operation is currently being modified by a different request. 5576// Try again later. 5577// 5578// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 5579// The requested operation would violate the constraint identified in the reason 5580// code. 5581// 5582// Some of the reasons in the following list might not be applicable to this 5583// specific API or operation: 5584// 5585// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5586// the number of accounts in an organization. Note that deleted and closed 5587// accounts still count toward your limit. If you get this exception immediately 5588// after creating the organization, wait one hour and try again. If after 5589// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 5590// 5591// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 5592// the invited account is already a member of an organization. 5593// 5594// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5595// handshakes that you can send in one day. 5596// 5597// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 5598// to join an organization while it's in the process of enabling all features. 5599// You can resume inviting accounts after you finalize the process when all 5600// accounts have agreed to the change. 5601// 5602// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 5603// because the organization has already enabled all features. 5604// 5605// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 5606// the account is from a different marketplace than the accounts in the organization. 5607// For example, accounts with India addresses must be associated with the 5608// AISPL marketplace. All accounts in an organization must be from the same 5609// marketplace. 5610// 5611// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 5612// change the membership of an account too quickly after its previous change. 5613// 5614// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 5615// account that doesn't have a payment instrument, such as a credit card, 5616// associated with it. 5617// 5618// * ErrCodeInvalidInputException "InvalidInputException" 5619// The requested operation failed because you provided invalid values for one 5620// or more of the request parameters. This exception includes a reason that 5621// contains additional information about the violated limit: 5622// 5623// Some of the reasons in the following list might not be applicable to this 5624// specific API or operation: 5625// 5626// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5627// can't be modified. 5628// 5629// * INPUT_REQUIRED: You must include a value for all required parameters. 5630// 5631// * INVALID_ENUM: You specified an invalid value. 5632// 5633// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 5634// 5635// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5636// characters. 5637// 5638// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5639// at least one invalid value. 5640// 5641// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5642// from the response to a previous call of the operation. 5643// 5644// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5645// organization, or email) as a party. 5646// 5647// * INVALID_PATTERN: You provided a value that doesn't match the required 5648// pattern. 5649// 5650// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5651// match the required pattern. 5652// 5653// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5654// name can't begin with the reserved prefix AWSServiceRoleFor. 5655// 5656// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5657// Name (ARN) for the organization. 5658// 5659// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5660// 5661// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5662// tag. You can’t add, edit, or delete system tag keys because they're 5663// reserved for AWS use. System tags don’t count against your tags per 5664// resource limit. 5665// 5666// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5667// for the operation. 5668// 5669// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5670// than allowed. 5671// 5672// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5673// value than allowed. 5674// 5675// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5676// than allowed. 5677// 5678// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5679// value than allowed. 5680// 5681// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5682// between entities in the same root. 5683// 5684// * ErrCodeServiceException "ServiceException" 5685// AWS Organizations can't complete your request because of an internal service 5686// error. Try again later. 5687// 5688// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5689// You have sent too many requests in too short a period of time. The limit 5690// helps protect against denial-of-service attacks. Try again later. 5691// 5692// For information on limits that affect AWS Organizations, see Limits of AWS 5693// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5694// in the AWS Organizations User Guide. 5695// 5696// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 5697func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { 5698 req, out := c.EnableAllFeaturesRequest(input) 5699 return out, req.Send() 5700} 5701 5702// EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of 5703// the ability to pass a context and additional request options. 5704// 5705// See EnableAllFeatures for details on how to use this API operation. 5706// 5707// The context must be non-nil and will be used for request cancellation. If 5708// the context is nil a panic will occur. In the future the SDK may create 5709// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5710// for more information on using Contexts. 5711func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { 5712 req, out := c.EnableAllFeaturesRequest(input) 5713 req.SetContext(ctx) 5714 req.ApplyOptions(opts...) 5715 return out, req.Send() 5716} 5717 5718const opEnablePolicyType = "EnablePolicyType" 5719 5720// EnablePolicyTypeRequest generates a "aws/request.Request" representing the 5721// client's request for the EnablePolicyType operation. The "output" return 5722// value will be populated with the request's response once the request completes 5723// successfully. 5724// 5725// Use "Send" method on the returned Request to send the API call to the service. 5726// the "output" return value is not valid until after Send returns without error. 5727// 5728// See EnablePolicyType for more information on using the EnablePolicyType 5729// API call, and error handling. 5730// 5731// This method is useful when you want to inject custom logic or configuration 5732// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5733// 5734// 5735// // Example sending a request using the EnablePolicyTypeRequest method. 5736// req, resp := client.EnablePolicyTypeRequest(params) 5737// 5738// err := req.Send() 5739// if err == nil { // resp is now filled 5740// fmt.Println(resp) 5741// } 5742// 5743// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 5744func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { 5745 op := &request.Operation{ 5746 Name: opEnablePolicyType, 5747 HTTPMethod: "POST", 5748 HTTPPath: "/", 5749 } 5750 5751 if input == nil { 5752 input = &EnablePolicyTypeInput{} 5753 } 5754 5755 output = &EnablePolicyTypeOutput{} 5756 req = c.newRequest(op, input, output) 5757 return 5758} 5759 5760// EnablePolicyType API operation for AWS Organizations. 5761// 5762// Enables a policy type in a root. After you enable a policy type in a root, 5763// you can attach policies of that type to the root, any organizational unit 5764// (OU), or account in that root. You can undo this by using the DisablePolicyType 5765// operation. 5766// 5767// This is an asynchronous request that AWS performs in the background. AWS 5768// recommends that you first use ListRoots to see the status of policy types 5769// for a specified root, and then use this operation. 5770// 5771// This operation can be called only from the organization's master account. 5772// 5773// You can enable a policy type in a root only if that policy type is available 5774// in the organization. To view the status of available policy types in the 5775// organization, use DescribeOrganization. 5776// 5777// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5778// with awserr.Error's Code and Message methods to get detailed information about 5779// the error. 5780// 5781// See the AWS API reference guide for AWS Organizations's 5782// API operation EnablePolicyType for usage and error information. 5783// 5784// Returned Error Codes: 5785// * ErrCodeAccessDeniedException "AccessDeniedException" 5786// You don't have permissions to perform the requested operation. The user or 5787// role that is making the request must have at least one IAM permissions policy 5788// attached that grants the required permissions. For more information, see 5789// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5790// in the IAM User Guide. 5791// 5792// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 5793// Your account isn't a member of an organization. To make this request, you 5794// must use the credentials of an account that belongs to an organization. 5795// 5796// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 5797// The target of the operation is currently being modified by a different request. 5798// Try again later. 5799// 5800// * ErrCodeConstraintViolationException "ConstraintViolationException" 5801// Performing this operation violates a minimum or maximum value limit. Examples 5802// include attempting to remove the last service control policy (SCP) from an 5803// OU or root, or attaching too many policies to an account, OU, or root. This 5804// exception includes a reason that contains additional information about the 5805// violated limit. 5806// 5807// Some of the reasons in the following list might not be applicable to this 5808// specific API or operation: 5809// 5810// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5811// from the organization that doesn't yet have enough information to exist 5812// as a standalone account. This account requires you to first agree to the 5813// AWS Customer Agreement. Follow the steps at To leave an organization when 5814// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5815// in the AWS Organizations User Guide. 5816// 5817// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5818// an account from the organization that doesn't yet have enough information 5819// to exist as a standalone account. This account requires you to first complete 5820// phone verification. Follow the steps at To leave an organization when 5821// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5822// in the AWS Organizations User Guide. 5823// 5824// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5825// of accounts that you can create in one day. 5826// 5827// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5828// the number of accounts in an organization. If you need more accounts, 5829// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5830// request an increase in your limit. Or the number of invitations that you 5831// tried to send would cause you to exceed the limit of accounts in your 5832// organization. Send fewer invitations or contact AWS Support to request 5833// an increase in the number of accounts. Deleted and closed accounts still 5834// count toward your limit. If you get receive this exception when running 5835// a command immediately after creating the organization, wait one hour and 5836// try again. If after an hour it continues to fail with this error, contact 5837// AWS Support (https://console.aws.amazon.com/support/home#/). 5838// 5839// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5840// handshakes that you can send in one day. 5841// 5842// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5843// in this organization, you first must migrate the organization's master 5844// account to the marketplace that corresponds to the master account's address. 5845// For example, accounts with India addresses must be associated with the 5846// AISPL marketplace. All accounts in an organization must be associated 5847// with the same marketplace. 5848// 5849// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5850// must first provide contact a valid address and phone number for the master 5851// account. Then try the operation again. 5852// 5853// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5854// master account must have an associated account in the AWS GovCloud (US-West) 5855// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5856// in the AWS GovCloud User Guide. 5857// 5858// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5859// with this master account, you first must associate a valid payment instrument, 5860// such as a credit card, with the account. Follow the steps at To leave 5861// an organization when all required account information has not yet been 5862// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5863// in the AWS Organizations User Guide. 5864// 5865// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5866// number of policies of a certain type that can be attached to an entity 5867// at one time. 5868// 5869// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5870// on this resource. 5871// 5872// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5873// with this member account, you first must associate a valid payment instrument, 5874// such as a credit card, with the account. Follow the steps at To leave 5875// an organization when all required account information has not yet been 5876// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5877// in the AWS Organizations User Guide. 5878// 5879// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5880// policy from an entity, which would cause the entity to have fewer than 5881// the minimum number of policies of the required type. 5882// 5883// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5884// too many levels deep. 5885// 5886// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5887// that requires the organization to be configured to support all features. 5888// An organization that supports only consolidated billing features can't 5889// perform this operation. 5890// 5891// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5892// that you can have in an organization. 5893// 5894// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 5895// policies that you can have in an organization. 5896// 5897// * ErrCodeInvalidInputException "InvalidInputException" 5898// The requested operation failed because you provided invalid values for one 5899// or more of the request parameters. This exception includes a reason that 5900// contains additional information about the violated limit: 5901// 5902// Some of the reasons in the following list might not be applicable to this 5903// specific API or operation: 5904// 5905// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5906// can't be modified. 5907// 5908// * INPUT_REQUIRED: You must include a value for all required parameters. 5909// 5910// * INVALID_ENUM: You specified an invalid value. 5911// 5912// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 5913// 5914// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5915// characters. 5916// 5917// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5918// at least one invalid value. 5919// 5920// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5921// from the response to a previous call of the operation. 5922// 5923// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5924// organization, or email) as a party. 5925// 5926// * INVALID_PATTERN: You provided a value that doesn't match the required 5927// pattern. 5928// 5929// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5930// match the required pattern. 5931// 5932// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5933// name can't begin with the reserved prefix AWSServiceRoleFor. 5934// 5935// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5936// Name (ARN) for the organization. 5937// 5938// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5939// 5940// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5941// tag. You can’t add, edit, or delete system tag keys because they're 5942// reserved for AWS use. System tags don’t count against your tags per 5943// resource limit. 5944// 5945// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5946// for the operation. 5947// 5948// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5949// than allowed. 5950// 5951// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5952// value than allowed. 5953// 5954// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5955// than allowed. 5956// 5957// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5958// value than allowed. 5959// 5960// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5961// between entities in the same root. 5962// 5963// * ErrCodePolicyTypeAlreadyEnabledException "PolicyTypeAlreadyEnabledException" 5964// The specified policy type is already enabled in the specified root. 5965// 5966// * ErrCodeRootNotFoundException "RootNotFoundException" 5967// We can't find a root with the RootId that you specified. 5968// 5969// * ErrCodeServiceException "ServiceException" 5970// AWS Organizations can't complete your request because of an internal service 5971// error. Try again later. 5972// 5973// * ErrCodeTooManyRequestsException "TooManyRequestsException" 5974// You have sent too many requests in too short a period of time. The limit 5975// helps protect against denial-of-service attacks. Try again later. 5976// 5977// For information on limits that affect AWS Organizations, see Limits of AWS 5978// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 5979// in the AWS Organizations User Guide. 5980// 5981// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException" 5982// You can't use the specified policy type with the feature set currently enabled 5983// for this organization. For example, you can enable SCPs only after you enable 5984// all features in the organization. For more information, see Enabling and 5985// Disabling a Policy Type on a Root (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root) 5986// in the AWS Organizations User Guide. 5987// 5988// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 5989// This action isn't available in the current Region. 5990// 5991// * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException" 5992// Changes to the effective policy are in progress, and its contents can't be 5993// returned. Try the operation again later. 5994// 5995// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 5996func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { 5997 req, out := c.EnablePolicyTypeRequest(input) 5998 return out, req.Send() 5999} 6000 6001// EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of 6002// the ability to pass a context and additional request options. 6003// 6004// See EnablePolicyType for details on how to use this API operation. 6005// 6006// The context must be non-nil and will be used for request cancellation. If 6007// the context is nil a panic will occur. In the future the SDK may create 6008// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6009// for more information on using Contexts. 6010func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { 6011 req, out := c.EnablePolicyTypeRequest(input) 6012 req.SetContext(ctx) 6013 req.ApplyOptions(opts...) 6014 return out, req.Send() 6015} 6016 6017const opInviteAccountToOrganization = "InviteAccountToOrganization" 6018 6019// InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the 6020// client's request for the InviteAccountToOrganization operation. The "output" return 6021// value will be populated with the request's response once the request completes 6022// successfully. 6023// 6024// Use "Send" method on the returned Request to send the API call to the service. 6025// the "output" return value is not valid until after Send returns without error. 6026// 6027// See InviteAccountToOrganization for more information on using the InviteAccountToOrganization 6028// API call, and error handling. 6029// 6030// This method is useful when you want to inject custom logic or configuration 6031// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6032// 6033// 6034// // Example sending a request using the InviteAccountToOrganizationRequest method. 6035// req, resp := client.InviteAccountToOrganizationRequest(params) 6036// 6037// err := req.Send() 6038// if err == nil { // resp is now filled 6039// fmt.Println(resp) 6040// } 6041// 6042// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 6043func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { 6044 op := &request.Operation{ 6045 Name: opInviteAccountToOrganization, 6046 HTTPMethod: "POST", 6047 HTTPPath: "/", 6048 } 6049 6050 if input == nil { 6051 input = &InviteAccountToOrganizationInput{} 6052 } 6053 6054 output = &InviteAccountToOrganizationOutput{} 6055 req = c.newRequest(op, input, output) 6056 return 6057} 6058 6059// InviteAccountToOrganization API operation for AWS Organizations. 6060// 6061// Sends an invitation to another account to join your organization as a member 6062// account. AWS Organizations sends email on your behalf to the email address 6063// that is associated with the other account's owner. The invitation is implemented 6064// as a Handshake whose details are in the response. 6065// 6066// * You can invite AWS accounts only from the same seller as the master 6067// account. For example, assume that your organization's master account was 6068// created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in 6069// India. You can invite only other AISPL accounts to your organization. 6070// You can't combine accounts from AISPL and AWS or from any other AWS seller. 6071// For more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). 6072// 6073// * You might receive an exception that indicates that you exceeded your 6074// account limits for the organization or that the operation failed because 6075// your organization is still initializing. If so, wait one hour and then 6076// try again. If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6077// 6078// This operation can be called only from the organization's master account. 6079// 6080// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6081// with awserr.Error's Code and Message methods to get detailed information about 6082// the error. 6083// 6084// See the AWS API reference guide for AWS Organizations's 6085// API operation InviteAccountToOrganization for usage and error information. 6086// 6087// Returned Error Codes: 6088// * ErrCodeAccessDeniedException "AccessDeniedException" 6089// You don't have permissions to perform the requested operation. The user or 6090// role that is making the request must have at least one IAM permissions policy 6091// attached that grants the required permissions. For more information, see 6092// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6093// in the IAM User Guide. 6094// 6095// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6096// Your account isn't a member of an organization. To make this request, you 6097// must use the credentials of an account that belongs to an organization. 6098// 6099// * ErrCodeAccountOwnerNotVerifiedException "AccountOwnerNotVerifiedException" 6100// You can't invite an existing account to your organization until you verify 6101// that you own the email address associated with the master account. For more 6102// information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 6103// in the AWS Organizations User Guide. 6104// 6105// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 6106// The target of the operation is currently being modified by a different request. 6107// Try again later. 6108// 6109// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException" 6110// The requested operation would violate the constraint identified in the reason 6111// code. 6112// 6113// Some of the reasons in the following list might not be applicable to this 6114// specific API or operation: 6115// 6116// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6117// the number of accounts in an organization. Note that deleted and closed 6118// accounts still count toward your limit. If you get this exception immediately 6119// after creating the organization, wait one hour and try again. If after 6120// an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6121// 6122// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 6123// the invited account is already a member of an organization. 6124// 6125// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6126// handshakes that you can send in one day. 6127// 6128// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 6129// to join an organization while it's in the process of enabling all features. 6130// You can resume inviting accounts after you finalize the process when all 6131// accounts have agreed to the change. 6132// 6133// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 6134// because the organization has already enabled all features. 6135// 6136// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 6137// the account is from a different marketplace than the accounts in the organization. 6138// For example, accounts with India addresses must be associated with the 6139// AISPL marketplace. All accounts in an organization must be from the same 6140// marketplace. 6141// 6142// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 6143// change the membership of an account too quickly after its previous change. 6144// 6145// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 6146// account that doesn't have a payment instrument, such as a credit card, 6147// associated with it. 6148// 6149// * ErrCodeDuplicateHandshakeException "DuplicateHandshakeException" 6150// A handshake with the same action and target already exists. For example, 6151// if you invited an account to join your organization, the invited account 6152// might already have a pending invitation from this organization. If you intend 6153// to resend an invitation to an account, ensure that existing handshakes that 6154// might be considered duplicates are canceled or declined. 6155// 6156// * ErrCodeInvalidInputException "InvalidInputException" 6157// The requested operation failed because you provided invalid values for one 6158// or more of the request parameters. This exception includes a reason that 6159// contains additional information about the violated limit: 6160// 6161// Some of the reasons in the following list might not be applicable to this 6162// specific API or operation: 6163// 6164// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6165// can't be modified. 6166// 6167// * INPUT_REQUIRED: You must include a value for all required parameters. 6168// 6169// * INVALID_ENUM: You specified an invalid value. 6170// 6171// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 6172// 6173// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6174// characters. 6175// 6176// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6177// at least one invalid value. 6178// 6179// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6180// from the response to a previous call of the operation. 6181// 6182// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6183// organization, or email) as a party. 6184// 6185// * INVALID_PATTERN: You provided a value that doesn't match the required 6186// pattern. 6187// 6188// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6189// match the required pattern. 6190// 6191// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6192// name can't begin with the reserved prefix AWSServiceRoleFor. 6193// 6194// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6195// Name (ARN) for the organization. 6196// 6197// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6198// 6199// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6200// tag. You can’t add, edit, or delete system tag keys because they're 6201// reserved for AWS use. System tags don’t count against your tags per 6202// resource limit. 6203// 6204// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6205// for the operation. 6206// 6207// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6208// than allowed. 6209// 6210// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6211// value than allowed. 6212// 6213// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6214// than allowed. 6215// 6216// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6217// value than allowed. 6218// 6219// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6220// between entities in the same root. 6221// 6222// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException" 6223// AWS Organizations couldn't perform the operation because your organization 6224// hasn't finished initializing. This can take up to an hour. Try again later. 6225// If after one hour you continue to receive this error, contact AWS Support 6226// (https://console.aws.amazon.com/support/home#/). 6227// 6228// * ErrCodeServiceException "ServiceException" 6229// AWS Organizations can't complete your request because of an internal service 6230// error. Try again later. 6231// 6232// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6233// You have sent too many requests in too short a period of time. The limit 6234// helps protect against denial-of-service attacks. Try again later. 6235// 6236// For information on limits that affect AWS Organizations, see Limits of AWS 6237// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6238// in the AWS Organizations User Guide. 6239// 6240// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 6241func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { 6242 req, out := c.InviteAccountToOrganizationRequest(input) 6243 return out, req.Send() 6244} 6245 6246// InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of 6247// the ability to pass a context and additional request options. 6248// 6249// See InviteAccountToOrganization for details on how to use this API operation. 6250// 6251// The context must be non-nil and will be used for request cancellation. If 6252// the context is nil a panic will occur. In the future the SDK may create 6253// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6254// for more information on using Contexts. 6255func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { 6256 req, out := c.InviteAccountToOrganizationRequest(input) 6257 req.SetContext(ctx) 6258 req.ApplyOptions(opts...) 6259 return out, req.Send() 6260} 6261 6262const opLeaveOrganization = "LeaveOrganization" 6263 6264// LeaveOrganizationRequest generates a "aws/request.Request" representing the 6265// client's request for the LeaveOrganization operation. The "output" return 6266// value will be populated with the request's response once the request completes 6267// successfully. 6268// 6269// Use "Send" method on the returned Request to send the API call to the service. 6270// the "output" return value is not valid until after Send returns without error. 6271// 6272// See LeaveOrganization for more information on using the LeaveOrganization 6273// API call, and error handling. 6274// 6275// This method is useful when you want to inject custom logic or configuration 6276// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6277// 6278// 6279// // Example sending a request using the LeaveOrganizationRequest method. 6280// req, resp := client.LeaveOrganizationRequest(params) 6281// 6282// err := req.Send() 6283// if err == nil { // resp is now filled 6284// fmt.Println(resp) 6285// } 6286// 6287// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 6288func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { 6289 op := &request.Operation{ 6290 Name: opLeaveOrganization, 6291 HTTPMethod: "POST", 6292 HTTPPath: "/", 6293 } 6294 6295 if input == nil { 6296 input = &LeaveOrganizationInput{} 6297 } 6298 6299 output = &LeaveOrganizationOutput{} 6300 req = c.newRequest(op, input, output) 6301 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 6302 return 6303} 6304 6305// LeaveOrganization API operation for AWS Organizations. 6306// 6307// Removes a member account from its parent organization. This version of the 6308// operation is performed by the account that wants to leave. To remove a member 6309// account as a user in the master account, use RemoveAccountFromOrganization 6310// instead. 6311// 6312// This operation can be called only from a member account in the organization. 6313// 6314// * The master account in an organization with all features enabled can 6315// set service control policies (SCPs) that can restrict what administrators 6316// of member accounts can do. These restrictions can include preventing member 6317// accounts from successfully calling LeaveOrganization. 6318// 6319// * You can leave an organization as a member account only if the account 6320// is configured with the information required to operate as a standalone 6321// account. When you create an account in an organization using the AWS Organizations 6322// console, API, or CLI, the information required of standalone accounts 6323// is not automatically collected. For each account that you want to make 6324// standalone, you must accept the end user license agreement (EULA). You 6325// must also choose a support plan, provide and verify the required contact 6326// information, and provide a current payment method. AWS uses the payment 6327// method to charge for any billable (not free tier) AWS activity that occurs 6328// while the account isn't attached to an organization. Follow the steps 6329// at To leave an organization when all required account information has 6330// not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6331// in the AWS Organizations User Guide. 6332// 6333// * You can leave an organization only after you enable IAM user access 6334// to billing in your account. For more information, see Activating Access 6335// to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 6336// in the AWS Billing and Cost Management User Guide. 6337// 6338// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6339// with awserr.Error's Code and Message methods to get detailed information about 6340// the error. 6341// 6342// See the AWS API reference guide for AWS Organizations's 6343// API operation LeaveOrganization for usage and error information. 6344// 6345// Returned Error Codes: 6346// * ErrCodeAccessDeniedException "AccessDeniedException" 6347// You don't have permissions to perform the requested operation. The user or 6348// role that is making the request must have at least one IAM permissions policy 6349// attached that grants the required permissions. For more information, see 6350// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6351// in the IAM User Guide. 6352// 6353// * ErrCodeAccountNotFoundException "AccountNotFoundException" 6354// We can't find an AWS account with the AccountId that you specified. Or the 6355// account whose credentials you used to make this request isn't a member of 6356// an organization. 6357// 6358// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6359// Your account isn't a member of an organization. To make this request, you 6360// must use the credentials of an account that belongs to an organization. 6361// 6362// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 6363// The target of the operation is currently being modified by a different request. 6364// Try again later. 6365// 6366// * ErrCodeConstraintViolationException "ConstraintViolationException" 6367// Performing this operation violates a minimum or maximum value limit. Examples 6368// include attempting to remove the last service control policy (SCP) from an 6369// OU or root, or attaching too many policies to an account, OU, or root. This 6370// exception includes a reason that contains additional information about the 6371// violated limit. 6372// 6373// Some of the reasons in the following list might not be applicable to this 6374// specific API or operation: 6375// 6376// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6377// from the organization that doesn't yet have enough information to exist 6378// as a standalone account. This account requires you to first agree to the 6379// AWS Customer Agreement. Follow the steps at To leave an organization when 6380// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6381// in the AWS Organizations User Guide. 6382// 6383// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6384// an account from the organization that doesn't yet have enough information 6385// to exist as a standalone account. This account requires you to first complete 6386// phone verification. Follow the steps at To leave an organization when 6387// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6388// in the AWS Organizations User Guide. 6389// 6390// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6391// of accounts that you can create in one day. 6392// 6393// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6394// the number of accounts in an organization. If you need more accounts, 6395// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6396// request an increase in your limit. Or the number of invitations that you 6397// tried to send would cause you to exceed the limit of accounts in your 6398// organization. Send fewer invitations or contact AWS Support to request 6399// an increase in the number of accounts. Deleted and closed accounts still 6400// count toward your limit. If you get receive this exception when running 6401// a command immediately after creating the organization, wait one hour and 6402// try again. If after an hour it continues to fail with this error, contact 6403// AWS Support (https://console.aws.amazon.com/support/home#/). 6404// 6405// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6406// handshakes that you can send in one day. 6407// 6408// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6409// in this organization, you first must migrate the organization's master 6410// account to the marketplace that corresponds to the master account's address. 6411// For example, accounts with India addresses must be associated with the 6412// AISPL marketplace. All accounts in an organization must be associated 6413// with the same marketplace. 6414// 6415// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6416// must first provide contact a valid address and phone number for the master 6417// account. Then try the operation again. 6418// 6419// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6420// master account must have an associated account in the AWS GovCloud (US-West) 6421// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6422// in the AWS GovCloud User Guide. 6423// 6424// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6425// with this master account, you first must associate a valid payment instrument, 6426// such as a credit card, with the account. Follow the steps at To leave 6427// an organization when all required account information has not yet been 6428// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6429// in the AWS Organizations User Guide. 6430// 6431// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6432// number of policies of a certain type that can be attached to an entity 6433// at one time. 6434// 6435// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6436// on this resource. 6437// 6438// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6439// with this member account, you first must associate a valid payment instrument, 6440// such as a credit card, with the account. Follow the steps at To leave 6441// an organization when all required account information has not yet been 6442// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6443// in the AWS Organizations User Guide. 6444// 6445// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6446// policy from an entity, which would cause the entity to have fewer than 6447// the minimum number of policies of the required type. 6448// 6449// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6450// too many levels deep. 6451// 6452// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6453// that requires the organization to be configured to support all features. 6454// An organization that supports only consolidated billing features can't 6455// perform this operation. 6456// 6457// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6458// that you can have in an organization. 6459// 6460// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 6461// policies that you can have in an organization. 6462// 6463// * ErrCodeInvalidInputException "InvalidInputException" 6464// The requested operation failed because you provided invalid values for one 6465// or more of the request parameters. This exception includes a reason that 6466// contains additional information about the violated limit: 6467// 6468// Some of the reasons in the following list might not be applicable to this 6469// specific API or operation: 6470// 6471// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6472// can't be modified. 6473// 6474// * INPUT_REQUIRED: You must include a value for all required parameters. 6475// 6476// * INVALID_ENUM: You specified an invalid value. 6477// 6478// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 6479// 6480// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6481// characters. 6482// 6483// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6484// at least one invalid value. 6485// 6486// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6487// from the response to a previous call of the operation. 6488// 6489// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6490// organization, or email) as a party. 6491// 6492// * INVALID_PATTERN: You provided a value that doesn't match the required 6493// pattern. 6494// 6495// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6496// match the required pattern. 6497// 6498// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6499// name can't begin with the reserved prefix AWSServiceRoleFor. 6500// 6501// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6502// Name (ARN) for the organization. 6503// 6504// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6505// 6506// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6507// tag. You can’t add, edit, or delete system tag keys because they're 6508// reserved for AWS use. System tags don’t count against your tags per 6509// resource limit. 6510// 6511// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6512// for the operation. 6513// 6514// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6515// than allowed. 6516// 6517// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6518// value than allowed. 6519// 6520// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6521// than allowed. 6522// 6523// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6524// value than allowed. 6525// 6526// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6527// between entities in the same root. 6528// 6529// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" 6530// You can't remove a master account from an organization. If you want the master 6531// account to become a member account in another organization, you must first 6532// delete the current organization of the master account. 6533// 6534// * ErrCodeServiceException "ServiceException" 6535// AWS Organizations can't complete your request because of an internal service 6536// error. Try again later. 6537// 6538// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6539// You have sent too many requests in too short a period of time. The limit 6540// helps protect against denial-of-service attacks. Try again later. 6541// 6542// For information on limits that affect AWS Organizations, see Limits of AWS 6543// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6544// in the AWS Organizations User Guide. 6545// 6546// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 6547func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { 6548 req, out := c.LeaveOrganizationRequest(input) 6549 return out, req.Send() 6550} 6551 6552// LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of 6553// the ability to pass a context and additional request options. 6554// 6555// See LeaveOrganization for details on how to use this API operation. 6556// 6557// The context must be non-nil and will be used for request cancellation. If 6558// the context is nil a panic will occur. In the future the SDK may create 6559// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6560// for more information on using Contexts. 6561func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { 6562 req, out := c.LeaveOrganizationRequest(input) 6563 req.SetContext(ctx) 6564 req.ApplyOptions(opts...) 6565 return out, req.Send() 6566} 6567 6568const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization" 6569 6570// ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the 6571// client's request for the ListAWSServiceAccessForOrganization operation. The "output" return 6572// value will be populated with the request's response once the request completes 6573// successfully. 6574// 6575// Use "Send" method on the returned Request to send the API call to the service. 6576// the "output" return value is not valid until after Send returns without error. 6577// 6578// See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization 6579// API call, and error handling. 6580// 6581// This method is useful when you want to inject custom logic or configuration 6582// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6583// 6584// 6585// // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method. 6586// req, resp := client.ListAWSServiceAccessForOrganizationRequest(params) 6587// 6588// err := req.Send() 6589// if err == nil { // resp is now filled 6590// fmt.Println(resp) 6591// } 6592// 6593// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 6594func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) { 6595 op := &request.Operation{ 6596 Name: opListAWSServiceAccessForOrganization, 6597 HTTPMethod: "POST", 6598 HTTPPath: "/", 6599 Paginator: &request.Paginator{ 6600 InputTokens: []string{"NextToken"}, 6601 OutputTokens: []string{"NextToken"}, 6602 LimitToken: "MaxResults", 6603 TruncationToken: "", 6604 }, 6605 } 6606 6607 if input == nil { 6608 input = &ListAWSServiceAccessForOrganizationInput{} 6609 } 6610 6611 output = &ListAWSServiceAccessForOrganizationOutput{} 6612 req = c.newRequest(op, input, output) 6613 return 6614} 6615 6616// ListAWSServiceAccessForOrganization API operation for AWS Organizations. 6617// 6618// Returns a list of the AWS services that you enabled to integrate with your 6619// organization. After a service on this list creates the resources that it 6620// requires for the integration, it can perform operations on your organization 6621// and its accounts. 6622// 6623// For more information about integrating other services with AWS Organizations, 6624// including the list of services that currently work with Organizations, see 6625// Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 6626// in the AWS Organizations User Guide. 6627// 6628// This operation can be called only from the organization's master account. 6629// 6630// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6631// with awserr.Error's Code and Message methods to get detailed information about 6632// the error. 6633// 6634// See the AWS API reference guide for AWS Organizations's 6635// API operation ListAWSServiceAccessForOrganization for usage and error information. 6636// 6637// Returned Error Codes: 6638// * ErrCodeAccessDeniedException "AccessDeniedException" 6639// You don't have permissions to perform the requested operation. The user or 6640// role that is making the request must have at least one IAM permissions policy 6641// attached that grants the required permissions. For more information, see 6642// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6643// in the IAM User Guide. 6644// 6645// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6646// Your account isn't a member of an organization. To make this request, you 6647// must use the credentials of an account that belongs to an organization. 6648// 6649// * ErrCodeConstraintViolationException "ConstraintViolationException" 6650// Performing this operation violates a minimum or maximum value limit. Examples 6651// include attempting to remove the last service control policy (SCP) from an 6652// OU or root, or attaching too many policies to an account, OU, or root. This 6653// exception includes a reason that contains additional information about the 6654// violated limit. 6655// 6656// Some of the reasons in the following list might not be applicable to this 6657// specific API or operation: 6658// 6659// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6660// from the organization that doesn't yet have enough information to exist 6661// as a standalone account. This account requires you to first agree to the 6662// AWS Customer Agreement. Follow the steps at To leave an organization when 6663// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6664// in the AWS Organizations User Guide. 6665// 6666// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6667// an account from the organization that doesn't yet have enough information 6668// to exist as a standalone account. This account requires you to first complete 6669// phone verification. Follow the steps at To leave an organization when 6670// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6671// in the AWS Organizations User Guide. 6672// 6673// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6674// of accounts that you can create in one day. 6675// 6676// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6677// the number of accounts in an organization. If you need more accounts, 6678// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6679// request an increase in your limit. Or the number of invitations that you 6680// tried to send would cause you to exceed the limit of accounts in your 6681// organization. Send fewer invitations or contact AWS Support to request 6682// an increase in the number of accounts. Deleted and closed accounts still 6683// count toward your limit. If you get receive this exception when running 6684// a command immediately after creating the organization, wait one hour and 6685// try again. If after an hour it continues to fail with this error, contact 6686// AWS Support (https://console.aws.amazon.com/support/home#/). 6687// 6688// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6689// handshakes that you can send in one day. 6690// 6691// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6692// in this organization, you first must migrate the organization's master 6693// account to the marketplace that corresponds to the master account's address. 6694// For example, accounts with India addresses must be associated with the 6695// AISPL marketplace. All accounts in an organization must be associated 6696// with the same marketplace. 6697// 6698// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6699// must first provide contact a valid address and phone number for the master 6700// account. Then try the operation again. 6701// 6702// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6703// master account must have an associated account in the AWS GovCloud (US-West) 6704// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6705// in the AWS GovCloud User Guide. 6706// 6707// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6708// with this master account, you first must associate a valid payment instrument, 6709// such as a credit card, with the account. Follow the steps at To leave 6710// an organization when all required account information has not yet been 6711// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6712// in the AWS Organizations User Guide. 6713// 6714// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6715// number of policies of a certain type that can be attached to an entity 6716// at one time. 6717// 6718// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6719// on this resource. 6720// 6721// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6722// with this member account, you first must associate a valid payment instrument, 6723// such as a credit card, with the account. Follow the steps at To leave 6724// an organization when all required account information has not yet been 6725// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6726// in the AWS Organizations User Guide. 6727// 6728// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6729// policy from an entity, which would cause the entity to have fewer than 6730// the minimum number of policies of the required type. 6731// 6732// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6733// too many levels deep. 6734// 6735// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6736// that requires the organization to be configured to support all features. 6737// An organization that supports only consolidated billing features can't 6738// perform this operation. 6739// 6740// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6741// that you can have in an organization. 6742// 6743// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 6744// policies that you can have in an organization. 6745// 6746// * ErrCodeInvalidInputException "InvalidInputException" 6747// The requested operation failed because you provided invalid values for one 6748// or more of the request parameters. This exception includes a reason that 6749// contains additional information about the violated limit: 6750// 6751// Some of the reasons in the following list might not be applicable to this 6752// specific API or operation: 6753// 6754// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6755// can't be modified. 6756// 6757// * INPUT_REQUIRED: You must include a value for all required parameters. 6758// 6759// * INVALID_ENUM: You specified an invalid value. 6760// 6761// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 6762// 6763// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6764// characters. 6765// 6766// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6767// at least one invalid value. 6768// 6769// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6770// from the response to a previous call of the operation. 6771// 6772// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6773// organization, or email) as a party. 6774// 6775// * INVALID_PATTERN: You provided a value that doesn't match the required 6776// pattern. 6777// 6778// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6779// match the required pattern. 6780// 6781// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6782// name can't begin with the reserved prefix AWSServiceRoleFor. 6783// 6784// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6785// Name (ARN) for the organization. 6786// 6787// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6788// 6789// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6790// tag. You can’t add, edit, or delete system tag keys because they're 6791// reserved for AWS use. System tags don’t count against your tags per 6792// resource limit. 6793// 6794// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6795// for the operation. 6796// 6797// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6798// than allowed. 6799// 6800// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6801// value than allowed. 6802// 6803// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6804// than allowed. 6805// 6806// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6807// value than allowed. 6808// 6809// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6810// between entities in the same root. 6811// 6812// * ErrCodeServiceException "ServiceException" 6813// AWS Organizations can't complete your request because of an internal service 6814// error. Try again later. 6815// 6816// * ErrCodeTooManyRequestsException "TooManyRequestsException" 6817// You have sent too many requests in too short a period of time. The limit 6818// helps protect against denial-of-service attacks. Try again later. 6819// 6820// For information on limits that affect AWS Organizations, see Limits of AWS 6821// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 6822// in the AWS Organizations User Guide. 6823// 6824// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 6825func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) { 6826 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 6827 return out, req.Send() 6828} 6829 6830// ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of 6831// the ability to pass a context and additional request options. 6832// 6833// See ListAWSServiceAccessForOrganization for details on how to use this API operation. 6834// 6835// The context must be non-nil and will be used for request cancellation. If 6836// the context is nil a panic will occur. In the future the SDK may create 6837// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6838// for more information on using Contexts. 6839func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) { 6840 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 6841 req.SetContext(ctx) 6842 req.ApplyOptions(opts...) 6843 return out, req.Send() 6844} 6845 6846// ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation, 6847// calling the "fn" function with the response data for each page. To stop 6848// iterating, return false from the fn function. 6849// 6850// See ListAWSServiceAccessForOrganization method for more information on how to use this operation. 6851// 6852// Note: This operation can generate multiple requests to a service. 6853// 6854// // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation. 6855// pageNum := 0 6856// err := client.ListAWSServiceAccessForOrganizationPages(params, 6857// func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool { 6858// pageNum++ 6859// fmt.Println(page) 6860// return pageNum <= 3 6861// }) 6862// 6863func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error { 6864 return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 6865} 6866 6867// ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except 6868// it takes a Context and allows setting request options on the pages. 6869// 6870// The context must be non-nil and will be used for request cancellation. If 6871// the context is nil a panic will occur. In the future the SDK may create 6872// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6873// for more information on using Contexts. 6874func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error { 6875 p := request.Pagination{ 6876 NewRequest: func() (*request.Request, error) { 6877 var inCpy *ListAWSServiceAccessForOrganizationInput 6878 if input != nil { 6879 tmp := *input 6880 inCpy = &tmp 6881 } 6882 req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy) 6883 req.SetContext(ctx) 6884 req.ApplyOptions(opts...) 6885 return req, nil 6886 }, 6887 } 6888 6889 for p.Next() { 6890 if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) { 6891 break 6892 } 6893 } 6894 6895 return p.Err() 6896} 6897 6898const opListAccounts = "ListAccounts" 6899 6900// ListAccountsRequest generates a "aws/request.Request" representing the 6901// client's request for the ListAccounts operation. The "output" return 6902// value will be populated with the request's response once the request completes 6903// successfully. 6904// 6905// Use "Send" method on the returned Request to send the API call to the service. 6906// the "output" return value is not valid until after Send returns without error. 6907// 6908// See ListAccounts for more information on using the ListAccounts 6909// API call, and error handling. 6910// 6911// This method is useful when you want to inject custom logic or configuration 6912// into the SDK's request lifecycle. Such as custom headers, or retry logic. 6913// 6914// 6915// // Example sending a request using the ListAccountsRequest method. 6916// req, resp := client.ListAccountsRequest(params) 6917// 6918// err := req.Send() 6919// if err == nil { // resp is now filled 6920// fmt.Println(resp) 6921// } 6922// 6923// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 6924func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { 6925 op := &request.Operation{ 6926 Name: opListAccounts, 6927 HTTPMethod: "POST", 6928 HTTPPath: "/", 6929 Paginator: &request.Paginator{ 6930 InputTokens: []string{"NextToken"}, 6931 OutputTokens: []string{"NextToken"}, 6932 LimitToken: "MaxResults", 6933 TruncationToken: "", 6934 }, 6935 } 6936 6937 if input == nil { 6938 input = &ListAccountsInput{} 6939 } 6940 6941 output = &ListAccountsOutput{} 6942 req = c.newRequest(op, input, output) 6943 return 6944} 6945 6946// ListAccounts API operation for AWS Organizations. 6947// 6948// Lists all the accounts in the organization. To request only the accounts 6949// in a specified root or organizational unit (OU), use the ListAccountsForParent 6950// operation instead. 6951// 6952// Always check the NextToken response parameter for a null value when calling 6953// a List* operation. These operations can occasionally return an empty set 6954// of results even when there are more results available. The NextToken response 6955// parameter value is null only when there are no more results to display. 6956// 6957// This operation can be called only from the organization's master account. 6958// 6959// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6960// with awserr.Error's Code and Message methods to get detailed information about 6961// the error. 6962// 6963// See the AWS API reference guide for AWS Organizations's 6964// API operation ListAccounts for usage and error information. 6965// 6966// Returned Error Codes: 6967// * ErrCodeAccessDeniedException "AccessDeniedException" 6968// You don't have permissions to perform the requested operation. The user or 6969// role that is making the request must have at least one IAM permissions policy 6970// attached that grants the required permissions. For more information, see 6971// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6972// in the IAM User Guide. 6973// 6974// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 6975// Your account isn't a member of an organization. To make this request, you 6976// must use the credentials of an account that belongs to an organization. 6977// 6978// * ErrCodeInvalidInputException "InvalidInputException" 6979// The requested operation failed because you provided invalid values for one 6980// or more of the request parameters. This exception includes a reason that 6981// contains additional information about the violated limit: 6982// 6983// Some of the reasons in the following list might not be applicable to this 6984// specific API or operation: 6985// 6986// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6987// can't be modified. 6988// 6989// * INPUT_REQUIRED: You must include a value for all required parameters. 6990// 6991// * INVALID_ENUM: You specified an invalid value. 6992// 6993// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 6994// 6995// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6996// characters. 6997// 6998// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6999// at least one invalid value. 7000// 7001// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7002// from the response to a previous call of the operation. 7003// 7004// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7005// organization, or email) as a party. 7006// 7007// * INVALID_PATTERN: You provided a value that doesn't match the required 7008// pattern. 7009// 7010// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7011// match the required pattern. 7012// 7013// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7014// name can't begin with the reserved prefix AWSServiceRoleFor. 7015// 7016// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7017// Name (ARN) for the organization. 7018// 7019// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7020// 7021// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7022// tag. You can’t add, edit, or delete system tag keys because they're 7023// reserved for AWS use. System tags don’t count against your tags per 7024// resource limit. 7025// 7026// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7027// for the operation. 7028// 7029// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7030// than allowed. 7031// 7032// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7033// value than allowed. 7034// 7035// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7036// than allowed. 7037// 7038// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7039// value than allowed. 7040// 7041// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7042// between entities in the same root. 7043// 7044// * ErrCodeServiceException "ServiceException" 7045// AWS Organizations can't complete your request because of an internal service 7046// error. Try again later. 7047// 7048// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7049// You have sent too many requests in too short a period of time. The limit 7050// helps protect against denial-of-service attacks. Try again later. 7051// 7052// For information on limits that affect AWS Organizations, see Limits of AWS 7053// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7054// in the AWS Organizations User Guide. 7055// 7056// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 7057func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { 7058 req, out := c.ListAccountsRequest(input) 7059 return out, req.Send() 7060} 7061 7062// ListAccountsWithContext is the same as ListAccounts with the addition of 7063// the ability to pass a context and additional request options. 7064// 7065// See ListAccounts for details on how to use this API operation. 7066// 7067// The context must be non-nil and will be used for request cancellation. If 7068// the context is nil a panic will occur. In the future the SDK may create 7069// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7070// for more information on using Contexts. 7071func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { 7072 req, out := c.ListAccountsRequest(input) 7073 req.SetContext(ctx) 7074 req.ApplyOptions(opts...) 7075 return out, req.Send() 7076} 7077 7078// ListAccountsPages iterates over the pages of a ListAccounts operation, 7079// calling the "fn" function with the response data for each page. To stop 7080// iterating, return false from the fn function. 7081// 7082// See ListAccounts method for more information on how to use this operation. 7083// 7084// Note: This operation can generate multiple requests to a service. 7085// 7086// // Example iterating over at most 3 pages of a ListAccounts operation. 7087// pageNum := 0 7088// err := client.ListAccountsPages(params, 7089// func(page *organizations.ListAccountsOutput, lastPage bool) bool { 7090// pageNum++ 7091// fmt.Println(page) 7092// return pageNum <= 3 7093// }) 7094// 7095func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { 7096 return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 7097} 7098 7099// ListAccountsPagesWithContext same as ListAccountsPages except 7100// it takes a Context and allows setting request options on the pages. 7101// 7102// The context must be non-nil and will be used for request cancellation. If 7103// the context is nil a panic will occur. In the future the SDK may create 7104// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7105// for more information on using Contexts. 7106func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { 7107 p := request.Pagination{ 7108 NewRequest: func() (*request.Request, error) { 7109 var inCpy *ListAccountsInput 7110 if input != nil { 7111 tmp := *input 7112 inCpy = &tmp 7113 } 7114 req, _ := c.ListAccountsRequest(inCpy) 7115 req.SetContext(ctx) 7116 req.ApplyOptions(opts...) 7117 return req, nil 7118 }, 7119 } 7120 7121 for p.Next() { 7122 if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { 7123 break 7124 } 7125 } 7126 7127 return p.Err() 7128} 7129 7130const opListAccountsForParent = "ListAccountsForParent" 7131 7132// ListAccountsForParentRequest generates a "aws/request.Request" representing the 7133// client's request for the ListAccountsForParent operation. The "output" return 7134// value will be populated with the request's response once the request completes 7135// successfully. 7136// 7137// Use "Send" method on the returned Request to send the API call to the service. 7138// the "output" return value is not valid until after Send returns without error. 7139// 7140// See ListAccountsForParent for more information on using the ListAccountsForParent 7141// API call, and error handling. 7142// 7143// This method is useful when you want to inject custom logic or configuration 7144// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7145// 7146// 7147// // Example sending a request using the ListAccountsForParentRequest method. 7148// req, resp := client.ListAccountsForParentRequest(params) 7149// 7150// err := req.Send() 7151// if err == nil { // resp is now filled 7152// fmt.Println(resp) 7153// } 7154// 7155// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 7156func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { 7157 op := &request.Operation{ 7158 Name: opListAccountsForParent, 7159 HTTPMethod: "POST", 7160 HTTPPath: "/", 7161 Paginator: &request.Paginator{ 7162 InputTokens: []string{"NextToken"}, 7163 OutputTokens: []string{"NextToken"}, 7164 LimitToken: "MaxResults", 7165 TruncationToken: "", 7166 }, 7167 } 7168 7169 if input == nil { 7170 input = &ListAccountsForParentInput{} 7171 } 7172 7173 output = &ListAccountsForParentOutput{} 7174 req = c.newRequest(op, input, output) 7175 return 7176} 7177 7178// ListAccountsForParent API operation for AWS Organizations. 7179// 7180// Lists the accounts in an organization that are contained by the specified 7181// target root or organizational unit (OU). If you specify the root, you get 7182// a list of all the accounts that aren't in any OU. If you specify an OU, you 7183// get a list of all the accounts in only that OU and not in any child OUs. 7184// To get a list of all accounts in the organization, use the ListAccounts operation. 7185// 7186// Always check the NextToken response parameter for a null value when calling 7187// a List* operation. These operations can occasionally return an empty set 7188// of results even when there are more results available. The NextToken response 7189// parameter value is null only when there are no more results to display. 7190// 7191// This operation can be called only from the organization's master account. 7192// 7193// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7194// with awserr.Error's Code and Message methods to get detailed information about 7195// the error. 7196// 7197// See the AWS API reference guide for AWS Organizations's 7198// API operation ListAccountsForParent for usage and error information. 7199// 7200// Returned Error Codes: 7201// * ErrCodeAccessDeniedException "AccessDeniedException" 7202// You don't have permissions to perform the requested operation. The user or 7203// role that is making the request must have at least one IAM permissions policy 7204// attached that grants the required permissions. For more information, see 7205// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7206// in the IAM User Guide. 7207// 7208// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7209// Your account isn't a member of an organization. To make this request, you 7210// must use the credentials of an account that belongs to an organization. 7211// 7212// * ErrCodeInvalidInputException "InvalidInputException" 7213// The requested operation failed because you provided invalid values for one 7214// or more of the request parameters. This exception includes a reason that 7215// contains additional information about the violated limit: 7216// 7217// Some of the reasons in the following list might not be applicable to this 7218// specific API or operation: 7219// 7220// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7221// can't be modified. 7222// 7223// * INPUT_REQUIRED: You must include a value for all required parameters. 7224// 7225// * INVALID_ENUM: You specified an invalid value. 7226// 7227// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 7228// 7229// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7230// characters. 7231// 7232// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7233// at least one invalid value. 7234// 7235// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7236// from the response to a previous call of the operation. 7237// 7238// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7239// organization, or email) as a party. 7240// 7241// * INVALID_PATTERN: You provided a value that doesn't match the required 7242// pattern. 7243// 7244// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7245// match the required pattern. 7246// 7247// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7248// name can't begin with the reserved prefix AWSServiceRoleFor. 7249// 7250// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7251// Name (ARN) for the organization. 7252// 7253// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7254// 7255// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7256// tag. You can’t add, edit, or delete system tag keys because they're 7257// reserved for AWS use. System tags don’t count against your tags per 7258// resource limit. 7259// 7260// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7261// for the operation. 7262// 7263// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7264// than allowed. 7265// 7266// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7267// value than allowed. 7268// 7269// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7270// than allowed. 7271// 7272// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7273// value than allowed. 7274// 7275// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7276// between entities in the same root. 7277// 7278// * ErrCodeParentNotFoundException "ParentNotFoundException" 7279// We can't find a root or OU with the ParentId that you specified. 7280// 7281// * ErrCodeServiceException "ServiceException" 7282// AWS Organizations can't complete your request because of an internal service 7283// error. Try again later. 7284// 7285// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7286// You have sent too many requests in too short a period of time. The limit 7287// helps protect against denial-of-service attacks. Try again later. 7288// 7289// For information on limits that affect AWS Organizations, see Limits of AWS 7290// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7291// in the AWS Organizations User Guide. 7292// 7293// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 7294func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { 7295 req, out := c.ListAccountsForParentRequest(input) 7296 return out, req.Send() 7297} 7298 7299// ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of 7300// the ability to pass a context and additional request options. 7301// 7302// See ListAccountsForParent for details on how to use this API operation. 7303// 7304// The context must be non-nil and will be used for request cancellation. If 7305// the context is nil a panic will occur. In the future the SDK may create 7306// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7307// for more information on using Contexts. 7308func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { 7309 req, out := c.ListAccountsForParentRequest(input) 7310 req.SetContext(ctx) 7311 req.ApplyOptions(opts...) 7312 return out, req.Send() 7313} 7314 7315// ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, 7316// calling the "fn" function with the response data for each page. To stop 7317// iterating, return false from the fn function. 7318// 7319// See ListAccountsForParent method for more information on how to use this operation. 7320// 7321// Note: This operation can generate multiple requests to a service. 7322// 7323// // Example iterating over at most 3 pages of a ListAccountsForParent operation. 7324// pageNum := 0 7325// err := client.ListAccountsForParentPages(params, 7326// func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool { 7327// pageNum++ 7328// fmt.Println(page) 7329// return pageNum <= 3 7330// }) 7331// 7332func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { 7333 return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 7334} 7335 7336// ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except 7337// it takes a Context and allows setting request options on the pages. 7338// 7339// The context must be non-nil and will be used for request cancellation. If 7340// the context is nil a panic will occur. In the future the SDK may create 7341// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7342// for more information on using Contexts. 7343func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { 7344 p := request.Pagination{ 7345 NewRequest: func() (*request.Request, error) { 7346 var inCpy *ListAccountsForParentInput 7347 if input != nil { 7348 tmp := *input 7349 inCpy = &tmp 7350 } 7351 req, _ := c.ListAccountsForParentRequest(inCpy) 7352 req.SetContext(ctx) 7353 req.ApplyOptions(opts...) 7354 return req, nil 7355 }, 7356 } 7357 7358 for p.Next() { 7359 if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) { 7360 break 7361 } 7362 } 7363 7364 return p.Err() 7365} 7366 7367const opListChildren = "ListChildren" 7368 7369// ListChildrenRequest generates a "aws/request.Request" representing the 7370// client's request for the ListChildren operation. The "output" return 7371// value will be populated with the request's response once the request completes 7372// successfully. 7373// 7374// Use "Send" method on the returned Request to send the API call to the service. 7375// the "output" return value is not valid until after Send returns without error. 7376// 7377// See ListChildren for more information on using the ListChildren 7378// API call, and error handling. 7379// 7380// This method is useful when you want to inject custom logic or configuration 7381// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7382// 7383// 7384// // Example sending a request using the ListChildrenRequest method. 7385// req, resp := client.ListChildrenRequest(params) 7386// 7387// err := req.Send() 7388// if err == nil { // resp is now filled 7389// fmt.Println(resp) 7390// } 7391// 7392// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 7393func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { 7394 op := &request.Operation{ 7395 Name: opListChildren, 7396 HTTPMethod: "POST", 7397 HTTPPath: "/", 7398 Paginator: &request.Paginator{ 7399 InputTokens: []string{"NextToken"}, 7400 OutputTokens: []string{"NextToken"}, 7401 LimitToken: "MaxResults", 7402 TruncationToken: "", 7403 }, 7404 } 7405 7406 if input == nil { 7407 input = &ListChildrenInput{} 7408 } 7409 7410 output = &ListChildrenOutput{} 7411 req = c.newRequest(op, input, output) 7412 return 7413} 7414 7415// ListChildren API operation for AWS Organizations. 7416// 7417// Lists all of the organizational units (OUs) or accounts that are contained 7418// in the specified parent OU or root. This operation, along with ListParents 7419// enables you to traverse the tree structure that makes up this root. 7420// 7421// Always check the NextToken response parameter for a null value when calling 7422// a List* operation. These operations can occasionally return an empty set 7423// of results even when there are more results available. The NextToken response 7424// parameter value is null only when there are no more results to display. 7425// 7426// This operation can be called only from the organization's master account. 7427// 7428// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7429// with awserr.Error's Code and Message methods to get detailed information about 7430// the error. 7431// 7432// See the AWS API reference guide for AWS Organizations's 7433// API operation ListChildren for usage and error information. 7434// 7435// Returned Error Codes: 7436// * ErrCodeAccessDeniedException "AccessDeniedException" 7437// You don't have permissions to perform the requested operation. The user or 7438// role that is making the request must have at least one IAM permissions policy 7439// attached that grants the required permissions. For more information, see 7440// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7441// in the IAM User Guide. 7442// 7443// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7444// Your account isn't a member of an organization. To make this request, you 7445// must use the credentials of an account that belongs to an organization. 7446// 7447// * ErrCodeInvalidInputException "InvalidInputException" 7448// The requested operation failed because you provided invalid values for one 7449// or more of the request parameters. This exception includes a reason that 7450// contains additional information about the violated limit: 7451// 7452// Some of the reasons in the following list might not be applicable to this 7453// specific API or operation: 7454// 7455// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7456// can't be modified. 7457// 7458// * INPUT_REQUIRED: You must include a value for all required parameters. 7459// 7460// * INVALID_ENUM: You specified an invalid value. 7461// 7462// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 7463// 7464// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7465// characters. 7466// 7467// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7468// at least one invalid value. 7469// 7470// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7471// from the response to a previous call of the operation. 7472// 7473// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7474// organization, or email) as a party. 7475// 7476// * INVALID_PATTERN: You provided a value that doesn't match the required 7477// pattern. 7478// 7479// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7480// match the required pattern. 7481// 7482// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7483// name can't begin with the reserved prefix AWSServiceRoleFor. 7484// 7485// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7486// Name (ARN) for the organization. 7487// 7488// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7489// 7490// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7491// tag. You can’t add, edit, or delete system tag keys because they're 7492// reserved for AWS use. System tags don’t count against your tags per 7493// resource limit. 7494// 7495// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7496// for the operation. 7497// 7498// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7499// than allowed. 7500// 7501// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7502// value than allowed. 7503// 7504// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7505// than allowed. 7506// 7507// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7508// value than allowed. 7509// 7510// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7511// between entities in the same root. 7512// 7513// * ErrCodeParentNotFoundException "ParentNotFoundException" 7514// We can't find a root or OU with the ParentId that you specified. 7515// 7516// * ErrCodeServiceException "ServiceException" 7517// AWS Organizations can't complete your request because of an internal service 7518// error. Try again later. 7519// 7520// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7521// You have sent too many requests in too short a period of time. The limit 7522// helps protect against denial-of-service attacks. Try again later. 7523// 7524// For information on limits that affect AWS Organizations, see Limits of AWS 7525// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7526// in the AWS Organizations User Guide. 7527// 7528// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 7529func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { 7530 req, out := c.ListChildrenRequest(input) 7531 return out, req.Send() 7532} 7533 7534// ListChildrenWithContext is the same as ListChildren with the addition of 7535// the ability to pass a context and additional request options. 7536// 7537// See ListChildren for details on how to use this API operation. 7538// 7539// The context must be non-nil and will be used for request cancellation. If 7540// the context is nil a panic will occur. In the future the SDK may create 7541// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7542// for more information on using Contexts. 7543func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { 7544 req, out := c.ListChildrenRequest(input) 7545 req.SetContext(ctx) 7546 req.ApplyOptions(opts...) 7547 return out, req.Send() 7548} 7549 7550// ListChildrenPages iterates over the pages of a ListChildren operation, 7551// calling the "fn" function with the response data for each page. To stop 7552// iterating, return false from the fn function. 7553// 7554// See ListChildren method for more information on how to use this operation. 7555// 7556// Note: This operation can generate multiple requests to a service. 7557// 7558// // Example iterating over at most 3 pages of a ListChildren operation. 7559// pageNum := 0 7560// err := client.ListChildrenPages(params, 7561// func(page *organizations.ListChildrenOutput, lastPage bool) bool { 7562// pageNum++ 7563// fmt.Println(page) 7564// return pageNum <= 3 7565// }) 7566// 7567func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { 7568 return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) 7569} 7570 7571// ListChildrenPagesWithContext same as ListChildrenPages except 7572// it takes a Context and allows setting request options on the pages. 7573// 7574// The context must be non-nil and will be used for request cancellation. If 7575// the context is nil a panic will occur. In the future the SDK may create 7576// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7577// for more information on using Contexts. 7578func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { 7579 p := request.Pagination{ 7580 NewRequest: func() (*request.Request, error) { 7581 var inCpy *ListChildrenInput 7582 if input != nil { 7583 tmp := *input 7584 inCpy = &tmp 7585 } 7586 req, _ := c.ListChildrenRequest(inCpy) 7587 req.SetContext(ctx) 7588 req.ApplyOptions(opts...) 7589 return req, nil 7590 }, 7591 } 7592 7593 for p.Next() { 7594 if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) { 7595 break 7596 } 7597 } 7598 7599 return p.Err() 7600} 7601 7602const opListCreateAccountStatus = "ListCreateAccountStatus" 7603 7604// ListCreateAccountStatusRequest generates a "aws/request.Request" representing the 7605// client's request for the ListCreateAccountStatus operation. The "output" return 7606// value will be populated with the request's response once the request completes 7607// successfully. 7608// 7609// Use "Send" method on the returned Request to send the API call to the service. 7610// the "output" return value is not valid until after Send returns without error. 7611// 7612// See ListCreateAccountStatus for more information on using the ListCreateAccountStatus 7613// API call, and error handling. 7614// 7615// This method is useful when you want to inject custom logic or configuration 7616// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7617// 7618// 7619// // Example sending a request using the ListCreateAccountStatusRequest method. 7620// req, resp := client.ListCreateAccountStatusRequest(params) 7621// 7622// err := req.Send() 7623// if err == nil { // resp is now filled 7624// fmt.Println(resp) 7625// } 7626// 7627// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 7628func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { 7629 op := &request.Operation{ 7630 Name: opListCreateAccountStatus, 7631 HTTPMethod: "POST", 7632 HTTPPath: "/", 7633 Paginator: &request.Paginator{ 7634 InputTokens: []string{"NextToken"}, 7635 OutputTokens: []string{"NextToken"}, 7636 LimitToken: "MaxResults", 7637 TruncationToken: "", 7638 }, 7639 } 7640 7641 if input == nil { 7642 input = &ListCreateAccountStatusInput{} 7643 } 7644 7645 output = &ListCreateAccountStatusOutput{} 7646 req = c.newRequest(op, input, output) 7647 return 7648} 7649 7650// ListCreateAccountStatus API operation for AWS Organizations. 7651// 7652// Lists the account creation requests that match the specified status that 7653// is currently being tracked for the organization. 7654// 7655// Always check the NextToken response parameter for a null value when calling 7656// a List* operation. These operations can occasionally return an empty set 7657// of results even when there are more results available. The NextToken response 7658// parameter value is null only when there are no more results to display. 7659// 7660// This operation can be called only from the organization's master account. 7661// 7662// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7663// with awserr.Error's Code and Message methods to get detailed information about 7664// the error. 7665// 7666// See the AWS API reference guide for AWS Organizations's 7667// API operation ListCreateAccountStatus for usage and error information. 7668// 7669// Returned Error Codes: 7670// * ErrCodeAccessDeniedException "AccessDeniedException" 7671// You don't have permissions to perform the requested operation. The user or 7672// role that is making the request must have at least one IAM permissions policy 7673// attached that grants the required permissions. For more information, see 7674// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7675// in the IAM User Guide. 7676// 7677// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 7678// Your account isn't a member of an organization. To make this request, you 7679// must use the credentials of an account that belongs to an organization. 7680// 7681// * ErrCodeInvalidInputException "InvalidInputException" 7682// The requested operation failed because you provided invalid values for one 7683// or more of the request parameters. This exception includes a reason that 7684// contains additional information about the violated limit: 7685// 7686// Some of the reasons in the following list might not be applicable to this 7687// specific API or operation: 7688// 7689// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7690// can't be modified. 7691// 7692// * INPUT_REQUIRED: You must include a value for all required parameters. 7693// 7694// * INVALID_ENUM: You specified an invalid value. 7695// 7696// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 7697// 7698// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7699// characters. 7700// 7701// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7702// at least one invalid value. 7703// 7704// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7705// from the response to a previous call of the operation. 7706// 7707// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7708// organization, or email) as a party. 7709// 7710// * INVALID_PATTERN: You provided a value that doesn't match the required 7711// pattern. 7712// 7713// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7714// match the required pattern. 7715// 7716// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7717// name can't begin with the reserved prefix AWSServiceRoleFor. 7718// 7719// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7720// Name (ARN) for the organization. 7721// 7722// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7723// 7724// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7725// tag. You can’t add, edit, or delete system tag keys because they're 7726// reserved for AWS use. System tags don’t count against your tags per 7727// resource limit. 7728// 7729// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7730// for the operation. 7731// 7732// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7733// than allowed. 7734// 7735// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7736// value than allowed. 7737// 7738// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7739// than allowed. 7740// 7741// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7742// value than allowed. 7743// 7744// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7745// between entities in the same root. 7746// 7747// * ErrCodeServiceException "ServiceException" 7748// AWS Organizations can't complete your request because of an internal service 7749// error. Try again later. 7750// 7751// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7752// You have sent too many requests in too short a period of time. The limit 7753// helps protect against denial-of-service attacks. Try again later. 7754// 7755// For information on limits that affect AWS Organizations, see Limits of AWS 7756// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7757// in the AWS Organizations User Guide. 7758// 7759// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 7760// This action isn't available in the current Region. 7761// 7762// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 7763func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { 7764 req, out := c.ListCreateAccountStatusRequest(input) 7765 return out, req.Send() 7766} 7767 7768// ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of 7769// the ability to pass a context and additional request options. 7770// 7771// See ListCreateAccountStatus for details on how to use this API operation. 7772// 7773// The context must be non-nil and will be used for request cancellation. If 7774// the context is nil a panic will occur. In the future the SDK may create 7775// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7776// for more information on using Contexts. 7777func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { 7778 req, out := c.ListCreateAccountStatusRequest(input) 7779 req.SetContext(ctx) 7780 req.ApplyOptions(opts...) 7781 return out, req.Send() 7782} 7783 7784// ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, 7785// calling the "fn" function with the response data for each page. To stop 7786// iterating, return false from the fn function. 7787// 7788// See ListCreateAccountStatus method for more information on how to use this operation. 7789// 7790// Note: This operation can generate multiple requests to a service. 7791// 7792// // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. 7793// pageNum := 0 7794// err := client.ListCreateAccountStatusPages(params, 7795// func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool { 7796// pageNum++ 7797// fmt.Println(page) 7798// return pageNum <= 3 7799// }) 7800// 7801func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { 7802 return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) 7803} 7804 7805// ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except 7806// it takes a Context and allows setting request options on the pages. 7807// 7808// The context must be non-nil and will be used for request cancellation. If 7809// the context is nil a panic will occur. In the future the SDK may create 7810// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7811// for more information on using Contexts. 7812func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { 7813 p := request.Pagination{ 7814 NewRequest: func() (*request.Request, error) { 7815 var inCpy *ListCreateAccountStatusInput 7816 if input != nil { 7817 tmp := *input 7818 inCpy = &tmp 7819 } 7820 req, _ := c.ListCreateAccountStatusRequest(inCpy) 7821 req.SetContext(ctx) 7822 req.ApplyOptions(opts...) 7823 return req, nil 7824 }, 7825 } 7826 7827 for p.Next() { 7828 if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) { 7829 break 7830 } 7831 } 7832 7833 return p.Err() 7834} 7835 7836const opListHandshakesForAccount = "ListHandshakesForAccount" 7837 7838// ListHandshakesForAccountRequest generates a "aws/request.Request" representing the 7839// client's request for the ListHandshakesForAccount operation. The "output" return 7840// value will be populated with the request's response once the request completes 7841// successfully. 7842// 7843// Use "Send" method on the returned Request to send the API call to the service. 7844// the "output" return value is not valid until after Send returns without error. 7845// 7846// See ListHandshakesForAccount for more information on using the ListHandshakesForAccount 7847// API call, and error handling. 7848// 7849// This method is useful when you want to inject custom logic or configuration 7850// into the SDK's request lifecycle. Such as custom headers, or retry logic. 7851// 7852// 7853// // Example sending a request using the ListHandshakesForAccountRequest method. 7854// req, resp := client.ListHandshakesForAccountRequest(params) 7855// 7856// err := req.Send() 7857// if err == nil { // resp is now filled 7858// fmt.Println(resp) 7859// } 7860// 7861// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 7862func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { 7863 op := &request.Operation{ 7864 Name: opListHandshakesForAccount, 7865 HTTPMethod: "POST", 7866 HTTPPath: "/", 7867 Paginator: &request.Paginator{ 7868 InputTokens: []string{"NextToken"}, 7869 OutputTokens: []string{"NextToken"}, 7870 LimitToken: "MaxResults", 7871 TruncationToken: "", 7872 }, 7873 } 7874 7875 if input == nil { 7876 input = &ListHandshakesForAccountInput{} 7877 } 7878 7879 output = &ListHandshakesForAccountOutput{} 7880 req = c.newRequest(op, input, output) 7881 return 7882} 7883 7884// ListHandshakesForAccount API operation for AWS Organizations. 7885// 7886// Lists the current handshakes that are associated with the account of the 7887// requesting user. 7888// 7889// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 7890// of this API for only 30 days after changing to that state. After that, they're 7891// deleted and no longer accessible. 7892// 7893// Always check the NextToken response parameter for a null value when calling 7894// a List* operation. These operations can occasionally return an empty set 7895// of results even when there are more results available. The NextToken response 7896// parameter value is null only when there are no more results to display. 7897// 7898// This operation can be called from any account in the organization. 7899// 7900// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7901// with awserr.Error's Code and Message methods to get detailed information about 7902// the error. 7903// 7904// See the AWS API reference guide for AWS Organizations's 7905// API operation ListHandshakesForAccount for usage and error information. 7906// 7907// Returned Error Codes: 7908// * ErrCodeAccessDeniedException "AccessDeniedException" 7909// You don't have permissions to perform the requested operation. The user or 7910// role that is making the request must have at least one IAM permissions policy 7911// attached that grants the required permissions. For more information, see 7912// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7913// in the IAM User Guide. 7914// 7915// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 7916// The target of the operation is currently being modified by a different request. 7917// Try again later. 7918// 7919// * ErrCodeInvalidInputException "InvalidInputException" 7920// The requested operation failed because you provided invalid values for one 7921// or more of the request parameters. This exception includes a reason that 7922// contains additional information about the violated limit: 7923// 7924// Some of the reasons in the following list might not be applicable to this 7925// specific API or operation: 7926// 7927// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7928// can't be modified. 7929// 7930// * INPUT_REQUIRED: You must include a value for all required parameters. 7931// 7932// * INVALID_ENUM: You specified an invalid value. 7933// 7934// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 7935// 7936// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7937// characters. 7938// 7939// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7940// at least one invalid value. 7941// 7942// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7943// from the response to a previous call of the operation. 7944// 7945// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7946// organization, or email) as a party. 7947// 7948// * INVALID_PATTERN: You provided a value that doesn't match the required 7949// pattern. 7950// 7951// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7952// match the required pattern. 7953// 7954// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7955// name can't begin with the reserved prefix AWSServiceRoleFor. 7956// 7957// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7958// Name (ARN) for the organization. 7959// 7960// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7961// 7962// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7963// tag. You can’t add, edit, or delete system tag keys because they're 7964// reserved for AWS use. System tags don’t count against your tags per 7965// resource limit. 7966// 7967// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7968// for the operation. 7969// 7970// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7971// than allowed. 7972// 7973// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7974// value than allowed. 7975// 7976// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7977// than allowed. 7978// 7979// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7980// value than allowed. 7981// 7982// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7983// between entities in the same root. 7984// 7985// * ErrCodeServiceException "ServiceException" 7986// AWS Organizations can't complete your request because of an internal service 7987// error. Try again later. 7988// 7989// * ErrCodeTooManyRequestsException "TooManyRequestsException" 7990// You have sent too many requests in too short a period of time. The limit 7991// helps protect against denial-of-service attacks. Try again later. 7992// 7993// For information on limits that affect AWS Organizations, see Limits of AWS 7994// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 7995// in the AWS Organizations User Guide. 7996// 7997// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 7998func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { 7999 req, out := c.ListHandshakesForAccountRequest(input) 8000 return out, req.Send() 8001} 8002 8003// ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of 8004// the ability to pass a context and additional request options. 8005// 8006// See ListHandshakesForAccount for details on how to use this API operation. 8007// 8008// The context must be non-nil and will be used for request cancellation. If 8009// the context is nil a panic will occur. In the future the SDK may create 8010// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8011// for more information on using Contexts. 8012func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { 8013 req, out := c.ListHandshakesForAccountRequest(input) 8014 req.SetContext(ctx) 8015 req.ApplyOptions(opts...) 8016 return out, req.Send() 8017} 8018 8019// ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, 8020// calling the "fn" function with the response data for each page. To stop 8021// iterating, return false from the fn function. 8022// 8023// See ListHandshakesForAccount method for more information on how to use this operation. 8024// 8025// Note: This operation can generate multiple requests to a service. 8026// 8027// // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. 8028// pageNum := 0 8029// err := client.ListHandshakesForAccountPages(params, 8030// func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool { 8031// pageNum++ 8032// fmt.Println(page) 8033// return pageNum <= 3 8034// }) 8035// 8036func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { 8037 return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 8038} 8039 8040// ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except 8041// it takes a Context and allows setting request options on the pages. 8042// 8043// The context must be non-nil and will be used for request cancellation. If 8044// the context is nil a panic will occur. In the future the SDK may create 8045// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8046// for more information on using Contexts. 8047func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { 8048 p := request.Pagination{ 8049 NewRequest: func() (*request.Request, error) { 8050 var inCpy *ListHandshakesForAccountInput 8051 if input != nil { 8052 tmp := *input 8053 inCpy = &tmp 8054 } 8055 req, _ := c.ListHandshakesForAccountRequest(inCpy) 8056 req.SetContext(ctx) 8057 req.ApplyOptions(opts...) 8058 return req, nil 8059 }, 8060 } 8061 8062 for p.Next() { 8063 if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) { 8064 break 8065 } 8066 } 8067 8068 return p.Err() 8069} 8070 8071const opListHandshakesForOrganization = "ListHandshakesForOrganization" 8072 8073// ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the 8074// client's request for the ListHandshakesForOrganization operation. The "output" return 8075// value will be populated with the request's response once the request completes 8076// successfully. 8077// 8078// Use "Send" method on the returned Request to send the API call to the service. 8079// the "output" return value is not valid until after Send returns without error. 8080// 8081// See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization 8082// API call, and error handling. 8083// 8084// This method is useful when you want to inject custom logic or configuration 8085// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8086// 8087// 8088// // Example sending a request using the ListHandshakesForOrganizationRequest method. 8089// req, resp := client.ListHandshakesForOrganizationRequest(params) 8090// 8091// err := req.Send() 8092// if err == nil { // resp is now filled 8093// fmt.Println(resp) 8094// } 8095// 8096// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 8097func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { 8098 op := &request.Operation{ 8099 Name: opListHandshakesForOrganization, 8100 HTTPMethod: "POST", 8101 HTTPPath: "/", 8102 Paginator: &request.Paginator{ 8103 InputTokens: []string{"NextToken"}, 8104 OutputTokens: []string{"NextToken"}, 8105 LimitToken: "MaxResults", 8106 TruncationToken: "", 8107 }, 8108 } 8109 8110 if input == nil { 8111 input = &ListHandshakesForOrganizationInput{} 8112 } 8113 8114 output = &ListHandshakesForOrganizationOutput{} 8115 req = c.newRequest(op, input, output) 8116 return 8117} 8118 8119// ListHandshakesForOrganization API operation for AWS Organizations. 8120// 8121// Lists the handshakes that are associated with the organization that the requesting 8122// user is part of. The ListHandshakesForOrganization operation returns a list 8123// of handshake structures. Each structure contains details and status about 8124// a handshake. 8125// 8126// Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 8127// of this API for only 30 days after changing to that state. After that, they're 8128// deleted and no longer accessible. 8129// 8130// Always check the NextToken response parameter for a null value when calling 8131// a List* operation. These operations can occasionally return an empty set 8132// of results even when there are more results available. The NextToken response 8133// parameter value is null only when there are no more results to display. 8134// 8135// This operation can be called only from the organization's master account. 8136// 8137// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8138// with awserr.Error's Code and Message methods to get detailed information about 8139// the error. 8140// 8141// See the AWS API reference guide for AWS Organizations's 8142// API operation ListHandshakesForOrganization for usage and error information. 8143// 8144// Returned Error Codes: 8145// * ErrCodeAccessDeniedException "AccessDeniedException" 8146// You don't have permissions to perform the requested operation. The user or 8147// role that is making the request must have at least one IAM permissions policy 8148// attached that grants the required permissions. For more information, see 8149// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8150// in the IAM User Guide. 8151// 8152// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8153// Your account isn't a member of an organization. To make this request, you 8154// must use the credentials of an account that belongs to an organization. 8155// 8156// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 8157// The target of the operation is currently being modified by a different request. 8158// Try again later. 8159// 8160// * ErrCodeInvalidInputException "InvalidInputException" 8161// The requested operation failed because you provided invalid values for one 8162// or more of the request parameters. This exception includes a reason that 8163// contains additional information about the violated limit: 8164// 8165// Some of the reasons in the following list might not be applicable to this 8166// specific API or operation: 8167// 8168// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8169// can't be modified. 8170// 8171// * INPUT_REQUIRED: You must include a value for all required parameters. 8172// 8173// * INVALID_ENUM: You specified an invalid value. 8174// 8175// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 8176// 8177// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8178// characters. 8179// 8180// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8181// at least one invalid value. 8182// 8183// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8184// from the response to a previous call of the operation. 8185// 8186// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8187// organization, or email) as a party. 8188// 8189// * INVALID_PATTERN: You provided a value that doesn't match the required 8190// pattern. 8191// 8192// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8193// match the required pattern. 8194// 8195// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8196// name can't begin with the reserved prefix AWSServiceRoleFor. 8197// 8198// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8199// Name (ARN) for the organization. 8200// 8201// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8202// 8203// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8204// tag. You can’t add, edit, or delete system tag keys because they're 8205// reserved for AWS use. System tags don’t count against your tags per 8206// resource limit. 8207// 8208// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8209// for the operation. 8210// 8211// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8212// than allowed. 8213// 8214// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8215// value than allowed. 8216// 8217// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8218// than allowed. 8219// 8220// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8221// value than allowed. 8222// 8223// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8224// between entities in the same root. 8225// 8226// * ErrCodeServiceException "ServiceException" 8227// AWS Organizations can't complete your request because of an internal service 8228// error. Try again later. 8229// 8230// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8231// You have sent too many requests in too short a period of time. The limit 8232// helps protect against denial-of-service attacks. Try again later. 8233// 8234// For information on limits that affect AWS Organizations, see Limits of AWS 8235// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8236// in the AWS Organizations User Guide. 8237// 8238// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 8239func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { 8240 req, out := c.ListHandshakesForOrganizationRequest(input) 8241 return out, req.Send() 8242} 8243 8244// ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of 8245// the ability to pass a context and additional request options. 8246// 8247// See ListHandshakesForOrganization for details on how to use this API operation. 8248// 8249// The context must be non-nil and will be used for request cancellation. If 8250// the context is nil a panic will occur. In the future the SDK may create 8251// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8252// for more information on using Contexts. 8253func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { 8254 req, out := c.ListHandshakesForOrganizationRequest(input) 8255 req.SetContext(ctx) 8256 req.ApplyOptions(opts...) 8257 return out, req.Send() 8258} 8259 8260// ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, 8261// calling the "fn" function with the response data for each page. To stop 8262// iterating, return false from the fn function. 8263// 8264// See ListHandshakesForOrganization method for more information on how to use this operation. 8265// 8266// Note: This operation can generate multiple requests to a service. 8267// 8268// // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. 8269// pageNum := 0 8270// err := client.ListHandshakesForOrganizationPages(params, 8271// func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool { 8272// pageNum++ 8273// fmt.Println(page) 8274// return pageNum <= 3 8275// }) 8276// 8277func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { 8278 return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 8279} 8280 8281// ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except 8282// it takes a Context and allows setting request options on the pages. 8283// 8284// The context must be non-nil and will be used for request cancellation. If 8285// the context is nil a panic will occur. In the future the SDK may create 8286// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8287// for more information on using Contexts. 8288func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { 8289 p := request.Pagination{ 8290 NewRequest: func() (*request.Request, error) { 8291 var inCpy *ListHandshakesForOrganizationInput 8292 if input != nil { 8293 tmp := *input 8294 inCpy = &tmp 8295 } 8296 req, _ := c.ListHandshakesForOrganizationRequest(inCpy) 8297 req.SetContext(ctx) 8298 req.ApplyOptions(opts...) 8299 return req, nil 8300 }, 8301 } 8302 8303 for p.Next() { 8304 if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) { 8305 break 8306 } 8307 } 8308 8309 return p.Err() 8310} 8311 8312const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" 8313 8314// ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the 8315// client's request for the ListOrganizationalUnitsForParent operation. The "output" return 8316// value will be populated with the request's response once the request completes 8317// successfully. 8318// 8319// Use "Send" method on the returned Request to send the API call to the service. 8320// the "output" return value is not valid until after Send returns without error. 8321// 8322// See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent 8323// API call, and error handling. 8324// 8325// This method is useful when you want to inject custom logic or configuration 8326// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8327// 8328// 8329// // Example sending a request using the ListOrganizationalUnitsForParentRequest method. 8330// req, resp := client.ListOrganizationalUnitsForParentRequest(params) 8331// 8332// err := req.Send() 8333// if err == nil { // resp is now filled 8334// fmt.Println(resp) 8335// } 8336// 8337// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 8338func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { 8339 op := &request.Operation{ 8340 Name: opListOrganizationalUnitsForParent, 8341 HTTPMethod: "POST", 8342 HTTPPath: "/", 8343 Paginator: &request.Paginator{ 8344 InputTokens: []string{"NextToken"}, 8345 OutputTokens: []string{"NextToken"}, 8346 LimitToken: "MaxResults", 8347 TruncationToken: "", 8348 }, 8349 } 8350 8351 if input == nil { 8352 input = &ListOrganizationalUnitsForParentInput{} 8353 } 8354 8355 output = &ListOrganizationalUnitsForParentOutput{} 8356 req = c.newRequest(op, input, output) 8357 return 8358} 8359 8360// ListOrganizationalUnitsForParent API operation for AWS Organizations. 8361// 8362// Lists the organizational units (OUs) in a parent organizational unit or root. 8363// 8364// Always check the NextToken response parameter for a null value when calling 8365// a List* operation. These operations can occasionally return an empty set 8366// of results even when there are more results available. The NextToken response 8367// parameter value is null only when there are no more results to display. 8368// 8369// This operation can be called only from the organization's master account. 8370// 8371// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8372// with awserr.Error's Code and Message methods to get detailed information about 8373// the error. 8374// 8375// See the AWS API reference guide for AWS Organizations's 8376// API operation ListOrganizationalUnitsForParent for usage and error information. 8377// 8378// Returned Error Codes: 8379// * ErrCodeAccessDeniedException "AccessDeniedException" 8380// You don't have permissions to perform the requested operation. The user or 8381// role that is making the request must have at least one IAM permissions policy 8382// attached that grants the required permissions. For more information, see 8383// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8384// in the IAM User Guide. 8385// 8386// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8387// Your account isn't a member of an organization. To make this request, you 8388// must use the credentials of an account that belongs to an organization. 8389// 8390// * ErrCodeInvalidInputException "InvalidInputException" 8391// The requested operation failed because you provided invalid values for one 8392// or more of the request parameters. This exception includes a reason that 8393// contains additional information about the violated limit: 8394// 8395// Some of the reasons in the following list might not be applicable to this 8396// specific API or operation: 8397// 8398// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8399// can't be modified. 8400// 8401// * INPUT_REQUIRED: You must include a value for all required parameters. 8402// 8403// * INVALID_ENUM: You specified an invalid value. 8404// 8405// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 8406// 8407// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8408// characters. 8409// 8410// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8411// at least one invalid value. 8412// 8413// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8414// from the response to a previous call of the operation. 8415// 8416// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8417// organization, or email) as a party. 8418// 8419// * INVALID_PATTERN: You provided a value that doesn't match the required 8420// pattern. 8421// 8422// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8423// match the required pattern. 8424// 8425// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8426// name can't begin with the reserved prefix AWSServiceRoleFor. 8427// 8428// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8429// Name (ARN) for the organization. 8430// 8431// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8432// 8433// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8434// tag. You can’t add, edit, or delete system tag keys because they're 8435// reserved for AWS use. System tags don’t count against your tags per 8436// resource limit. 8437// 8438// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8439// for the operation. 8440// 8441// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8442// than allowed. 8443// 8444// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8445// value than allowed. 8446// 8447// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8448// than allowed. 8449// 8450// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8451// value than allowed. 8452// 8453// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8454// between entities in the same root. 8455// 8456// * ErrCodeParentNotFoundException "ParentNotFoundException" 8457// We can't find a root or OU with the ParentId that you specified. 8458// 8459// * ErrCodeServiceException "ServiceException" 8460// AWS Organizations can't complete your request because of an internal service 8461// error. Try again later. 8462// 8463// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8464// You have sent too many requests in too short a period of time. The limit 8465// helps protect against denial-of-service attacks. Try again later. 8466// 8467// For information on limits that affect AWS Organizations, see Limits of AWS 8468// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8469// in the AWS Organizations User Guide. 8470// 8471// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 8472func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { 8473 req, out := c.ListOrganizationalUnitsForParentRequest(input) 8474 return out, req.Send() 8475} 8476 8477// ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of 8478// the ability to pass a context and additional request options. 8479// 8480// See ListOrganizationalUnitsForParent for details on how to use this API operation. 8481// 8482// The context must be non-nil and will be used for request cancellation. If 8483// the context is nil a panic will occur. In the future the SDK may create 8484// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8485// for more information on using Contexts. 8486func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { 8487 req, out := c.ListOrganizationalUnitsForParentRequest(input) 8488 req.SetContext(ctx) 8489 req.ApplyOptions(opts...) 8490 return out, req.Send() 8491} 8492 8493// ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, 8494// calling the "fn" function with the response data for each page. To stop 8495// iterating, return false from the fn function. 8496// 8497// See ListOrganizationalUnitsForParent method for more information on how to use this operation. 8498// 8499// Note: This operation can generate multiple requests to a service. 8500// 8501// // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. 8502// pageNum := 0 8503// err := client.ListOrganizationalUnitsForParentPages(params, 8504// func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool { 8505// pageNum++ 8506// fmt.Println(page) 8507// return pageNum <= 3 8508// }) 8509// 8510func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { 8511 return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 8512} 8513 8514// ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except 8515// it takes a Context and allows setting request options on the pages. 8516// 8517// The context must be non-nil and will be used for request cancellation. If 8518// the context is nil a panic will occur. In the future the SDK may create 8519// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8520// for more information on using Contexts. 8521func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { 8522 p := request.Pagination{ 8523 NewRequest: func() (*request.Request, error) { 8524 var inCpy *ListOrganizationalUnitsForParentInput 8525 if input != nil { 8526 tmp := *input 8527 inCpy = &tmp 8528 } 8529 req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) 8530 req.SetContext(ctx) 8531 req.ApplyOptions(opts...) 8532 return req, nil 8533 }, 8534 } 8535 8536 for p.Next() { 8537 if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) { 8538 break 8539 } 8540 } 8541 8542 return p.Err() 8543} 8544 8545const opListParents = "ListParents" 8546 8547// ListParentsRequest generates a "aws/request.Request" representing the 8548// client's request for the ListParents operation. The "output" return 8549// value will be populated with the request's response once the request completes 8550// successfully. 8551// 8552// Use "Send" method on the returned Request to send the API call to the service. 8553// the "output" return value is not valid until after Send returns without error. 8554// 8555// See ListParents for more information on using the ListParents 8556// API call, and error handling. 8557// 8558// This method is useful when you want to inject custom logic or configuration 8559// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8560// 8561// 8562// // Example sending a request using the ListParentsRequest method. 8563// req, resp := client.ListParentsRequest(params) 8564// 8565// err := req.Send() 8566// if err == nil { // resp is now filled 8567// fmt.Println(resp) 8568// } 8569// 8570// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 8571func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { 8572 op := &request.Operation{ 8573 Name: opListParents, 8574 HTTPMethod: "POST", 8575 HTTPPath: "/", 8576 Paginator: &request.Paginator{ 8577 InputTokens: []string{"NextToken"}, 8578 OutputTokens: []string{"NextToken"}, 8579 LimitToken: "MaxResults", 8580 TruncationToken: "", 8581 }, 8582 } 8583 8584 if input == nil { 8585 input = &ListParentsInput{} 8586 } 8587 8588 output = &ListParentsOutput{} 8589 req = c.newRequest(op, input, output) 8590 return 8591} 8592 8593// ListParents API operation for AWS Organizations. 8594// 8595// Lists the root or organizational units (OUs) that serve as the immediate 8596// parent of the specified child OU or account. This operation, along with ListChildren 8597// enables you to traverse the tree structure that makes up this root. 8598// 8599// Always check the NextToken response parameter for a null value when calling 8600// a List* operation. These operations can occasionally return an empty set 8601// of results even when there are more results available. The NextToken response 8602// parameter value is null only when there are no more results to display. 8603// 8604// This operation can be called only from the organization's master account. 8605// 8606// In the current release, a child can have only a single parent. 8607// 8608// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8609// with awserr.Error's Code and Message methods to get detailed information about 8610// the error. 8611// 8612// See the AWS API reference guide for AWS Organizations's 8613// API operation ListParents for usage and error information. 8614// 8615// Returned Error Codes: 8616// * ErrCodeAccessDeniedException "AccessDeniedException" 8617// You don't have permissions to perform the requested operation. The user or 8618// role that is making the request must have at least one IAM permissions policy 8619// attached that grants the required permissions. For more information, see 8620// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8621// in the IAM User Guide. 8622// 8623// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8624// Your account isn't a member of an organization. To make this request, you 8625// must use the credentials of an account that belongs to an organization. 8626// 8627// * ErrCodeChildNotFoundException "ChildNotFoundException" 8628// We can't find an organizational unit (OU) or AWS account with the ChildId 8629// that you specified. 8630// 8631// * ErrCodeInvalidInputException "InvalidInputException" 8632// The requested operation failed because you provided invalid values for one 8633// or more of the request parameters. This exception includes a reason that 8634// contains additional information about the violated limit: 8635// 8636// Some of the reasons in the following list might not be applicable to this 8637// specific API or operation: 8638// 8639// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8640// can't be modified. 8641// 8642// * INPUT_REQUIRED: You must include a value for all required parameters. 8643// 8644// * INVALID_ENUM: You specified an invalid value. 8645// 8646// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 8647// 8648// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8649// characters. 8650// 8651// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8652// at least one invalid value. 8653// 8654// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8655// from the response to a previous call of the operation. 8656// 8657// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8658// organization, or email) as a party. 8659// 8660// * INVALID_PATTERN: You provided a value that doesn't match the required 8661// pattern. 8662// 8663// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8664// match the required pattern. 8665// 8666// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8667// name can't begin with the reserved prefix AWSServiceRoleFor. 8668// 8669// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8670// Name (ARN) for the organization. 8671// 8672// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8673// 8674// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8675// tag. You can’t add, edit, or delete system tag keys because they're 8676// reserved for AWS use. System tags don’t count against your tags per 8677// resource limit. 8678// 8679// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8680// for the operation. 8681// 8682// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8683// than allowed. 8684// 8685// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8686// value than allowed. 8687// 8688// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8689// than allowed. 8690// 8691// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8692// value than allowed. 8693// 8694// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8695// between entities in the same root. 8696// 8697// * ErrCodeServiceException "ServiceException" 8698// AWS Organizations can't complete your request because of an internal service 8699// error. Try again later. 8700// 8701// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8702// You have sent too many requests in too short a period of time. The limit 8703// helps protect against denial-of-service attacks. Try again later. 8704// 8705// For information on limits that affect AWS Organizations, see Limits of AWS 8706// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8707// in the AWS Organizations User Guide. 8708// 8709// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 8710func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { 8711 req, out := c.ListParentsRequest(input) 8712 return out, req.Send() 8713} 8714 8715// ListParentsWithContext is the same as ListParents with the addition of 8716// the ability to pass a context and additional request options. 8717// 8718// See ListParents for details on how to use this API operation. 8719// 8720// The context must be non-nil and will be used for request cancellation. If 8721// the context is nil a panic will occur. In the future the SDK may create 8722// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8723// for more information on using Contexts. 8724func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { 8725 req, out := c.ListParentsRequest(input) 8726 req.SetContext(ctx) 8727 req.ApplyOptions(opts...) 8728 return out, req.Send() 8729} 8730 8731// ListParentsPages iterates over the pages of a ListParents operation, 8732// calling the "fn" function with the response data for each page. To stop 8733// iterating, return false from the fn function. 8734// 8735// See ListParents method for more information on how to use this operation. 8736// 8737// Note: This operation can generate multiple requests to a service. 8738// 8739// // Example iterating over at most 3 pages of a ListParents operation. 8740// pageNum := 0 8741// err := client.ListParentsPages(params, 8742// func(page *organizations.ListParentsOutput, lastPage bool) bool { 8743// pageNum++ 8744// fmt.Println(page) 8745// return pageNum <= 3 8746// }) 8747// 8748func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { 8749 return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) 8750} 8751 8752// ListParentsPagesWithContext same as ListParentsPages except 8753// it takes a Context and allows setting request options on the pages. 8754// 8755// The context must be non-nil and will be used for request cancellation. If 8756// the context is nil a panic will occur. In the future the SDK may create 8757// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8758// for more information on using Contexts. 8759func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { 8760 p := request.Pagination{ 8761 NewRequest: func() (*request.Request, error) { 8762 var inCpy *ListParentsInput 8763 if input != nil { 8764 tmp := *input 8765 inCpy = &tmp 8766 } 8767 req, _ := c.ListParentsRequest(inCpy) 8768 req.SetContext(ctx) 8769 req.ApplyOptions(opts...) 8770 return req, nil 8771 }, 8772 } 8773 8774 for p.Next() { 8775 if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) { 8776 break 8777 } 8778 } 8779 8780 return p.Err() 8781} 8782 8783const opListPolicies = "ListPolicies" 8784 8785// ListPoliciesRequest generates a "aws/request.Request" representing the 8786// client's request for the ListPolicies operation. The "output" return 8787// value will be populated with the request's response once the request completes 8788// successfully. 8789// 8790// Use "Send" method on the returned Request to send the API call to the service. 8791// the "output" return value is not valid until after Send returns without error. 8792// 8793// See ListPolicies for more information on using the ListPolicies 8794// API call, and error handling. 8795// 8796// This method is useful when you want to inject custom logic or configuration 8797// into the SDK's request lifecycle. Such as custom headers, or retry logic. 8798// 8799// 8800// // Example sending a request using the ListPoliciesRequest method. 8801// req, resp := client.ListPoliciesRequest(params) 8802// 8803// err := req.Send() 8804// if err == nil { // resp is now filled 8805// fmt.Println(resp) 8806// } 8807// 8808// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 8809func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 8810 op := &request.Operation{ 8811 Name: opListPolicies, 8812 HTTPMethod: "POST", 8813 HTTPPath: "/", 8814 Paginator: &request.Paginator{ 8815 InputTokens: []string{"NextToken"}, 8816 OutputTokens: []string{"NextToken"}, 8817 LimitToken: "MaxResults", 8818 TruncationToken: "", 8819 }, 8820 } 8821 8822 if input == nil { 8823 input = &ListPoliciesInput{} 8824 } 8825 8826 output = &ListPoliciesOutput{} 8827 req = c.newRequest(op, input, output) 8828 return 8829} 8830 8831// ListPolicies API operation for AWS Organizations. 8832// 8833// Retrieves the list of all policies in an organization of a specified type. 8834// 8835// Always check the NextToken response parameter for a null value when calling 8836// a List* operation. These operations can occasionally return an empty set 8837// of results even when there are more results available. The NextToken response 8838// parameter value is null only when there are no more results to display. 8839// 8840// This operation can be called only from the organization's master account. 8841// 8842// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8843// with awserr.Error's Code and Message methods to get detailed information about 8844// the error. 8845// 8846// See the AWS API reference guide for AWS Organizations's 8847// API operation ListPolicies for usage and error information. 8848// 8849// Returned Error Codes: 8850// * ErrCodeAccessDeniedException "AccessDeniedException" 8851// You don't have permissions to perform the requested operation. The user or 8852// role that is making the request must have at least one IAM permissions policy 8853// attached that grants the required permissions. For more information, see 8854// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8855// in the IAM User Guide. 8856// 8857// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 8858// Your account isn't a member of an organization. To make this request, you 8859// must use the credentials of an account that belongs to an organization. 8860// 8861// * ErrCodeInvalidInputException "InvalidInputException" 8862// The requested operation failed because you provided invalid values for one 8863// or more of the request parameters. This exception includes a reason that 8864// contains additional information about the violated limit: 8865// 8866// Some of the reasons in the following list might not be applicable to this 8867// specific API or operation: 8868// 8869// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8870// can't be modified. 8871// 8872// * INPUT_REQUIRED: You must include a value for all required parameters. 8873// 8874// * INVALID_ENUM: You specified an invalid value. 8875// 8876// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 8877// 8878// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8879// characters. 8880// 8881// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8882// at least one invalid value. 8883// 8884// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8885// from the response to a previous call of the operation. 8886// 8887// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8888// organization, or email) as a party. 8889// 8890// * INVALID_PATTERN: You provided a value that doesn't match the required 8891// pattern. 8892// 8893// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8894// match the required pattern. 8895// 8896// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8897// name can't begin with the reserved prefix AWSServiceRoleFor. 8898// 8899// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8900// Name (ARN) for the organization. 8901// 8902// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8903// 8904// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8905// tag. You can’t add, edit, or delete system tag keys because they're 8906// reserved for AWS use. System tags don’t count against your tags per 8907// resource limit. 8908// 8909// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8910// for the operation. 8911// 8912// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8913// than allowed. 8914// 8915// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8916// value than allowed. 8917// 8918// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8919// than allowed. 8920// 8921// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8922// value than allowed. 8923// 8924// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8925// between entities in the same root. 8926// 8927// * ErrCodeServiceException "ServiceException" 8928// AWS Organizations can't complete your request because of an internal service 8929// error. Try again later. 8930// 8931// * ErrCodeTooManyRequestsException "TooManyRequestsException" 8932// You have sent too many requests in too short a period of time. The limit 8933// helps protect against denial-of-service attacks. Try again later. 8934// 8935// For information on limits that affect AWS Organizations, see Limits of AWS 8936// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 8937// in the AWS Organizations User Guide. 8938// 8939// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 8940// This action isn't available in the current Region. 8941// 8942// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 8943func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 8944 req, out := c.ListPoliciesRequest(input) 8945 return out, req.Send() 8946} 8947 8948// ListPoliciesWithContext is the same as ListPolicies with the addition of 8949// the ability to pass a context and additional request options. 8950// 8951// See ListPolicies for details on how to use this API operation. 8952// 8953// The context must be non-nil and will be used for request cancellation. If 8954// the context is nil a panic will occur. In the future the SDK may create 8955// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8956// for more information on using Contexts. 8957func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 8958 req, out := c.ListPoliciesRequest(input) 8959 req.SetContext(ctx) 8960 req.ApplyOptions(opts...) 8961 return out, req.Send() 8962} 8963 8964// ListPoliciesPages iterates over the pages of a ListPolicies operation, 8965// calling the "fn" function with the response data for each page. To stop 8966// iterating, return false from the fn function. 8967// 8968// See ListPolicies method for more information on how to use this operation. 8969// 8970// Note: This operation can generate multiple requests to a service. 8971// 8972// // Example iterating over at most 3 pages of a ListPolicies operation. 8973// pageNum := 0 8974// err := client.ListPoliciesPages(params, 8975// func(page *organizations.ListPoliciesOutput, lastPage bool) bool { 8976// pageNum++ 8977// fmt.Println(page) 8978// return pageNum <= 3 8979// }) 8980// 8981func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 8982 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 8983} 8984 8985// ListPoliciesPagesWithContext same as ListPoliciesPages except 8986// it takes a Context and allows setting request options on the pages. 8987// 8988// The context must be non-nil and will be used for request cancellation. If 8989// the context is nil a panic will occur. In the future the SDK may create 8990// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8991// for more information on using Contexts. 8992func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 8993 p := request.Pagination{ 8994 NewRequest: func() (*request.Request, error) { 8995 var inCpy *ListPoliciesInput 8996 if input != nil { 8997 tmp := *input 8998 inCpy = &tmp 8999 } 9000 req, _ := c.ListPoliciesRequest(inCpy) 9001 req.SetContext(ctx) 9002 req.ApplyOptions(opts...) 9003 return req, nil 9004 }, 9005 } 9006 9007 for p.Next() { 9008 if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) { 9009 break 9010 } 9011 } 9012 9013 return p.Err() 9014} 9015 9016const opListPoliciesForTarget = "ListPoliciesForTarget" 9017 9018// ListPoliciesForTargetRequest generates a "aws/request.Request" representing the 9019// client's request for the ListPoliciesForTarget operation. The "output" return 9020// value will be populated with the request's response once the request completes 9021// successfully. 9022// 9023// Use "Send" method on the returned Request to send the API call to the service. 9024// the "output" return value is not valid until after Send returns without error. 9025// 9026// See ListPoliciesForTarget for more information on using the ListPoliciesForTarget 9027// API call, and error handling. 9028// 9029// This method is useful when you want to inject custom logic or configuration 9030// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9031// 9032// 9033// // Example sending a request using the ListPoliciesForTargetRequest method. 9034// req, resp := client.ListPoliciesForTargetRequest(params) 9035// 9036// err := req.Send() 9037// if err == nil { // resp is now filled 9038// fmt.Println(resp) 9039// } 9040// 9041// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 9042func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { 9043 op := &request.Operation{ 9044 Name: opListPoliciesForTarget, 9045 HTTPMethod: "POST", 9046 HTTPPath: "/", 9047 Paginator: &request.Paginator{ 9048 InputTokens: []string{"NextToken"}, 9049 OutputTokens: []string{"NextToken"}, 9050 LimitToken: "MaxResults", 9051 TruncationToken: "", 9052 }, 9053 } 9054 9055 if input == nil { 9056 input = &ListPoliciesForTargetInput{} 9057 } 9058 9059 output = &ListPoliciesForTargetOutput{} 9060 req = c.newRequest(op, input, output) 9061 return 9062} 9063 9064// ListPoliciesForTarget API operation for AWS Organizations. 9065// 9066// Lists the policies that are directly attached to the specified target root, 9067// organizational unit (OU), or account. You must specify the policy type that 9068// you want included in the returned list. 9069// 9070// Always check the NextToken response parameter for a null value when calling 9071// a List* operation. These operations can occasionally return an empty set 9072// of results even when there are more results available. The NextToken response 9073// parameter value is null only when there are no more results to display. 9074// 9075// This operation can be called only from the organization's master account. 9076// 9077// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9078// with awserr.Error's Code and Message methods to get detailed information about 9079// the error. 9080// 9081// See the AWS API reference guide for AWS Organizations's 9082// API operation ListPoliciesForTarget for usage and error information. 9083// 9084// Returned Error Codes: 9085// * ErrCodeAccessDeniedException "AccessDeniedException" 9086// You don't have permissions to perform the requested operation. The user or 9087// role that is making the request must have at least one IAM permissions policy 9088// attached that grants the required permissions. For more information, see 9089// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9090// in the IAM User Guide. 9091// 9092// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9093// Your account isn't a member of an organization. To make this request, you 9094// must use the credentials of an account that belongs to an organization. 9095// 9096// * ErrCodeInvalidInputException "InvalidInputException" 9097// The requested operation failed because you provided invalid values for one 9098// or more of the request parameters. This exception includes a reason that 9099// contains additional information about the violated limit: 9100// 9101// Some of the reasons in the following list might not be applicable to this 9102// specific API or operation: 9103// 9104// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9105// can't be modified. 9106// 9107// * INPUT_REQUIRED: You must include a value for all required parameters. 9108// 9109// * INVALID_ENUM: You specified an invalid value. 9110// 9111// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 9112// 9113// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9114// characters. 9115// 9116// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9117// at least one invalid value. 9118// 9119// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9120// from the response to a previous call of the operation. 9121// 9122// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9123// organization, or email) as a party. 9124// 9125// * INVALID_PATTERN: You provided a value that doesn't match the required 9126// pattern. 9127// 9128// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9129// match the required pattern. 9130// 9131// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9132// name can't begin with the reserved prefix AWSServiceRoleFor. 9133// 9134// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9135// Name (ARN) for the organization. 9136// 9137// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9138// 9139// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9140// tag. You can’t add, edit, or delete system tag keys because they're 9141// reserved for AWS use. System tags don’t count against your tags per 9142// resource limit. 9143// 9144// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9145// for the operation. 9146// 9147// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9148// than allowed. 9149// 9150// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9151// value than allowed. 9152// 9153// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9154// than allowed. 9155// 9156// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9157// value than allowed. 9158// 9159// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9160// between entities in the same root. 9161// 9162// * ErrCodeServiceException "ServiceException" 9163// AWS Organizations can't complete your request because of an internal service 9164// error. Try again later. 9165// 9166// * ErrCodeTargetNotFoundException "TargetNotFoundException" 9167// We can't find a root, OU, or account with the TargetId that you specified. 9168// 9169// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9170// You have sent too many requests in too short a period of time. The limit 9171// helps protect against denial-of-service attacks. Try again later. 9172// 9173// For information on limits that affect AWS Organizations, see Limits of AWS 9174// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9175// in the AWS Organizations User Guide. 9176// 9177// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 9178// This action isn't available in the current Region. 9179// 9180// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 9181func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { 9182 req, out := c.ListPoliciesForTargetRequest(input) 9183 return out, req.Send() 9184} 9185 9186// ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of 9187// the ability to pass a context and additional request options. 9188// 9189// See ListPoliciesForTarget for details on how to use this API operation. 9190// 9191// The context must be non-nil and will be used for request cancellation. If 9192// the context is nil a panic will occur. In the future the SDK may create 9193// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9194// for more information on using Contexts. 9195func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { 9196 req, out := c.ListPoliciesForTargetRequest(input) 9197 req.SetContext(ctx) 9198 req.ApplyOptions(opts...) 9199 return out, req.Send() 9200} 9201 9202// ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, 9203// calling the "fn" function with the response data for each page. To stop 9204// iterating, return false from the fn function. 9205// 9206// See ListPoliciesForTarget method for more information on how to use this operation. 9207// 9208// Note: This operation can generate multiple requests to a service. 9209// 9210// // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. 9211// pageNum := 0 9212// err := client.ListPoliciesForTargetPages(params, 9213// func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { 9214// pageNum++ 9215// fmt.Println(page) 9216// return pageNum <= 3 9217// }) 9218// 9219func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { 9220 return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) 9221} 9222 9223// ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except 9224// it takes a Context and allows setting request options on the pages. 9225// 9226// The context must be non-nil and will be used for request cancellation. If 9227// the context is nil a panic will occur. In the future the SDK may create 9228// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9229// for more information on using Contexts. 9230func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { 9231 p := request.Pagination{ 9232 NewRequest: func() (*request.Request, error) { 9233 var inCpy *ListPoliciesForTargetInput 9234 if input != nil { 9235 tmp := *input 9236 inCpy = &tmp 9237 } 9238 req, _ := c.ListPoliciesForTargetRequest(inCpy) 9239 req.SetContext(ctx) 9240 req.ApplyOptions(opts...) 9241 return req, nil 9242 }, 9243 } 9244 9245 for p.Next() { 9246 if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) { 9247 break 9248 } 9249 } 9250 9251 return p.Err() 9252} 9253 9254const opListRoots = "ListRoots" 9255 9256// ListRootsRequest generates a "aws/request.Request" representing the 9257// client's request for the ListRoots operation. The "output" return 9258// value will be populated with the request's response once the request completes 9259// successfully. 9260// 9261// Use "Send" method on the returned Request to send the API call to the service. 9262// the "output" return value is not valid until after Send returns without error. 9263// 9264// See ListRoots for more information on using the ListRoots 9265// API call, and error handling. 9266// 9267// This method is useful when you want to inject custom logic or configuration 9268// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9269// 9270// 9271// // Example sending a request using the ListRootsRequest method. 9272// req, resp := client.ListRootsRequest(params) 9273// 9274// err := req.Send() 9275// if err == nil { // resp is now filled 9276// fmt.Println(resp) 9277// } 9278// 9279// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 9280func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { 9281 op := &request.Operation{ 9282 Name: opListRoots, 9283 HTTPMethod: "POST", 9284 HTTPPath: "/", 9285 Paginator: &request.Paginator{ 9286 InputTokens: []string{"NextToken"}, 9287 OutputTokens: []string{"NextToken"}, 9288 LimitToken: "MaxResults", 9289 TruncationToken: "", 9290 }, 9291 } 9292 9293 if input == nil { 9294 input = &ListRootsInput{} 9295 } 9296 9297 output = &ListRootsOutput{} 9298 req = c.newRequest(op, input, output) 9299 return 9300} 9301 9302// ListRoots API operation for AWS Organizations. 9303// 9304// Lists the roots that are defined in the current organization. 9305// 9306// Always check the NextToken response parameter for a null value when calling 9307// a List* operation. These operations can occasionally return an empty set 9308// of results even when there are more results available. The NextToken response 9309// parameter value is null only when there are no more results to display. 9310// 9311// This operation can be called only from the organization's master account. 9312// 9313// Policy types can be enabled and disabled in roots. This is distinct from 9314// whether they're available in the organization. When you enable all features, 9315// you make policy types available for use in that organization. Individual 9316// policy types can then be enabled and disabled in a root. To see the availability 9317// of a policy type in an organization, use DescribeOrganization. 9318// 9319// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9320// with awserr.Error's Code and Message methods to get detailed information about 9321// the error. 9322// 9323// See the AWS API reference guide for AWS Organizations's 9324// API operation ListRoots for usage and error information. 9325// 9326// Returned Error Codes: 9327// * ErrCodeAccessDeniedException "AccessDeniedException" 9328// You don't have permissions to perform the requested operation. The user or 9329// role that is making the request must have at least one IAM permissions policy 9330// attached that grants the required permissions. For more information, see 9331// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9332// in the IAM User Guide. 9333// 9334// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9335// Your account isn't a member of an organization. To make this request, you 9336// must use the credentials of an account that belongs to an organization. 9337// 9338// * ErrCodeInvalidInputException "InvalidInputException" 9339// The requested operation failed because you provided invalid values for one 9340// or more of the request parameters. This exception includes a reason that 9341// contains additional information about the violated limit: 9342// 9343// Some of the reasons in the following list might not be applicable to this 9344// specific API or operation: 9345// 9346// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9347// can't be modified. 9348// 9349// * INPUT_REQUIRED: You must include a value for all required parameters. 9350// 9351// * INVALID_ENUM: You specified an invalid value. 9352// 9353// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 9354// 9355// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9356// characters. 9357// 9358// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9359// at least one invalid value. 9360// 9361// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9362// from the response to a previous call of the operation. 9363// 9364// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9365// organization, or email) as a party. 9366// 9367// * INVALID_PATTERN: You provided a value that doesn't match the required 9368// pattern. 9369// 9370// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9371// match the required pattern. 9372// 9373// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9374// name can't begin with the reserved prefix AWSServiceRoleFor. 9375// 9376// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9377// Name (ARN) for the organization. 9378// 9379// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9380// 9381// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9382// tag. You can’t add, edit, or delete system tag keys because they're 9383// reserved for AWS use. System tags don’t count against your tags per 9384// resource limit. 9385// 9386// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9387// for the operation. 9388// 9389// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9390// than allowed. 9391// 9392// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9393// value than allowed. 9394// 9395// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9396// than allowed. 9397// 9398// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9399// value than allowed. 9400// 9401// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9402// between entities in the same root. 9403// 9404// * ErrCodeServiceException "ServiceException" 9405// AWS Organizations can't complete your request because of an internal service 9406// error. Try again later. 9407// 9408// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9409// You have sent too many requests in too short a period of time. The limit 9410// helps protect against denial-of-service attacks. Try again later. 9411// 9412// For information on limits that affect AWS Organizations, see Limits of AWS 9413// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9414// in the AWS Organizations User Guide. 9415// 9416// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 9417func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { 9418 req, out := c.ListRootsRequest(input) 9419 return out, req.Send() 9420} 9421 9422// ListRootsWithContext is the same as ListRoots with the addition of 9423// the ability to pass a context and additional request options. 9424// 9425// See ListRoots for details on how to use this API operation. 9426// 9427// The context must be non-nil and will be used for request cancellation. If 9428// the context is nil a panic will occur. In the future the SDK may create 9429// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9430// for more information on using Contexts. 9431func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { 9432 req, out := c.ListRootsRequest(input) 9433 req.SetContext(ctx) 9434 req.ApplyOptions(opts...) 9435 return out, req.Send() 9436} 9437 9438// ListRootsPages iterates over the pages of a ListRoots operation, 9439// calling the "fn" function with the response data for each page. To stop 9440// iterating, return false from the fn function. 9441// 9442// See ListRoots method for more information on how to use this operation. 9443// 9444// Note: This operation can generate multiple requests to a service. 9445// 9446// // Example iterating over at most 3 pages of a ListRoots operation. 9447// pageNum := 0 9448// err := client.ListRootsPages(params, 9449// func(page *organizations.ListRootsOutput, lastPage bool) bool { 9450// pageNum++ 9451// fmt.Println(page) 9452// return pageNum <= 3 9453// }) 9454// 9455func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { 9456 return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) 9457} 9458 9459// ListRootsPagesWithContext same as ListRootsPages except 9460// it takes a Context and allows setting request options on the pages. 9461// 9462// The context must be non-nil and will be used for request cancellation. If 9463// the context is nil a panic will occur. In the future the SDK may create 9464// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9465// for more information on using Contexts. 9466func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { 9467 p := request.Pagination{ 9468 NewRequest: func() (*request.Request, error) { 9469 var inCpy *ListRootsInput 9470 if input != nil { 9471 tmp := *input 9472 inCpy = &tmp 9473 } 9474 req, _ := c.ListRootsRequest(inCpy) 9475 req.SetContext(ctx) 9476 req.ApplyOptions(opts...) 9477 return req, nil 9478 }, 9479 } 9480 9481 for p.Next() { 9482 if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) { 9483 break 9484 } 9485 } 9486 9487 return p.Err() 9488} 9489 9490const opListTagsForResource = "ListTagsForResource" 9491 9492// ListTagsForResourceRequest generates a "aws/request.Request" representing the 9493// client's request for the ListTagsForResource operation. The "output" return 9494// value will be populated with the request's response once the request completes 9495// successfully. 9496// 9497// Use "Send" method on the returned Request to send the API call to the service. 9498// the "output" return value is not valid until after Send returns without error. 9499// 9500// See ListTagsForResource for more information on using the ListTagsForResource 9501// API call, and error handling. 9502// 9503// This method is useful when you want to inject custom logic or configuration 9504// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9505// 9506// 9507// // Example sending a request using the ListTagsForResourceRequest method. 9508// req, resp := client.ListTagsForResourceRequest(params) 9509// 9510// err := req.Send() 9511// if err == nil { // resp is now filled 9512// fmt.Println(resp) 9513// } 9514// 9515// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 9516func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { 9517 op := &request.Operation{ 9518 Name: opListTagsForResource, 9519 HTTPMethod: "POST", 9520 HTTPPath: "/", 9521 Paginator: &request.Paginator{ 9522 InputTokens: []string{"NextToken"}, 9523 OutputTokens: []string{"NextToken"}, 9524 LimitToken: "", 9525 TruncationToken: "", 9526 }, 9527 } 9528 9529 if input == nil { 9530 input = &ListTagsForResourceInput{} 9531 } 9532 9533 output = &ListTagsForResourceOutput{} 9534 req = c.newRequest(op, input, output) 9535 return 9536} 9537 9538// ListTagsForResource API operation for AWS Organizations. 9539// 9540// Lists tags for the specified resource. 9541// 9542// Currently, you can list tags on an account in AWS Organizations. 9543// 9544// This operation can be called only from the organization's master account. 9545// 9546// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9547// with awserr.Error's Code and Message methods to get detailed information about 9548// the error. 9549// 9550// See the AWS API reference guide for AWS Organizations's 9551// API operation ListTagsForResource for usage and error information. 9552// 9553// Returned Error Codes: 9554// * ErrCodeAccessDeniedException "AccessDeniedException" 9555// You don't have permissions to perform the requested operation. The user or 9556// role that is making the request must have at least one IAM permissions policy 9557// attached that grants the required permissions. For more information, see 9558// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9559// in the IAM User Guide. 9560// 9561// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9562// Your account isn't a member of an organization. To make this request, you 9563// must use the credentials of an account that belongs to an organization. 9564// 9565// * ErrCodeTargetNotFoundException "TargetNotFoundException" 9566// We can't find a root, OU, or account with the TargetId that you specified. 9567// 9568// * ErrCodeInvalidInputException "InvalidInputException" 9569// The requested operation failed because you provided invalid values for one 9570// or more of the request parameters. This exception includes a reason that 9571// contains additional information about the violated limit: 9572// 9573// Some of the reasons in the following list might not be applicable to this 9574// specific API or operation: 9575// 9576// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9577// can't be modified. 9578// 9579// * INPUT_REQUIRED: You must include a value for all required parameters. 9580// 9581// * INVALID_ENUM: You specified an invalid value. 9582// 9583// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 9584// 9585// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9586// characters. 9587// 9588// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9589// at least one invalid value. 9590// 9591// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9592// from the response to a previous call of the operation. 9593// 9594// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9595// organization, or email) as a party. 9596// 9597// * INVALID_PATTERN: You provided a value that doesn't match the required 9598// pattern. 9599// 9600// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9601// match the required pattern. 9602// 9603// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9604// name can't begin with the reserved prefix AWSServiceRoleFor. 9605// 9606// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9607// Name (ARN) for the organization. 9608// 9609// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9610// 9611// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9612// tag. You can’t add, edit, or delete system tag keys because they're 9613// reserved for AWS use. System tags don’t count against your tags per 9614// resource limit. 9615// 9616// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9617// for the operation. 9618// 9619// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9620// than allowed. 9621// 9622// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9623// value than allowed. 9624// 9625// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9626// than allowed. 9627// 9628// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9629// value than allowed. 9630// 9631// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9632// between entities in the same root. 9633// 9634// * ErrCodeServiceException "ServiceException" 9635// AWS Organizations can't complete your request because of an internal service 9636// error. Try again later. 9637// 9638// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9639// You have sent too many requests in too short a period of time. The limit 9640// helps protect against denial-of-service attacks. Try again later. 9641// 9642// For information on limits that affect AWS Organizations, see Limits of AWS 9643// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9644// in the AWS Organizations User Guide. 9645// 9646// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 9647func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { 9648 req, out := c.ListTagsForResourceRequest(input) 9649 return out, req.Send() 9650} 9651 9652// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of 9653// the ability to pass a context and additional request options. 9654// 9655// See ListTagsForResource for details on how to use this API operation. 9656// 9657// The context must be non-nil and will be used for request cancellation. If 9658// the context is nil a panic will occur. In the future the SDK may create 9659// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9660// for more information on using Contexts. 9661func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { 9662 req, out := c.ListTagsForResourceRequest(input) 9663 req.SetContext(ctx) 9664 req.ApplyOptions(opts...) 9665 return out, req.Send() 9666} 9667 9668// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, 9669// calling the "fn" function with the response data for each page. To stop 9670// iterating, return false from the fn function. 9671// 9672// See ListTagsForResource method for more information on how to use this operation. 9673// 9674// Note: This operation can generate multiple requests to a service. 9675// 9676// // Example iterating over at most 3 pages of a ListTagsForResource operation. 9677// pageNum := 0 9678// err := client.ListTagsForResourcePages(params, 9679// func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool { 9680// pageNum++ 9681// fmt.Println(page) 9682// return pageNum <= 3 9683// }) 9684// 9685func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { 9686 return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) 9687} 9688 9689// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except 9690// it takes a Context and allows setting request options on the pages. 9691// 9692// The context must be non-nil and will be used for request cancellation. If 9693// the context is nil a panic will occur. In the future the SDK may create 9694// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9695// for more information on using Contexts. 9696func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { 9697 p := request.Pagination{ 9698 NewRequest: func() (*request.Request, error) { 9699 var inCpy *ListTagsForResourceInput 9700 if input != nil { 9701 tmp := *input 9702 inCpy = &tmp 9703 } 9704 req, _ := c.ListTagsForResourceRequest(inCpy) 9705 req.SetContext(ctx) 9706 req.ApplyOptions(opts...) 9707 return req, nil 9708 }, 9709 } 9710 9711 for p.Next() { 9712 if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) { 9713 break 9714 } 9715 } 9716 9717 return p.Err() 9718} 9719 9720const opListTargetsForPolicy = "ListTargetsForPolicy" 9721 9722// ListTargetsForPolicyRequest generates a "aws/request.Request" representing the 9723// client's request for the ListTargetsForPolicy operation. The "output" return 9724// value will be populated with the request's response once the request completes 9725// successfully. 9726// 9727// Use "Send" method on the returned Request to send the API call to the service. 9728// the "output" return value is not valid until after Send returns without error. 9729// 9730// See ListTargetsForPolicy for more information on using the ListTargetsForPolicy 9731// API call, and error handling. 9732// 9733// This method is useful when you want to inject custom logic or configuration 9734// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9735// 9736// 9737// // Example sending a request using the ListTargetsForPolicyRequest method. 9738// req, resp := client.ListTargetsForPolicyRequest(params) 9739// 9740// err := req.Send() 9741// if err == nil { // resp is now filled 9742// fmt.Println(resp) 9743// } 9744// 9745// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 9746func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { 9747 op := &request.Operation{ 9748 Name: opListTargetsForPolicy, 9749 HTTPMethod: "POST", 9750 HTTPPath: "/", 9751 Paginator: &request.Paginator{ 9752 InputTokens: []string{"NextToken"}, 9753 OutputTokens: []string{"NextToken"}, 9754 LimitToken: "MaxResults", 9755 TruncationToken: "", 9756 }, 9757 } 9758 9759 if input == nil { 9760 input = &ListTargetsForPolicyInput{} 9761 } 9762 9763 output = &ListTargetsForPolicyOutput{} 9764 req = c.newRequest(op, input, output) 9765 return 9766} 9767 9768// ListTargetsForPolicy API operation for AWS Organizations. 9769// 9770// Lists all the roots, organizational units (OUs), and accounts that the specified 9771// policy is attached to. 9772// 9773// Always check the NextToken response parameter for a null value when calling 9774// a List* operation. These operations can occasionally return an empty set 9775// of results even when there are more results available. The NextToken response 9776// parameter value is null only when there are no more results to display. 9777// 9778// This operation can be called only from the organization's master account. 9779// 9780// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9781// with awserr.Error's Code and Message methods to get detailed information about 9782// the error. 9783// 9784// See the AWS API reference guide for AWS Organizations's 9785// API operation ListTargetsForPolicy for usage and error information. 9786// 9787// Returned Error Codes: 9788// * ErrCodeAccessDeniedException "AccessDeniedException" 9789// You don't have permissions to perform the requested operation. The user or 9790// role that is making the request must have at least one IAM permissions policy 9791// attached that grants the required permissions. For more information, see 9792// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9793// in the IAM User Guide. 9794// 9795// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 9796// Your account isn't a member of an organization. To make this request, you 9797// must use the credentials of an account that belongs to an organization. 9798// 9799// * ErrCodeInvalidInputException "InvalidInputException" 9800// The requested operation failed because you provided invalid values for one 9801// or more of the request parameters. This exception includes a reason that 9802// contains additional information about the violated limit: 9803// 9804// Some of the reasons in the following list might not be applicable to this 9805// specific API or operation: 9806// 9807// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9808// can't be modified. 9809// 9810// * INPUT_REQUIRED: You must include a value for all required parameters. 9811// 9812// * INVALID_ENUM: You specified an invalid value. 9813// 9814// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 9815// 9816// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9817// characters. 9818// 9819// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9820// at least one invalid value. 9821// 9822// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9823// from the response to a previous call of the operation. 9824// 9825// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9826// organization, or email) as a party. 9827// 9828// * INVALID_PATTERN: You provided a value that doesn't match the required 9829// pattern. 9830// 9831// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9832// match the required pattern. 9833// 9834// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9835// name can't begin with the reserved prefix AWSServiceRoleFor. 9836// 9837// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9838// Name (ARN) for the organization. 9839// 9840// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9841// 9842// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9843// tag. You can’t add, edit, or delete system tag keys because they're 9844// reserved for AWS use. System tags don’t count against your tags per 9845// resource limit. 9846// 9847// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9848// for the operation. 9849// 9850// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9851// than allowed. 9852// 9853// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9854// value than allowed. 9855// 9856// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9857// than allowed. 9858// 9859// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9860// value than allowed. 9861// 9862// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9863// between entities in the same root. 9864// 9865// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 9866// We can't find a policy with the PolicyId that you specified. 9867// 9868// * ErrCodeServiceException "ServiceException" 9869// AWS Organizations can't complete your request because of an internal service 9870// error. Try again later. 9871// 9872// * ErrCodeTooManyRequestsException "TooManyRequestsException" 9873// You have sent too many requests in too short a period of time. The limit 9874// helps protect against denial-of-service attacks. Try again later. 9875// 9876// For information on limits that affect AWS Organizations, see Limits of AWS 9877// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 9878// in the AWS Organizations User Guide. 9879// 9880// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 9881// This action isn't available in the current Region. 9882// 9883// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 9884func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { 9885 req, out := c.ListTargetsForPolicyRequest(input) 9886 return out, req.Send() 9887} 9888 9889// ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of 9890// the ability to pass a context and additional request options. 9891// 9892// See ListTargetsForPolicy for details on how to use this API operation. 9893// 9894// The context must be non-nil and will be used for request cancellation. If 9895// the context is nil a panic will occur. In the future the SDK may create 9896// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9897// for more information on using Contexts. 9898func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { 9899 req, out := c.ListTargetsForPolicyRequest(input) 9900 req.SetContext(ctx) 9901 req.ApplyOptions(opts...) 9902 return out, req.Send() 9903} 9904 9905// ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, 9906// calling the "fn" function with the response data for each page. To stop 9907// iterating, return false from the fn function. 9908// 9909// See ListTargetsForPolicy method for more information on how to use this operation. 9910// 9911// Note: This operation can generate multiple requests to a service. 9912// 9913// // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. 9914// pageNum := 0 9915// err := client.ListTargetsForPolicyPages(params, 9916// func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool { 9917// pageNum++ 9918// fmt.Println(page) 9919// return pageNum <= 3 9920// }) 9921// 9922func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { 9923 return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) 9924} 9925 9926// ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except 9927// it takes a Context and allows setting request options on the pages. 9928// 9929// The context must be non-nil and will be used for request cancellation. If 9930// the context is nil a panic will occur. In the future the SDK may create 9931// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9932// for more information on using Contexts. 9933func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { 9934 p := request.Pagination{ 9935 NewRequest: func() (*request.Request, error) { 9936 var inCpy *ListTargetsForPolicyInput 9937 if input != nil { 9938 tmp := *input 9939 inCpy = &tmp 9940 } 9941 req, _ := c.ListTargetsForPolicyRequest(inCpy) 9942 req.SetContext(ctx) 9943 req.ApplyOptions(opts...) 9944 return req, nil 9945 }, 9946 } 9947 9948 for p.Next() { 9949 if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) { 9950 break 9951 } 9952 } 9953 9954 return p.Err() 9955} 9956 9957const opMoveAccount = "MoveAccount" 9958 9959// MoveAccountRequest generates a "aws/request.Request" representing the 9960// client's request for the MoveAccount operation. The "output" return 9961// value will be populated with the request's response once the request completes 9962// successfully. 9963// 9964// Use "Send" method on the returned Request to send the API call to the service. 9965// the "output" return value is not valid until after Send returns without error. 9966// 9967// See MoveAccount for more information on using the MoveAccount 9968// API call, and error handling. 9969// 9970// This method is useful when you want to inject custom logic or configuration 9971// into the SDK's request lifecycle. Such as custom headers, or retry logic. 9972// 9973// 9974// // Example sending a request using the MoveAccountRequest method. 9975// req, resp := client.MoveAccountRequest(params) 9976// 9977// err := req.Send() 9978// if err == nil { // resp is now filled 9979// fmt.Println(resp) 9980// } 9981// 9982// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 9983func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { 9984 op := &request.Operation{ 9985 Name: opMoveAccount, 9986 HTTPMethod: "POST", 9987 HTTPPath: "/", 9988 } 9989 9990 if input == nil { 9991 input = &MoveAccountInput{} 9992 } 9993 9994 output = &MoveAccountOutput{} 9995 req = c.newRequest(op, input, output) 9996 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 9997 return 9998} 9999 10000// MoveAccount API operation for AWS Organizations. 10001// 10002// Moves an account from its current source parent root or organizational unit 10003// (OU) to the specified destination parent root or OU. 10004// 10005// This operation can be called only from the organization's master account. 10006// 10007// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10008// with awserr.Error's Code and Message methods to get detailed information about 10009// the error. 10010// 10011// See the AWS API reference guide for AWS Organizations's 10012// API operation MoveAccount for usage and error information. 10013// 10014// Returned Error Codes: 10015// * ErrCodeAccessDeniedException "AccessDeniedException" 10016// You don't have permissions to perform the requested operation. The user or 10017// role that is making the request must have at least one IAM permissions policy 10018// attached that grants the required permissions. For more information, see 10019// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10020// in the IAM User Guide. 10021// 10022// * ErrCodeInvalidInputException "InvalidInputException" 10023// The requested operation failed because you provided invalid values for one 10024// or more of the request parameters. This exception includes a reason that 10025// contains additional information about the violated limit: 10026// 10027// Some of the reasons in the following list might not be applicable to this 10028// specific API or operation: 10029// 10030// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10031// can't be modified. 10032// 10033// * INPUT_REQUIRED: You must include a value for all required parameters. 10034// 10035// * INVALID_ENUM: You specified an invalid value. 10036// 10037// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 10038// 10039// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10040// characters. 10041// 10042// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10043// at least one invalid value. 10044// 10045// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10046// from the response to a previous call of the operation. 10047// 10048// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10049// organization, or email) as a party. 10050// 10051// * INVALID_PATTERN: You provided a value that doesn't match the required 10052// pattern. 10053// 10054// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10055// match the required pattern. 10056// 10057// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10058// name can't begin with the reserved prefix AWSServiceRoleFor. 10059// 10060// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10061// Name (ARN) for the organization. 10062// 10063// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10064// 10065// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10066// tag. You can’t add, edit, or delete system tag keys because they're 10067// reserved for AWS use. System tags don’t count against your tags per 10068// resource limit. 10069// 10070// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10071// for the operation. 10072// 10073// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10074// than allowed. 10075// 10076// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10077// value than allowed. 10078// 10079// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10080// than allowed. 10081// 10082// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10083// value than allowed. 10084// 10085// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10086// between entities in the same root. 10087// 10088// * ErrCodeSourceParentNotFoundException "SourceParentNotFoundException" 10089// We can't find a source root or OU with the ParentId that you specified. 10090// 10091// * ErrCodeDestinationParentNotFoundException "DestinationParentNotFoundException" 10092// We can't find the destination container (a root or OU) with the ParentId 10093// that you specified. 10094// 10095// * ErrCodeDuplicateAccountException "DuplicateAccountException" 10096// That account is already present in the specified destination. 10097// 10098// * ErrCodeAccountNotFoundException "AccountNotFoundException" 10099// We can't find an AWS account with the AccountId that you specified. Or the 10100// account whose credentials you used to make this request isn't a member of 10101// an organization. 10102// 10103// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10104// You have sent too many requests in too short a period of time. The limit 10105// helps protect against denial-of-service attacks. Try again later. 10106// 10107// For information on limits that affect AWS Organizations, see Limits of AWS 10108// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10109// in the AWS Organizations User Guide. 10110// 10111// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10112// The target of the operation is currently being modified by a different request. 10113// Try again later. 10114// 10115// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10116// Your account isn't a member of an organization. To make this request, you 10117// must use the credentials of an account that belongs to an organization. 10118// 10119// * ErrCodeServiceException "ServiceException" 10120// AWS Organizations can't complete your request because of an internal service 10121// error. Try again later. 10122// 10123// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 10124func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { 10125 req, out := c.MoveAccountRequest(input) 10126 return out, req.Send() 10127} 10128 10129// MoveAccountWithContext is the same as MoveAccount with the addition of 10130// the ability to pass a context and additional request options. 10131// 10132// See MoveAccount for details on how to use this API operation. 10133// 10134// The context must be non-nil and will be used for request cancellation. If 10135// the context is nil a panic will occur. In the future the SDK may create 10136// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10137// for more information on using Contexts. 10138func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { 10139 req, out := c.MoveAccountRequest(input) 10140 req.SetContext(ctx) 10141 req.ApplyOptions(opts...) 10142 return out, req.Send() 10143} 10144 10145const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" 10146 10147// RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the 10148// client's request for the RemoveAccountFromOrganization operation. The "output" return 10149// value will be populated with the request's response once the request completes 10150// successfully. 10151// 10152// Use "Send" method on the returned Request to send the API call to the service. 10153// the "output" return value is not valid until after Send returns without error. 10154// 10155// See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization 10156// API call, and error handling. 10157// 10158// This method is useful when you want to inject custom logic or configuration 10159// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10160// 10161// 10162// // Example sending a request using the RemoveAccountFromOrganizationRequest method. 10163// req, resp := client.RemoveAccountFromOrganizationRequest(params) 10164// 10165// err := req.Send() 10166// if err == nil { // resp is now filled 10167// fmt.Println(resp) 10168// } 10169// 10170// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 10171func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { 10172 op := &request.Operation{ 10173 Name: opRemoveAccountFromOrganization, 10174 HTTPMethod: "POST", 10175 HTTPPath: "/", 10176 } 10177 10178 if input == nil { 10179 input = &RemoveAccountFromOrganizationInput{} 10180 } 10181 10182 output = &RemoveAccountFromOrganizationOutput{} 10183 req = c.newRequest(op, input, output) 10184 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 10185 return 10186} 10187 10188// RemoveAccountFromOrganization API operation for AWS Organizations. 10189// 10190// Removes the specified account from the organization. 10191// 10192// The removed account becomes a standalone account that isn't a member of any 10193// organization. It's no longer subject to any policies and is responsible for 10194// its own bill payments. The organization's master account is no longer charged 10195// for any expenses accrued by the member account after it's removed from the 10196// organization. 10197// 10198// This operation can be called only from the organization's master account. 10199// Member accounts can remove themselves with LeaveOrganization instead. 10200// 10201// You can remove an account from your organization only if the account is configured 10202// with the information required to operate as a standalone account. When you 10203// create an account in an organization using the AWS Organizations console, 10204// API, or CLI, the information required of standalone accounts is not automatically 10205// collected. For an account that you want to make standalone, you must accept 10206// the end user license agreement (EULA). You must also choose a support plan, 10207// provide and verify the required contact information, and provide a current 10208// payment method. AWS uses the payment method to charge for any billable (not 10209// free tier) AWS activity that occurs while the account isn't attached to an 10210// organization. To remove an account that doesn't yet have this information, 10211// you must sign in as the member account. Then follow the steps at To leave 10212// an organization when all required account information has not yet been provided 10213// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10214// in the AWS Organizations User Guide. 10215// 10216// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10217// with awserr.Error's Code and Message methods to get detailed information about 10218// the error. 10219// 10220// See the AWS API reference guide for AWS Organizations's 10221// API operation RemoveAccountFromOrganization for usage and error information. 10222// 10223// Returned Error Codes: 10224// * ErrCodeAccessDeniedException "AccessDeniedException" 10225// You don't have permissions to perform the requested operation. The user or 10226// role that is making the request must have at least one IAM permissions policy 10227// attached that grants the required permissions. For more information, see 10228// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10229// in the IAM User Guide. 10230// 10231// * ErrCodeAccountNotFoundException "AccountNotFoundException" 10232// We can't find an AWS account with the AccountId that you specified. Or the 10233// account whose credentials you used to make this request isn't a member of 10234// an organization. 10235// 10236// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10237// Your account isn't a member of an organization. To make this request, you 10238// must use the credentials of an account that belongs to an organization. 10239// 10240// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10241// The target of the operation is currently being modified by a different request. 10242// Try again later. 10243// 10244// * ErrCodeConstraintViolationException "ConstraintViolationException" 10245// Performing this operation violates a minimum or maximum value limit. Examples 10246// include attempting to remove the last service control policy (SCP) from an 10247// OU or root, or attaching too many policies to an account, OU, or root. This 10248// exception includes a reason that contains additional information about the 10249// violated limit. 10250// 10251// Some of the reasons in the following list might not be applicable to this 10252// specific API or operation: 10253// 10254// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10255// from the organization that doesn't yet have enough information to exist 10256// as a standalone account. This account requires you to first agree to the 10257// AWS Customer Agreement. Follow the steps at To leave an organization when 10258// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10259// in the AWS Organizations User Guide. 10260// 10261// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10262// an account from the organization that doesn't yet have enough information 10263// to exist as a standalone account. This account requires you to first complete 10264// phone verification. Follow the steps at To leave an organization when 10265// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10266// in the AWS Organizations User Guide. 10267// 10268// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10269// of accounts that you can create in one day. 10270// 10271// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10272// the number of accounts in an organization. If you need more accounts, 10273// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10274// request an increase in your limit. Or the number of invitations that you 10275// tried to send would cause you to exceed the limit of accounts in your 10276// organization. Send fewer invitations or contact AWS Support to request 10277// an increase in the number of accounts. Deleted and closed accounts still 10278// count toward your limit. If you get receive this exception when running 10279// a command immediately after creating the organization, wait one hour and 10280// try again. If after an hour it continues to fail with this error, contact 10281// AWS Support (https://console.aws.amazon.com/support/home#/). 10282// 10283// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10284// handshakes that you can send in one day. 10285// 10286// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10287// in this organization, you first must migrate the organization's master 10288// account to the marketplace that corresponds to the master account's address. 10289// For example, accounts with India addresses must be associated with the 10290// AISPL marketplace. All accounts in an organization must be associated 10291// with the same marketplace. 10292// 10293// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10294// must first provide contact a valid address and phone number for the master 10295// account. Then try the operation again. 10296// 10297// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10298// master account must have an associated account in the AWS GovCloud (US-West) 10299// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10300// in the AWS GovCloud User Guide. 10301// 10302// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10303// with this master account, you first must associate a valid payment instrument, 10304// such as a credit card, with the account. Follow the steps at To leave 10305// an organization when all required account information has not yet been 10306// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10307// in the AWS Organizations User Guide. 10308// 10309// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10310// number of policies of a certain type that can be attached to an entity 10311// at one time. 10312// 10313// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10314// on this resource. 10315// 10316// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10317// with this member account, you first must associate a valid payment instrument, 10318// such as a credit card, with the account. Follow the steps at To leave 10319// an organization when all required account information has not yet been 10320// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10321// in the AWS Organizations User Guide. 10322// 10323// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10324// policy from an entity, which would cause the entity to have fewer than 10325// the minimum number of policies of the required type. 10326// 10327// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10328// too many levels deep. 10329// 10330// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10331// that requires the organization to be configured to support all features. 10332// An organization that supports only consolidated billing features can't 10333// perform this operation. 10334// 10335// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10336// that you can have in an organization. 10337// 10338// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10339// policies that you can have in an organization. 10340// 10341// * ErrCodeInvalidInputException "InvalidInputException" 10342// The requested operation failed because you provided invalid values for one 10343// or more of the request parameters. This exception includes a reason that 10344// contains additional information about the violated limit: 10345// 10346// Some of the reasons in the following list might not be applicable to this 10347// specific API or operation: 10348// 10349// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10350// can't be modified. 10351// 10352// * INPUT_REQUIRED: You must include a value for all required parameters. 10353// 10354// * INVALID_ENUM: You specified an invalid value. 10355// 10356// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 10357// 10358// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10359// characters. 10360// 10361// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10362// at least one invalid value. 10363// 10364// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10365// from the response to a previous call of the operation. 10366// 10367// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10368// organization, or email) as a party. 10369// 10370// * INVALID_PATTERN: You provided a value that doesn't match the required 10371// pattern. 10372// 10373// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10374// match the required pattern. 10375// 10376// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10377// name can't begin with the reserved prefix AWSServiceRoleFor. 10378// 10379// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10380// Name (ARN) for the organization. 10381// 10382// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10383// 10384// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10385// tag. You can’t add, edit, or delete system tag keys because they're 10386// reserved for AWS use. System tags don’t count against your tags per 10387// resource limit. 10388// 10389// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10390// for the operation. 10391// 10392// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10393// than allowed. 10394// 10395// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10396// value than allowed. 10397// 10398// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10399// than allowed. 10400// 10401// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10402// value than allowed. 10403// 10404// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10405// between entities in the same root. 10406// 10407// * ErrCodeMasterCannotLeaveOrganizationException "MasterCannotLeaveOrganizationException" 10408// You can't remove a master account from an organization. If you want the master 10409// account to become a member account in another organization, you must first 10410// delete the current organization of the master account. 10411// 10412// * ErrCodeServiceException "ServiceException" 10413// AWS Organizations can't complete your request because of an internal service 10414// error. Try again later. 10415// 10416// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10417// You have sent too many requests in too short a period of time. The limit 10418// helps protect against denial-of-service attacks. Try again later. 10419// 10420// For information on limits that affect AWS Organizations, see Limits of AWS 10421// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10422// in the AWS Organizations User Guide. 10423// 10424// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 10425func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { 10426 req, out := c.RemoveAccountFromOrganizationRequest(input) 10427 return out, req.Send() 10428} 10429 10430// RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of 10431// the ability to pass a context and additional request options. 10432// 10433// See RemoveAccountFromOrganization for details on how to use this API operation. 10434// 10435// The context must be non-nil and will be used for request cancellation. If 10436// the context is nil a panic will occur. In the future the SDK may create 10437// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10438// for more information on using Contexts. 10439func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { 10440 req, out := c.RemoveAccountFromOrganizationRequest(input) 10441 req.SetContext(ctx) 10442 req.ApplyOptions(opts...) 10443 return out, req.Send() 10444} 10445 10446const opTagResource = "TagResource" 10447 10448// TagResourceRequest generates a "aws/request.Request" representing the 10449// client's request for the TagResource operation. The "output" return 10450// value will be populated with the request's response once the request completes 10451// successfully. 10452// 10453// Use "Send" method on the returned Request to send the API call to the service. 10454// the "output" return value is not valid until after Send returns without error. 10455// 10456// See TagResource for more information on using the TagResource 10457// API call, and error handling. 10458// 10459// This method is useful when you want to inject custom logic or configuration 10460// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10461// 10462// 10463// // Example sending a request using the TagResourceRequest method. 10464// req, resp := client.TagResourceRequest(params) 10465// 10466// err := req.Send() 10467// if err == nil { // resp is now filled 10468// fmt.Println(resp) 10469// } 10470// 10471// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 10472func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 10473 op := &request.Operation{ 10474 Name: opTagResource, 10475 HTTPMethod: "POST", 10476 HTTPPath: "/", 10477 } 10478 10479 if input == nil { 10480 input = &TagResourceInput{} 10481 } 10482 10483 output = &TagResourceOutput{} 10484 req = c.newRequest(op, input, output) 10485 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 10486 return 10487} 10488 10489// TagResource API operation for AWS Organizations. 10490// 10491// Adds one or more tags to the specified resource. 10492// 10493// Currently, you can tag and untag accounts in AWS Organizations. 10494// 10495// This operation can be called only from the organization's master account. 10496// 10497// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10498// with awserr.Error's Code and Message methods to get detailed information about 10499// the error. 10500// 10501// See the AWS API reference guide for AWS Organizations's 10502// API operation TagResource for usage and error information. 10503// 10504// Returned Error Codes: 10505// * ErrCodeAccessDeniedException "AccessDeniedException" 10506// You don't have permissions to perform the requested operation. The user or 10507// role that is making the request must have at least one IAM permissions policy 10508// attached that grants the required permissions. For more information, see 10509// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10510// in the IAM User Guide. 10511// 10512// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10513// The target of the operation is currently being modified by a different request. 10514// Try again later. 10515// 10516// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10517// Your account isn't a member of an organization. To make this request, you 10518// must use the credentials of an account that belongs to an organization. 10519// 10520// * ErrCodeTargetNotFoundException "TargetNotFoundException" 10521// We can't find a root, OU, or account with the TargetId that you specified. 10522// 10523// * ErrCodeConstraintViolationException "ConstraintViolationException" 10524// Performing this operation violates a minimum or maximum value limit. Examples 10525// include attempting to remove the last service control policy (SCP) from an 10526// OU or root, or attaching too many policies to an account, OU, or root. This 10527// exception includes a reason that contains additional information about the 10528// violated limit. 10529// 10530// Some of the reasons in the following list might not be applicable to this 10531// specific API or operation: 10532// 10533// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10534// from the organization that doesn't yet have enough information to exist 10535// as a standalone account. This account requires you to first agree to the 10536// AWS Customer Agreement. Follow the steps at To leave an organization when 10537// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10538// in the AWS Organizations User Guide. 10539// 10540// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10541// an account from the organization that doesn't yet have enough information 10542// to exist as a standalone account. This account requires you to first complete 10543// phone verification. Follow the steps at To leave an organization when 10544// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10545// in the AWS Organizations User Guide. 10546// 10547// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10548// of accounts that you can create in one day. 10549// 10550// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10551// the number of accounts in an organization. If you need more accounts, 10552// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10553// request an increase in your limit. Or the number of invitations that you 10554// tried to send would cause you to exceed the limit of accounts in your 10555// organization. Send fewer invitations or contact AWS Support to request 10556// an increase in the number of accounts. Deleted and closed accounts still 10557// count toward your limit. If you get receive this exception when running 10558// a command immediately after creating the organization, wait one hour and 10559// try again. If after an hour it continues to fail with this error, contact 10560// AWS Support (https://console.aws.amazon.com/support/home#/). 10561// 10562// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10563// handshakes that you can send in one day. 10564// 10565// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10566// in this organization, you first must migrate the organization's master 10567// account to the marketplace that corresponds to the master account's address. 10568// For example, accounts with India addresses must be associated with the 10569// AISPL marketplace. All accounts in an organization must be associated 10570// with the same marketplace. 10571// 10572// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10573// must first provide contact a valid address and phone number for the master 10574// account. Then try the operation again. 10575// 10576// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10577// master account must have an associated account in the AWS GovCloud (US-West) 10578// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10579// in the AWS GovCloud User Guide. 10580// 10581// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10582// with this master account, you first must associate a valid payment instrument, 10583// such as a credit card, with the account. Follow the steps at To leave 10584// an organization when all required account information has not yet been 10585// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10586// in the AWS Organizations User Guide. 10587// 10588// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10589// number of policies of a certain type that can be attached to an entity 10590// at one time. 10591// 10592// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10593// on this resource. 10594// 10595// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10596// with this member account, you first must associate a valid payment instrument, 10597// such as a credit card, with the account. Follow the steps at To leave 10598// an organization when all required account information has not yet been 10599// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10600// in the AWS Organizations User Guide. 10601// 10602// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10603// policy from an entity, which would cause the entity to have fewer than 10604// the minimum number of policies of the required type. 10605// 10606// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10607// too many levels deep. 10608// 10609// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10610// that requires the organization to be configured to support all features. 10611// An organization that supports only consolidated billing features can't 10612// perform this operation. 10613// 10614// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10615// that you can have in an organization. 10616// 10617// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10618// policies that you can have in an organization. 10619// 10620// * ErrCodeInvalidInputException "InvalidInputException" 10621// The requested operation failed because you provided invalid values for one 10622// or more of the request parameters. This exception includes a reason that 10623// contains additional information about the violated limit: 10624// 10625// Some of the reasons in the following list might not be applicable to this 10626// specific API or operation: 10627// 10628// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10629// can't be modified. 10630// 10631// * INPUT_REQUIRED: You must include a value for all required parameters. 10632// 10633// * INVALID_ENUM: You specified an invalid value. 10634// 10635// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 10636// 10637// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10638// characters. 10639// 10640// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10641// at least one invalid value. 10642// 10643// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10644// from the response to a previous call of the operation. 10645// 10646// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10647// organization, or email) as a party. 10648// 10649// * INVALID_PATTERN: You provided a value that doesn't match the required 10650// pattern. 10651// 10652// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10653// match the required pattern. 10654// 10655// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10656// name can't begin with the reserved prefix AWSServiceRoleFor. 10657// 10658// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10659// Name (ARN) for the organization. 10660// 10661// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10662// 10663// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10664// tag. You can’t add, edit, or delete system tag keys because they're 10665// reserved for AWS use. System tags don’t count against your tags per 10666// resource limit. 10667// 10668// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10669// for the operation. 10670// 10671// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10672// than allowed. 10673// 10674// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10675// value than allowed. 10676// 10677// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10678// than allowed. 10679// 10680// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10681// value than allowed. 10682// 10683// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10684// between entities in the same root. 10685// 10686// * ErrCodeServiceException "ServiceException" 10687// AWS Organizations can't complete your request because of an internal service 10688// error. Try again later. 10689// 10690// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10691// You have sent too many requests in too short a period of time. The limit 10692// helps protect against denial-of-service attacks. Try again later. 10693// 10694// For information on limits that affect AWS Organizations, see Limits of AWS 10695// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10696// in the AWS Organizations User Guide. 10697// 10698// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 10699func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 10700 req, out := c.TagResourceRequest(input) 10701 return out, req.Send() 10702} 10703 10704// TagResourceWithContext is the same as TagResource with the addition of 10705// the ability to pass a context and additional request options. 10706// 10707// See TagResource for details on how to use this API operation. 10708// 10709// The context must be non-nil and will be used for request cancellation. If 10710// the context is nil a panic will occur. In the future the SDK may create 10711// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10712// for more information on using Contexts. 10713func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 10714 req, out := c.TagResourceRequest(input) 10715 req.SetContext(ctx) 10716 req.ApplyOptions(opts...) 10717 return out, req.Send() 10718} 10719 10720const opUntagResource = "UntagResource" 10721 10722// UntagResourceRequest generates a "aws/request.Request" representing the 10723// client's request for the UntagResource operation. The "output" return 10724// value will be populated with the request's response once the request completes 10725// successfully. 10726// 10727// Use "Send" method on the returned Request to send the API call to the service. 10728// the "output" return value is not valid until after Send returns without error. 10729// 10730// See UntagResource for more information on using the UntagResource 10731// API call, and error handling. 10732// 10733// This method is useful when you want to inject custom logic or configuration 10734// into the SDK's request lifecycle. Such as custom headers, or retry logic. 10735// 10736// 10737// // Example sending a request using the UntagResourceRequest method. 10738// req, resp := client.UntagResourceRequest(params) 10739// 10740// err := req.Send() 10741// if err == nil { // resp is now filled 10742// fmt.Println(resp) 10743// } 10744// 10745// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 10746func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 10747 op := &request.Operation{ 10748 Name: opUntagResource, 10749 HTTPMethod: "POST", 10750 HTTPPath: "/", 10751 } 10752 10753 if input == nil { 10754 input = &UntagResourceInput{} 10755 } 10756 10757 output = &UntagResourceOutput{} 10758 req = c.newRequest(op, input, output) 10759 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 10760 return 10761} 10762 10763// UntagResource API operation for AWS Organizations. 10764// 10765// Removes a tag from the specified resource. 10766// 10767// Currently, you can tag and untag accounts in AWS Organizations. 10768// 10769// This operation can be called only from the organization's master account. 10770// 10771// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10772// with awserr.Error's Code and Message methods to get detailed information about 10773// the error. 10774// 10775// See the AWS API reference guide for AWS Organizations's 10776// API operation UntagResource for usage and error information. 10777// 10778// Returned Error Codes: 10779// * ErrCodeAccessDeniedException "AccessDeniedException" 10780// You don't have permissions to perform the requested operation. The user or 10781// role that is making the request must have at least one IAM permissions policy 10782// attached that grants the required permissions. For more information, see 10783// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10784// in the IAM User Guide. 10785// 10786// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 10787// The target of the operation is currently being modified by a different request. 10788// Try again later. 10789// 10790// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 10791// Your account isn't a member of an organization. To make this request, you 10792// must use the credentials of an account that belongs to an organization. 10793// 10794// * ErrCodeTargetNotFoundException "TargetNotFoundException" 10795// We can't find a root, OU, or account with the TargetId that you specified. 10796// 10797// * ErrCodeConstraintViolationException "ConstraintViolationException" 10798// Performing this operation violates a minimum or maximum value limit. Examples 10799// include attempting to remove the last service control policy (SCP) from an 10800// OU or root, or attaching too many policies to an account, OU, or root. This 10801// exception includes a reason that contains additional information about the 10802// violated limit. 10803// 10804// Some of the reasons in the following list might not be applicable to this 10805// specific API or operation: 10806// 10807// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 10808// from the organization that doesn't yet have enough information to exist 10809// as a standalone account. This account requires you to first agree to the 10810// AWS Customer Agreement. Follow the steps at To leave an organization when 10811// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10812// in the AWS Organizations User Guide. 10813// 10814// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 10815// an account from the organization that doesn't yet have enough information 10816// to exist as a standalone account. This account requires you to first complete 10817// phone verification. Follow the steps at To leave an organization when 10818// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10819// in the AWS Organizations User Guide. 10820// 10821// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 10822// of accounts that you can create in one day. 10823// 10824// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 10825// the number of accounts in an organization. If you need more accounts, 10826// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 10827// request an increase in your limit. Or the number of invitations that you 10828// tried to send would cause you to exceed the limit of accounts in your 10829// organization. Send fewer invitations or contact AWS Support to request 10830// an increase in the number of accounts. Deleted and closed accounts still 10831// count toward your limit. If you get receive this exception when running 10832// a command immediately after creating the organization, wait one hour and 10833// try again. If after an hour it continues to fail with this error, contact 10834// AWS Support (https://console.aws.amazon.com/support/home#/). 10835// 10836// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 10837// handshakes that you can send in one day. 10838// 10839// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 10840// in this organization, you first must migrate the organization's master 10841// account to the marketplace that corresponds to the master account's address. 10842// For example, accounts with India addresses must be associated with the 10843// AISPL marketplace. All accounts in an organization must be associated 10844// with the same marketplace. 10845// 10846// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 10847// must first provide contact a valid address and phone number for the master 10848// account. Then try the operation again. 10849// 10850// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 10851// master account must have an associated account in the AWS GovCloud (US-West) 10852// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 10853// in the AWS GovCloud User Guide. 10854// 10855// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 10856// with this master account, you first must associate a valid payment instrument, 10857// such as a credit card, with the account. Follow the steps at To leave 10858// an organization when all required account information has not yet been 10859// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10860// in the AWS Organizations User Guide. 10861// 10862// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 10863// number of policies of a certain type that can be attached to an entity 10864// at one time. 10865// 10866// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 10867// on this resource. 10868// 10869// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 10870// with this member account, you first must associate a valid payment instrument, 10871// such as a credit card, with the account. Follow the steps at To leave 10872// an organization when all required account information has not yet been 10873// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 10874// in the AWS Organizations User Guide. 10875// 10876// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 10877// policy from an entity, which would cause the entity to have fewer than 10878// the minimum number of policies of the required type. 10879// 10880// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 10881// too many levels deep. 10882// 10883// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 10884// that requires the organization to be configured to support all features. 10885// An organization that supports only consolidated billing features can't 10886// perform this operation. 10887// 10888// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 10889// that you can have in an organization. 10890// 10891// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 10892// policies that you can have in an organization. 10893// 10894// * ErrCodeInvalidInputException "InvalidInputException" 10895// The requested operation failed because you provided invalid values for one 10896// or more of the request parameters. This exception includes a reason that 10897// contains additional information about the violated limit: 10898// 10899// Some of the reasons in the following list might not be applicable to this 10900// specific API or operation: 10901// 10902// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10903// can't be modified. 10904// 10905// * INPUT_REQUIRED: You must include a value for all required parameters. 10906// 10907// * INVALID_ENUM: You specified an invalid value. 10908// 10909// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 10910// 10911// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10912// characters. 10913// 10914// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10915// at least one invalid value. 10916// 10917// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10918// from the response to a previous call of the operation. 10919// 10920// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10921// organization, or email) as a party. 10922// 10923// * INVALID_PATTERN: You provided a value that doesn't match the required 10924// pattern. 10925// 10926// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10927// match the required pattern. 10928// 10929// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10930// name can't begin with the reserved prefix AWSServiceRoleFor. 10931// 10932// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10933// Name (ARN) for the organization. 10934// 10935// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10936// 10937// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10938// tag. You can’t add, edit, or delete system tag keys because they're 10939// reserved for AWS use. System tags don’t count against your tags per 10940// resource limit. 10941// 10942// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10943// for the operation. 10944// 10945// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10946// than allowed. 10947// 10948// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10949// value than allowed. 10950// 10951// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10952// than allowed. 10953// 10954// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10955// value than allowed. 10956// 10957// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10958// between entities in the same root. 10959// 10960// * ErrCodeServiceException "ServiceException" 10961// AWS Organizations can't complete your request because of an internal service 10962// error. Try again later. 10963// 10964// * ErrCodeTooManyRequestsException "TooManyRequestsException" 10965// You have sent too many requests in too short a period of time. The limit 10966// helps protect against denial-of-service attacks. Try again later. 10967// 10968// For information on limits that affect AWS Organizations, see Limits of AWS 10969// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 10970// in the AWS Organizations User Guide. 10971// 10972// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 10973func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 10974 req, out := c.UntagResourceRequest(input) 10975 return out, req.Send() 10976} 10977 10978// UntagResourceWithContext is the same as UntagResource with the addition of 10979// the ability to pass a context and additional request options. 10980// 10981// See UntagResource for details on how to use this API operation. 10982// 10983// The context must be non-nil and will be used for request cancellation. If 10984// the context is nil a panic will occur. In the future the SDK may create 10985// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10986// for more information on using Contexts. 10987func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 10988 req, out := c.UntagResourceRequest(input) 10989 req.SetContext(ctx) 10990 req.ApplyOptions(opts...) 10991 return out, req.Send() 10992} 10993 10994const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" 10995 10996// UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the 10997// client's request for the UpdateOrganizationalUnit operation. The "output" return 10998// value will be populated with the request's response once the request completes 10999// successfully. 11000// 11001// Use "Send" method on the returned Request to send the API call to the service. 11002// the "output" return value is not valid until after Send returns without error. 11003// 11004// See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit 11005// API call, and error handling. 11006// 11007// This method is useful when you want to inject custom logic or configuration 11008// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11009// 11010// 11011// // Example sending a request using the UpdateOrganizationalUnitRequest method. 11012// req, resp := client.UpdateOrganizationalUnitRequest(params) 11013// 11014// err := req.Send() 11015// if err == nil { // resp is now filled 11016// fmt.Println(resp) 11017// } 11018// 11019// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 11020func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { 11021 op := &request.Operation{ 11022 Name: opUpdateOrganizationalUnit, 11023 HTTPMethod: "POST", 11024 HTTPPath: "/", 11025 } 11026 11027 if input == nil { 11028 input = &UpdateOrganizationalUnitInput{} 11029 } 11030 11031 output = &UpdateOrganizationalUnitOutput{} 11032 req = c.newRequest(op, input, output) 11033 return 11034} 11035 11036// UpdateOrganizationalUnit API operation for AWS Organizations. 11037// 11038// Renames the specified organizational unit (OU). The ID and ARN don't change. 11039// The child OUs and accounts remain in place, and any attached policies of 11040// the OU remain attached. 11041// 11042// This operation can be called only from the organization's master account. 11043// 11044// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11045// with awserr.Error's Code and Message methods to get detailed information about 11046// the error. 11047// 11048// See the AWS API reference guide for AWS Organizations's 11049// API operation UpdateOrganizationalUnit for usage and error information. 11050// 11051// Returned Error Codes: 11052// * ErrCodeAccessDeniedException "AccessDeniedException" 11053// You don't have permissions to perform the requested operation. The user or 11054// role that is making the request must have at least one IAM permissions policy 11055// attached that grants the required permissions. For more information, see 11056// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11057// in the IAM User Guide. 11058// 11059// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 11060// Your account isn't a member of an organization. To make this request, you 11061// must use the credentials of an account that belongs to an organization. 11062// 11063// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 11064// The target of the operation is currently being modified by a different request. 11065// Try again later. 11066// 11067// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException" 11068// An OU with the same name already exists. 11069// 11070// * ErrCodeInvalidInputException "InvalidInputException" 11071// The requested operation failed because you provided invalid values for one 11072// or more of the request parameters. This exception includes a reason that 11073// contains additional information about the violated limit: 11074// 11075// Some of the reasons in the following list might not be applicable to this 11076// specific API or operation: 11077// 11078// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11079// can't be modified. 11080// 11081// * INPUT_REQUIRED: You must include a value for all required parameters. 11082// 11083// * INVALID_ENUM: You specified an invalid value. 11084// 11085// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 11086// 11087// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11088// characters. 11089// 11090// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11091// at least one invalid value. 11092// 11093// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11094// from the response to a previous call of the operation. 11095// 11096// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11097// organization, or email) as a party. 11098// 11099// * INVALID_PATTERN: You provided a value that doesn't match the required 11100// pattern. 11101// 11102// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11103// match the required pattern. 11104// 11105// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11106// name can't begin with the reserved prefix AWSServiceRoleFor. 11107// 11108// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11109// Name (ARN) for the organization. 11110// 11111// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11112// 11113// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11114// tag. You can’t add, edit, or delete system tag keys because they're 11115// reserved for AWS use. System tags don’t count against your tags per 11116// resource limit. 11117// 11118// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11119// for the operation. 11120// 11121// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11122// than allowed. 11123// 11124// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11125// value than allowed. 11126// 11127// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11128// than allowed. 11129// 11130// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11131// value than allowed. 11132// 11133// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11134// between entities in the same root. 11135// 11136// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException" 11137// We can't find an OU with the OrganizationalUnitId that you specified. 11138// 11139// * ErrCodeServiceException "ServiceException" 11140// AWS Organizations can't complete your request because of an internal service 11141// error. Try again later. 11142// 11143// * ErrCodeTooManyRequestsException "TooManyRequestsException" 11144// You have sent too many requests in too short a period of time. The limit 11145// helps protect against denial-of-service attacks. Try again later. 11146// 11147// For information on limits that affect AWS Organizations, see Limits of AWS 11148// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 11149// in the AWS Organizations User Guide. 11150// 11151// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 11152func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { 11153 req, out := c.UpdateOrganizationalUnitRequest(input) 11154 return out, req.Send() 11155} 11156 11157// UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of 11158// the ability to pass a context and additional request options. 11159// 11160// See UpdateOrganizationalUnit for details on how to use this API operation. 11161// 11162// The context must be non-nil and will be used for request cancellation. If 11163// the context is nil a panic will occur. In the future the SDK may create 11164// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11165// for more information on using Contexts. 11166func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { 11167 req, out := c.UpdateOrganizationalUnitRequest(input) 11168 req.SetContext(ctx) 11169 req.ApplyOptions(opts...) 11170 return out, req.Send() 11171} 11172 11173const opUpdatePolicy = "UpdatePolicy" 11174 11175// UpdatePolicyRequest generates a "aws/request.Request" representing the 11176// client's request for the UpdatePolicy operation. The "output" return 11177// value will be populated with the request's response once the request completes 11178// successfully. 11179// 11180// Use "Send" method on the returned Request to send the API call to the service. 11181// the "output" return value is not valid until after Send returns without error. 11182// 11183// See UpdatePolicy for more information on using the UpdatePolicy 11184// API call, and error handling. 11185// 11186// This method is useful when you want to inject custom logic or configuration 11187// into the SDK's request lifecycle. Such as custom headers, or retry logic. 11188// 11189// 11190// // Example sending a request using the UpdatePolicyRequest method. 11191// req, resp := client.UpdatePolicyRequest(params) 11192// 11193// err := req.Send() 11194// if err == nil { // resp is now filled 11195// fmt.Println(resp) 11196// } 11197// 11198// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 11199func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { 11200 op := &request.Operation{ 11201 Name: opUpdatePolicy, 11202 HTTPMethod: "POST", 11203 HTTPPath: "/", 11204 } 11205 11206 if input == nil { 11207 input = &UpdatePolicyInput{} 11208 } 11209 11210 output = &UpdatePolicyOutput{} 11211 req = c.newRequest(op, input, output) 11212 return 11213} 11214 11215// UpdatePolicy API operation for AWS Organizations. 11216// 11217// Updates an existing policy with a new name, description, or content. If you 11218// don't supply any parameter, that value remains unchanged. You can't change 11219// a policy's type. 11220// 11221// This operation can be called only from the organization's master account. 11222// 11223// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11224// with awserr.Error's Code and Message methods to get detailed information about 11225// the error. 11226// 11227// See the AWS API reference guide for AWS Organizations's 11228// API operation UpdatePolicy for usage and error information. 11229// 11230// Returned Error Codes: 11231// * ErrCodeAccessDeniedException "AccessDeniedException" 11232// You don't have permissions to perform the requested operation. The user or 11233// role that is making the request must have at least one IAM permissions policy 11234// attached that grants the required permissions. For more information, see 11235// Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11236// in the IAM User Guide. 11237// 11238// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException" 11239// Your account isn't a member of an organization. To make this request, you 11240// must use the credentials of an account that belongs to an organization. 11241// 11242// * ErrCodeConcurrentModificationException "ConcurrentModificationException" 11243// The target of the operation is currently being modified by a different request. 11244// Try again later. 11245// 11246// * ErrCodeConstraintViolationException "ConstraintViolationException" 11247// Performing this operation violates a minimum or maximum value limit. Examples 11248// include attempting to remove the last service control policy (SCP) from an 11249// OU or root, or attaching too many policies to an account, OU, or root. This 11250// exception includes a reason that contains additional information about the 11251// violated limit. 11252// 11253// Some of the reasons in the following list might not be applicable to this 11254// specific API or operation: 11255// 11256// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 11257// from the organization that doesn't yet have enough information to exist 11258// as a standalone account. This account requires you to first agree to the 11259// AWS Customer Agreement. Follow the steps at To leave an organization when 11260// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11261// in the AWS Organizations User Guide. 11262// 11263// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 11264// an account from the organization that doesn't yet have enough information 11265// to exist as a standalone account. This account requires you to first complete 11266// phone verification. Follow the steps at To leave an organization when 11267// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11268// in the AWS Organizations User Guide. 11269// 11270// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 11271// of accounts that you can create in one day. 11272// 11273// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 11274// the number of accounts in an organization. If you need more accounts, 11275// contact AWS Support (https://console.aws.amazon.com/support/home#/) to 11276// request an increase in your limit. Or the number of invitations that you 11277// tried to send would cause you to exceed the limit of accounts in your 11278// organization. Send fewer invitations or contact AWS Support to request 11279// an increase in the number of accounts. Deleted and closed accounts still 11280// count toward your limit. If you get receive this exception when running 11281// a command immediately after creating the organization, wait one hour and 11282// try again. If after an hour it continues to fail with this error, contact 11283// AWS Support (https://console.aws.amazon.com/support/home#/). 11284// 11285// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 11286// handshakes that you can send in one day. 11287// 11288// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 11289// in this organization, you first must migrate the organization's master 11290// account to the marketplace that corresponds to the master account's address. 11291// For example, accounts with India addresses must be associated with the 11292// AISPL marketplace. All accounts in an organization must be associated 11293// with the same marketplace. 11294// 11295// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 11296// must first provide contact a valid address and phone number for the master 11297// account. Then try the operation again. 11298// 11299// * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 11300// master account must have an associated account in the AWS GovCloud (US-West) 11301// Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 11302// in the AWS GovCloud User Guide. 11303// 11304// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 11305// with this master account, you first must associate a valid payment instrument, 11306// such as a credit card, with the account. Follow the steps at To leave 11307// an organization when all required account information has not yet been 11308// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11309// in the AWS Organizations User Guide. 11310// 11311// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 11312// number of policies of a certain type that can be attached to an entity 11313// at one time. 11314// 11315// * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 11316// on this resource. 11317// 11318// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 11319// with this member account, you first must associate a valid payment instrument, 11320// such as a credit card, with the account. Follow the steps at To leave 11321// an organization when all required account information has not yet been 11322// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 11323// in the AWS Organizations User Guide. 11324// 11325// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 11326// policy from an entity, which would cause the entity to have fewer than 11327// the minimum number of policies of the required type. 11328// 11329// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 11330// too many levels deep. 11331// 11332// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 11333// that requires the organization to be configured to support all features. 11334// An organization that supports only consolidated billing features can't 11335// perform this operation. 11336// 11337// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 11338// that you can have in an organization. 11339// 11340// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of 11341// policies that you can have in an organization. 11342// 11343// * ErrCodeDuplicatePolicyException "DuplicatePolicyException" 11344// A policy with the same name already exists. 11345// 11346// * ErrCodeInvalidInputException "InvalidInputException" 11347// The requested operation failed because you provided invalid values for one 11348// or more of the request parameters. This exception includes a reason that 11349// contains additional information about the violated limit: 11350// 11351// Some of the reasons in the following list might not be applicable to this 11352// specific API or operation: 11353// 11354// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11355// can't be modified. 11356// 11357// * INPUT_REQUIRED: You must include a value for all required parameters. 11358// 11359// * INVALID_ENUM: You specified an invalid value. 11360// 11361// * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type. 11362// 11363// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11364// characters. 11365// 11366// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11367// at least one invalid value. 11368// 11369// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11370// from the response to a previous call of the operation. 11371// 11372// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11373// organization, or email) as a party. 11374// 11375// * INVALID_PATTERN: You provided a value that doesn't match the required 11376// pattern. 11377// 11378// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11379// match the required pattern. 11380// 11381// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11382// name can't begin with the reserved prefix AWSServiceRoleFor. 11383// 11384// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11385// Name (ARN) for the organization. 11386// 11387// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11388// 11389// * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11390// tag. You can’t add, edit, or delete system tag keys because they're 11391// reserved for AWS use. System tags don’t count against your tags per 11392// resource limit. 11393// 11394// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11395// for the operation. 11396// 11397// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11398// than allowed. 11399// 11400// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11401// value than allowed. 11402// 11403// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11404// than allowed. 11405// 11406// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11407// value than allowed. 11408// 11409// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11410// between entities in the same root. 11411// 11412// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 11413// The provided policy document doesn't meet the requirements of the specified 11414// policy type. For example, the syntax might be incorrect. For details about 11415// service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 11416// in the AWS Organizations User Guide. 11417// 11418// * ErrCodePolicyNotFoundException "PolicyNotFoundException" 11419// We can't find a policy with the PolicyId that you specified. 11420// 11421// * ErrCodeServiceException "ServiceException" 11422// AWS Organizations can't complete your request because of an internal service 11423// error. Try again later. 11424// 11425// * ErrCodeTooManyRequestsException "TooManyRequestsException" 11426// You have sent too many requests in too short a period of time. The limit 11427// helps protect against denial-of-service attacks. Try again later. 11428// 11429// For information on limits that affect AWS Organizations, see Limits of AWS 11430// Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html) 11431// in the AWS Organizations User Guide. 11432// 11433// * ErrCodeUnsupportedAPIEndpointException "UnsupportedAPIEndpointException" 11434// This action isn't available in the current Region. 11435// 11436// * ErrCodePolicyChangesInProgressException "PolicyChangesInProgressException" 11437// Changes to the effective policy are in progress, and its contents can't be 11438// returned. Try the operation again later. 11439// 11440// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 11441func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { 11442 req, out := c.UpdatePolicyRequest(input) 11443 return out, req.Send() 11444} 11445 11446// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of 11447// the ability to pass a context and additional request options. 11448// 11449// See UpdatePolicy for details on how to use this API operation. 11450// 11451// The context must be non-nil and will be used for request cancellation. If 11452// the context is nil a panic will occur. In the future the SDK may create 11453// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11454// for more information on using Contexts. 11455func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { 11456 req, out := c.UpdatePolicyRequest(input) 11457 req.SetContext(ctx) 11458 req.ApplyOptions(opts...) 11459 return out, req.Send() 11460} 11461 11462type AcceptHandshakeInput struct { 11463 _ struct{} `type:"structure"` 11464 11465 // The unique identifier (ID) of the handshake that you want to accept. 11466 // 11467 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 11468 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 11469 // 11470 // HandshakeId is a required field 11471 HandshakeId *string `type:"string" required:"true"` 11472} 11473 11474// String returns the string representation 11475func (s AcceptHandshakeInput) String() string { 11476 return awsutil.Prettify(s) 11477} 11478 11479// GoString returns the string representation 11480func (s AcceptHandshakeInput) GoString() string { 11481 return s.String() 11482} 11483 11484// Validate inspects the fields of the type to determine if they are valid. 11485func (s *AcceptHandshakeInput) Validate() error { 11486 invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} 11487 if s.HandshakeId == nil { 11488 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 11489 } 11490 11491 if invalidParams.Len() > 0 { 11492 return invalidParams 11493 } 11494 return nil 11495} 11496 11497// SetHandshakeId sets the HandshakeId field's value. 11498func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { 11499 s.HandshakeId = &v 11500 return s 11501} 11502 11503type AcceptHandshakeOutput struct { 11504 _ struct{} `type:"structure"` 11505 11506 // A structure that contains details about the accepted handshake. 11507 Handshake *Handshake `type:"structure"` 11508} 11509 11510// String returns the string representation 11511func (s AcceptHandshakeOutput) String() string { 11512 return awsutil.Prettify(s) 11513} 11514 11515// GoString returns the string representation 11516func (s AcceptHandshakeOutput) GoString() string { 11517 return s.String() 11518} 11519 11520// SetHandshake sets the Handshake field's value. 11521func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { 11522 s.Handshake = v 11523 return s 11524} 11525 11526// Contains information about an AWS account that is a member of an organization. 11527type Account struct { 11528 _ struct{} `type:"structure"` 11529 11530 // The Amazon Resource Name (ARN) of the account. 11531 // 11532 // For more information about ARNs in Organizations, see ARN Formats Supported 11533 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 11534 // in the AWS Organizations User Guide. 11535 Arn *string `type:"string"` 11536 11537 // The email address associated with the AWS account. 11538 // 11539 // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is 11540 // a string of characters that represents a standard internet email address. 11541 Email *string `min:"6" type:"string" sensitive:"true"` 11542 11543 // The unique identifier (ID) of the account. 11544 // 11545 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 11546 // requires exactly 12 digits. 11547 Id *string `type:"string"` 11548 11549 // The method by which the account joined the organization. 11550 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 11551 11552 // The date the account became a part of the organization. 11553 JoinedTimestamp *time.Time `type:"timestamp"` 11554 11555 // The friendly name of the account. 11556 // 11557 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11558 // this parameter is a string of any of the characters in the ASCII character 11559 // range. 11560 Name *string `min:"1" type:"string" sensitive:"true"` 11561 11562 // The status of the account in the organization. 11563 Status *string `type:"string" enum:"AccountStatus"` 11564} 11565 11566// String returns the string representation 11567func (s Account) String() string { 11568 return awsutil.Prettify(s) 11569} 11570 11571// GoString returns the string representation 11572func (s Account) GoString() string { 11573 return s.String() 11574} 11575 11576// SetArn sets the Arn field's value. 11577func (s *Account) SetArn(v string) *Account { 11578 s.Arn = &v 11579 return s 11580} 11581 11582// SetEmail sets the Email field's value. 11583func (s *Account) SetEmail(v string) *Account { 11584 s.Email = &v 11585 return s 11586} 11587 11588// SetId sets the Id field's value. 11589func (s *Account) SetId(v string) *Account { 11590 s.Id = &v 11591 return s 11592} 11593 11594// SetJoinedMethod sets the JoinedMethod field's value. 11595func (s *Account) SetJoinedMethod(v string) *Account { 11596 s.JoinedMethod = &v 11597 return s 11598} 11599 11600// SetJoinedTimestamp sets the JoinedTimestamp field's value. 11601func (s *Account) SetJoinedTimestamp(v time.Time) *Account { 11602 s.JoinedTimestamp = &v 11603 return s 11604} 11605 11606// SetName sets the Name field's value. 11607func (s *Account) SetName(v string) *Account { 11608 s.Name = &v 11609 return s 11610} 11611 11612// SetStatus sets the Status field's value. 11613func (s *Account) SetStatus(v string) *Account { 11614 s.Status = &v 11615 return s 11616} 11617 11618type AttachPolicyInput struct { 11619 _ struct{} `type:"structure"` 11620 11621 // The unique identifier (ID) of the policy that you want to attach to the target. 11622 // You can get the ID for the policy by calling the ListPolicies operation. 11623 // 11624 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 11625 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 11626 // 11627 // PolicyId is a required field 11628 PolicyId *string `type:"string" required:"true"` 11629 11630 // The unique identifier (ID) of the root, OU, or account that you want to attach 11631 // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, 11632 // or ListAccounts operations. 11633 // 11634 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 11635 // requires one of the following: 11636 // 11637 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 11638 // letters or digits. 11639 // 11640 // * Account - A string that consists of exactly 12 digits. 11641 // 11642 // * Organizational unit (OU) - A string that begins with "ou-" followed 11643 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 11644 // OU is in). This string is followed by a second "-" dash and from 8 to 11645 // 32 additional lowercase letters or digits. 11646 // 11647 // TargetId is a required field 11648 TargetId *string `type:"string" required:"true"` 11649} 11650 11651// String returns the string representation 11652func (s AttachPolicyInput) String() string { 11653 return awsutil.Prettify(s) 11654} 11655 11656// GoString returns the string representation 11657func (s AttachPolicyInput) GoString() string { 11658 return s.String() 11659} 11660 11661// Validate inspects the fields of the type to determine if they are valid. 11662func (s *AttachPolicyInput) Validate() error { 11663 invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} 11664 if s.PolicyId == nil { 11665 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 11666 } 11667 if s.TargetId == nil { 11668 invalidParams.Add(request.NewErrParamRequired("TargetId")) 11669 } 11670 11671 if invalidParams.Len() > 0 { 11672 return invalidParams 11673 } 11674 return nil 11675} 11676 11677// SetPolicyId sets the PolicyId field's value. 11678func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { 11679 s.PolicyId = &v 11680 return s 11681} 11682 11683// SetTargetId sets the TargetId field's value. 11684func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { 11685 s.TargetId = &v 11686 return s 11687} 11688 11689type AttachPolicyOutput struct { 11690 _ struct{} `type:"structure"` 11691} 11692 11693// String returns the string representation 11694func (s AttachPolicyOutput) String() string { 11695 return awsutil.Prettify(s) 11696} 11697 11698// GoString returns the string representation 11699func (s AttachPolicyOutput) GoString() string { 11700 return s.String() 11701} 11702 11703type CancelHandshakeInput struct { 11704 _ struct{} `type:"structure"` 11705 11706 // The unique identifier (ID) of the handshake that you want to cancel. You 11707 // can get the ID from the ListHandshakesForOrganization operation. 11708 // 11709 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 11710 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 11711 // 11712 // HandshakeId is a required field 11713 HandshakeId *string `type:"string" required:"true"` 11714} 11715 11716// String returns the string representation 11717func (s CancelHandshakeInput) String() string { 11718 return awsutil.Prettify(s) 11719} 11720 11721// GoString returns the string representation 11722func (s CancelHandshakeInput) GoString() string { 11723 return s.String() 11724} 11725 11726// Validate inspects the fields of the type to determine if they are valid. 11727func (s *CancelHandshakeInput) Validate() error { 11728 invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} 11729 if s.HandshakeId == nil { 11730 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 11731 } 11732 11733 if invalidParams.Len() > 0 { 11734 return invalidParams 11735 } 11736 return nil 11737} 11738 11739// SetHandshakeId sets the HandshakeId field's value. 11740func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { 11741 s.HandshakeId = &v 11742 return s 11743} 11744 11745type CancelHandshakeOutput struct { 11746 _ struct{} `type:"structure"` 11747 11748 // A structure that contains details about the handshake that you canceled. 11749 Handshake *Handshake `type:"structure"` 11750} 11751 11752// String returns the string representation 11753func (s CancelHandshakeOutput) String() string { 11754 return awsutil.Prettify(s) 11755} 11756 11757// GoString returns the string representation 11758func (s CancelHandshakeOutput) GoString() string { 11759 return s.String() 11760} 11761 11762// SetHandshake sets the Handshake field's value. 11763func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { 11764 s.Handshake = v 11765 return s 11766} 11767 11768// Contains a list of child entities, either OUs or accounts. 11769type Child struct { 11770 _ struct{} `type:"structure"` 11771 11772 // The unique identifier (ID) of this child entity. 11773 // 11774 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 11775 // requires one of the following: 11776 // 11777 // * Account: A string that consists of exactly 12 digits. 11778 // 11779 // * Organizational unit (OU): A string that begins with "ou-" followed by 11780 // from 4 to 32 lower-case letters or digits (the ID of the root that contains 11781 // the OU). This string is followed by a second "-" dash and from 8 to 32 11782 // additional lower-case letters or digits. 11783 Id *string `type:"string"` 11784 11785 // The type of this child entity. 11786 Type *string `type:"string" enum:"ChildType"` 11787} 11788 11789// String returns the string representation 11790func (s Child) String() string { 11791 return awsutil.Prettify(s) 11792} 11793 11794// GoString returns the string representation 11795func (s Child) GoString() string { 11796 return s.String() 11797} 11798 11799// SetId sets the Id field's value. 11800func (s *Child) SetId(v string) *Child { 11801 s.Id = &v 11802 return s 11803} 11804 11805// SetType sets the Type field's value. 11806func (s *Child) SetType(v string) *Child { 11807 s.Type = &v 11808 return s 11809} 11810 11811type CreateAccountInput struct { 11812 _ struct{} `type:"structure"` 11813 11814 // The friendly name of the member account. 11815 // 11816 // AccountName is a required field 11817 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 11818 11819 // The email address of the owner to assign to the new member account. This 11820 // email address must not already be associated with another AWS account. You 11821 // must use a valid email address to complete account creation. You can't access 11822 // the root user of the account or remove an account that was created with an 11823 // invalid email address. 11824 // 11825 // Email is a required field 11826 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 11827 11828 // If set to ALLOW, the new account enables IAM users to access account billing 11829 // information if they have the required permissions. If set to DENY, only the 11830 // root user of the new account can access account billing information. For 11831 // more information, see Activating Access to the Billing and Cost Management 11832 // Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 11833 // in the AWS Billing and Cost Management User Guide. 11834 // 11835 // If you don't specify this parameter, the value defaults to ALLOW. This value 11836 // allows IAM users and roles with the required permissions to access billing 11837 // information for the new account. 11838 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 11839 11840 // (Optional) 11841 // 11842 // The name of an IAM role that AWS Organizations automatically preconfigures 11843 // in the new member account. This role trusts the master account, allowing 11844 // users in the master account to assume the role, as permitted by the master 11845 // account administrator. The role has administrator permissions in the new 11846 // member account. 11847 // 11848 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 11849 // 11850 // For more information about how to use this role to access the member account, 11851 // see Accessing and Administering the Member Accounts in Your Organization 11852 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 11853 // in the AWS Organizations User Guide. Also see steps 2 and 3 in Tutorial: 11854 // Delegate Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 11855 // in the IAM User Guide. 11856 // 11857 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 11858 // this parameter. The pattern can include uppercase letters, lowercase letters, 11859 // digits with no spaces, and any of the following characters: =,.@- 11860 RoleName *string `type:"string"` 11861} 11862 11863// String returns the string representation 11864func (s CreateAccountInput) String() string { 11865 return awsutil.Prettify(s) 11866} 11867 11868// GoString returns the string representation 11869func (s CreateAccountInput) GoString() string { 11870 return s.String() 11871} 11872 11873// Validate inspects the fields of the type to determine if they are valid. 11874func (s *CreateAccountInput) Validate() error { 11875 invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} 11876 if s.AccountName == nil { 11877 invalidParams.Add(request.NewErrParamRequired("AccountName")) 11878 } 11879 if s.AccountName != nil && len(*s.AccountName) < 1 { 11880 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 11881 } 11882 if s.Email == nil { 11883 invalidParams.Add(request.NewErrParamRequired("Email")) 11884 } 11885 if s.Email != nil && len(*s.Email) < 6 { 11886 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 11887 } 11888 11889 if invalidParams.Len() > 0 { 11890 return invalidParams 11891 } 11892 return nil 11893} 11894 11895// SetAccountName sets the AccountName field's value. 11896func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { 11897 s.AccountName = &v 11898 return s 11899} 11900 11901// SetEmail sets the Email field's value. 11902func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { 11903 s.Email = &v 11904 return s 11905} 11906 11907// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 11908func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { 11909 s.IamUserAccessToBilling = &v 11910 return s 11911} 11912 11913// SetRoleName sets the RoleName field's value. 11914func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { 11915 s.RoleName = &v 11916 return s 11917} 11918 11919type CreateAccountOutput struct { 11920 _ struct{} `type:"structure"` 11921 11922 // A structure that contains details about the request to create an account. 11923 // This response structure might not be fully populated when you first receive 11924 // it because account creation is an asynchronous process. You can pass the 11925 // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus 11926 // to get status about the progress of the request at later times. You can also 11927 // check the AWS CloudTrail log for the CreateAccountResult event. For more 11928 // information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 11929 // in the AWS Organizations User Guide. 11930 CreateAccountStatus *CreateAccountStatus `type:"structure"` 11931} 11932 11933// String returns the string representation 11934func (s CreateAccountOutput) String() string { 11935 return awsutil.Prettify(s) 11936} 11937 11938// GoString returns the string representation 11939func (s CreateAccountOutput) GoString() string { 11940 return s.String() 11941} 11942 11943// SetCreateAccountStatus sets the CreateAccountStatus field's value. 11944func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { 11945 s.CreateAccountStatus = v 11946 return s 11947} 11948 11949// Contains the status about a CreateAccount or CreateGovCloudAccount request 11950// to create an AWS account or an AWS GovCloud (US) account in an organization. 11951type CreateAccountStatus struct { 11952 _ struct{} `type:"structure"` 11953 11954 // If the account was created successfully, the unique identifier (ID) of the 11955 // new account. 11956 // 11957 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 11958 // requires exactly 12 digits. 11959 AccountId *string `type:"string"` 11960 11961 // The account name given to the account when it was created. 11962 AccountName *string `min:"1" type:"string" sensitive:"true"` 11963 11964 // The date and time that the account was created and the request completed. 11965 CompletedTimestamp *time.Time `type:"timestamp"` 11966 11967 // If the request failed, a description of the reason for the failure. 11968 // 11969 // * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you 11970 // have reached the limit on the number of accounts in your organization. 11971 // 11972 // * EMAIL_ALREADY_EXISTS: The account could not be created because another 11973 // AWS account with that email address already exists. 11974 // 11975 // * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US) 11976 // Region could not be created because this Region already includes an account 11977 // with that email address. 11978 // 11979 // * INVALID_ADDRESS: The account could not be created because the address 11980 // you provided is not valid. 11981 // 11982 // * INVALID_EMAIL: The account could not be created because the email address 11983 // you provided is not valid. 11984 // 11985 // * INTERNAL_FAILURE: The account could not be created because of an internal 11986 // failure. Try again later. If the problem persists, contact AWS Support. 11987 FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` 11988 11989 // If the account was created successfully, the unique identifier (ID) of the 11990 // new account in the AWS GovCloud (US) Region. 11991 GovCloudAccountId *string `type:"string"` 11992 11993 // The unique identifier (ID) that references this request. You get this value 11994 // from the response of the initial CreateAccount request to create the account. 11995 // 11996 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 11997 // request ID string requires "car-" followed by from 8 to 32 lower-case letters 11998 // or digits. 11999 Id *string `type:"string"` 12000 12001 // The date and time that the request was made for the account creation. 12002 RequestedTimestamp *time.Time `type:"timestamp"` 12003 12004 // The status of the request. 12005 State *string `type:"string" enum:"CreateAccountState"` 12006} 12007 12008// String returns the string representation 12009func (s CreateAccountStatus) String() string { 12010 return awsutil.Prettify(s) 12011} 12012 12013// GoString returns the string representation 12014func (s CreateAccountStatus) GoString() string { 12015 return s.String() 12016} 12017 12018// SetAccountId sets the AccountId field's value. 12019func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { 12020 s.AccountId = &v 12021 return s 12022} 12023 12024// SetAccountName sets the AccountName field's value. 12025func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { 12026 s.AccountName = &v 12027 return s 12028} 12029 12030// SetCompletedTimestamp sets the CompletedTimestamp field's value. 12031func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { 12032 s.CompletedTimestamp = &v 12033 return s 12034} 12035 12036// SetFailureReason sets the FailureReason field's value. 12037func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { 12038 s.FailureReason = &v 12039 return s 12040} 12041 12042// SetGovCloudAccountId sets the GovCloudAccountId field's value. 12043func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus { 12044 s.GovCloudAccountId = &v 12045 return s 12046} 12047 12048// SetId sets the Id field's value. 12049func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { 12050 s.Id = &v 12051 return s 12052} 12053 12054// SetRequestedTimestamp sets the RequestedTimestamp field's value. 12055func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { 12056 s.RequestedTimestamp = &v 12057 return s 12058} 12059 12060// SetState sets the State field's value. 12061func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { 12062 s.State = &v 12063 return s 12064} 12065 12066type CreateGovCloudAccountInput struct { 12067 _ struct{} `type:"structure"` 12068 12069 // The friendly name of the member account. 12070 // 12071 // AccountName is a required field 12072 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 12073 12074 // The email address of the owner to assign to the new member account in the 12075 // commercial Region. This email address must not already be associated with 12076 // another AWS account. You must use a valid email address to complete account 12077 // creation. You can't access the root user of the account or remove an account 12078 // that was created with an invalid email address. Like all request parameters 12079 // for CreateGovCloudAccount, the request for the email address for the AWS 12080 // GovCloud (US) account originates from the commercial Region. It does not 12081 // come from the AWS GovCloud (US) Region. 12082 // 12083 // Email is a required field 12084 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 12085 12086 // If set to ALLOW, the new linked account in the commercial Region enables 12087 // IAM users to access account billing information if they have the required 12088 // permissions. If set to DENY, only the root user of the new account can access 12089 // account billing information. For more information, see Activating Access 12090 // to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 12091 // in the AWS Billing and Cost Management User Guide. 12092 // 12093 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 12094 // users and roles with the required permissions can access billing information 12095 // for the new account. 12096 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 12097 12098 // (Optional) 12099 // 12100 // The name of an IAM role that AWS Organizations automatically preconfigures 12101 // in the new member accounts in both the AWS GovCloud (US) Region and in the 12102 // commercial Region. This role trusts the master account, allowing users in 12103 // the master account to assume the role, as permitted by the master account 12104 // administrator. The role has administrator permissions in the new member account. 12105 // 12106 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 12107 // 12108 // For more information about how to use this role to access the member account, 12109 // see Accessing and Administering the Member Accounts in Your Organization 12110 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 12111 // in the AWS Organizations User Guide. See also steps 2 and 3 in Tutorial: 12112 // Delegate Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 12113 // in the IAM User Guide. 12114 // 12115 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 12116 // this parameter. The pattern can include uppercase letters, lowercase letters, 12117 // digits with no spaces, and any of the following characters: =,.@- 12118 RoleName *string `type:"string"` 12119} 12120 12121// String returns the string representation 12122func (s CreateGovCloudAccountInput) String() string { 12123 return awsutil.Prettify(s) 12124} 12125 12126// GoString returns the string representation 12127func (s CreateGovCloudAccountInput) GoString() string { 12128 return s.String() 12129} 12130 12131// Validate inspects the fields of the type to determine if they are valid. 12132func (s *CreateGovCloudAccountInput) Validate() error { 12133 invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"} 12134 if s.AccountName == nil { 12135 invalidParams.Add(request.NewErrParamRequired("AccountName")) 12136 } 12137 if s.AccountName != nil && len(*s.AccountName) < 1 { 12138 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 12139 } 12140 if s.Email == nil { 12141 invalidParams.Add(request.NewErrParamRequired("Email")) 12142 } 12143 if s.Email != nil && len(*s.Email) < 6 { 12144 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 12145 } 12146 12147 if invalidParams.Len() > 0 { 12148 return invalidParams 12149 } 12150 return nil 12151} 12152 12153// SetAccountName sets the AccountName field's value. 12154func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput { 12155 s.AccountName = &v 12156 return s 12157} 12158 12159// SetEmail sets the Email field's value. 12160func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput { 12161 s.Email = &v 12162 return s 12163} 12164 12165// SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 12166func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput { 12167 s.IamUserAccessToBilling = &v 12168 return s 12169} 12170 12171// SetRoleName sets the RoleName field's value. 12172func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput { 12173 s.RoleName = &v 12174 return s 12175} 12176 12177type CreateGovCloudAccountOutput struct { 12178 _ struct{} `type:"structure"` 12179 12180 // Contains the status about a CreateAccount or CreateGovCloudAccount request 12181 // to create an AWS account or an AWS GovCloud (US) account in an organization. 12182 CreateAccountStatus *CreateAccountStatus `type:"structure"` 12183} 12184 12185// String returns the string representation 12186func (s CreateGovCloudAccountOutput) String() string { 12187 return awsutil.Prettify(s) 12188} 12189 12190// GoString returns the string representation 12191func (s CreateGovCloudAccountOutput) GoString() string { 12192 return s.String() 12193} 12194 12195// SetCreateAccountStatus sets the CreateAccountStatus field's value. 12196func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput { 12197 s.CreateAccountStatus = v 12198 return s 12199} 12200 12201type CreateOrganizationInput struct { 12202 _ struct{} `type:"structure"` 12203 12204 // Specifies the feature set supported by the new organization. Each feature 12205 // set supports different levels of functionality. 12206 // 12207 // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated 12208 // to and paid by the master account. For more information, see Consolidated 12209 // billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) 12210 // in the AWS Organizations User Guide. The consolidated billing feature 12211 // subset isn't available for organizations in the AWS GovCloud (US) Region. 12212 // 12213 // * ALL: In addition to all the features that consolidated billing feature 12214 // set supports, the master account can also apply any policy type to any 12215 // member account in the organization. For more information, see All features 12216 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) 12217 // in the AWS Organizations User Guide. 12218 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 12219} 12220 12221// String returns the string representation 12222func (s CreateOrganizationInput) String() string { 12223 return awsutil.Prettify(s) 12224} 12225 12226// GoString returns the string representation 12227func (s CreateOrganizationInput) GoString() string { 12228 return s.String() 12229} 12230 12231// SetFeatureSet sets the FeatureSet field's value. 12232func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { 12233 s.FeatureSet = &v 12234 return s 12235} 12236 12237type CreateOrganizationOutput struct { 12238 _ struct{} `type:"structure"` 12239 12240 // A structure that contains details about the newly created organization. 12241 Organization *Organization `type:"structure"` 12242} 12243 12244// String returns the string representation 12245func (s CreateOrganizationOutput) String() string { 12246 return awsutil.Prettify(s) 12247} 12248 12249// GoString returns the string representation 12250func (s CreateOrganizationOutput) GoString() string { 12251 return s.String() 12252} 12253 12254// SetOrganization sets the Organization field's value. 12255func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { 12256 s.Organization = v 12257 return s 12258} 12259 12260type CreateOrganizationalUnitInput struct { 12261 _ struct{} `type:"structure"` 12262 12263 // The friendly name to assign to the new OU. 12264 // 12265 // Name is a required field 12266 Name *string `min:"1" type:"string" required:"true"` 12267 12268 // The unique identifier (ID) of the parent root or OU that you want to create 12269 // the new OU in. 12270 // 12271 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 12272 // requires one of the following: 12273 // 12274 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 12275 // letters or digits. 12276 // 12277 // * Organizational unit (OU) - A string that begins with "ou-" followed 12278 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 12279 // OU is in). This string is followed by a second "-" dash and from 8 to 12280 // 32 additional lowercase letters or digits. 12281 // 12282 // ParentId is a required field 12283 ParentId *string `type:"string" required:"true"` 12284} 12285 12286// String returns the string representation 12287func (s CreateOrganizationalUnitInput) String() string { 12288 return awsutil.Prettify(s) 12289} 12290 12291// GoString returns the string representation 12292func (s CreateOrganizationalUnitInput) GoString() string { 12293 return s.String() 12294} 12295 12296// Validate inspects the fields of the type to determine if they are valid. 12297func (s *CreateOrganizationalUnitInput) Validate() error { 12298 invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} 12299 if s.Name == nil { 12300 invalidParams.Add(request.NewErrParamRequired("Name")) 12301 } 12302 if s.Name != nil && len(*s.Name) < 1 { 12303 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 12304 } 12305 if s.ParentId == nil { 12306 invalidParams.Add(request.NewErrParamRequired("ParentId")) 12307 } 12308 12309 if invalidParams.Len() > 0 { 12310 return invalidParams 12311 } 12312 return nil 12313} 12314 12315// SetName sets the Name field's value. 12316func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { 12317 s.Name = &v 12318 return s 12319} 12320 12321// SetParentId sets the ParentId field's value. 12322func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { 12323 s.ParentId = &v 12324 return s 12325} 12326 12327type CreateOrganizationalUnitOutput struct { 12328 _ struct{} `type:"structure"` 12329 12330 // A structure that contains details about the newly created OU. 12331 OrganizationalUnit *OrganizationalUnit `type:"structure"` 12332} 12333 12334// String returns the string representation 12335func (s CreateOrganizationalUnitOutput) String() string { 12336 return awsutil.Prettify(s) 12337} 12338 12339// GoString returns the string representation 12340func (s CreateOrganizationalUnitOutput) GoString() string { 12341 return s.String() 12342} 12343 12344// SetOrganizationalUnit sets the OrganizationalUnit field's value. 12345func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { 12346 s.OrganizationalUnit = v 12347 return s 12348} 12349 12350type CreatePolicyInput struct { 12351 _ struct{} `type:"structure"` 12352 12353 // The policy content to add to the new policy. For example, you could create 12354 // a service control policy (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 12355 // (SCP) that specifies the permissions that administrators in attached accounts 12356 // can delegate to their users, groups, and roles. The string for this SCP must 12357 // be JSON text. For more information about the SCP syntax, see Service Control 12358 // Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 12359 // in the AWS Organizations User Guide. 12360 // 12361 // Content is a required field 12362 Content *string `min:"1" type:"string" required:"true"` 12363 12364 // An optional description to assign to the policy. 12365 // 12366 // Description is a required field 12367 Description *string `type:"string" required:"true"` 12368 12369 // The friendly name to assign to the policy. 12370 // 12371 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 12372 // this parameter is a string of any of the characters in the ASCII character 12373 // range. 12374 // 12375 // Name is a required field 12376 Name *string `min:"1" type:"string" required:"true"` 12377 12378 // The type of policy to create. 12379 // 12380 // Type is a required field 12381 Type *string `type:"string" required:"true" enum:"PolicyType"` 12382} 12383 12384// String returns the string representation 12385func (s CreatePolicyInput) String() string { 12386 return awsutil.Prettify(s) 12387} 12388 12389// GoString returns the string representation 12390func (s CreatePolicyInput) GoString() string { 12391 return s.String() 12392} 12393 12394// Validate inspects the fields of the type to determine if they are valid. 12395func (s *CreatePolicyInput) Validate() error { 12396 invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} 12397 if s.Content == nil { 12398 invalidParams.Add(request.NewErrParamRequired("Content")) 12399 } 12400 if s.Content != nil && len(*s.Content) < 1 { 12401 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 12402 } 12403 if s.Description == nil { 12404 invalidParams.Add(request.NewErrParamRequired("Description")) 12405 } 12406 if s.Name == nil { 12407 invalidParams.Add(request.NewErrParamRequired("Name")) 12408 } 12409 if s.Name != nil && len(*s.Name) < 1 { 12410 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 12411 } 12412 if s.Type == nil { 12413 invalidParams.Add(request.NewErrParamRequired("Type")) 12414 } 12415 12416 if invalidParams.Len() > 0 { 12417 return invalidParams 12418 } 12419 return nil 12420} 12421 12422// SetContent sets the Content field's value. 12423func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { 12424 s.Content = &v 12425 return s 12426} 12427 12428// SetDescription sets the Description field's value. 12429func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { 12430 s.Description = &v 12431 return s 12432} 12433 12434// SetName sets the Name field's value. 12435func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { 12436 s.Name = &v 12437 return s 12438} 12439 12440// SetType sets the Type field's value. 12441func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { 12442 s.Type = &v 12443 return s 12444} 12445 12446type CreatePolicyOutput struct { 12447 _ struct{} `type:"structure"` 12448 12449 // A structure that contains details about the newly created policy. 12450 Policy *Policy `type:"structure"` 12451} 12452 12453// String returns the string representation 12454func (s CreatePolicyOutput) String() string { 12455 return awsutil.Prettify(s) 12456} 12457 12458// GoString returns the string representation 12459func (s CreatePolicyOutput) GoString() string { 12460 return s.String() 12461} 12462 12463// SetPolicy sets the Policy field's value. 12464func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { 12465 s.Policy = v 12466 return s 12467} 12468 12469type DeclineHandshakeInput struct { 12470 _ struct{} `type:"structure"` 12471 12472 // The unique identifier (ID) of the handshake that you want to decline. You 12473 // can get the ID from the ListHandshakesForAccount operation. 12474 // 12475 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 12476 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 12477 // 12478 // HandshakeId is a required field 12479 HandshakeId *string `type:"string" required:"true"` 12480} 12481 12482// String returns the string representation 12483func (s DeclineHandshakeInput) String() string { 12484 return awsutil.Prettify(s) 12485} 12486 12487// GoString returns the string representation 12488func (s DeclineHandshakeInput) GoString() string { 12489 return s.String() 12490} 12491 12492// Validate inspects the fields of the type to determine if they are valid. 12493func (s *DeclineHandshakeInput) Validate() error { 12494 invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} 12495 if s.HandshakeId == nil { 12496 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 12497 } 12498 12499 if invalidParams.Len() > 0 { 12500 return invalidParams 12501 } 12502 return nil 12503} 12504 12505// SetHandshakeId sets the HandshakeId field's value. 12506func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { 12507 s.HandshakeId = &v 12508 return s 12509} 12510 12511type DeclineHandshakeOutput struct { 12512 _ struct{} `type:"structure"` 12513 12514 // A structure that contains details about the declined handshake. The state 12515 // is updated to show the value DECLINED. 12516 Handshake *Handshake `type:"structure"` 12517} 12518 12519// String returns the string representation 12520func (s DeclineHandshakeOutput) String() string { 12521 return awsutil.Prettify(s) 12522} 12523 12524// GoString returns the string representation 12525func (s DeclineHandshakeOutput) GoString() string { 12526 return s.String() 12527} 12528 12529// SetHandshake sets the Handshake field's value. 12530func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { 12531 s.Handshake = v 12532 return s 12533} 12534 12535type DeleteOrganizationInput struct { 12536 _ struct{} `type:"structure"` 12537} 12538 12539// String returns the string representation 12540func (s DeleteOrganizationInput) String() string { 12541 return awsutil.Prettify(s) 12542} 12543 12544// GoString returns the string representation 12545func (s DeleteOrganizationInput) GoString() string { 12546 return s.String() 12547} 12548 12549type DeleteOrganizationOutput struct { 12550 _ struct{} `type:"structure"` 12551} 12552 12553// String returns the string representation 12554func (s DeleteOrganizationOutput) String() string { 12555 return awsutil.Prettify(s) 12556} 12557 12558// GoString returns the string representation 12559func (s DeleteOrganizationOutput) GoString() string { 12560 return s.String() 12561} 12562 12563type DeleteOrganizationalUnitInput struct { 12564 _ struct{} `type:"structure"` 12565 12566 // The unique identifier (ID) of the organizational unit that you want to delete. 12567 // You can get the ID from the ListOrganizationalUnitsForParent operation. 12568 // 12569 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 12570 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 12571 // or digits (the ID of the root that contains the OU). This string is followed 12572 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 12573 // 12574 // OrganizationalUnitId is a required field 12575 OrganizationalUnitId *string `type:"string" required:"true"` 12576} 12577 12578// String returns the string representation 12579func (s DeleteOrganizationalUnitInput) String() string { 12580 return awsutil.Prettify(s) 12581} 12582 12583// GoString returns the string representation 12584func (s DeleteOrganizationalUnitInput) GoString() string { 12585 return s.String() 12586} 12587 12588// Validate inspects the fields of the type to determine if they are valid. 12589func (s *DeleteOrganizationalUnitInput) Validate() error { 12590 invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} 12591 if s.OrganizationalUnitId == nil { 12592 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 12593 } 12594 12595 if invalidParams.Len() > 0 { 12596 return invalidParams 12597 } 12598 return nil 12599} 12600 12601// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 12602func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { 12603 s.OrganizationalUnitId = &v 12604 return s 12605} 12606 12607type DeleteOrganizationalUnitOutput struct { 12608 _ struct{} `type:"structure"` 12609} 12610 12611// String returns the string representation 12612func (s DeleteOrganizationalUnitOutput) String() string { 12613 return awsutil.Prettify(s) 12614} 12615 12616// GoString returns the string representation 12617func (s DeleteOrganizationalUnitOutput) GoString() string { 12618 return s.String() 12619} 12620 12621type DeletePolicyInput struct { 12622 _ struct{} `type:"structure"` 12623 12624 // The unique identifier (ID) of the policy that you want to delete. You can 12625 // get the ID from the ListPolicies or ListPoliciesForTarget operations. 12626 // 12627 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 12628 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 12629 // 12630 // PolicyId is a required field 12631 PolicyId *string `type:"string" required:"true"` 12632} 12633 12634// String returns the string representation 12635func (s DeletePolicyInput) String() string { 12636 return awsutil.Prettify(s) 12637} 12638 12639// GoString returns the string representation 12640func (s DeletePolicyInput) GoString() string { 12641 return s.String() 12642} 12643 12644// Validate inspects the fields of the type to determine if they are valid. 12645func (s *DeletePolicyInput) Validate() error { 12646 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 12647 if s.PolicyId == nil { 12648 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 12649 } 12650 12651 if invalidParams.Len() > 0 { 12652 return invalidParams 12653 } 12654 return nil 12655} 12656 12657// SetPolicyId sets the PolicyId field's value. 12658func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 12659 s.PolicyId = &v 12660 return s 12661} 12662 12663type DeletePolicyOutput struct { 12664 _ struct{} `type:"structure"` 12665} 12666 12667// String returns the string representation 12668func (s DeletePolicyOutput) String() string { 12669 return awsutil.Prettify(s) 12670} 12671 12672// GoString returns the string representation 12673func (s DeletePolicyOutput) GoString() string { 12674 return s.String() 12675} 12676 12677type DescribeAccountInput struct { 12678 _ struct{} `type:"structure"` 12679 12680 // The unique identifier (ID) of the AWS account that you want information about. 12681 // You can get the ID from the ListAccounts or ListAccountsForParent operations. 12682 // 12683 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 12684 // requires exactly 12 digits. 12685 // 12686 // AccountId is a required field 12687 AccountId *string `type:"string" required:"true"` 12688} 12689 12690// String returns the string representation 12691func (s DescribeAccountInput) String() string { 12692 return awsutil.Prettify(s) 12693} 12694 12695// GoString returns the string representation 12696func (s DescribeAccountInput) GoString() string { 12697 return s.String() 12698} 12699 12700// Validate inspects the fields of the type to determine if they are valid. 12701func (s *DescribeAccountInput) Validate() error { 12702 invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} 12703 if s.AccountId == nil { 12704 invalidParams.Add(request.NewErrParamRequired("AccountId")) 12705 } 12706 12707 if invalidParams.Len() > 0 { 12708 return invalidParams 12709 } 12710 return nil 12711} 12712 12713// SetAccountId sets the AccountId field's value. 12714func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { 12715 s.AccountId = &v 12716 return s 12717} 12718 12719type DescribeAccountOutput struct { 12720 _ struct{} `type:"structure"` 12721 12722 // A structure that contains information about the requested account. 12723 Account *Account `type:"structure"` 12724} 12725 12726// String returns the string representation 12727func (s DescribeAccountOutput) String() string { 12728 return awsutil.Prettify(s) 12729} 12730 12731// GoString returns the string representation 12732func (s DescribeAccountOutput) GoString() string { 12733 return s.String() 12734} 12735 12736// SetAccount sets the Account field's value. 12737func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { 12738 s.Account = v 12739 return s 12740} 12741 12742type DescribeCreateAccountStatusInput struct { 12743 _ struct{} `type:"structure"` 12744 12745 // Specifies the operationId that uniquely identifies the request. You can get 12746 // the ID from the response to an earlier CreateAccount request, or from the 12747 // ListCreateAccountStatus operation. 12748 // 12749 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 12750 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 12751 // or digits. 12752 // 12753 // CreateAccountRequestId is a required field 12754 CreateAccountRequestId *string `type:"string" required:"true"` 12755} 12756 12757// String returns the string representation 12758func (s DescribeCreateAccountStatusInput) String() string { 12759 return awsutil.Prettify(s) 12760} 12761 12762// GoString returns the string representation 12763func (s DescribeCreateAccountStatusInput) GoString() string { 12764 return s.String() 12765} 12766 12767// Validate inspects the fields of the type to determine if they are valid. 12768func (s *DescribeCreateAccountStatusInput) Validate() error { 12769 invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} 12770 if s.CreateAccountRequestId == nil { 12771 invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) 12772 } 12773 12774 if invalidParams.Len() > 0 { 12775 return invalidParams 12776 } 12777 return nil 12778} 12779 12780// SetCreateAccountRequestId sets the CreateAccountRequestId field's value. 12781func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { 12782 s.CreateAccountRequestId = &v 12783 return s 12784} 12785 12786type DescribeCreateAccountStatusOutput struct { 12787 _ struct{} `type:"structure"` 12788 12789 // A structure that contains the current status of an account creation request. 12790 CreateAccountStatus *CreateAccountStatus `type:"structure"` 12791} 12792 12793// String returns the string representation 12794func (s DescribeCreateAccountStatusOutput) String() string { 12795 return awsutil.Prettify(s) 12796} 12797 12798// GoString returns the string representation 12799func (s DescribeCreateAccountStatusOutput) GoString() string { 12800 return s.String() 12801} 12802 12803// SetCreateAccountStatus sets the CreateAccountStatus field's value. 12804func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { 12805 s.CreateAccountStatus = v 12806 return s 12807} 12808 12809type DescribeEffectivePolicyInput struct { 12810 _ struct{} `type:"structure"` 12811 12812 // The type of policy that you want information about. 12813 // 12814 // PolicyType is a required field 12815 PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"` 12816 12817 // When you're signed in as the master account, specify the ID of the account 12818 // that you want details about. Specifying an organization root or OU as the 12819 // target is not supported. 12820 TargetId *string `type:"string"` 12821} 12822 12823// String returns the string representation 12824func (s DescribeEffectivePolicyInput) String() string { 12825 return awsutil.Prettify(s) 12826} 12827 12828// GoString returns the string representation 12829func (s DescribeEffectivePolicyInput) GoString() string { 12830 return s.String() 12831} 12832 12833// Validate inspects the fields of the type to determine if they are valid. 12834func (s *DescribeEffectivePolicyInput) Validate() error { 12835 invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"} 12836 if s.PolicyType == nil { 12837 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 12838 } 12839 12840 if invalidParams.Len() > 0 { 12841 return invalidParams 12842 } 12843 return nil 12844} 12845 12846// SetPolicyType sets the PolicyType field's value. 12847func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput { 12848 s.PolicyType = &v 12849 return s 12850} 12851 12852// SetTargetId sets the TargetId field's value. 12853func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput { 12854 s.TargetId = &v 12855 return s 12856} 12857 12858type DescribeEffectivePolicyOutput struct { 12859 _ struct{} `type:"structure"` 12860 12861 // The contents of the effective policy. 12862 EffectivePolicy *EffectivePolicy `type:"structure"` 12863} 12864 12865// String returns the string representation 12866func (s DescribeEffectivePolicyOutput) String() string { 12867 return awsutil.Prettify(s) 12868} 12869 12870// GoString returns the string representation 12871func (s DescribeEffectivePolicyOutput) GoString() string { 12872 return s.String() 12873} 12874 12875// SetEffectivePolicy sets the EffectivePolicy field's value. 12876func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput { 12877 s.EffectivePolicy = v 12878 return s 12879} 12880 12881type DescribeHandshakeInput struct { 12882 _ struct{} `type:"structure"` 12883 12884 // The unique identifier (ID) of the handshake that you want information about. 12885 // You can get the ID from the original call to InviteAccountToOrganization, 12886 // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. 12887 // 12888 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 12889 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 12890 // 12891 // HandshakeId is a required field 12892 HandshakeId *string `type:"string" required:"true"` 12893} 12894 12895// String returns the string representation 12896func (s DescribeHandshakeInput) String() string { 12897 return awsutil.Prettify(s) 12898} 12899 12900// GoString returns the string representation 12901func (s DescribeHandshakeInput) GoString() string { 12902 return s.String() 12903} 12904 12905// Validate inspects the fields of the type to determine if they are valid. 12906func (s *DescribeHandshakeInput) Validate() error { 12907 invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} 12908 if s.HandshakeId == nil { 12909 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 12910 } 12911 12912 if invalidParams.Len() > 0 { 12913 return invalidParams 12914 } 12915 return nil 12916} 12917 12918// SetHandshakeId sets the HandshakeId field's value. 12919func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { 12920 s.HandshakeId = &v 12921 return s 12922} 12923 12924type DescribeHandshakeOutput struct { 12925 _ struct{} `type:"structure"` 12926 12927 // A structure that contains information about the specified handshake. 12928 Handshake *Handshake `type:"structure"` 12929} 12930 12931// String returns the string representation 12932func (s DescribeHandshakeOutput) String() string { 12933 return awsutil.Prettify(s) 12934} 12935 12936// GoString returns the string representation 12937func (s DescribeHandshakeOutput) GoString() string { 12938 return s.String() 12939} 12940 12941// SetHandshake sets the Handshake field's value. 12942func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { 12943 s.Handshake = v 12944 return s 12945} 12946 12947type DescribeOrganizationInput struct { 12948 _ struct{} `type:"structure"` 12949} 12950 12951// String returns the string representation 12952func (s DescribeOrganizationInput) String() string { 12953 return awsutil.Prettify(s) 12954} 12955 12956// GoString returns the string representation 12957func (s DescribeOrganizationInput) GoString() string { 12958 return s.String() 12959} 12960 12961type DescribeOrganizationOutput struct { 12962 _ struct{} `type:"structure"` 12963 12964 // A structure that contains information about the organization. 12965 Organization *Organization `type:"structure"` 12966} 12967 12968// String returns the string representation 12969func (s DescribeOrganizationOutput) String() string { 12970 return awsutil.Prettify(s) 12971} 12972 12973// GoString returns the string representation 12974func (s DescribeOrganizationOutput) GoString() string { 12975 return s.String() 12976} 12977 12978// SetOrganization sets the Organization field's value. 12979func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { 12980 s.Organization = v 12981 return s 12982} 12983 12984type DescribeOrganizationalUnitInput struct { 12985 _ struct{} `type:"structure"` 12986 12987 // The unique identifier (ID) of the organizational unit that you want details 12988 // about. You can get the ID from the ListOrganizationalUnitsForParent operation. 12989 // 12990 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 12991 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 12992 // or digits (the ID of the root that contains the OU). This string is followed 12993 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 12994 // 12995 // OrganizationalUnitId is a required field 12996 OrganizationalUnitId *string `type:"string" required:"true"` 12997} 12998 12999// String returns the string representation 13000func (s DescribeOrganizationalUnitInput) String() string { 13001 return awsutil.Prettify(s) 13002} 13003 13004// GoString returns the string representation 13005func (s DescribeOrganizationalUnitInput) GoString() string { 13006 return s.String() 13007} 13008 13009// Validate inspects the fields of the type to determine if they are valid. 13010func (s *DescribeOrganizationalUnitInput) Validate() error { 13011 invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} 13012 if s.OrganizationalUnitId == nil { 13013 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 13014 } 13015 13016 if invalidParams.Len() > 0 { 13017 return invalidParams 13018 } 13019 return nil 13020} 13021 13022// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 13023func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { 13024 s.OrganizationalUnitId = &v 13025 return s 13026} 13027 13028type DescribeOrganizationalUnitOutput struct { 13029 _ struct{} `type:"structure"` 13030 13031 // A structure that contains details about the specified OU. 13032 OrganizationalUnit *OrganizationalUnit `type:"structure"` 13033} 13034 13035// String returns the string representation 13036func (s DescribeOrganizationalUnitOutput) String() string { 13037 return awsutil.Prettify(s) 13038} 13039 13040// GoString returns the string representation 13041func (s DescribeOrganizationalUnitOutput) GoString() string { 13042 return s.String() 13043} 13044 13045// SetOrganizationalUnit sets the OrganizationalUnit field's value. 13046func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { 13047 s.OrganizationalUnit = v 13048 return s 13049} 13050 13051type DescribePolicyInput struct { 13052 _ struct{} `type:"structure"` 13053 13054 // The unique identifier (ID) of the policy that you want details about. You 13055 // can get the ID from the ListPolicies or ListPoliciesForTarget operations. 13056 // 13057 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 13058 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 13059 // 13060 // PolicyId is a required field 13061 PolicyId *string `type:"string" required:"true"` 13062} 13063 13064// String returns the string representation 13065func (s DescribePolicyInput) String() string { 13066 return awsutil.Prettify(s) 13067} 13068 13069// GoString returns the string representation 13070func (s DescribePolicyInput) GoString() string { 13071 return s.String() 13072} 13073 13074// Validate inspects the fields of the type to determine if they are valid. 13075func (s *DescribePolicyInput) Validate() error { 13076 invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} 13077 if s.PolicyId == nil { 13078 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 13079 } 13080 13081 if invalidParams.Len() > 0 { 13082 return invalidParams 13083 } 13084 return nil 13085} 13086 13087// SetPolicyId sets the PolicyId field's value. 13088func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { 13089 s.PolicyId = &v 13090 return s 13091} 13092 13093type DescribePolicyOutput struct { 13094 _ struct{} `type:"structure"` 13095 13096 // A structure that contains details about the specified policy. 13097 Policy *Policy `type:"structure"` 13098} 13099 13100// String returns the string representation 13101func (s DescribePolicyOutput) String() string { 13102 return awsutil.Prettify(s) 13103} 13104 13105// GoString returns the string representation 13106func (s DescribePolicyOutput) GoString() string { 13107 return s.String() 13108} 13109 13110// SetPolicy sets the Policy field's value. 13111func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { 13112 s.Policy = v 13113 return s 13114} 13115 13116type DetachPolicyInput struct { 13117 _ struct{} `type:"structure"` 13118 13119 // The unique identifier (ID) of the policy you want to detach. You can get 13120 // the ID from the ListPolicies or ListPoliciesForTarget operations. 13121 // 13122 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 13123 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 13124 // 13125 // PolicyId is a required field 13126 PolicyId *string `type:"string" required:"true"` 13127 13128 // The unique identifier (ID) of the root, OU, or account that you want to detach 13129 // the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, 13130 // or ListAccounts operations. 13131 // 13132 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 13133 // requires one of the following: 13134 // 13135 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 13136 // letters or digits. 13137 // 13138 // * Account - A string that consists of exactly 12 digits. 13139 // 13140 // * Organizational unit (OU) - A string that begins with "ou-" followed 13141 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 13142 // OU is in). This string is followed by a second "-" dash and from 8 to 13143 // 32 additional lowercase letters or digits. 13144 // 13145 // TargetId is a required field 13146 TargetId *string `type:"string" required:"true"` 13147} 13148 13149// String returns the string representation 13150func (s DetachPolicyInput) String() string { 13151 return awsutil.Prettify(s) 13152} 13153 13154// GoString returns the string representation 13155func (s DetachPolicyInput) GoString() string { 13156 return s.String() 13157} 13158 13159// Validate inspects the fields of the type to determine if they are valid. 13160func (s *DetachPolicyInput) Validate() error { 13161 invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} 13162 if s.PolicyId == nil { 13163 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 13164 } 13165 if s.TargetId == nil { 13166 invalidParams.Add(request.NewErrParamRequired("TargetId")) 13167 } 13168 13169 if invalidParams.Len() > 0 { 13170 return invalidParams 13171 } 13172 return nil 13173} 13174 13175// SetPolicyId sets the PolicyId field's value. 13176func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { 13177 s.PolicyId = &v 13178 return s 13179} 13180 13181// SetTargetId sets the TargetId field's value. 13182func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { 13183 s.TargetId = &v 13184 return s 13185} 13186 13187type DetachPolicyOutput struct { 13188 _ struct{} `type:"structure"` 13189} 13190 13191// String returns the string representation 13192func (s DetachPolicyOutput) String() string { 13193 return awsutil.Prettify(s) 13194} 13195 13196// GoString returns the string representation 13197func (s DetachPolicyOutput) GoString() string { 13198 return s.String() 13199} 13200 13201type DisableAWSServiceAccessInput struct { 13202 _ struct{} `type:"structure"` 13203 13204 // The service principal name of the AWS service for which you want to disable 13205 // integration with your organization. This is typically in the form of a URL, 13206 // such as service-abbreviation.amazonaws.com. 13207 // 13208 // ServicePrincipal is a required field 13209 ServicePrincipal *string `min:"1" type:"string" required:"true"` 13210} 13211 13212// String returns the string representation 13213func (s DisableAWSServiceAccessInput) String() string { 13214 return awsutil.Prettify(s) 13215} 13216 13217// GoString returns the string representation 13218func (s DisableAWSServiceAccessInput) GoString() string { 13219 return s.String() 13220} 13221 13222// Validate inspects the fields of the type to determine if they are valid. 13223func (s *DisableAWSServiceAccessInput) Validate() error { 13224 invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"} 13225 if s.ServicePrincipal == nil { 13226 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 13227 } 13228 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 13229 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 13230 } 13231 13232 if invalidParams.Len() > 0 { 13233 return invalidParams 13234 } 13235 return nil 13236} 13237 13238// SetServicePrincipal sets the ServicePrincipal field's value. 13239func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput { 13240 s.ServicePrincipal = &v 13241 return s 13242} 13243 13244type DisableAWSServiceAccessOutput struct { 13245 _ struct{} `type:"structure"` 13246} 13247 13248// String returns the string representation 13249func (s DisableAWSServiceAccessOutput) String() string { 13250 return awsutil.Prettify(s) 13251} 13252 13253// GoString returns the string representation 13254func (s DisableAWSServiceAccessOutput) GoString() string { 13255 return s.String() 13256} 13257 13258type DisablePolicyTypeInput struct { 13259 _ struct{} `type:"structure"` 13260 13261 // The policy type that you want to disable in this root. 13262 // 13263 // PolicyType is a required field 13264 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 13265 13266 // The unique identifier (ID) of the root in which you want to disable a policy 13267 // type. You can get the ID from the ListRoots operation. 13268 // 13269 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 13270 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 13271 // 13272 // RootId is a required field 13273 RootId *string `type:"string" required:"true"` 13274} 13275 13276// String returns the string representation 13277func (s DisablePolicyTypeInput) String() string { 13278 return awsutil.Prettify(s) 13279} 13280 13281// GoString returns the string representation 13282func (s DisablePolicyTypeInput) GoString() string { 13283 return s.String() 13284} 13285 13286// Validate inspects the fields of the type to determine if they are valid. 13287func (s *DisablePolicyTypeInput) Validate() error { 13288 invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} 13289 if s.PolicyType == nil { 13290 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 13291 } 13292 if s.RootId == nil { 13293 invalidParams.Add(request.NewErrParamRequired("RootId")) 13294 } 13295 13296 if invalidParams.Len() > 0 { 13297 return invalidParams 13298 } 13299 return nil 13300} 13301 13302// SetPolicyType sets the PolicyType field's value. 13303func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { 13304 s.PolicyType = &v 13305 return s 13306} 13307 13308// SetRootId sets the RootId field's value. 13309func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { 13310 s.RootId = &v 13311 return s 13312} 13313 13314type DisablePolicyTypeOutput struct { 13315 _ struct{} `type:"structure"` 13316 13317 // A structure that shows the root with the updated list of enabled policy types. 13318 Root *Root `type:"structure"` 13319} 13320 13321// String returns the string representation 13322func (s DisablePolicyTypeOutput) String() string { 13323 return awsutil.Prettify(s) 13324} 13325 13326// GoString returns the string representation 13327func (s DisablePolicyTypeOutput) GoString() string { 13328 return s.String() 13329} 13330 13331// SetRoot sets the Root field's value. 13332func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { 13333 s.Root = v 13334 return s 13335} 13336 13337// Contains rules to be applied to the affected accounts. The effective policy 13338// is the aggregation of any policies the account inherits, plus any policy 13339// directly attached to the account. 13340type EffectivePolicy struct { 13341 _ struct{} `type:"structure"` 13342 13343 // The time of the last update to this policy. 13344 LastUpdatedTimestamp *time.Time `type:"timestamp"` 13345 13346 // The text content of the policy. 13347 PolicyContent *string `min:"1" type:"string"` 13348 13349 // The policy type. 13350 PolicyType *string `type:"string" enum:"EffectivePolicyType"` 13351 13352 // The account ID of the policy target. 13353 TargetId *string `type:"string"` 13354} 13355 13356// String returns the string representation 13357func (s EffectivePolicy) String() string { 13358 return awsutil.Prettify(s) 13359} 13360 13361// GoString returns the string representation 13362func (s EffectivePolicy) GoString() string { 13363 return s.String() 13364} 13365 13366// SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value. 13367func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy { 13368 s.LastUpdatedTimestamp = &v 13369 return s 13370} 13371 13372// SetPolicyContent sets the PolicyContent field's value. 13373func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy { 13374 s.PolicyContent = &v 13375 return s 13376} 13377 13378// SetPolicyType sets the PolicyType field's value. 13379func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy { 13380 s.PolicyType = &v 13381 return s 13382} 13383 13384// SetTargetId sets the TargetId field's value. 13385func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy { 13386 s.TargetId = &v 13387 return s 13388} 13389 13390type EnableAWSServiceAccessInput struct { 13391 _ struct{} `type:"structure"` 13392 13393 // The service principal name of the AWS service for which you want to enable 13394 // integration with your organization. This is typically in the form of a URL, 13395 // such as service-abbreviation.amazonaws.com. 13396 // 13397 // ServicePrincipal is a required field 13398 ServicePrincipal *string `min:"1" type:"string" required:"true"` 13399} 13400 13401// String returns the string representation 13402func (s EnableAWSServiceAccessInput) String() string { 13403 return awsutil.Prettify(s) 13404} 13405 13406// GoString returns the string representation 13407func (s EnableAWSServiceAccessInput) GoString() string { 13408 return s.String() 13409} 13410 13411// Validate inspects the fields of the type to determine if they are valid. 13412func (s *EnableAWSServiceAccessInput) Validate() error { 13413 invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"} 13414 if s.ServicePrincipal == nil { 13415 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 13416 } 13417 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 13418 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 13419 } 13420 13421 if invalidParams.Len() > 0 { 13422 return invalidParams 13423 } 13424 return nil 13425} 13426 13427// SetServicePrincipal sets the ServicePrincipal field's value. 13428func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput { 13429 s.ServicePrincipal = &v 13430 return s 13431} 13432 13433type EnableAWSServiceAccessOutput struct { 13434 _ struct{} `type:"structure"` 13435} 13436 13437// String returns the string representation 13438func (s EnableAWSServiceAccessOutput) String() string { 13439 return awsutil.Prettify(s) 13440} 13441 13442// GoString returns the string representation 13443func (s EnableAWSServiceAccessOutput) GoString() string { 13444 return s.String() 13445} 13446 13447type EnableAllFeaturesInput struct { 13448 _ struct{} `type:"structure"` 13449} 13450 13451// String returns the string representation 13452func (s EnableAllFeaturesInput) String() string { 13453 return awsutil.Prettify(s) 13454} 13455 13456// GoString returns the string representation 13457func (s EnableAllFeaturesInput) GoString() string { 13458 return s.String() 13459} 13460 13461type EnableAllFeaturesOutput struct { 13462 _ struct{} `type:"structure"` 13463 13464 // A structure that contains details about the handshake created to support 13465 // this request to enable all features in the organization. 13466 Handshake *Handshake `type:"structure"` 13467} 13468 13469// String returns the string representation 13470func (s EnableAllFeaturesOutput) String() string { 13471 return awsutil.Prettify(s) 13472} 13473 13474// GoString returns the string representation 13475func (s EnableAllFeaturesOutput) GoString() string { 13476 return s.String() 13477} 13478 13479// SetHandshake sets the Handshake field's value. 13480func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { 13481 s.Handshake = v 13482 return s 13483} 13484 13485type EnablePolicyTypeInput struct { 13486 _ struct{} `type:"structure"` 13487 13488 // The policy type that you want to enable. 13489 // 13490 // PolicyType is a required field 13491 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 13492 13493 // The unique identifier (ID) of the root in which you want to enable a policy 13494 // type. You can get the ID from the ListRoots operation. 13495 // 13496 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 13497 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 13498 // 13499 // RootId is a required field 13500 RootId *string `type:"string" required:"true"` 13501} 13502 13503// String returns the string representation 13504func (s EnablePolicyTypeInput) String() string { 13505 return awsutil.Prettify(s) 13506} 13507 13508// GoString returns the string representation 13509func (s EnablePolicyTypeInput) GoString() string { 13510 return s.String() 13511} 13512 13513// Validate inspects the fields of the type to determine if they are valid. 13514func (s *EnablePolicyTypeInput) Validate() error { 13515 invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} 13516 if s.PolicyType == nil { 13517 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 13518 } 13519 if s.RootId == nil { 13520 invalidParams.Add(request.NewErrParamRequired("RootId")) 13521 } 13522 13523 if invalidParams.Len() > 0 { 13524 return invalidParams 13525 } 13526 return nil 13527} 13528 13529// SetPolicyType sets the PolicyType field's value. 13530func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { 13531 s.PolicyType = &v 13532 return s 13533} 13534 13535// SetRootId sets the RootId field's value. 13536func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { 13537 s.RootId = &v 13538 return s 13539} 13540 13541type EnablePolicyTypeOutput struct { 13542 _ struct{} `type:"structure"` 13543 13544 // A structure that shows the root with the updated list of enabled policy types. 13545 Root *Root `type:"structure"` 13546} 13547 13548// String returns the string representation 13549func (s EnablePolicyTypeOutput) String() string { 13550 return awsutil.Prettify(s) 13551} 13552 13553// GoString returns the string representation 13554func (s EnablePolicyTypeOutput) GoString() string { 13555 return s.String() 13556} 13557 13558// SetRoot sets the Root field's value. 13559func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { 13560 s.Root = v 13561 return s 13562} 13563 13564// A structure that contains details of a service principal that is enabled 13565// to integrate with AWS Organizations. 13566type EnabledServicePrincipal struct { 13567 _ struct{} `type:"structure"` 13568 13569 // The date that the service principal was enabled for integration with AWS 13570 // Organizations. 13571 DateEnabled *time.Time `type:"timestamp"` 13572 13573 // The name of the service principal. This is typically in the form of a URL, 13574 // such as: servicename.amazonaws.com. 13575 ServicePrincipal *string `min:"1" type:"string"` 13576} 13577 13578// String returns the string representation 13579func (s EnabledServicePrincipal) String() string { 13580 return awsutil.Prettify(s) 13581} 13582 13583// GoString returns the string representation 13584func (s EnabledServicePrincipal) GoString() string { 13585 return s.String() 13586} 13587 13588// SetDateEnabled sets the DateEnabled field's value. 13589func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal { 13590 s.DateEnabled = &v 13591 return s 13592} 13593 13594// SetServicePrincipal sets the ServicePrincipal field's value. 13595func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal { 13596 s.ServicePrincipal = &v 13597 return s 13598} 13599 13600// Contains information that must be exchanged to securely establish a relationship 13601// between two accounts (an originator and a recipient). For example, assume 13602// that a master account (the originator) invites another account (the recipient) 13603// to join its organization. In that case, the two accounts exchange information 13604// as a series of handshake requests and responses. 13605// 13606// Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists 13607// for only 30 days after entering that state. After that, they are deleted. 13608type Handshake struct { 13609 _ struct{} `type:"structure"` 13610 13611 // The type of handshake, indicating what action occurs when the recipient accepts 13612 // the handshake. The following handshake types are supported: 13613 // 13614 // * INVITE: This type of handshake represents a request to join an organization. 13615 // It is always sent from the master account to only non-member accounts. 13616 // 13617 // * ENABLE_ALL_FEATURES: This type of handshake represents a request to 13618 // enable all features in an organization. It is always sent from the master 13619 // account to only invited member accounts. Created accounts do not receive 13620 // this because those accounts were created by the organization's master 13621 // account and approval is inferred. 13622 // 13623 // * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations 13624 // service when all member accounts have approved the ENABLE_ALL_FEATURES 13625 // invitation. It is sent only to the master account and signals the master 13626 // that it can finalize the process to enable all features. 13627 Action *string `type:"string" enum:"ActionType"` 13628 13629 // The Amazon Resource Name (ARN) of a handshake. 13630 // 13631 // For more information about ARNs in Organizations, see ARN Formats Supported 13632 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 13633 // in the AWS Organizations User Guide. 13634 Arn *string `type:"string"` 13635 13636 // The date and time that the handshake expires. If the recipient of the handshake 13637 // request fails to respond before the specified date and time, the handshake 13638 // becomes inactive and is no longer valid. 13639 ExpirationTimestamp *time.Time `type:"timestamp"` 13640 13641 // The unique identifier (ID) of a handshake. The originating account creates 13642 // the ID when it initiates the handshake. 13643 // 13644 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13645 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13646 Id *string `type:"string"` 13647 13648 // Information about the two accounts that are participating in the handshake. 13649 Parties []*HandshakeParty `type:"list"` 13650 13651 // The date and time that the handshake request was made. 13652 RequestedTimestamp *time.Time `type:"timestamp"` 13653 13654 // Additional information that is needed to process the handshake. 13655 Resources []*HandshakeResource `type:"list"` 13656 13657 // The current state of the handshake. Use the state to trace the flow of the 13658 // handshake through the process from its creation to its acceptance. The meaning 13659 // of each of the valid values is as follows: 13660 // 13661 // * REQUESTED: This handshake was sent to multiple recipients (applicable 13662 // to only some handshake types) and not all recipients have responded yet. 13663 // The request stays in this state until all recipients respond. 13664 // 13665 // * OPEN: This handshake was sent to multiple recipients (applicable to 13666 // only some policy types) and all recipients have responded, allowing the 13667 // originator to complete the handshake action. 13668 // 13669 // * CANCELED: This handshake is no longer active because it was canceled 13670 // by the originating account. 13671 // 13672 // * ACCEPTED: This handshake is complete because it has been accepted by 13673 // the recipient. 13674 // 13675 // * DECLINED: This handshake is no longer active because it was declined 13676 // by the recipient account. 13677 // 13678 // * EXPIRED: This handshake is no longer active because the originator did 13679 // not receive a response of any kind from the recipient before the expiration 13680 // time (15 days). 13681 State *string `type:"string" enum:"HandshakeState"` 13682} 13683 13684// String returns the string representation 13685func (s Handshake) String() string { 13686 return awsutil.Prettify(s) 13687} 13688 13689// GoString returns the string representation 13690func (s Handshake) GoString() string { 13691 return s.String() 13692} 13693 13694// SetAction sets the Action field's value. 13695func (s *Handshake) SetAction(v string) *Handshake { 13696 s.Action = &v 13697 return s 13698} 13699 13700// SetArn sets the Arn field's value. 13701func (s *Handshake) SetArn(v string) *Handshake { 13702 s.Arn = &v 13703 return s 13704} 13705 13706// SetExpirationTimestamp sets the ExpirationTimestamp field's value. 13707func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { 13708 s.ExpirationTimestamp = &v 13709 return s 13710} 13711 13712// SetId sets the Id field's value. 13713func (s *Handshake) SetId(v string) *Handshake { 13714 s.Id = &v 13715 return s 13716} 13717 13718// SetParties sets the Parties field's value. 13719func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { 13720 s.Parties = v 13721 return s 13722} 13723 13724// SetRequestedTimestamp sets the RequestedTimestamp field's value. 13725func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { 13726 s.RequestedTimestamp = &v 13727 return s 13728} 13729 13730// SetResources sets the Resources field's value. 13731func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { 13732 s.Resources = v 13733 return s 13734} 13735 13736// SetState sets the State field's value. 13737func (s *Handshake) SetState(v string) *Handshake { 13738 s.State = &v 13739 return s 13740} 13741 13742// Specifies the criteria that are used to select the handshakes for the operation. 13743type HandshakeFilter struct { 13744 _ struct{} `type:"structure"` 13745 13746 // Specifies the type of handshake action. 13747 // 13748 // If you specify ActionType, you cannot also specify ParentHandshakeId. 13749 ActionType *string `type:"string" enum:"ActionType"` 13750 13751 // Specifies the parent handshake. Only used for handshake types that are a 13752 // child of another type. 13753 // 13754 // If you specify ParentHandshakeId, you cannot also specify ActionType. 13755 // 13756 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13757 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13758 ParentHandshakeId *string `type:"string"` 13759} 13760 13761// String returns the string representation 13762func (s HandshakeFilter) String() string { 13763 return awsutil.Prettify(s) 13764} 13765 13766// GoString returns the string representation 13767func (s HandshakeFilter) GoString() string { 13768 return s.String() 13769} 13770 13771// SetActionType sets the ActionType field's value. 13772func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { 13773 s.ActionType = &v 13774 return s 13775} 13776 13777// SetParentHandshakeId sets the ParentHandshakeId field's value. 13778func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { 13779 s.ParentHandshakeId = &v 13780 return s 13781} 13782 13783// Identifies a participant in a handshake. 13784type HandshakeParty struct { 13785 _ struct{} `type:"structure"` 13786 13787 // The unique identifier (ID) for the party. 13788 // 13789 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 13790 // requires "h-" followed by from 8 to 32 lower-case letters or digits. 13791 // 13792 // Id is a required field 13793 Id *string `min:"1" type:"string" required:"true" sensitive:"true"` 13794 13795 // The type of party. 13796 // 13797 // Type is a required field 13798 Type *string `type:"string" required:"true" enum:"HandshakePartyType"` 13799} 13800 13801// String returns the string representation 13802func (s HandshakeParty) String() string { 13803 return awsutil.Prettify(s) 13804} 13805 13806// GoString returns the string representation 13807func (s HandshakeParty) GoString() string { 13808 return s.String() 13809} 13810 13811// Validate inspects the fields of the type to determine if they are valid. 13812func (s *HandshakeParty) Validate() error { 13813 invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} 13814 if s.Id == nil { 13815 invalidParams.Add(request.NewErrParamRequired("Id")) 13816 } 13817 if s.Id != nil && len(*s.Id) < 1 { 13818 invalidParams.Add(request.NewErrParamMinLen("Id", 1)) 13819 } 13820 if s.Type == nil { 13821 invalidParams.Add(request.NewErrParamRequired("Type")) 13822 } 13823 13824 if invalidParams.Len() > 0 { 13825 return invalidParams 13826 } 13827 return nil 13828} 13829 13830// SetId sets the Id field's value. 13831func (s *HandshakeParty) SetId(v string) *HandshakeParty { 13832 s.Id = &v 13833 return s 13834} 13835 13836// SetType sets the Type field's value. 13837func (s *HandshakeParty) SetType(v string) *HandshakeParty { 13838 s.Type = &v 13839 return s 13840} 13841 13842// Contains additional data that is needed to process a handshake. 13843type HandshakeResource struct { 13844 _ struct{} `type:"structure"` 13845 13846 // When needed, contains an additional array of HandshakeResource objects. 13847 Resources []*HandshakeResource `type:"list"` 13848 13849 // The type of information being passed, specifying how the value is to be interpreted 13850 // by the other party: 13851 // 13852 // * ACCOUNT - Specifies an AWS account ID number. 13853 // 13854 // * ORGANIZATION - Specifies an organization ID number. 13855 // 13856 // * EMAIL - Specifies the email address that is associated with the account 13857 // that receives the handshake. 13858 // 13859 // * OWNER_EMAIL - Specifies the email address associated with the master 13860 // account. Included as information about an organization. 13861 // 13862 // * OWNER_NAME - Specifies the name associated with the master account. 13863 // Included as information about an organization. 13864 // 13865 // * NOTES - Additional text provided by the handshake initiator and intended 13866 // for the recipient to read. 13867 Type *string `type:"string" enum:"HandshakeResourceType"` 13868 13869 // The information that is passed to the other party in the handshake. The format 13870 // of the value string must match the requirements of the specified type. 13871 Value *string `type:"string" sensitive:"true"` 13872} 13873 13874// String returns the string representation 13875func (s HandshakeResource) String() string { 13876 return awsutil.Prettify(s) 13877} 13878 13879// GoString returns the string representation 13880func (s HandshakeResource) GoString() string { 13881 return s.String() 13882} 13883 13884// SetResources sets the Resources field's value. 13885func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { 13886 s.Resources = v 13887 return s 13888} 13889 13890// SetType sets the Type field's value. 13891func (s *HandshakeResource) SetType(v string) *HandshakeResource { 13892 s.Type = &v 13893 return s 13894} 13895 13896// SetValue sets the Value field's value. 13897func (s *HandshakeResource) SetValue(v string) *HandshakeResource { 13898 s.Value = &v 13899 return s 13900} 13901 13902type InviteAccountToOrganizationInput struct { 13903 _ struct{} `type:"structure"` 13904 13905 // Additional information that you want to include in the generated email to 13906 // the recipient account owner. 13907 Notes *string `type:"string" sensitive:"true"` 13908 13909 // The identifier (ID) of the AWS account that you want to invite to join your 13910 // organization. This is a JSON object that contains the following elements: 13911 // 13912 // { "Type": "ACCOUNT", "Id": "< account id number >" } 13913 // 13914 // If you use the AWS CLI, you can submit this as a single string, similar to 13915 // the following example: 13916 // 13917 // --target Id=123456789012,Type=ACCOUNT 13918 // 13919 // If you specify "Type": "ACCOUNT", you must provide the AWS account ID number 13920 // as the Id. If you specify "Type": "EMAIL", you must specify the email address 13921 // that is associated with the account. 13922 // 13923 // --target Id=diego@example.com,Type=EMAIL 13924 // 13925 // Target is a required field 13926 Target *HandshakeParty `type:"structure" required:"true"` 13927} 13928 13929// String returns the string representation 13930func (s InviteAccountToOrganizationInput) String() string { 13931 return awsutil.Prettify(s) 13932} 13933 13934// GoString returns the string representation 13935func (s InviteAccountToOrganizationInput) GoString() string { 13936 return s.String() 13937} 13938 13939// Validate inspects the fields of the type to determine if they are valid. 13940func (s *InviteAccountToOrganizationInput) Validate() error { 13941 invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} 13942 if s.Target == nil { 13943 invalidParams.Add(request.NewErrParamRequired("Target")) 13944 } 13945 if s.Target != nil { 13946 if err := s.Target.Validate(); err != nil { 13947 invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) 13948 } 13949 } 13950 13951 if invalidParams.Len() > 0 { 13952 return invalidParams 13953 } 13954 return nil 13955} 13956 13957// SetNotes sets the Notes field's value. 13958func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { 13959 s.Notes = &v 13960 return s 13961} 13962 13963// SetTarget sets the Target field's value. 13964func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { 13965 s.Target = v 13966 return s 13967} 13968 13969type InviteAccountToOrganizationOutput struct { 13970 _ struct{} `type:"structure"` 13971 13972 // A structure that contains details about the handshake that is created to 13973 // support this invitation request. 13974 Handshake *Handshake `type:"structure"` 13975} 13976 13977// String returns the string representation 13978func (s InviteAccountToOrganizationOutput) String() string { 13979 return awsutil.Prettify(s) 13980} 13981 13982// GoString returns the string representation 13983func (s InviteAccountToOrganizationOutput) GoString() string { 13984 return s.String() 13985} 13986 13987// SetHandshake sets the Handshake field's value. 13988func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { 13989 s.Handshake = v 13990 return s 13991} 13992 13993type LeaveOrganizationInput struct { 13994 _ struct{} `type:"structure"` 13995} 13996 13997// String returns the string representation 13998func (s LeaveOrganizationInput) String() string { 13999 return awsutil.Prettify(s) 14000} 14001 14002// GoString returns the string representation 14003func (s LeaveOrganizationInput) GoString() string { 14004 return s.String() 14005} 14006 14007type LeaveOrganizationOutput struct { 14008 _ struct{} `type:"structure"` 14009} 14010 14011// String returns the string representation 14012func (s LeaveOrganizationOutput) String() string { 14013 return awsutil.Prettify(s) 14014} 14015 14016// GoString returns the string representation 14017func (s LeaveOrganizationOutput) GoString() string { 14018 return s.String() 14019} 14020 14021type ListAWSServiceAccessForOrganizationInput struct { 14022 _ struct{} `type:"structure"` 14023 14024 // (Optional) Use this to limit the number of results you want included per 14025 // page in the response. If you do not include this parameter, it defaults to 14026 // a value that is specific to the operation. If additional items exist beyond 14027 // the maximum you specify, the NextToken response element is present and has 14028 // a value (is not null). Include that value as the NextToken request parameter 14029 // in the next call to the operation to get the next part of the results. Note 14030 // that Organizations might return fewer results than the maximum even when 14031 // there are more results available. You should check NextToken after every 14032 // operation to ensure that you receive all of the results. 14033 MaxResults *int64 `min:"1" type:"integer"` 14034 14035 // Use this parameter if you receive a NextToken response in a previous request 14036 // that indicates that there is more output available. Set it to the value of 14037 // the previous call's NextToken response to indicate where the output should 14038 // continue from. 14039 NextToken *string `type:"string"` 14040} 14041 14042// String returns the string representation 14043func (s ListAWSServiceAccessForOrganizationInput) String() string { 14044 return awsutil.Prettify(s) 14045} 14046 14047// GoString returns the string representation 14048func (s ListAWSServiceAccessForOrganizationInput) GoString() string { 14049 return s.String() 14050} 14051 14052// Validate inspects the fields of the type to determine if they are valid. 14053func (s *ListAWSServiceAccessForOrganizationInput) Validate() error { 14054 invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"} 14055 if s.MaxResults != nil && *s.MaxResults < 1 { 14056 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14057 } 14058 14059 if invalidParams.Len() > 0 { 14060 return invalidParams 14061 } 14062 return nil 14063} 14064 14065// SetMaxResults sets the MaxResults field's value. 14066func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput { 14067 s.MaxResults = &v 14068 return s 14069} 14070 14071// SetNextToken sets the NextToken field's value. 14072func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput { 14073 s.NextToken = &v 14074 return s 14075} 14076 14077type ListAWSServiceAccessForOrganizationOutput struct { 14078 _ struct{} `type:"structure"` 14079 14080 // A list of the service principals for the services that are enabled to integrate 14081 // with your organization. Each principal is a structure that includes the name 14082 // and the date that it was enabled for integration with AWS Organizations. 14083 EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"` 14084 14085 // If present, this value indicates that there is more output available than 14086 // is included in the current response. Use this value in the NextToken request 14087 // parameter in a subsequent call to the operation to get the next part of the 14088 // output. You should repeat this until the NextToken response element comes 14089 // back as null. 14090 NextToken *string `type:"string"` 14091} 14092 14093// String returns the string representation 14094func (s ListAWSServiceAccessForOrganizationOutput) String() string { 14095 return awsutil.Prettify(s) 14096} 14097 14098// GoString returns the string representation 14099func (s ListAWSServiceAccessForOrganizationOutput) GoString() string { 14100 return s.String() 14101} 14102 14103// SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value. 14104func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput { 14105 s.EnabledServicePrincipals = v 14106 return s 14107} 14108 14109// SetNextToken sets the NextToken field's value. 14110func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput { 14111 s.NextToken = &v 14112 return s 14113} 14114 14115type ListAccountsForParentInput struct { 14116 _ struct{} `type:"structure"` 14117 14118 // (Optional) Use this to limit the number of results you want included per 14119 // page in the response. If you do not include this parameter, it defaults to 14120 // a value that is specific to the operation. If additional items exist beyond 14121 // the maximum you specify, the NextToken response element is present and has 14122 // a value (is not null). Include that value as the NextToken request parameter 14123 // in the next call to the operation to get the next part of the results. Note 14124 // that Organizations might return fewer results than the maximum even when 14125 // there are more results available. You should check NextToken after every 14126 // operation to ensure that you receive all of the results. 14127 MaxResults *int64 `min:"1" type:"integer"` 14128 14129 // Use this parameter if you receive a NextToken response in a previous request 14130 // that indicates that there is more output available. Set it to the value of 14131 // the previous call's NextToken response to indicate where the output should 14132 // continue from. 14133 NextToken *string `type:"string"` 14134 14135 // The unique identifier (ID) for the parent root or organization unit (OU) 14136 // whose accounts you want to list. 14137 // 14138 // ParentId is a required field 14139 ParentId *string `type:"string" required:"true"` 14140} 14141 14142// String returns the string representation 14143func (s ListAccountsForParentInput) String() string { 14144 return awsutil.Prettify(s) 14145} 14146 14147// GoString returns the string representation 14148func (s ListAccountsForParentInput) GoString() string { 14149 return s.String() 14150} 14151 14152// Validate inspects the fields of the type to determine if they are valid. 14153func (s *ListAccountsForParentInput) Validate() error { 14154 invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} 14155 if s.MaxResults != nil && *s.MaxResults < 1 { 14156 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14157 } 14158 if s.ParentId == nil { 14159 invalidParams.Add(request.NewErrParamRequired("ParentId")) 14160 } 14161 14162 if invalidParams.Len() > 0 { 14163 return invalidParams 14164 } 14165 return nil 14166} 14167 14168// SetMaxResults sets the MaxResults field's value. 14169func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { 14170 s.MaxResults = &v 14171 return s 14172} 14173 14174// SetNextToken sets the NextToken field's value. 14175func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { 14176 s.NextToken = &v 14177 return s 14178} 14179 14180// SetParentId sets the ParentId field's value. 14181func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { 14182 s.ParentId = &v 14183 return s 14184} 14185 14186type ListAccountsForParentOutput struct { 14187 _ struct{} `type:"structure"` 14188 14189 // A list of the accounts in the specified root or OU. 14190 Accounts []*Account `type:"list"` 14191 14192 // If present, this value indicates that there is more output available than 14193 // is included in the current response. Use this value in the NextToken request 14194 // parameter in a subsequent call to the operation to get the next part of the 14195 // output. You should repeat this until the NextToken response element comes 14196 // back as null. 14197 NextToken *string `type:"string"` 14198} 14199 14200// String returns the string representation 14201func (s ListAccountsForParentOutput) String() string { 14202 return awsutil.Prettify(s) 14203} 14204 14205// GoString returns the string representation 14206func (s ListAccountsForParentOutput) GoString() string { 14207 return s.String() 14208} 14209 14210// SetAccounts sets the Accounts field's value. 14211func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { 14212 s.Accounts = v 14213 return s 14214} 14215 14216// SetNextToken sets the NextToken field's value. 14217func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { 14218 s.NextToken = &v 14219 return s 14220} 14221 14222type ListAccountsInput struct { 14223 _ struct{} `type:"structure"` 14224 14225 // (Optional) Use this to limit the number of results you want included per 14226 // page in the response. If you do not include this parameter, it defaults to 14227 // a value that is specific to the operation. If additional items exist beyond 14228 // the maximum you specify, the NextToken response element is present and has 14229 // a value (is not null). Include that value as the NextToken request parameter 14230 // in the next call to the operation to get the next part of the results. Note 14231 // that Organizations might return fewer results than the maximum even when 14232 // there are more results available. You should check NextToken after every 14233 // operation to ensure that you receive all of the results. 14234 MaxResults *int64 `min:"1" type:"integer"` 14235 14236 // Use this parameter if you receive a NextToken response in a previous request 14237 // that indicates that there is more output available. Set it to the value of 14238 // the previous call's NextToken response to indicate where the output should 14239 // continue from. 14240 NextToken *string `type:"string"` 14241} 14242 14243// String returns the string representation 14244func (s ListAccountsInput) String() string { 14245 return awsutil.Prettify(s) 14246} 14247 14248// GoString returns the string representation 14249func (s ListAccountsInput) GoString() string { 14250 return s.String() 14251} 14252 14253// Validate inspects the fields of the type to determine if they are valid. 14254func (s *ListAccountsInput) Validate() error { 14255 invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} 14256 if s.MaxResults != nil && *s.MaxResults < 1 { 14257 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14258 } 14259 14260 if invalidParams.Len() > 0 { 14261 return invalidParams 14262 } 14263 return nil 14264} 14265 14266// SetMaxResults sets the MaxResults field's value. 14267func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { 14268 s.MaxResults = &v 14269 return s 14270} 14271 14272// SetNextToken sets the NextToken field's value. 14273func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { 14274 s.NextToken = &v 14275 return s 14276} 14277 14278type ListAccountsOutput struct { 14279 _ struct{} `type:"structure"` 14280 14281 // A list of objects in the organization. 14282 Accounts []*Account `type:"list"` 14283 14284 // If present, this value indicates that there is more output available than 14285 // is included in the current response. Use this value in the NextToken request 14286 // parameter in a subsequent call to the operation to get the next part of the 14287 // output. You should repeat this until the NextToken response element comes 14288 // back as null. 14289 NextToken *string `type:"string"` 14290} 14291 14292// String returns the string representation 14293func (s ListAccountsOutput) String() string { 14294 return awsutil.Prettify(s) 14295} 14296 14297// GoString returns the string representation 14298func (s ListAccountsOutput) GoString() string { 14299 return s.String() 14300} 14301 14302// SetAccounts sets the Accounts field's value. 14303func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { 14304 s.Accounts = v 14305 return s 14306} 14307 14308// SetNextToken sets the NextToken field's value. 14309func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { 14310 s.NextToken = &v 14311 return s 14312} 14313 14314type ListChildrenInput struct { 14315 _ struct{} `type:"structure"` 14316 14317 // Filters the output to include only the specified child type. 14318 // 14319 // ChildType is a required field 14320 ChildType *string `type:"string" required:"true" enum:"ChildType"` 14321 14322 // (Optional) Use this to limit the number of results you want included per 14323 // page in the response. If you do not include this parameter, it defaults to 14324 // a value that is specific to the operation. If additional items exist beyond 14325 // the maximum you specify, the NextToken response element is present and has 14326 // a value (is not null). Include that value as the NextToken request parameter 14327 // in the next call to the operation to get the next part of the results. Note 14328 // that Organizations might return fewer results than the maximum even when 14329 // there are more results available. You should check NextToken after every 14330 // operation to ensure that you receive all of the results. 14331 MaxResults *int64 `min:"1" type:"integer"` 14332 14333 // Use this parameter if you receive a NextToken response in a previous request 14334 // that indicates that there is more output available. Set it to the value of 14335 // the previous call's NextToken response to indicate where the output should 14336 // continue from. 14337 NextToken *string `type:"string"` 14338 14339 // The unique identifier (ID) for the parent root or OU whose children you want 14340 // to list. 14341 // 14342 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 14343 // requires one of the following: 14344 // 14345 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 14346 // letters or digits. 14347 // 14348 // * Organizational unit (OU) - A string that begins with "ou-" followed 14349 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 14350 // OU is in). This string is followed by a second "-" dash and from 8 to 14351 // 32 additional lowercase letters or digits. 14352 // 14353 // ParentId is a required field 14354 ParentId *string `type:"string" required:"true"` 14355} 14356 14357// String returns the string representation 14358func (s ListChildrenInput) String() string { 14359 return awsutil.Prettify(s) 14360} 14361 14362// GoString returns the string representation 14363func (s ListChildrenInput) GoString() string { 14364 return s.String() 14365} 14366 14367// Validate inspects the fields of the type to determine if they are valid. 14368func (s *ListChildrenInput) Validate() error { 14369 invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} 14370 if s.ChildType == nil { 14371 invalidParams.Add(request.NewErrParamRequired("ChildType")) 14372 } 14373 if s.MaxResults != nil && *s.MaxResults < 1 { 14374 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14375 } 14376 if s.ParentId == nil { 14377 invalidParams.Add(request.NewErrParamRequired("ParentId")) 14378 } 14379 14380 if invalidParams.Len() > 0 { 14381 return invalidParams 14382 } 14383 return nil 14384} 14385 14386// SetChildType sets the ChildType field's value. 14387func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { 14388 s.ChildType = &v 14389 return s 14390} 14391 14392// SetMaxResults sets the MaxResults field's value. 14393func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { 14394 s.MaxResults = &v 14395 return s 14396} 14397 14398// SetNextToken sets the NextToken field's value. 14399func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { 14400 s.NextToken = &v 14401 return s 14402} 14403 14404// SetParentId sets the ParentId field's value. 14405func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { 14406 s.ParentId = &v 14407 return s 14408} 14409 14410type ListChildrenOutput struct { 14411 _ struct{} `type:"structure"` 14412 14413 // The list of children of the specified parent container. 14414 Children []*Child `type:"list"` 14415 14416 // If present, this value indicates that there is more output available than 14417 // is included in the current response. Use this value in the NextToken request 14418 // parameter in a subsequent call to the operation to get the next part of the 14419 // output. You should repeat this until the NextToken response element comes 14420 // back as null. 14421 NextToken *string `type:"string"` 14422} 14423 14424// String returns the string representation 14425func (s ListChildrenOutput) String() string { 14426 return awsutil.Prettify(s) 14427} 14428 14429// GoString returns the string representation 14430func (s ListChildrenOutput) GoString() string { 14431 return s.String() 14432} 14433 14434// SetChildren sets the Children field's value. 14435func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { 14436 s.Children = v 14437 return s 14438} 14439 14440// SetNextToken sets the NextToken field's value. 14441func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { 14442 s.NextToken = &v 14443 return s 14444} 14445 14446type ListCreateAccountStatusInput struct { 14447 _ struct{} `type:"structure"` 14448 14449 // (Optional) Use this to limit the number of results you want included per 14450 // page in the response. If you do not include this parameter, it defaults to 14451 // a value that is specific to the operation. If additional items exist beyond 14452 // the maximum you specify, the NextToken response element is present and has 14453 // a value (is not null). Include that value as the NextToken request parameter 14454 // in the next call to the operation to get the next part of the results. Note 14455 // that Organizations might return fewer results than the maximum even when 14456 // there are more results available. You should check NextToken after every 14457 // operation to ensure that you receive all of the results. 14458 MaxResults *int64 `min:"1" type:"integer"` 14459 14460 // Use this parameter if you receive a NextToken response in a previous request 14461 // that indicates that there is more output available. Set it to the value of 14462 // the previous call's NextToken response to indicate where the output should 14463 // continue from. 14464 NextToken *string `type:"string"` 14465 14466 // A list of one or more states that you want included in the response. If this 14467 // parameter isn't present, all requests are included in the response. 14468 States []*string `type:"list"` 14469} 14470 14471// String returns the string representation 14472func (s ListCreateAccountStatusInput) String() string { 14473 return awsutil.Prettify(s) 14474} 14475 14476// GoString returns the string representation 14477func (s ListCreateAccountStatusInput) GoString() string { 14478 return s.String() 14479} 14480 14481// Validate inspects the fields of the type to determine if they are valid. 14482func (s *ListCreateAccountStatusInput) Validate() error { 14483 invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} 14484 if s.MaxResults != nil && *s.MaxResults < 1 { 14485 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14486 } 14487 14488 if invalidParams.Len() > 0 { 14489 return invalidParams 14490 } 14491 return nil 14492} 14493 14494// SetMaxResults sets the MaxResults field's value. 14495func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { 14496 s.MaxResults = &v 14497 return s 14498} 14499 14500// SetNextToken sets the NextToken field's value. 14501func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { 14502 s.NextToken = &v 14503 return s 14504} 14505 14506// SetStates sets the States field's value. 14507func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { 14508 s.States = v 14509 return s 14510} 14511 14512type ListCreateAccountStatusOutput struct { 14513 _ struct{} `type:"structure"` 14514 14515 // A list of objects with details about the requests. Certain elements, such 14516 // as the accountId number, are present in the output only after the account 14517 // has been successfully created. 14518 CreateAccountStatuses []*CreateAccountStatus `type:"list"` 14519 14520 // If present, this value indicates that there is more output available than 14521 // is included in the current response. Use this value in the NextToken request 14522 // parameter in a subsequent call to the operation to get the next part of the 14523 // output. You should repeat this until the NextToken response element comes 14524 // back as null. 14525 NextToken *string `type:"string"` 14526} 14527 14528// String returns the string representation 14529func (s ListCreateAccountStatusOutput) String() string { 14530 return awsutil.Prettify(s) 14531} 14532 14533// GoString returns the string representation 14534func (s ListCreateAccountStatusOutput) GoString() string { 14535 return s.String() 14536} 14537 14538// SetCreateAccountStatuses sets the CreateAccountStatuses field's value. 14539func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { 14540 s.CreateAccountStatuses = v 14541 return s 14542} 14543 14544// SetNextToken sets the NextToken field's value. 14545func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { 14546 s.NextToken = &v 14547 return s 14548} 14549 14550type ListHandshakesForAccountInput struct { 14551 _ struct{} `type:"structure"` 14552 14553 // Filters the handshakes that you want included in the response. The default 14554 // is all types. Use the ActionType element to limit the output to only a specified 14555 // type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, 14556 // you can specify the ENABLE_ALL_FEATURES handshake, which generates a separate 14557 // child handshake for each member account. When you do specify ParentHandshakeId 14558 // to see only the handshakes that were generated by that parent request. 14559 Filter *HandshakeFilter `type:"structure"` 14560 14561 // (Optional) Use this to limit the number of results you want included per 14562 // page in the response. If you do not include this parameter, it defaults to 14563 // a value that is specific to the operation. If additional items exist beyond 14564 // the maximum you specify, the NextToken response element is present and has 14565 // a value (is not null). Include that value as the NextToken request parameter 14566 // in the next call to the operation to get the next part of the results. Note 14567 // that Organizations might return fewer results than the maximum even when 14568 // there are more results available. You should check NextToken after every 14569 // operation to ensure that you receive all of the results. 14570 MaxResults *int64 `min:"1" type:"integer"` 14571 14572 // Use this parameter if you receive a NextToken response in a previous request 14573 // that indicates that there is more output available. Set it to the value of 14574 // the previous call's NextToken response to indicate where the output should 14575 // continue from. 14576 NextToken *string `type:"string"` 14577} 14578 14579// String returns the string representation 14580func (s ListHandshakesForAccountInput) String() string { 14581 return awsutil.Prettify(s) 14582} 14583 14584// GoString returns the string representation 14585func (s ListHandshakesForAccountInput) GoString() string { 14586 return s.String() 14587} 14588 14589// Validate inspects the fields of the type to determine if they are valid. 14590func (s *ListHandshakesForAccountInput) Validate() error { 14591 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} 14592 if s.MaxResults != nil && *s.MaxResults < 1 { 14593 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14594 } 14595 14596 if invalidParams.Len() > 0 { 14597 return invalidParams 14598 } 14599 return nil 14600} 14601 14602// SetFilter sets the Filter field's value. 14603func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { 14604 s.Filter = v 14605 return s 14606} 14607 14608// SetMaxResults sets the MaxResults field's value. 14609func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { 14610 s.MaxResults = &v 14611 return s 14612} 14613 14614// SetNextToken sets the NextToken field's value. 14615func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { 14616 s.NextToken = &v 14617 return s 14618} 14619 14620type ListHandshakesForAccountOutput struct { 14621 _ struct{} `type:"structure"` 14622 14623 // A list of Handshake objects with details about each of the handshakes that 14624 // is associated with the specified account. 14625 Handshakes []*Handshake `type:"list"` 14626 14627 // If present, this value indicates that there is more output available than 14628 // is included in the current response. Use this value in the NextToken request 14629 // parameter in a subsequent call to the operation to get the next part of the 14630 // output. You should repeat this until the NextToken response element comes 14631 // back as null. 14632 NextToken *string `type:"string"` 14633} 14634 14635// String returns the string representation 14636func (s ListHandshakesForAccountOutput) String() string { 14637 return awsutil.Prettify(s) 14638} 14639 14640// GoString returns the string representation 14641func (s ListHandshakesForAccountOutput) GoString() string { 14642 return s.String() 14643} 14644 14645// SetHandshakes sets the Handshakes field's value. 14646func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { 14647 s.Handshakes = v 14648 return s 14649} 14650 14651// SetNextToken sets the NextToken field's value. 14652func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { 14653 s.NextToken = &v 14654 return s 14655} 14656 14657type ListHandshakesForOrganizationInput struct { 14658 _ struct{} `type:"structure"` 14659 14660 // A filter of the handshakes that you want included in the response. The default 14661 // is all types. Use the ActionType element to limit the output to only a specified 14662 // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, 14663 // you can specify the ENABLE-ALL-FEATURES handshake, which generates a separate 14664 // child handshake for each member account. When you do, specify the ParentHandshakeId 14665 // to see only the handshakes that were generated by that parent request. 14666 Filter *HandshakeFilter `type:"structure"` 14667 14668 // (Optional) Use this to limit the number of results you want included per 14669 // page in the response. If you do not include this parameter, it defaults to 14670 // a value that is specific to the operation. If additional items exist beyond 14671 // the maximum you specify, the NextToken response element is present and has 14672 // a value (is not null). Include that value as the NextToken request parameter 14673 // in the next call to the operation to get the next part of the results. Note 14674 // that Organizations might return fewer results than the maximum even when 14675 // there are more results available. You should check NextToken after every 14676 // operation to ensure that you receive all of the results. 14677 MaxResults *int64 `min:"1" type:"integer"` 14678 14679 // Use this parameter if you receive a NextToken response in a previous request 14680 // that indicates that there is more output available. Set it to the value of 14681 // the previous call's NextToken response to indicate where the output should 14682 // continue from. 14683 NextToken *string `type:"string"` 14684} 14685 14686// String returns the string representation 14687func (s ListHandshakesForOrganizationInput) String() string { 14688 return awsutil.Prettify(s) 14689} 14690 14691// GoString returns the string representation 14692func (s ListHandshakesForOrganizationInput) GoString() string { 14693 return s.String() 14694} 14695 14696// Validate inspects the fields of the type to determine if they are valid. 14697func (s *ListHandshakesForOrganizationInput) Validate() error { 14698 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} 14699 if s.MaxResults != nil && *s.MaxResults < 1 { 14700 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14701 } 14702 14703 if invalidParams.Len() > 0 { 14704 return invalidParams 14705 } 14706 return nil 14707} 14708 14709// SetFilter sets the Filter field's value. 14710func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { 14711 s.Filter = v 14712 return s 14713} 14714 14715// SetMaxResults sets the MaxResults field's value. 14716func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { 14717 s.MaxResults = &v 14718 return s 14719} 14720 14721// SetNextToken sets the NextToken field's value. 14722func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { 14723 s.NextToken = &v 14724 return s 14725} 14726 14727type ListHandshakesForOrganizationOutput struct { 14728 _ struct{} `type:"structure"` 14729 14730 // A list of Handshake objects with details about each of the handshakes that 14731 // are associated with an organization. 14732 Handshakes []*Handshake `type:"list"` 14733 14734 // If present, this value indicates that there is more output available than 14735 // is included in the current response. Use this value in the NextToken request 14736 // parameter in a subsequent call to the operation to get the next part of the 14737 // output. You should repeat this until the NextToken response element comes 14738 // back as null. 14739 NextToken *string `type:"string"` 14740} 14741 14742// String returns the string representation 14743func (s ListHandshakesForOrganizationOutput) String() string { 14744 return awsutil.Prettify(s) 14745} 14746 14747// GoString returns the string representation 14748func (s ListHandshakesForOrganizationOutput) GoString() string { 14749 return s.String() 14750} 14751 14752// SetHandshakes sets the Handshakes field's value. 14753func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { 14754 s.Handshakes = v 14755 return s 14756} 14757 14758// SetNextToken sets the NextToken field's value. 14759func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { 14760 s.NextToken = &v 14761 return s 14762} 14763 14764type ListOrganizationalUnitsForParentInput struct { 14765 _ struct{} `type:"structure"` 14766 14767 // (Optional) Use this to limit the number of results you want included per 14768 // page in the response. If you do not include this parameter, it defaults to 14769 // a value that is specific to the operation. If additional items exist beyond 14770 // the maximum you specify, the NextToken response element is present and has 14771 // a value (is not null). Include that value as the NextToken request parameter 14772 // in the next call to the operation to get the next part of the results. Note 14773 // that Organizations might return fewer results than the maximum even when 14774 // there are more results available. You should check NextToken after every 14775 // operation to ensure that you receive all of the results. 14776 MaxResults *int64 `min:"1" type:"integer"` 14777 14778 // Use this parameter if you receive a NextToken response in a previous request 14779 // that indicates that there is more output available. Set it to the value of 14780 // the previous call's NextToken response to indicate where the output should 14781 // continue from. 14782 NextToken *string `type:"string"` 14783 14784 // The unique identifier (ID) of the root or OU whose child OUs you want to 14785 // list. 14786 // 14787 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 14788 // requires one of the following: 14789 // 14790 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 14791 // letters or digits. 14792 // 14793 // * Organizational unit (OU) - A string that begins with "ou-" followed 14794 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 14795 // OU is in). This string is followed by a second "-" dash and from 8 to 14796 // 32 additional lowercase letters or digits. 14797 // 14798 // ParentId is a required field 14799 ParentId *string `type:"string" required:"true"` 14800} 14801 14802// String returns the string representation 14803func (s ListOrganizationalUnitsForParentInput) String() string { 14804 return awsutil.Prettify(s) 14805} 14806 14807// GoString returns the string representation 14808func (s ListOrganizationalUnitsForParentInput) GoString() string { 14809 return s.String() 14810} 14811 14812// Validate inspects the fields of the type to determine if they are valid. 14813func (s *ListOrganizationalUnitsForParentInput) Validate() error { 14814 invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} 14815 if s.MaxResults != nil && *s.MaxResults < 1 { 14816 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14817 } 14818 if s.ParentId == nil { 14819 invalidParams.Add(request.NewErrParamRequired("ParentId")) 14820 } 14821 14822 if invalidParams.Len() > 0 { 14823 return invalidParams 14824 } 14825 return nil 14826} 14827 14828// SetMaxResults sets the MaxResults field's value. 14829func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { 14830 s.MaxResults = &v 14831 return s 14832} 14833 14834// SetNextToken sets the NextToken field's value. 14835func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { 14836 s.NextToken = &v 14837 return s 14838} 14839 14840// SetParentId sets the ParentId field's value. 14841func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { 14842 s.ParentId = &v 14843 return s 14844} 14845 14846type ListOrganizationalUnitsForParentOutput struct { 14847 _ struct{} `type:"structure"` 14848 14849 // If present, this value indicates that there is more output available than 14850 // is included in the current response. Use this value in the NextToken request 14851 // parameter in a subsequent call to the operation to get the next part of the 14852 // output. You should repeat this until the NextToken response element comes 14853 // back as null. 14854 NextToken *string `type:"string"` 14855 14856 // A list of the OUs in the specified root or parent OU. 14857 OrganizationalUnits []*OrganizationalUnit `type:"list"` 14858} 14859 14860// String returns the string representation 14861func (s ListOrganizationalUnitsForParentOutput) String() string { 14862 return awsutil.Prettify(s) 14863} 14864 14865// GoString returns the string representation 14866func (s ListOrganizationalUnitsForParentOutput) GoString() string { 14867 return s.String() 14868} 14869 14870// SetNextToken sets the NextToken field's value. 14871func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { 14872 s.NextToken = &v 14873 return s 14874} 14875 14876// SetOrganizationalUnits sets the OrganizationalUnits field's value. 14877func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { 14878 s.OrganizationalUnits = v 14879 return s 14880} 14881 14882type ListParentsInput struct { 14883 _ struct{} `type:"structure"` 14884 14885 // The unique identifier (ID) of the OU or account whose parent containers you 14886 // want to list. Don't specify a root. 14887 // 14888 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 14889 // requires one of the following: 14890 // 14891 // * Account - A string that consists of exactly 12 digits. 14892 // 14893 // * Organizational unit (OU) - A string that begins with "ou-" followed 14894 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 14895 // the OU). This string is followed by a second "-" dash and from 8 to 32 14896 // additional lowercase letters or digits. 14897 // 14898 // ChildId is a required field 14899 ChildId *string `type:"string" required:"true"` 14900 14901 // (Optional) Use this to limit the number of results you want included per 14902 // page in the response. If you do not include this parameter, it defaults to 14903 // a value that is specific to the operation. If additional items exist beyond 14904 // the maximum you specify, the NextToken response element is present and has 14905 // a value (is not null). Include that value as the NextToken request parameter 14906 // in the next call to the operation to get the next part of the results. Note 14907 // that Organizations might return fewer results than the maximum even when 14908 // there are more results available. You should check NextToken after every 14909 // operation to ensure that you receive all of the results. 14910 MaxResults *int64 `min:"1" type:"integer"` 14911 14912 // Use this parameter if you receive a NextToken response in a previous request 14913 // that indicates that there is more output available. Set it to the value of 14914 // the previous call's NextToken response to indicate where the output should 14915 // continue from. 14916 NextToken *string `type:"string"` 14917} 14918 14919// String returns the string representation 14920func (s ListParentsInput) String() string { 14921 return awsutil.Prettify(s) 14922} 14923 14924// GoString returns the string representation 14925func (s ListParentsInput) GoString() string { 14926 return s.String() 14927} 14928 14929// Validate inspects the fields of the type to determine if they are valid. 14930func (s *ListParentsInput) Validate() error { 14931 invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} 14932 if s.ChildId == nil { 14933 invalidParams.Add(request.NewErrParamRequired("ChildId")) 14934 } 14935 if s.MaxResults != nil && *s.MaxResults < 1 { 14936 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 14937 } 14938 14939 if invalidParams.Len() > 0 { 14940 return invalidParams 14941 } 14942 return nil 14943} 14944 14945// SetChildId sets the ChildId field's value. 14946func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { 14947 s.ChildId = &v 14948 return s 14949} 14950 14951// SetMaxResults sets the MaxResults field's value. 14952func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { 14953 s.MaxResults = &v 14954 return s 14955} 14956 14957// SetNextToken sets the NextToken field's value. 14958func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { 14959 s.NextToken = &v 14960 return s 14961} 14962 14963type ListParentsOutput struct { 14964 _ struct{} `type:"structure"` 14965 14966 // If present, this value indicates that there is more output available than 14967 // is included in the current response. Use this value in the NextToken request 14968 // parameter in a subsequent call to the operation to get the next part of the 14969 // output. You should repeat this until the NextToken response element comes 14970 // back as null. 14971 NextToken *string `type:"string"` 14972 14973 // A list of parents for the specified child account or OU. 14974 Parents []*Parent `type:"list"` 14975} 14976 14977// String returns the string representation 14978func (s ListParentsOutput) String() string { 14979 return awsutil.Prettify(s) 14980} 14981 14982// GoString returns the string representation 14983func (s ListParentsOutput) GoString() string { 14984 return s.String() 14985} 14986 14987// SetNextToken sets the NextToken field's value. 14988func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { 14989 s.NextToken = &v 14990 return s 14991} 14992 14993// SetParents sets the Parents field's value. 14994func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { 14995 s.Parents = v 14996 return s 14997} 14998 14999type ListPoliciesForTargetInput struct { 15000 _ struct{} `type:"structure"` 15001 15002 // The type of policy that you want to include in the returned list. 15003 // 15004 // Filter is a required field 15005 Filter *string `type:"string" required:"true" enum:"PolicyType"` 15006 15007 // (Optional) Use this to limit the number of results you want included per 15008 // page in the response. If you do not include this parameter, it defaults to 15009 // a value that is specific to the operation. If additional items exist beyond 15010 // the maximum you specify, the NextToken response element is present and has 15011 // a value (is not null). Include that value as the NextToken request parameter 15012 // in the next call to the operation to get the next part of the results. Note 15013 // that Organizations might return fewer results than the maximum even when 15014 // there are more results available. You should check NextToken after every 15015 // operation to ensure that you receive all of the results. 15016 MaxResults *int64 `min:"1" type:"integer"` 15017 15018 // Use this parameter if you receive a NextToken response in a previous request 15019 // that indicates that there is more output available. Set it to the value of 15020 // the previous call's NextToken response to indicate where the output should 15021 // continue from. 15022 NextToken *string `type:"string"` 15023 15024 // The unique identifier (ID) of the root, organizational unit, or account whose 15025 // policies you want to list. 15026 // 15027 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 15028 // requires one of the following: 15029 // 15030 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15031 // letters or digits. 15032 // 15033 // * Account - A string that consists of exactly 12 digits. 15034 // 15035 // * Organizational unit (OU) - A string that begins with "ou-" followed 15036 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15037 // OU is in). This string is followed by a second "-" dash and from 8 to 15038 // 32 additional lowercase letters or digits. 15039 // 15040 // TargetId is a required field 15041 TargetId *string `type:"string" required:"true"` 15042} 15043 15044// String returns the string representation 15045func (s ListPoliciesForTargetInput) String() string { 15046 return awsutil.Prettify(s) 15047} 15048 15049// GoString returns the string representation 15050func (s ListPoliciesForTargetInput) GoString() string { 15051 return s.String() 15052} 15053 15054// Validate inspects the fields of the type to determine if they are valid. 15055func (s *ListPoliciesForTargetInput) Validate() error { 15056 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} 15057 if s.Filter == nil { 15058 invalidParams.Add(request.NewErrParamRequired("Filter")) 15059 } 15060 if s.MaxResults != nil && *s.MaxResults < 1 { 15061 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 15062 } 15063 if s.TargetId == nil { 15064 invalidParams.Add(request.NewErrParamRequired("TargetId")) 15065 } 15066 15067 if invalidParams.Len() > 0 { 15068 return invalidParams 15069 } 15070 return nil 15071} 15072 15073// SetFilter sets the Filter field's value. 15074func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { 15075 s.Filter = &v 15076 return s 15077} 15078 15079// SetMaxResults sets the MaxResults field's value. 15080func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { 15081 s.MaxResults = &v 15082 return s 15083} 15084 15085// SetNextToken sets the NextToken field's value. 15086func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { 15087 s.NextToken = &v 15088 return s 15089} 15090 15091// SetTargetId sets the TargetId field's value. 15092func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { 15093 s.TargetId = &v 15094 return s 15095} 15096 15097type ListPoliciesForTargetOutput struct { 15098 _ struct{} `type:"structure"` 15099 15100 // If present, this value indicates that there is more output available than 15101 // is included in the current response. Use this value in the NextToken request 15102 // parameter in a subsequent call to the operation to get the next part of the 15103 // output. You should repeat this until the NextToken response element comes 15104 // back as null. 15105 NextToken *string `type:"string"` 15106 15107 // The list of policies that match the criteria in the request. 15108 Policies []*PolicySummary `type:"list"` 15109} 15110 15111// String returns the string representation 15112func (s ListPoliciesForTargetOutput) String() string { 15113 return awsutil.Prettify(s) 15114} 15115 15116// GoString returns the string representation 15117func (s ListPoliciesForTargetOutput) GoString() string { 15118 return s.String() 15119} 15120 15121// SetNextToken sets the NextToken field's value. 15122func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { 15123 s.NextToken = &v 15124 return s 15125} 15126 15127// SetPolicies sets the Policies field's value. 15128func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { 15129 s.Policies = v 15130 return s 15131} 15132 15133type ListPoliciesInput struct { 15134 _ struct{} `type:"structure"` 15135 15136 // Specifies the type of policy that you want to include in the response. 15137 // 15138 // Filter is a required field 15139 Filter *string `type:"string" required:"true" enum:"PolicyType"` 15140 15141 // (Optional) Use this to limit the number of results you want included per 15142 // page in the response. If you do not include this parameter, it defaults to 15143 // a value that is specific to the operation. If additional items exist beyond 15144 // the maximum you specify, the NextToken response element is present and has 15145 // a value (is not null). Include that value as the NextToken request parameter 15146 // in the next call to the operation to get the next part of the results. Note 15147 // that Organizations might return fewer results than the maximum even when 15148 // there are more results available. You should check NextToken after every 15149 // operation to ensure that you receive all of the results. 15150 MaxResults *int64 `min:"1" type:"integer"` 15151 15152 // Use this parameter if you receive a NextToken response in a previous request 15153 // that indicates that there is more output available. Set it to the value of 15154 // the previous call's NextToken response to indicate where the output should 15155 // continue from. 15156 NextToken *string `type:"string"` 15157} 15158 15159// String returns the string representation 15160func (s ListPoliciesInput) String() string { 15161 return awsutil.Prettify(s) 15162} 15163 15164// GoString returns the string representation 15165func (s ListPoliciesInput) GoString() string { 15166 return s.String() 15167} 15168 15169// Validate inspects the fields of the type to determine if they are valid. 15170func (s *ListPoliciesInput) Validate() error { 15171 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 15172 if s.Filter == nil { 15173 invalidParams.Add(request.NewErrParamRequired("Filter")) 15174 } 15175 if s.MaxResults != nil && *s.MaxResults < 1 { 15176 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 15177 } 15178 15179 if invalidParams.Len() > 0 { 15180 return invalidParams 15181 } 15182 return nil 15183} 15184 15185// SetFilter sets the Filter field's value. 15186func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { 15187 s.Filter = &v 15188 return s 15189} 15190 15191// SetMaxResults sets the MaxResults field's value. 15192func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 15193 s.MaxResults = &v 15194 return s 15195} 15196 15197// SetNextToken sets the NextToken field's value. 15198func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 15199 s.NextToken = &v 15200 return s 15201} 15202 15203type ListPoliciesOutput struct { 15204 _ struct{} `type:"structure"` 15205 15206 // If present, this value indicates that there is more output available than 15207 // is included in the current response. Use this value in the NextToken request 15208 // parameter in a subsequent call to the operation to get the next part of the 15209 // output. You should repeat this until the NextToken response element comes 15210 // back as null. 15211 NextToken *string `type:"string"` 15212 15213 // A list of policies that match the filter criteria in the request. The output 15214 // list doesn't include the policy contents. To see the content for a policy, 15215 // see DescribePolicy. 15216 Policies []*PolicySummary `type:"list"` 15217} 15218 15219// String returns the string representation 15220func (s ListPoliciesOutput) String() string { 15221 return awsutil.Prettify(s) 15222} 15223 15224// GoString returns the string representation 15225func (s ListPoliciesOutput) GoString() string { 15226 return s.String() 15227} 15228 15229// SetNextToken sets the NextToken field's value. 15230func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 15231 s.NextToken = &v 15232 return s 15233} 15234 15235// SetPolicies sets the Policies field's value. 15236func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { 15237 s.Policies = v 15238 return s 15239} 15240 15241type ListRootsInput struct { 15242 _ struct{} `type:"structure"` 15243 15244 // (Optional) Use this to limit the number of results you want included per 15245 // page in the response. If you do not include this parameter, it defaults to 15246 // a value that is specific to the operation. If additional items exist beyond 15247 // the maximum you specify, the NextToken response element is present and has 15248 // a value (is not null). Include that value as the NextToken request parameter 15249 // in the next call to the operation to get the next part of the results. Note 15250 // that Organizations might return fewer results than the maximum even when 15251 // there are more results available. You should check NextToken after every 15252 // operation to ensure that you receive all of the results. 15253 MaxResults *int64 `min:"1" type:"integer"` 15254 15255 // Use this parameter if you receive a NextToken response in a previous request 15256 // that indicates that there is more output available. Set it to the value of 15257 // the previous call's NextToken response to indicate where the output should 15258 // continue from. 15259 NextToken *string `type:"string"` 15260} 15261 15262// String returns the string representation 15263func (s ListRootsInput) String() string { 15264 return awsutil.Prettify(s) 15265} 15266 15267// GoString returns the string representation 15268func (s ListRootsInput) GoString() string { 15269 return s.String() 15270} 15271 15272// Validate inspects the fields of the type to determine if they are valid. 15273func (s *ListRootsInput) Validate() error { 15274 invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} 15275 if s.MaxResults != nil && *s.MaxResults < 1 { 15276 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 15277 } 15278 15279 if invalidParams.Len() > 0 { 15280 return invalidParams 15281 } 15282 return nil 15283} 15284 15285// SetMaxResults sets the MaxResults field's value. 15286func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { 15287 s.MaxResults = &v 15288 return s 15289} 15290 15291// SetNextToken sets the NextToken field's value. 15292func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { 15293 s.NextToken = &v 15294 return s 15295} 15296 15297type ListRootsOutput struct { 15298 _ struct{} `type:"structure"` 15299 15300 // If present, this value indicates that there is more output available than 15301 // is included in the current response. Use this value in the NextToken request 15302 // parameter in a subsequent call to the operation to get the next part of the 15303 // output. You should repeat this until the NextToken response element comes 15304 // back as null. 15305 NextToken *string `type:"string"` 15306 15307 // A list of roots that are defined in an organization. 15308 Roots []*Root `type:"list"` 15309} 15310 15311// String returns the string representation 15312func (s ListRootsOutput) String() string { 15313 return awsutil.Prettify(s) 15314} 15315 15316// GoString returns the string representation 15317func (s ListRootsOutput) GoString() string { 15318 return s.String() 15319} 15320 15321// SetNextToken sets the NextToken field's value. 15322func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { 15323 s.NextToken = &v 15324 return s 15325} 15326 15327// SetRoots sets the Roots field's value. 15328func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { 15329 s.Roots = v 15330 return s 15331} 15332 15333type ListTagsForResourceInput struct { 15334 _ struct{} `type:"structure"` 15335 15336 // Use this parameter if you receive a NextToken response in a previous request 15337 // that indicates that there is more output available. Set it to the value of 15338 // the previous call's NextToken response to indicate where the output should 15339 // continue from. 15340 NextToken *string `type:"string"` 15341 15342 // The ID of the resource that you want to retrieve tags for. 15343 // 15344 // ResourceId is a required field 15345 ResourceId *string `type:"string" required:"true"` 15346} 15347 15348// String returns the string representation 15349func (s ListTagsForResourceInput) String() string { 15350 return awsutil.Prettify(s) 15351} 15352 15353// GoString returns the string representation 15354func (s ListTagsForResourceInput) GoString() string { 15355 return s.String() 15356} 15357 15358// Validate inspects the fields of the type to determine if they are valid. 15359func (s *ListTagsForResourceInput) Validate() error { 15360 invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} 15361 if s.ResourceId == nil { 15362 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 15363 } 15364 15365 if invalidParams.Len() > 0 { 15366 return invalidParams 15367 } 15368 return nil 15369} 15370 15371// SetNextToken sets the NextToken field's value. 15372func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { 15373 s.NextToken = &v 15374 return s 15375} 15376 15377// SetResourceId sets the ResourceId field's value. 15378func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput { 15379 s.ResourceId = &v 15380 return s 15381} 15382 15383type ListTagsForResourceOutput struct { 15384 _ struct{} `type:"structure"` 15385 15386 // If present, this value indicates that there is more output available than 15387 // is included in the current response. Use this value in the NextToken request 15388 // parameter in a subsequent call to the operation to get the next part of the 15389 // output. You should repeat this until the NextToken response element comes 15390 // back as null. 15391 NextToken *string `type:"string"` 15392 15393 // The tags that are assigned to the resource. 15394 Tags []*Tag `type:"list"` 15395} 15396 15397// String returns the string representation 15398func (s ListTagsForResourceOutput) String() string { 15399 return awsutil.Prettify(s) 15400} 15401 15402// GoString returns the string representation 15403func (s ListTagsForResourceOutput) GoString() string { 15404 return s.String() 15405} 15406 15407// SetNextToken sets the NextToken field's value. 15408func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { 15409 s.NextToken = &v 15410 return s 15411} 15412 15413// SetTags sets the Tags field's value. 15414func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { 15415 s.Tags = v 15416 return s 15417} 15418 15419type ListTargetsForPolicyInput struct { 15420 _ struct{} `type:"structure"` 15421 15422 // (Optional) Use this to limit the number of results you want included per 15423 // page in the response. If you do not include this parameter, it defaults to 15424 // a value that is specific to the operation. If additional items exist beyond 15425 // the maximum you specify, the NextToken response element is present and has 15426 // a value (is not null). Include that value as the NextToken request parameter 15427 // in the next call to the operation to get the next part of the results. Note 15428 // that Organizations might return fewer results than the maximum even when 15429 // there are more results available. You should check NextToken after every 15430 // operation to ensure that you receive all of the results. 15431 MaxResults *int64 `min:"1" type:"integer"` 15432 15433 // Use this parameter if you receive a NextToken response in a previous request 15434 // that indicates that there is more output available. Set it to the value of 15435 // the previous call's NextToken response to indicate where the output should 15436 // continue from. 15437 NextToken *string `type:"string"` 15438 15439 // The unique identifier (ID) of the policy whose attachments you want to know. 15440 // 15441 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15442 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 15443 // 15444 // PolicyId is a required field 15445 PolicyId *string `type:"string" required:"true"` 15446} 15447 15448// String returns the string representation 15449func (s ListTargetsForPolicyInput) String() string { 15450 return awsutil.Prettify(s) 15451} 15452 15453// GoString returns the string representation 15454func (s ListTargetsForPolicyInput) GoString() string { 15455 return s.String() 15456} 15457 15458// Validate inspects the fields of the type to determine if they are valid. 15459func (s *ListTargetsForPolicyInput) Validate() error { 15460 invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} 15461 if s.MaxResults != nil && *s.MaxResults < 1 { 15462 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 15463 } 15464 if s.PolicyId == nil { 15465 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 15466 } 15467 15468 if invalidParams.Len() > 0 { 15469 return invalidParams 15470 } 15471 return nil 15472} 15473 15474// SetMaxResults sets the MaxResults field's value. 15475func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { 15476 s.MaxResults = &v 15477 return s 15478} 15479 15480// SetNextToken sets the NextToken field's value. 15481func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { 15482 s.NextToken = &v 15483 return s 15484} 15485 15486// SetPolicyId sets the PolicyId field's value. 15487func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { 15488 s.PolicyId = &v 15489 return s 15490} 15491 15492type ListTargetsForPolicyOutput struct { 15493 _ struct{} `type:"structure"` 15494 15495 // If present, this value indicates that there is more output available than 15496 // is included in the current response. Use this value in the NextToken request 15497 // parameter in a subsequent call to the operation to get the next part of the 15498 // output. You should repeat this until the NextToken response element comes 15499 // back as null. 15500 NextToken *string `type:"string"` 15501 15502 // A list of structures, each of which contains details about one of the entities 15503 // to which the specified policy is attached. 15504 Targets []*PolicyTargetSummary `type:"list"` 15505} 15506 15507// String returns the string representation 15508func (s ListTargetsForPolicyOutput) String() string { 15509 return awsutil.Prettify(s) 15510} 15511 15512// GoString returns the string representation 15513func (s ListTargetsForPolicyOutput) GoString() string { 15514 return s.String() 15515} 15516 15517// SetNextToken sets the NextToken field's value. 15518func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { 15519 s.NextToken = &v 15520 return s 15521} 15522 15523// SetTargets sets the Targets field's value. 15524func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { 15525 s.Targets = v 15526 return s 15527} 15528 15529type MoveAccountInput struct { 15530 _ struct{} `type:"structure"` 15531 15532 // The unique identifier (ID) of the account that you want to move. 15533 // 15534 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15535 // requires exactly 12 digits. 15536 // 15537 // AccountId is a required field 15538 AccountId *string `type:"string" required:"true"` 15539 15540 // The unique identifier (ID) of the root or organizational unit that you want 15541 // to move the account to. 15542 // 15543 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15544 // requires one of the following: 15545 // 15546 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15547 // letters or digits. 15548 // 15549 // * Organizational unit (OU) - A string that begins with "ou-" followed 15550 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15551 // OU is in). This string is followed by a second "-" dash and from 8 to 15552 // 32 additional lowercase letters or digits. 15553 // 15554 // DestinationParentId is a required field 15555 DestinationParentId *string `type:"string" required:"true"` 15556 15557 // The unique identifier (ID) of the root or organizational unit that you want 15558 // to move the account from. 15559 // 15560 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15561 // requires one of the following: 15562 // 15563 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15564 // letters or digits. 15565 // 15566 // * Organizational unit (OU) - A string that begins with "ou-" followed 15567 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15568 // OU is in). This string is followed by a second "-" dash and from 8 to 15569 // 32 additional lowercase letters or digits. 15570 // 15571 // SourceParentId is a required field 15572 SourceParentId *string `type:"string" required:"true"` 15573} 15574 15575// String returns the string representation 15576func (s MoveAccountInput) String() string { 15577 return awsutil.Prettify(s) 15578} 15579 15580// GoString returns the string representation 15581func (s MoveAccountInput) GoString() string { 15582 return s.String() 15583} 15584 15585// Validate inspects the fields of the type to determine if they are valid. 15586func (s *MoveAccountInput) Validate() error { 15587 invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} 15588 if s.AccountId == nil { 15589 invalidParams.Add(request.NewErrParamRequired("AccountId")) 15590 } 15591 if s.DestinationParentId == nil { 15592 invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) 15593 } 15594 if s.SourceParentId == nil { 15595 invalidParams.Add(request.NewErrParamRequired("SourceParentId")) 15596 } 15597 15598 if invalidParams.Len() > 0 { 15599 return invalidParams 15600 } 15601 return nil 15602} 15603 15604// SetAccountId sets the AccountId field's value. 15605func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { 15606 s.AccountId = &v 15607 return s 15608} 15609 15610// SetDestinationParentId sets the DestinationParentId field's value. 15611func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { 15612 s.DestinationParentId = &v 15613 return s 15614} 15615 15616// SetSourceParentId sets the SourceParentId field's value. 15617func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { 15618 s.SourceParentId = &v 15619 return s 15620} 15621 15622type MoveAccountOutput struct { 15623 _ struct{} `type:"structure"` 15624} 15625 15626// String returns the string representation 15627func (s MoveAccountOutput) String() string { 15628 return awsutil.Prettify(s) 15629} 15630 15631// GoString returns the string representation 15632func (s MoveAccountOutput) GoString() string { 15633 return s.String() 15634} 15635 15636// Contains details about an organization. An organization is a collection of 15637// accounts that are centrally managed together using consolidated billing, 15638// organized hierarchically with organizational units (OUs), and controlled 15639// with policies. 15640type Organization struct { 15641 _ struct{} `type:"structure"` 15642 15643 // The Amazon Resource Name (ARN) of an organization. 15644 // 15645 // For more information about ARNs in Organizations, see ARN Formats Supported 15646 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15647 // in the AWS Organizations User Guide. 15648 Arn *string `type:"string"` 15649 15650 // A list of policy types that are enabled for this organization. For example, 15651 // if your organization has all features enabled, then service control policies 15652 // (SCPs) are included in the list. 15653 // 15654 // Even if a policy type is shown as available in the organization, you can 15655 // separately enable and disable them at the root level by using EnablePolicyType 15656 // and DisablePolicyType. Use ListRoots to see the status of a policy type in 15657 // that root. 15658 AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` 15659 15660 // Specifies the functionality that currently is available to the organization. 15661 // If set to "ALL", then all features are enabled and policies can be applied 15662 // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only 15663 // consolidated billing functionality is available. For more information, see 15664 // Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 15665 // in the AWS Organizations User Guide. 15666 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 15667 15668 // The unique identifier (ID) of an organization. 15669 // 15670 // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID 15671 // string requires "o-" followed by from 10 to 32 lower-case letters or digits. 15672 Id *string `type:"string"` 15673 15674 // The Amazon Resource Name (ARN) of the account that is designated as the master 15675 // account for the organization. 15676 // 15677 // For more information about ARNs in Organizations, see ARN Formats Supported 15678 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15679 // in the AWS Organizations User Guide. 15680 MasterAccountArn *string `type:"string"` 15681 15682 // The email address that is associated with the AWS account that is designated 15683 // as the master account for the organization. 15684 MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"` 15685 15686 // The unique identifier (ID) of the master account of an organization. 15687 // 15688 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 15689 // requires exactly 12 digits. 15690 MasterAccountId *string `type:"string"` 15691} 15692 15693// String returns the string representation 15694func (s Organization) String() string { 15695 return awsutil.Prettify(s) 15696} 15697 15698// GoString returns the string representation 15699func (s Organization) GoString() string { 15700 return s.String() 15701} 15702 15703// SetArn sets the Arn field's value. 15704func (s *Organization) SetArn(v string) *Organization { 15705 s.Arn = &v 15706 return s 15707} 15708 15709// SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. 15710func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { 15711 s.AvailablePolicyTypes = v 15712 return s 15713} 15714 15715// SetFeatureSet sets the FeatureSet field's value. 15716func (s *Organization) SetFeatureSet(v string) *Organization { 15717 s.FeatureSet = &v 15718 return s 15719} 15720 15721// SetId sets the Id field's value. 15722func (s *Organization) SetId(v string) *Organization { 15723 s.Id = &v 15724 return s 15725} 15726 15727// SetMasterAccountArn sets the MasterAccountArn field's value. 15728func (s *Organization) SetMasterAccountArn(v string) *Organization { 15729 s.MasterAccountArn = &v 15730 return s 15731} 15732 15733// SetMasterAccountEmail sets the MasterAccountEmail field's value. 15734func (s *Organization) SetMasterAccountEmail(v string) *Organization { 15735 s.MasterAccountEmail = &v 15736 return s 15737} 15738 15739// SetMasterAccountId sets the MasterAccountId field's value. 15740func (s *Organization) SetMasterAccountId(v string) *Organization { 15741 s.MasterAccountId = &v 15742 return s 15743} 15744 15745// Contains details about an organizational unit (OU). An OU is a container 15746// of AWS accounts within a root of an organization. Policies that are attached 15747// to an OU apply to all accounts contained in that OU and in any child OUs. 15748type OrganizationalUnit struct { 15749 _ struct{} `type:"structure"` 15750 15751 // The Amazon Resource Name (ARN) of this OU. 15752 // 15753 // For more information about ARNs in Organizations, see ARN Formats Supported 15754 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15755 // in the AWS Organizations User Guide. 15756 Arn *string `type:"string"` 15757 15758 // The unique identifier (ID) associated with this OU. 15759 // 15760 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 15761 // unit ID string requires "ou-" followed by from 4 to 32 lower-case letters 15762 // or digits (the ID of the root that contains the OU). This string is followed 15763 // by a second "-" dash and from 8 to 32 additional lower-case letters or digits. 15764 Id *string `type:"string"` 15765 15766 // The friendly name of this OU. 15767 // 15768 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15769 // this parameter is a string of any of the characters in the ASCII character 15770 // range. 15771 Name *string `min:"1" type:"string"` 15772} 15773 15774// String returns the string representation 15775func (s OrganizationalUnit) String() string { 15776 return awsutil.Prettify(s) 15777} 15778 15779// GoString returns the string representation 15780func (s OrganizationalUnit) GoString() string { 15781 return s.String() 15782} 15783 15784// SetArn sets the Arn field's value. 15785func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { 15786 s.Arn = &v 15787 return s 15788} 15789 15790// SetId sets the Id field's value. 15791func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { 15792 s.Id = &v 15793 return s 15794} 15795 15796// SetName sets the Name field's value. 15797func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { 15798 s.Name = &v 15799 return s 15800} 15801 15802// Contains information about either a root or an organizational unit (OU) that 15803// can contain OUs or accounts in an organization. 15804type Parent struct { 15805 _ struct{} `type:"structure"` 15806 15807 // The unique identifier (ID) of the parent entity. 15808 // 15809 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 15810 // requires one of the following: 15811 // 15812 // * Root: A string that begins with "r-" followed by from 4 to 32 lower-case 15813 // letters or digits. 15814 // 15815 // * Organizational unit (OU): A string that begins with "ou-" followed by 15816 // from 4 to 32 lower-case letters or digits (the ID of the root that the 15817 // OU is in). This string is followed by a second "-" dash and from 8 to 15818 // 32 additional lower-case letters or digits. 15819 Id *string `type:"string"` 15820 15821 // The type of the parent entity. 15822 Type *string `type:"string" enum:"ParentType"` 15823} 15824 15825// String returns the string representation 15826func (s Parent) String() string { 15827 return awsutil.Prettify(s) 15828} 15829 15830// GoString returns the string representation 15831func (s Parent) GoString() string { 15832 return s.String() 15833} 15834 15835// SetId sets the Id field's value. 15836func (s *Parent) SetId(v string) *Parent { 15837 s.Id = &v 15838 return s 15839} 15840 15841// SetType sets the Type field's value. 15842func (s *Parent) SetType(v string) *Parent { 15843 s.Type = &v 15844 return s 15845} 15846 15847// Contains rules to be applied to the affected accounts. Policies can be attached 15848// directly to accounts, or to roots and OUs to affect all accounts in those 15849// hierarchies. 15850type Policy struct { 15851 _ struct{} `type:"structure"` 15852 15853 // The text content of the policy. 15854 Content *string `min:"1" type:"string"` 15855 15856 // A structure that contains additional details about the policy. 15857 PolicySummary *PolicySummary `type:"structure"` 15858} 15859 15860// String returns the string representation 15861func (s Policy) String() string { 15862 return awsutil.Prettify(s) 15863} 15864 15865// GoString returns the string representation 15866func (s Policy) GoString() string { 15867 return s.String() 15868} 15869 15870// SetContent sets the Content field's value. 15871func (s *Policy) SetContent(v string) *Policy { 15872 s.Content = &v 15873 return s 15874} 15875 15876// SetPolicySummary sets the PolicySummary field's value. 15877func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { 15878 s.PolicySummary = v 15879 return s 15880} 15881 15882// Contains information about a policy, but does not include the content. To 15883// see the content of a policy, see DescribePolicy. 15884type PolicySummary struct { 15885 _ struct{} `type:"structure"` 15886 15887 // The Amazon Resource Name (ARN) of the policy. 15888 // 15889 // For more information about ARNs in Organizations, see ARN Formats Supported 15890 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15891 // in the AWS Organizations User Guide. 15892 Arn *string `type:"string"` 15893 15894 // A Boolean value that indicates whether the specified policy is an AWS managed 15895 // policy. If true, then you can attach the policy to roots, OUs, or accounts, 15896 // but you cannot edit it. 15897 AwsManaged *bool `type:"boolean"` 15898 15899 // The description of the policy. 15900 Description *string `type:"string"` 15901 15902 // The unique identifier (ID) of the policy. 15903 // 15904 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15905 // requires "p-" followed by from 8 to 128 lower-case letters or digits. 15906 Id *string `type:"string"` 15907 15908 // The friendly name of the policy. 15909 // 15910 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15911 // this parameter is a string of any of the characters in the ASCII character 15912 // range. 15913 Name *string `min:"1" type:"string"` 15914 15915 // The type of policy. 15916 Type *string `type:"string" enum:"PolicyType"` 15917} 15918 15919// String returns the string representation 15920func (s PolicySummary) String() string { 15921 return awsutil.Prettify(s) 15922} 15923 15924// GoString returns the string representation 15925func (s PolicySummary) GoString() string { 15926 return s.String() 15927} 15928 15929// SetArn sets the Arn field's value. 15930func (s *PolicySummary) SetArn(v string) *PolicySummary { 15931 s.Arn = &v 15932 return s 15933} 15934 15935// SetAwsManaged sets the AwsManaged field's value. 15936func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { 15937 s.AwsManaged = &v 15938 return s 15939} 15940 15941// SetDescription sets the Description field's value. 15942func (s *PolicySummary) SetDescription(v string) *PolicySummary { 15943 s.Description = &v 15944 return s 15945} 15946 15947// SetId sets the Id field's value. 15948func (s *PolicySummary) SetId(v string) *PolicySummary { 15949 s.Id = &v 15950 return s 15951} 15952 15953// SetName sets the Name field's value. 15954func (s *PolicySummary) SetName(v string) *PolicySummary { 15955 s.Name = &v 15956 return s 15957} 15958 15959// SetType sets the Type field's value. 15960func (s *PolicySummary) SetType(v string) *PolicySummary { 15961 s.Type = &v 15962 return s 15963} 15964 15965// Contains information about a root, OU, or account that a policy is attached 15966// to. 15967type PolicyTargetSummary struct { 15968 _ struct{} `type:"structure"` 15969 15970 // The Amazon Resource Name (ARN) of the policy target. 15971 // 15972 // For more information about ARNs in Organizations, see ARN Formats Supported 15973 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 15974 // in the AWS Organizations User Guide. 15975 Arn *string `type:"string"` 15976 15977 // The friendly name of the policy target. 15978 // 15979 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15980 // this parameter is a string of any of the characters in the ASCII character 15981 // range. 15982 Name *string `min:"1" type:"string"` 15983 15984 // The unique identifier (ID) of the policy target. 15985 // 15986 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 15987 // requires one of the following: 15988 // 15989 // * Root: A string that begins with "r-" followed by from 4 to 32 lower-case 15990 // letters or digits. 15991 // 15992 // * Account: A string that consists of exactly 12 digits. 15993 // 15994 // * Organizational unit (OU): A string that begins with "ou-" followed by 15995 // from 4 to 32 lower-case letters or digits (the ID of the root that the 15996 // OU is in). This string is followed by a second "-" dash and from 8 to 15997 // 32 additional lower-case letters or digits. 15998 TargetId *string `type:"string"` 15999 16000 // The type of the policy target. 16001 Type *string `type:"string" enum:"TargetType"` 16002} 16003 16004// String returns the string representation 16005func (s PolicyTargetSummary) String() string { 16006 return awsutil.Prettify(s) 16007} 16008 16009// GoString returns the string representation 16010func (s PolicyTargetSummary) GoString() string { 16011 return s.String() 16012} 16013 16014// SetArn sets the Arn field's value. 16015func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { 16016 s.Arn = &v 16017 return s 16018} 16019 16020// SetName sets the Name field's value. 16021func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { 16022 s.Name = &v 16023 return s 16024} 16025 16026// SetTargetId sets the TargetId field's value. 16027func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { 16028 s.TargetId = &v 16029 return s 16030} 16031 16032// SetType sets the Type field's value. 16033func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { 16034 s.Type = &v 16035 return s 16036} 16037 16038// Contains information about a policy type and its status in the associated 16039// root. 16040type PolicyTypeSummary struct { 16041 _ struct{} `type:"structure"` 16042 16043 // The status of the policy type as it relates to the associated root. You can 16044 // attach a policy of the specified type to a root or to an OU or account in 16045 // that root. To do so, the policy must be available in the organization and 16046 // enabled for that root. 16047 Status *string `type:"string" enum:"PolicyTypeStatus"` 16048 16049 // The name of the policy type. 16050 Type *string `type:"string" enum:"PolicyType"` 16051} 16052 16053// String returns the string representation 16054func (s PolicyTypeSummary) String() string { 16055 return awsutil.Prettify(s) 16056} 16057 16058// GoString returns the string representation 16059func (s PolicyTypeSummary) GoString() string { 16060 return s.String() 16061} 16062 16063// SetStatus sets the Status field's value. 16064func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { 16065 s.Status = &v 16066 return s 16067} 16068 16069// SetType sets the Type field's value. 16070func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { 16071 s.Type = &v 16072 return s 16073} 16074 16075type RemoveAccountFromOrganizationInput struct { 16076 _ struct{} `type:"structure"` 16077 16078 // The unique identifier (ID) of the member account that you want to remove 16079 // from the organization. 16080 // 16081 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 16082 // requires exactly 12 digits. 16083 // 16084 // AccountId is a required field 16085 AccountId *string `type:"string" required:"true"` 16086} 16087 16088// String returns the string representation 16089func (s RemoveAccountFromOrganizationInput) String() string { 16090 return awsutil.Prettify(s) 16091} 16092 16093// GoString returns the string representation 16094func (s RemoveAccountFromOrganizationInput) GoString() string { 16095 return s.String() 16096} 16097 16098// Validate inspects the fields of the type to determine if they are valid. 16099func (s *RemoveAccountFromOrganizationInput) Validate() error { 16100 invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} 16101 if s.AccountId == nil { 16102 invalidParams.Add(request.NewErrParamRequired("AccountId")) 16103 } 16104 16105 if invalidParams.Len() > 0 { 16106 return invalidParams 16107 } 16108 return nil 16109} 16110 16111// SetAccountId sets the AccountId field's value. 16112func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { 16113 s.AccountId = &v 16114 return s 16115} 16116 16117type RemoveAccountFromOrganizationOutput struct { 16118 _ struct{} `type:"structure"` 16119} 16120 16121// String returns the string representation 16122func (s RemoveAccountFromOrganizationOutput) String() string { 16123 return awsutil.Prettify(s) 16124} 16125 16126// GoString returns the string representation 16127func (s RemoveAccountFromOrganizationOutput) GoString() string { 16128 return s.String() 16129} 16130 16131// Contains details about a root. A root is a top-level parent node in the hierarchy 16132// of an organization that can contain organizational units (OUs) and accounts. 16133// Every root contains every AWS account in the organization. Each root enables 16134// the accounts to be organized in a different way and to have different policy 16135// types enabled for use in that root. 16136type Root struct { 16137 _ struct{} `type:"structure"` 16138 16139 // The Amazon Resource Name (ARN) of the root. 16140 // 16141 // For more information about ARNs in Organizations, see ARN Formats Supported 16142 // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) 16143 // in the AWS Organizations User Guide. 16144 Arn *string `type:"string"` 16145 16146 // The unique identifier (ID) for the root. 16147 // 16148 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 16149 // requires "r-" followed by from 4 to 32 lower-case letters or digits. 16150 Id *string `type:"string"` 16151 16152 // The friendly name of the root. 16153 // 16154 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16155 // this parameter is a string of any of the characters in the ASCII character 16156 // range. 16157 Name *string `min:"1" type:"string"` 16158 16159 // The types of policies that are currently enabled for the root and therefore 16160 // can be attached to the root or to its OUs or accounts. 16161 // 16162 // Even if a policy type is shown as available in the organization, you can 16163 // separately enable and disable them at the root level by using EnablePolicyType 16164 // and DisablePolicyType. Use DescribeOrganization to see the availability of 16165 // the policy types in that organization. 16166 PolicyTypes []*PolicyTypeSummary `type:"list"` 16167} 16168 16169// String returns the string representation 16170func (s Root) String() string { 16171 return awsutil.Prettify(s) 16172} 16173 16174// GoString returns the string representation 16175func (s Root) GoString() string { 16176 return s.String() 16177} 16178 16179// SetArn sets the Arn field's value. 16180func (s *Root) SetArn(v string) *Root { 16181 s.Arn = &v 16182 return s 16183} 16184 16185// SetId sets the Id field's value. 16186func (s *Root) SetId(v string) *Root { 16187 s.Id = &v 16188 return s 16189} 16190 16191// SetName sets the Name field's value. 16192func (s *Root) SetName(v string) *Root { 16193 s.Name = &v 16194 return s 16195} 16196 16197// SetPolicyTypes sets the PolicyTypes field's value. 16198func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { 16199 s.PolicyTypes = v 16200 return s 16201} 16202 16203// A custom key-value pair associated with a resource such as an account within 16204// your organization. 16205type Tag struct { 16206 _ struct{} `type:"structure"` 16207 16208 // The key identifier, or name, of the tag. 16209 // 16210 // Key is a required field 16211 Key *string `min:"1" type:"string" required:"true"` 16212 16213 // The string value that's associated with the key of the tag. You can set the 16214 // value of a tag to an empty string, but you can't set the value of a tag to 16215 // null. 16216 // 16217 // Value is a required field 16218 Value *string `type:"string" required:"true"` 16219} 16220 16221// String returns the string representation 16222func (s Tag) String() string { 16223 return awsutil.Prettify(s) 16224} 16225 16226// GoString returns the string representation 16227func (s Tag) GoString() string { 16228 return s.String() 16229} 16230 16231// Validate inspects the fields of the type to determine if they are valid. 16232func (s *Tag) Validate() error { 16233 invalidParams := request.ErrInvalidParams{Context: "Tag"} 16234 if s.Key == nil { 16235 invalidParams.Add(request.NewErrParamRequired("Key")) 16236 } 16237 if s.Key != nil && len(*s.Key) < 1 { 16238 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 16239 } 16240 if s.Value == nil { 16241 invalidParams.Add(request.NewErrParamRequired("Value")) 16242 } 16243 16244 if invalidParams.Len() > 0 { 16245 return invalidParams 16246 } 16247 return nil 16248} 16249 16250// SetKey sets the Key field's value. 16251func (s *Tag) SetKey(v string) *Tag { 16252 s.Key = &v 16253 return s 16254} 16255 16256// SetValue sets the Value field's value. 16257func (s *Tag) SetValue(v string) *Tag { 16258 s.Value = &v 16259 return s 16260} 16261 16262type TagResourceInput struct { 16263 _ struct{} `type:"structure"` 16264 16265 // The ID of the resource to add a tag to. 16266 // 16267 // ResourceId is a required field 16268 ResourceId *string `type:"string" required:"true"` 16269 16270 // The tag to add to the specified resource. Specifying the tag key is required. 16271 // You can set the value of a tag to an empty string, but you can't set the 16272 // value of a tag to null. 16273 // 16274 // Tags is a required field 16275 Tags []*Tag `type:"list" required:"true"` 16276} 16277 16278// String returns the string representation 16279func (s TagResourceInput) String() string { 16280 return awsutil.Prettify(s) 16281} 16282 16283// GoString returns the string representation 16284func (s TagResourceInput) GoString() string { 16285 return s.String() 16286} 16287 16288// Validate inspects the fields of the type to determine if they are valid. 16289func (s *TagResourceInput) Validate() error { 16290 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 16291 if s.ResourceId == nil { 16292 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 16293 } 16294 if s.Tags == nil { 16295 invalidParams.Add(request.NewErrParamRequired("Tags")) 16296 } 16297 if s.Tags != nil { 16298 for i, v := range s.Tags { 16299 if v == nil { 16300 continue 16301 } 16302 if err := v.Validate(); err != nil { 16303 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16304 } 16305 } 16306 } 16307 16308 if invalidParams.Len() > 0 { 16309 return invalidParams 16310 } 16311 return nil 16312} 16313 16314// SetResourceId sets the ResourceId field's value. 16315func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput { 16316 s.ResourceId = &v 16317 return s 16318} 16319 16320// SetTags sets the Tags field's value. 16321func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 16322 s.Tags = v 16323 return s 16324} 16325 16326type TagResourceOutput struct { 16327 _ struct{} `type:"structure"` 16328} 16329 16330// String returns the string representation 16331func (s TagResourceOutput) String() string { 16332 return awsutil.Prettify(s) 16333} 16334 16335// GoString returns the string representation 16336func (s TagResourceOutput) GoString() string { 16337 return s.String() 16338} 16339 16340type UntagResourceInput struct { 16341 _ struct{} `type:"structure"` 16342 16343 // The ID of the resource to remove the tag from. 16344 // 16345 // ResourceId is a required field 16346 ResourceId *string `type:"string" required:"true"` 16347 16348 // The tag to remove from the specified resource. 16349 // 16350 // TagKeys is a required field 16351 TagKeys []*string `type:"list" required:"true"` 16352} 16353 16354// String returns the string representation 16355func (s UntagResourceInput) String() string { 16356 return awsutil.Prettify(s) 16357} 16358 16359// GoString returns the string representation 16360func (s UntagResourceInput) GoString() string { 16361 return s.String() 16362} 16363 16364// Validate inspects the fields of the type to determine if they are valid. 16365func (s *UntagResourceInput) Validate() error { 16366 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 16367 if s.ResourceId == nil { 16368 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 16369 } 16370 if s.TagKeys == nil { 16371 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 16372 } 16373 16374 if invalidParams.Len() > 0 { 16375 return invalidParams 16376 } 16377 return nil 16378} 16379 16380// SetResourceId sets the ResourceId field's value. 16381func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput { 16382 s.ResourceId = &v 16383 return s 16384} 16385 16386// SetTagKeys sets the TagKeys field's value. 16387func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 16388 s.TagKeys = v 16389 return s 16390} 16391 16392type UntagResourceOutput struct { 16393 _ struct{} `type:"structure"` 16394} 16395 16396// String returns the string representation 16397func (s UntagResourceOutput) String() string { 16398 return awsutil.Prettify(s) 16399} 16400 16401// GoString returns the string representation 16402func (s UntagResourceOutput) GoString() string { 16403 return s.String() 16404} 16405 16406type UpdateOrganizationalUnitInput struct { 16407 _ struct{} `type:"structure"` 16408 16409 // The new name that you want to assign to the OU. 16410 // 16411 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16412 // this parameter is a string of any of the characters in the ASCII character 16413 // range. 16414 Name *string `min:"1" type:"string"` 16415 16416 // The unique identifier (ID) of the OU that you want to rename. You can get 16417 // the ID from the ListOrganizationalUnitsForParent operation. 16418 // 16419 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 16420 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 16421 // or digits (the ID of the root that contains the OU). This string is followed 16422 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 16423 // 16424 // OrganizationalUnitId is a required field 16425 OrganizationalUnitId *string `type:"string" required:"true"` 16426} 16427 16428// String returns the string representation 16429func (s UpdateOrganizationalUnitInput) String() string { 16430 return awsutil.Prettify(s) 16431} 16432 16433// GoString returns the string representation 16434func (s UpdateOrganizationalUnitInput) GoString() string { 16435 return s.String() 16436} 16437 16438// Validate inspects the fields of the type to determine if they are valid. 16439func (s *UpdateOrganizationalUnitInput) Validate() error { 16440 invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} 16441 if s.Name != nil && len(*s.Name) < 1 { 16442 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16443 } 16444 if s.OrganizationalUnitId == nil { 16445 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 16446 } 16447 16448 if invalidParams.Len() > 0 { 16449 return invalidParams 16450 } 16451 return nil 16452} 16453 16454// SetName sets the Name field's value. 16455func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { 16456 s.Name = &v 16457 return s 16458} 16459 16460// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 16461func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { 16462 s.OrganizationalUnitId = &v 16463 return s 16464} 16465 16466type UpdateOrganizationalUnitOutput struct { 16467 _ struct{} `type:"structure"` 16468 16469 // A structure that contains the details about the specified OU, including its 16470 // new name. 16471 OrganizationalUnit *OrganizationalUnit `type:"structure"` 16472} 16473 16474// String returns the string representation 16475func (s UpdateOrganizationalUnitOutput) String() string { 16476 return awsutil.Prettify(s) 16477} 16478 16479// GoString returns the string representation 16480func (s UpdateOrganizationalUnitOutput) GoString() string { 16481 return s.String() 16482} 16483 16484// SetOrganizationalUnit sets the OrganizationalUnit field's value. 16485func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { 16486 s.OrganizationalUnit = v 16487 return s 16488} 16489 16490type UpdatePolicyInput struct { 16491 _ struct{} `type:"structure"` 16492 16493 // If provided, the new content for the policy. The text must be correctly formatted 16494 // JSON that complies with the syntax for the policy's type. For more information, 16495 // see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 16496 // in the AWS Organizations User Guide. 16497 Content *string `min:"1" type:"string"` 16498 16499 // If provided, the new description for the policy. 16500 Description *string `type:"string"` 16501 16502 // If provided, the new name for the policy. 16503 // 16504 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16505 // this parameter is a string of any of the characters in the ASCII character 16506 // range. 16507 Name *string `min:"1" type:"string"` 16508 16509 // The unique identifier (ID) of the policy that you want to update. 16510 // 16511 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 16512 // requires "p-" followed by from 8 to 128 lowercase letters or digits. 16513 // 16514 // PolicyId is a required field 16515 PolicyId *string `type:"string" required:"true"` 16516} 16517 16518// String returns the string representation 16519func (s UpdatePolicyInput) String() string { 16520 return awsutil.Prettify(s) 16521} 16522 16523// GoString returns the string representation 16524func (s UpdatePolicyInput) GoString() string { 16525 return s.String() 16526} 16527 16528// Validate inspects the fields of the type to determine if they are valid. 16529func (s *UpdatePolicyInput) Validate() error { 16530 invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} 16531 if s.Content != nil && len(*s.Content) < 1 { 16532 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 16533 } 16534 if s.Name != nil && len(*s.Name) < 1 { 16535 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16536 } 16537 if s.PolicyId == nil { 16538 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 16539 } 16540 16541 if invalidParams.Len() > 0 { 16542 return invalidParams 16543 } 16544 return nil 16545} 16546 16547// SetContent sets the Content field's value. 16548func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { 16549 s.Content = &v 16550 return s 16551} 16552 16553// SetDescription sets the Description field's value. 16554func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { 16555 s.Description = &v 16556 return s 16557} 16558 16559// SetName sets the Name field's value. 16560func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { 16561 s.Name = &v 16562 return s 16563} 16564 16565// SetPolicyId sets the PolicyId field's value. 16566func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { 16567 s.PolicyId = &v 16568 return s 16569} 16570 16571type UpdatePolicyOutput struct { 16572 _ struct{} `type:"structure"` 16573 16574 // A structure that contains details about the updated policy, showing the requested 16575 // changes. 16576 Policy *Policy `type:"structure"` 16577} 16578 16579// String returns the string representation 16580func (s UpdatePolicyOutput) String() string { 16581 return awsutil.Prettify(s) 16582} 16583 16584// GoString returns the string representation 16585func (s UpdatePolicyOutput) GoString() string { 16586 return s.String() 16587} 16588 16589// SetPolicy sets the Policy field's value. 16590func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { 16591 s.Policy = v 16592 return s 16593} 16594 16595const ( 16596 // AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value 16597 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE" 16598) 16599 16600const ( 16601 // AccountJoinedMethodInvited is a AccountJoinedMethod enum value 16602 AccountJoinedMethodInvited = "INVITED" 16603 16604 // AccountJoinedMethodCreated is a AccountJoinedMethod enum value 16605 AccountJoinedMethodCreated = "CREATED" 16606) 16607 16608const ( 16609 // AccountStatusActive is a AccountStatus enum value 16610 AccountStatusActive = "ACTIVE" 16611 16612 // AccountStatusSuspended is a AccountStatus enum value 16613 AccountStatusSuspended = "SUSPENDED" 16614) 16615 16616const ( 16617 // ActionTypeInvite is a ActionType enum value 16618 ActionTypeInvite = "INVITE" 16619 16620 // ActionTypeEnableAllFeatures is a ActionType enum value 16621 ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" 16622 16623 // ActionTypeApproveAllFeatures is a ActionType enum value 16624 ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" 16625 16626 // ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value 16627 ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" 16628) 16629 16630const ( 16631 // ChildTypeAccount is a ChildType enum value 16632 ChildTypeAccount = "ACCOUNT" 16633 16634 // ChildTypeOrganizationalUnit is a ChildType enum value 16635 ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16636) 16637 16638const ( 16639 // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16640 ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 16641 16642 // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value 16643 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 16644 16645 // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16646 ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" 16647 16648 // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value 16649 ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" 16650 16651 // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 16652 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" 16653 16654 // ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value 16655 ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED" 16656 16657 // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 16658 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 16659 16660 // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 16661 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 16662 16663 // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value 16664 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" 16665 16666 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value 16667 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" 16668 16669 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value 16670 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" 16671 16672 // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 16673 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 16674 16675 // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 16676 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 16677 16678 // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value 16679 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" 16680 16681 // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value 16682 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" 16683 16684 // ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value 16685 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO" 16686 16687 // ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value 16688 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED" 16689 16690 // ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value 16691 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE" 16692 16693 // ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value 16694 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION" 16695 16696 // ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value 16697 ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED" 16698 16699 // ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value 16700 ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE" 16701 16702 // ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value 16703 ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED" 16704 16705 // ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value 16706 ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION" 16707) 16708 16709const ( 16710 // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value 16711 CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" 16712 16713 // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value 16714 CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" 16715 16716 // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value 16717 CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" 16718 16719 // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value 16720 CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" 16721 16722 // CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value 16723 CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION" 16724 16725 // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value 16726 CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" 16727 16728 // CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value 16729 CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS" 16730) 16731 16732const ( 16733 // CreateAccountStateInProgress is a CreateAccountState enum value 16734 CreateAccountStateInProgress = "IN_PROGRESS" 16735 16736 // CreateAccountStateSucceeded is a CreateAccountState enum value 16737 CreateAccountStateSucceeded = "SUCCEEDED" 16738 16739 // CreateAccountStateFailed is a CreateAccountState enum value 16740 CreateAccountStateFailed = "FAILED" 16741) 16742 16743const ( 16744 // EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value 16745 EffectivePolicyTypeTagPolicy = "TAG_POLICY" 16746) 16747 16748const ( 16749 // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16750 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 16751 16752 // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16753 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 16754 16755 // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value 16756 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" 16757 16758 // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 16759 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" 16760 16761 // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 16762 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" 16763 16764 // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value 16765 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" 16766 16767 // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value 16768 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" 16769 16770 // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 16771 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" 16772) 16773 16774const ( 16775 // HandshakePartyTypeAccount is a HandshakePartyType enum value 16776 HandshakePartyTypeAccount = "ACCOUNT" 16777 16778 // HandshakePartyTypeOrganization is a HandshakePartyType enum value 16779 HandshakePartyTypeOrganization = "ORGANIZATION" 16780 16781 // HandshakePartyTypeEmail is a HandshakePartyType enum value 16782 HandshakePartyTypeEmail = "EMAIL" 16783) 16784 16785const ( 16786 // HandshakeResourceTypeAccount is a HandshakeResourceType enum value 16787 HandshakeResourceTypeAccount = "ACCOUNT" 16788 16789 // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value 16790 HandshakeResourceTypeOrganization = "ORGANIZATION" 16791 16792 // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value 16793 HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" 16794 16795 // HandshakeResourceTypeEmail is a HandshakeResourceType enum value 16796 HandshakeResourceTypeEmail = "EMAIL" 16797 16798 // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value 16799 HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" 16800 16801 // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value 16802 HandshakeResourceTypeMasterName = "MASTER_NAME" 16803 16804 // HandshakeResourceTypeNotes is a HandshakeResourceType enum value 16805 HandshakeResourceTypeNotes = "NOTES" 16806 16807 // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value 16808 HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" 16809) 16810 16811const ( 16812 // HandshakeStateRequested is a HandshakeState enum value 16813 HandshakeStateRequested = "REQUESTED" 16814 16815 // HandshakeStateOpen is a HandshakeState enum value 16816 HandshakeStateOpen = "OPEN" 16817 16818 // HandshakeStateCanceled is a HandshakeState enum value 16819 HandshakeStateCanceled = "CANCELED" 16820 16821 // HandshakeStateAccepted is a HandshakeState enum value 16822 HandshakeStateAccepted = "ACCEPTED" 16823 16824 // HandshakeStateDeclined is a HandshakeState enum value 16825 HandshakeStateDeclined = "DECLINED" 16826 16827 // HandshakeStateExpired is a HandshakeState enum value 16828 HandshakeStateExpired = "EXPIRED" 16829) 16830 16831const ( 16832 // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value 16833 IAMUserAccessToBillingAllow = "ALLOW" 16834 16835 // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value 16836 IAMUserAccessToBillingDeny = "DENY" 16837) 16838 16839const ( 16840 // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value 16841 InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" 16842 16843 // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value 16844 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" 16845 16846 // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value 16847 InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" 16848 16849 // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value 16850 InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" 16851 16852 // InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value 16853 InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE" 16854 16855 // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value 16856 InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" 16857 16858 // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value 16859 InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" 16860 16861 // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value 16862 InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" 16863 16864 // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value 16865 InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" 16866 16867 // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value 16868 InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" 16869 16870 // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value 16871 InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" 16872 16873 // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value 16874 InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" 16875 16876 // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value 16877 InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" 16878 16879 // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value 16880 InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" 16881 16882 // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value 16883 InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" 16884 16885 // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value 16886 InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" 16887 16888 // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value 16889 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" 16890 16891 // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value 16892 InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" 16893 16894 // InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value 16895 InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL" 16896 16897 // InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value 16898 InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME" 16899 16900 // InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value 16901 InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER" 16902 16903 // InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value 16904 InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED" 16905) 16906 16907const ( 16908 // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value 16909 OrganizationFeatureSetAll = "ALL" 16910 16911 // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value 16912 OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" 16913) 16914 16915const ( 16916 // ParentTypeRoot is a ParentType enum value 16917 ParentTypeRoot = "ROOT" 16918 16919 // ParentTypeOrganizationalUnit is a ParentType enum value 16920 ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16921) 16922 16923const ( 16924 // PolicyTypeServiceControlPolicy is a PolicyType enum value 16925 PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" 16926 16927 // PolicyTypeTagPolicy is a PolicyType enum value 16928 PolicyTypeTagPolicy = "TAG_POLICY" 16929) 16930 16931const ( 16932 // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value 16933 PolicyTypeStatusEnabled = "ENABLED" 16934 16935 // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value 16936 PolicyTypeStatusPendingEnable = "PENDING_ENABLE" 16937 16938 // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value 16939 PolicyTypeStatusPendingDisable = "PENDING_DISABLE" 16940) 16941 16942const ( 16943 // TargetTypeAccount is a TargetType enum value 16944 TargetTypeAccount = "ACCOUNT" 16945 16946 // TargetTypeOrganizationalUnit is a TargetType enum value 16947 TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 16948 16949 // TargetTypeRoot is a TargetType enum value 16950 TargetTypeRoot = "ROOT" 16951) 16952